void FWPprocessMessages( IceConn iceConn, IcePointer * client_data, int opcode, unsigned long length, Bool swap) { switch (opcode) { /* * this is really the only opcode we care about -- the one * which indicates an XFindProxy request for a connection * to a specified server */ case PM_GetProxyAddr: { pmGetProxyAddrMsg *pMsg; char *pData, *pStart; char *serviceName = NULL, *serverAddress = NULL; char *hostAddress = NULL, *startOptions = NULL; char *authName = NULL, *authData = NULL; int authLen; struct clientDataStruct * program_data; char * listen_port_string; int pm_send_msg_len; pmGetProxyAddrReplyMsg * pReply; char * pReplyData; struct hostent * hostptr; struct sockaddr_in server_sockaddr_in; struct sockaddr_in dummy_sockaddr_in; char * server_name_base; char * config_failure = "unrecognized server or permission denied"; char * tmp_str; int rule_number = -1; char * colon; char * tmpAddress = NULL; /* * this is where we need and get access to that client data we * went through such contortions to set up earlier! */ program_data = (struct clientDataStruct *) client_data; /* * initial check on expected message size */ CHECK_AT_LEAST_SIZE (iceConn, global_data.major_opcode, opcode, length, SIZEOF (pmGetProxyAddrMsg), IceFatalToProtocol); IceReadCompleteMessage (iceConn, SIZEOF (pmGetProxyAddrMsg), pmGetProxyAddrMsg, pMsg, pStart); if (!IceValidIO (iceConn)) { IceDisposeCompleteMessage (iceConn, pStart); return; } authLen = swap ? lswaps (pMsg->authLen) : pMsg->authLen; pData = pStart; SKIP_STRING (pData, swap); /* proxy-service */ SKIP_STRING (pData, swap); /* server-address */ SKIP_STRING (pData, swap); /* host-address */ SKIP_STRING (pData, swap); /* start-options */ if (authLen > 0) { SKIP_STRING (pData, swap); /* auth-name */ pData += (authLen + PAD64 (authLen)); /* auth-data */ } /* * now a detailed check on message size */ CHECK_COMPLETE_SIZE (iceConn, global_data.major_opcode, opcode, length, pData - pStart + SIZEOF (pmGetProxyAddrMsg), pStart, IceFatalToProtocol); pData = pStart; /* * extract message data, based on known characteristics * of this message type */ EXTRACT_STRING (pData, swap, serviceName); EXTRACT_STRING (pData, swap, serverAddress); EXTRACT_STRING (pData, swap, hostAddress); EXTRACT_STRING (pData, swap, startOptions); if (authLen > 0) { EXTRACT_STRING (pData, swap, authName); authData = (char *) malloc (authLen); memcpy (authData, pData, authLen); } #ifdef DEBUG (void) fprintf (stderr, "Got GetProxyAddr, serviceName = %s, serverAddr = %s\n", serviceName, serverAddress); (void) fprintf (stderr, "\thostAddr = %s, options = %s, authLen = %d\n", hostAddress, startOptions, authLen); if (authLen > 0) (void) fprintf (stderr, "\tauthName = %s\n", authName); #endif /* * need to copy the host port string because strtok() changes it */ if ((tmp_str = strdup (serverAddress)) == NULL) { (void) fprintf(stderr, "malloc - serverAddress copy\n"); goto sendFailure; } /* * before proceeding we want to verify that we are allowed to * accept connections from the host who called xfindproxy(); * the thing is, we don't get that host name from Proxy Manager * even if the "-host <hostname>" command-line option was present * in xfindproxy (and even if it was we shouldn't rely on it -- * much better to have ProxyMngr query the xfindproxy connect * socket for its origin); the upshot of all this that we do * a configuration check *only* on the destination (which we * assume in this case to be the serverAddress passed in by * xfindproxy(); so get the destination IP address! */ server_name_base = strtok(tmp_str, ":"); if ((hostptr = gethostbyname(server_name_base)) == NULL) { (void) fprintf(stderr, "gethostbyname (%s) failed\n", server_name_base); goto sendFailure; } memset(&server_sockaddr_in, 0, sizeof(server_sockaddr_in)); memset(&dummy_sockaddr_in, 0, sizeof(dummy_sockaddr_in)); memcpy((char *) &server_sockaddr_in.sin_addr, hostptr->h_addr, hostptr->h_length); /* * need to initialize dummy to something, but doesn't matter * what (should eventually be the true host address); * NOTE: source configuration will always match (see XFWP man * page) unless sysadmin explicitly chooses to deny */ memcpy((char *) &dummy_sockaddr_in.sin_addr, hostptr->h_addr, hostptr->h_length); if ((doConfigCheck(&dummy_sockaddr_in, &server_sockaddr_in, global_data.config_info, FINDPROXY, &rule_number)) == FAILURE) { (void) fprintf(stderr, "xfindproxy failed config check\n"); sendFailure: /* * report failure back to the ProxyMgr * */ pm_send_msg_len = STRING_BYTES(config_failure) + STRING_BYTES(NULL); IceGetHeaderExtra(iceConn, program_data->major_opcode, PM_GetProxyAddrReply, SIZEOF(pmGetProxyAddrReplyMsg), WORD64COUNT (pm_send_msg_len), pmGetProxyAddrReplyMsg, pReply, pReplyData); pReply->status = PM_Failure; STORE_STRING(pReplyData, NULL); STORE_STRING(pReplyData, config_failure); IceFlush(iceConn); free(tmp_str); return; } /* * okay, you got what you need from the PM to proceed, * so extract the fd of the selected connection and use * it to set up the remote client listen port and add * the name of the X server to your list of server connections */ /* * Before checking to see if you already have a PM connection * request for this server, make serverAddress a * FQDN so that synonomous names like oregon:0 and oregon.com:0 * will be recognized as the same Xserver. If this server * already exists, don't allocate another listen port for it - * use the already allocated one */ colon = strchr (serverAddress, ':'); if (colon) { struct hostent *hostent; *colon = '\0'; hostent = gethostbyname (serverAddress); *colon = ':'; if (hostent && hostent->h_name) { tmpAddress = (char *) malloc (strlen (hostent->h_name) + strlen (colon) + 1); (void) sprintf (tmpAddress, "%s%s", hostent->h_name, colon); serverAddress = tmpAddress; } } if ((doCheckServerList(serverAddress, &listen_port_string, program_data->config_info->num_servers)) == FAILURE) { /* * this server name isn't in your list; so set up a new * remote client listen port for it; extract the fd from * the connection and pass it in as index to array lookup */ if ((doSetupRemClientListen(&listen_port_string, program_data, serverAddress)) == FAILURE) { goto sendFailure; } } if (tmpAddress) free (tmpAddress); /* * the PM-sent server address *was* in your list, so send back * the rem client listen port you had already associated with * that server (it will presumably be forwarded to the remote * client through some other channel) * use IceGetHeaderExtra() and the */ pm_send_msg_len = STRING_BYTES(listen_port_string) + STRING_BYTES(NULL); IceGetHeaderExtra(iceConn, program_data->major_opcode, PM_GetProxyAddrReply, SIZEOF(pmGetProxyAddrReplyMsg), WORD64COUNT (pm_send_msg_len), pmGetProxyAddrReplyMsg, pReply, pReplyData); pReply->status = PM_Success; STORE_STRING(pReplyData, listen_port_string); STORE_STRING(pReplyData, NULL); IceFlush(iceConn); /* * before leaving this routine, change the select() timeout * here to be equal to the configured client listen timeout * (otherwise you'll never *get* to your listen timeout * if it's shorter than the startup select() default */ program_data->config_info->select_timeout.tv_sec = program_data->config_info->client_listen_timeout; break; } case ICE_Error: { iceErrorMsg *pMsg; char *pStart; CHECK_AT_LEAST_SIZE (iceConn, global_data.major_opcode, ICE_Error, length, sizeof(iceErrorMsg), IceFatalToProtocol); IceReadCompleteMessage (iceConn, SIZEOF (iceErrorMsg), iceErrorMsg, pMsg, pStart); if (!IceValidIO (iceConn)) { IceDisposeCompleteMessage (iceConn, pStart); return; } if (swap) { pMsg->errorClass = lswaps (pMsg->errorClass); pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum); } (void) fprintf(stderr, "Proxy Manager reported ICE Error:\n"); (void) fprintf(stderr, "\tclass = 0x%x, offending minor opcode = %d\n", pMsg->errorClass, pMsg->offendingMinorOpcode); (void) fprintf(stderr, "\tseverity = %d, sequence = %ld\n", pMsg->severity, (long)pMsg->offendingSequenceNum); IceDisposeCompleteMessage (iceConn, pStart); break; } default: break; } /* end switch */ }
static void PMprocessMessages(IceConn iceConn, IcePointer clientData, int opcode, unsigned long length, Bool swap, IceReplyWaitInfo *replyWait, Bool *replyReadyRet) { if (replyWait) *replyReadyRet = False; switch (opcode) { case PM_GetProxyAddrReply: if (!replyWait || replyWait->minor_opcode_of_request != PM_GetProxyAddr) { _IceReadSkip (iceConn, length << 3); _IceErrorBadState (iceConn, PMopcode, PM_GetProxyAddrReply, IceFatalToProtocol); } else { pmGetProxyAddrReplyMsg *pMsg; char *pData, *pStart; GetProxyAddrReply *reply = (GetProxyAddrReply *) (replyWait->reply); #if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, PMopcode, opcode, length, SIZEOF (pmGetProxyAddrReplyMsg), IceFatalToProtocol); #endif IceReadCompleteMessage (iceConn, SIZEOF (pmGetProxyAddrReplyMsg), pmGetProxyAddrReplyMsg, pMsg, pStart); if (!IceValidIO (iceConn)) { IceDisposeCompleteMessage (iceConn, pStart); return; } pData = pStart; SKIP_STRING (pData, swap); /* proxy-address */ SKIP_STRING (pData, swap); /* failure-reason */ CHECK_COMPLETE_SIZE (iceConn, PMopcode, opcode, length, pData - pStart + SIZEOF (pmGetProxyAddrReplyMsg), pStart, IceFatalToProtocol); pData = pStart; EXTRACT_STRING (pData, swap, reply->addr); EXTRACT_STRING (pData, swap, reply->error); reply->status = pMsg->status; *replyReadyRet = True; IceDisposeCompleteMessage (iceConn, pStart); } break; default: { _IceErrorBadMinor (iceConn, PMopcode, opcode, IceCanContinue); _IceReadSkip (iceConn, length << 3); break; } } }