1 # This patch comes from Oracle. It turns the component into |
|
2 # a well-behaving SMF service. It adds code manipulating service |
|
3 # properties, service instances, and also provides security in |
|
4 # cooperation with the service manifest (especially, extra |
|
5 # privileges are dropped when not needed). |
|
6 # |
|
7 # This patch is not going to upstream, the changes are Solaris-specific. |
|
8 |
|
9 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/Makefile ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/Makefile |
|
10 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/Makefile 2016-02-10 04:21:21.337202150 -0800 |
|
11 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/Makefile 2016-02-10 04:59:25.999134460 -0800 |
|
12 @@ -3,7 +3,7 @@ |
|
13 CFLAGS+= -m64 -errwarn |
|
14 |
|
15 PROG= ftp-proxy |
|
16 -SRCS= ftp-proxy.c filter.c |
|
17 +SRCS= ftp-proxy.c filter.c smf-config.c |
|
18 OBJS=$(SRCS:.c=.o) |
|
19 MAN= ftp-proxy.8 |
|
20 |
|
21 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/filter.c ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/filter.c |
|
22 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/filter.c 2016-02-10 04:24:03.599069704 -0800 |
|
23 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/filter.c 2016-02-02 03:05:13.156044052 -0800 |
|
24 @@ -53,6 +53,10 @@ |
|
25 static int dev, rule_log; |
|
26 static char *qname, *tagname; |
|
27 |
|
28 +#ifdef _SOLARIS_ |
|
29 +char *FTP_PROXY_ANCHOR; |
|
30 +#endif /* _SOLARIS_ */ |
|
31 + |
|
32 int |
|
33 add_addr(struct sockaddr *addr, struct pf_pool *pfp) |
|
34 { |
|
35 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/filter.h ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/filter.h |
|
36 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/filter.h 2016-02-10 04:25:34.896131457 -0800 |
|
37 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/filter.h 2016-02-08 23:45:38.805421033 -0800 |
|
38 @@ -16,7 +16,11 @@ |
|
39 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
40 */ |
|
41 |
|
42 +#ifdef _SOLARIS_ |
|
43 +extern char* FTP_PROXY_ANCHOR; |
|
44 +#else /* !_SOLARIS_ */ |
|
45 #define FTP_PROXY_ANCHOR "ftp-proxy" |
|
46 +#endif /* _SOLARIS_ */ |
|
47 |
|
48 int add_nat(u_int32_t, struct sockaddr *, int, struct sockaddr *, u_int16_t, |
|
49 struct sockaddr *, u_int16_t, u_int16_t); |
|
50 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/ftp-proxy.8 ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/ftp-proxy.8 |
|
51 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/ftp-proxy.8 2016-02-24 06:31:17.792565815 -0800 |
|
52 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/ftp-proxy.8 2016-02-24 21:29:33.789584296 -0800 |
|
53 @@ -23,7 +23,7 @@ |
|
54 .Sh SYNOPSIS |
|
55 .Nm |
|
56 .Bk -words |
|
57 -.Op Fl 6Adrv |
|
58 +.Op Fl A Cm on | off |
|
59 .Op Fl a Ar address |
|
60 .Op Fl b Ar address |
|
61 .Op Fl D Ar level |
|
62 @@ -31,8 +31,10 @@ |
|
63 .Op Fl P Ar port |
|
64 .Op Fl p Ar port |
|
65 .Op Fl R Ar address |
|
66 +.Op Fl r Cm on | off |
|
67 .Op Fl T Ar tag |
|
68 .Op Fl t Ar timeout |
|
69 +.Op Fl v Cm all | on | off |
|
70 .Ek |
|
71