equal
deleted
inserted
replaced
131 pass out inet proto tcp from (self) to any port ftp |
131 pass out inet proto tcp from (self) to any port ftp |
132 .Ed |
132 .Ed |
133 +.Sh SOLARIS |
133 +.Sh SOLARIS |
134 +.Nm |
134 +.Nm |
135 +must be started as an |
135 +must be started as an |
136 +.Xr smf 5 |
136 +.Xr smf 7 |
137 +service: |
137 +service: |
138 +.Bd -literal -offset indent |
138 +.Bd -literal -offset indent |
139 +svc:/network/firewall/ftp-proxy |
139 +svc:/network/firewall/ftp-proxy |
140 +.Ed |
140 +.Ed |
141 .Pp |
141 .Pp |
148 +.Pp |
148 +.Pp |
149 +The options described in DESCRIPTION section are set using smf properties. |
149 +The options described in DESCRIPTION section are set using smf properties. |
150 +Properties processed by |
150 +Properties processed by |
151 +.Nm |
151 +.Nm |
152 +enable |
152 +enable |
153 +.Xr smf_method 5 |
153 +.Xr smf_method 7 |
154 +in order to configure the |
154 +in order to configure the |
155 +.Nm |
155 +.Nm |
156 +daemon are listed below. |
156 +daemon are listed below. |
157 +.Bl -tag -width "ftp-proxy/always-use-ftp-data-port" -offset 3n -compact |
157 +.Bl -tag -width "ftp-proxy/always-use-ftp-data-port" -offset 3n -compact |
158 +.It ftp-proxy/anonymous-only |
158 +.It ftp-proxy/anonymous-only |
243 +.Nm |
243 +.Nm |
244 +on Solaris comes with two extra options, which make service configuration easier. |
244 +on Solaris comes with two extra options, which make service configuration easier. |
245 +.Bl -tag -offset 3n -compact |
245 +.Bl -tag -offset 3n -compact |
246 +.It Fl c Ar smf-instance |
246 +.It Fl c Ar smf-instance |
247 +Shows/changes settings kept in |
247 +Shows/changes settings kept in |
248 +.Xr smf 5 |
248 +.Xr smf 7 |
249 +repository for the specified |
249 +repository for the specified |
250 +.Ar smf-instance |
250 +.Ar smf-instance |
251 +of the |
251 +of the |
252 +.Nm |
252 +.Nm |
253 +service. |
253 +service. |
293 +.Sy solaris.smf.modify |
293 +.Sy solaris.smf.modify |
294 +authorization. |
294 +authorization. |
295 .Sh SEE ALSO |
295 .Sh SEE ALSO |
296 -.Xr pf.conf 5 |
296 -.Xr pf.conf 5 |
297 +.Xr pf.conf 5 , |
297 +.Xr pf.conf 5 , |
298 +.Xr smf 5 , |
298 +.Xr smf 7 , |
299 +.Xr svccfg (1M) |
299 +.Xr svccfg (1M) |
300 .Sh CAVEATS |
300 .Sh CAVEATS |
301 .Pp |
301 .Pp |
302 Negotiated data connection ports below 1024 are not allowed. |
302 Negotiated data connection ports below 1024 are not allowed. |
303 @@ -177,3 +353,8 @@ |
303 @@ -177,3 +353,8 @@ |
754 +#define SMF_OPT_MANDATORY 1 |
754 +#define SMF_OPT_MANDATORY 1 |
755 +/* |
755 +/* |
756 + * X-macro table. |
756 + * X-macro table. |
757 + * Columns are as follows: |
757 + * Columns are as follows: |
758 + * value key/index |
758 + * value key/index |
759 + * smf(5) property name name |
759 + * smf(7) property name name |
760 + * member in smf_ftppx_cfg_t structure |
760 + * member in smf_ftppx_cfg_t structure |
761 + * function which converts ASCIIZ to member type in smf_ftppx_cfg_t |
761 + * function which converts ASCIIZ to member type in smf_ftppx_cfg_t |
762 + * function which converts member in smf_ftppx_cfg_t to ASCIIZ |
762 + * function which converts member in smf_ftppx_cfg_t to ASCIIZ |
763 + * optional/mandatory status |
763 + * optional/mandatory status |
764 + * property type |
764 + * property type |
856 +}; |
856 +}; |
857 +#undef X |
857 +#undef X |
858 + |
858 + |
859 +/* |
859 +/* |
860 + * smf_conv_out |
860 + * smf_conv_out |
861 + * Table of conversion functions, which convert ASCIIZ fetched from smf(5) |
861 + * Table of conversion functions, which convert ASCIIZ fetched from smf(7) |
862 + * repository to member of smf_ftppx_cfg_t structure. |
862 + * repository to member of smf_ftppx_cfg_t structure. |
863 + */ |
863 + */ |
864 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
864 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
865 + _type_) _conv_out_, |
865 + _type_) _conv_out_, |
866 +static conv_out_f smf_conv_out[] = { |
866 +static conv_out_f smf_conv_out[] = { |
916 + */ |
916 + */ |
917 + |
917 + |
918 +/* |
918 +/* |
919 + * nop_in() |
919 + * nop_in() |
920 + * Dummy conversion ASCIIZ to ASCIIZ, no allocation happens. Used when |
920 + * Dummy conversion ASCIIZ to ASCIIZ, no allocation happens. Used when |
921 + * configuration is from smf(5). |
921 + * configuration is from smf(7). |
922 + */ |
922 + */ |
923 +static void |
923 +static void |
924 +nop_in(void *asciiz, void *result) |
924 +nop_in(void *asciiz, void *result) |
925 +{ |
925 +{ |
926 + *((char **)result) = asciiz; |
926 + *((char **)result) = asciiz; |
927 +} |
927 +} |
928 + |
928 + |
929 +/* |
929 +/* |
930 + * nop_out() |
930 + * nop_out() |
931 + * Dummy conversion ASCIIZ to ASCIIZ, function allocates memory for result by |
931 + * Dummy conversion ASCIIZ to ASCIIZ, function allocates memory for result by |
932 + * strdup(3C). Used when configuration is written to smf(5) repository. |
932 + * strdup(3C). Used when configuration is written to smf(7) repository. |
933 + */ |
933 + */ |
934 +static void |
934 +static void |
935 +nop_out(void *asciiz, void *val) |
935 +nop_out(void *asciiz, void *val) |
936 +{ |
936 +{ |
937 + *((char **)asciiz) = strdup(*(char **)val); |
937 + *((char **)asciiz) = strdup(*(char **)val); |
962 +} |
962 +} |
963 + |
963 + |
964 +/* |
964 +/* |
965 + * on_to_one() |
965 + * on_to_one() |
966 + * Function converts ASCIIZ value "on" to 1. Anything else yeilds a 0. Used to |
966 + * Function converts ASCIIZ value "on" to 1. Anything else yeilds a 0. Used to |
967 + * read configuration from smf(5). |
967 + * read configuration from smf(7). |
968 + */ |
968 + */ |
969 +static void |
969 +static void |
970 +on_to_one(void *asciiz, void *result) |
970 +on_to_one(void *asciiz, void *result) |
971 +{ |
971 +{ |
972 + *((int *)result) = ((strcasecmp((char *)asciiz, "on") == 0) ? 1 : 0); |
972 + *((int *)result) = ((strcasecmp((char *)asciiz, "on") == 0) ? 1 : 0); |
973 +} |
973 +} |
974 + |
974 + |
975 +/* |
975 +/* |
976 + * one_to_on() |
976 + * one_to_on() |
977 + * Function converts 0 to ASCIIZ string "off", anything else than 0 yeilds to |
977 + * Function converts 0 to ASCIIZ string "off", anything else than 0 yeilds to |
978 + * "on". Used when configuration ie being written to smf(5). Function also |
978 + * "on". Used when configuration ie being written to smf(7). Function also |
979 + * allocates memory for resulting string using strdup(3C). |
979 + * allocates memory for resulting string using strdup(3C). |
980 + */ |
980 + */ |
981 +static void |
981 +static void |
982 +one_to_on(void *asciiz, void *val) |
982 +one_to_on(void *asciiz, void *val) |
983 +{ |
983 +{ |
989 +} |
989 +} |
990 + |
990 + |
991 +/* |
991 +/* |
992 + * str_to_int() |
992 + * str_to_int() |
993 + * Function converts integer represented as ASCIIZ to int using atoi(3C). Used |
993 + * Function converts integer represented as ASCIIZ to int using atoi(3C). Used |
994 + * when configuration is read from smf(5). |
994 + * when configuration is read from smf(7). |
995 + */ |
995 + */ |
996 +static void |
996 +static void |
997 +str_to_int(void *asciiz, void *result) |
997 +str_to_int(void *asciiz, void *result) |
998 +{ |
998 +{ |
999 + *((int *)result) = atoi((char *)asciiz); |
999 + *((int *)result) = atoi((char *)asciiz); |
1000 +} |
1000 +} |
1001 + |
1001 + |
1002 +/* |
1002 +/* |
1003 + * int_to_str() |
1003 + * int_to_str() |
1004 + * Function converts integer number to ASCIIZ using asprintf(3C). Used when |
1004 + * Function converts integer number to ASCIIZ using asprintf(3C). Used when |
1005 + * configuration is being stored to smf(5). Memory for results get allocated by |
1005 + * configuration is being stored to smf(7). Memory for results get allocated by |
1006 + * asprintf(3C). |
1006 + * asprintf(3C). |
1007 + */ |
1007 + */ |
1008 +static void |
1008 +static void |
1009 +int_to_str(void *asciiz, void *val) |
1009 +int_to_str(void *asciiz, void *val) |
1010 +{ |
1010 +{ |
1012 +} |
1012 +} |
1013 + |
1013 + |
1014 +/* |
1014 +/* |
1015 + * str_to_uint() |
1015 + * str_to_uint() |
1016 + * Function converts unsigned integer represented as ASCIIZ to int using |
1016 + * Function converts unsigned integer represented as ASCIIZ to int using |
1017 + * atoi(3C). Used when configuration is being read from smf(5) repository. |
1017 + * atoi(3C). Used when configuration is being read from smf(7) repository. |
1018 + */ |
1018 + */ |
1019 +static void |
1019 +static void |
1020 +str_to_uint(void *asciiz, void *result) |
1020 +str_to_uint(void *asciiz, void *result) |
1021 +{ |
1021 +{ |
1022 + *((unsigned int *)result) = (unsigned int) atoi((char *)asciiz); |
1022 + *((unsigned int *)result) = (unsigned int) atoi((char *)asciiz); |
1023 +} |
1023 +} |
1024 + |
1024 + |
1025 +/* |
1025 +/* |
1026 + * uint_to_str() |
1026 + * uint_to_str() |
1027 + * Function converts unsigned integer to ASCIIZ using asprintf(3C). Used when |
1027 + * Function converts unsigned integer to ASCIIZ using asprintf(3C). Used when |
1028 + * configuration is written to smf(5). Memory for result is allocated by |
1028 + * configuration is written to smf(7). Memory for result is allocated by |
1029 + * asprintf(3C). |
1029 + * asprintf(3C). |
1030 + */ |
1030 + */ |
1031 +static void |
1031 +static void |
1032 +uint_to_str(void *asciiz, void *val) |
1032 +uint_to_str(void *asciiz, void *val) |
1033 +{ |
1033 +{ |
1036 + |
1036 + |
1037 +/* |
1037 +/* |
1038 + * log_to_int() |
1038 + * log_to_int() |
1039 + * Function encodes ASCIIZ value for log property to numeric code. String |
1039 + * Function encodes ASCIIZ value for log property to numeric code. String |
1040 + * "all" gets converted to 2, string "on" to 1, anything else yeilds to 0. |
1040 + * "all" gets converted to 2, string "on" to 1, anything else yeilds to 0. |
1041 + * It's used when configuration is being read from smf(5) repository. |
1041 + * It's used when configuration is being read from smf(7) repository. |
1042 + */ |
1042 + */ |
1043 +static void |
1043 +static void |
1044 +log_to_int(void *asciiz, void *result) |
1044 +log_to_int(void *asciiz, void *result) |
1045 +{ |
1045 +{ |
1046 + if (strcasecmp((char *)asciiz, "all") == 0) { |
1046 + if (strcasecmp((char *)asciiz, "all") == 0) { |
1107 +} |
1107 +} |
1108 + |
1108 + |
1109 +/* |
1109 +/* |
1110 + * cfg_to_prop_vec() |
1110 + * cfg_to_prop_vec() |
1111 + * Function converts smf_ftp_cfg global variable, which holds configuration |
1111 + * Function converts smf_ftp_cfg global variable, which holds configuration |
1112 + * parsed from command line arguments, to prop_vec, which is a smf(5) friendly |
1112 + * parsed from command line arguments, to prop_vec, which is a smf(7) friendly |
1113 + * representation of proxy configuration. |
1113 + * representation of proxy configuration. |
1114 + * |
1114 + * |
1115 + * Additionally, it populates gen_prop_vec to specify needed authorizations. |
1115 + * Additionally, it populates gen_prop_vec to specify needed authorizations. |
1116 + * |
1116 + * |
1117 + * Returns 0 on success, -1 on out of memory error. |
1117 + * Returns 0 on success, -1 on out of memory error. |
1187 + } |
1187 + } |
1188 +} |
1188 +} |
1189 + |
1189 + |
1190 +/* |
1190 +/* |
1191 + * smf_print_ftpcfg() |
1191 + * smf_print_ftpcfg() |
1192 + * Function loads ftpcfg from smf(5) repository and prints configuration to |
1192 + * Function loads ftpcfg from smf(7) repository and prints configuration to |
1193 + * standard output. We use `scf_simple_prop_get(3SCF)`. |
1193 + * standard output. We use `scf_simple_prop_get(3SCF)`. |
1194 + * |
1194 + * |
1195 + * Returns 0 on success, -1 on error.. |
1195 + * Returns 0 on success, -1 on error.. |
1196 + */ |
1196 + */ |
1197 +int |
1197 +int |
1338 + return (0); |
1338 + return (0); |
1339 +} |
1339 +} |
1340 + |
1340 + |
1341 +/* |
1341 +/* |
1342 + * smf_create_ftp_instance() |
1342 + * smf_create_ftp_instance() |
1343 + * Function creates a new instance in smf(5) repository. |
1343 + * Function creates a new instance in smf(7) repository. |
1344 + */ |
1344 + */ |
1345 +static int |
1345 +static int |
1346 +smf_create_ftp_instance(const char *smf_instance) |
1346 +smf_create_ftp_instance(const char *smf_instance) |
1347 +{ |
1347 +{ |
1348 + scf_handle_t *h_scf = NULL; |
1348 + scf_handle_t *h_scf = NULL; |
1435 + return (rv); |
1435 + return (rv); |
1436 +} |
1436 +} |
1437 + |
1437 + |
1438 +/* |
1438 +/* |
1439 + * smf_write_ftpcfg() |
1439 + * smf_write_ftpcfg() |
1440 + * Function writes proxy configuration to smf(5) repostiory. |
1440 + * Function writes proxy configuration to smf(7) repostiory. |
1441 + */ |
1441 + */ |
1442 +int |
1442 +int |
1443 +smf_write_ftpcfg(const char *smf_instance, int create) |
1443 +smf_write_ftpcfg(const char *smf_instance, int create) |
1444 +{ |
1444 +{ |
1445 + int i; |
1445 + int i; |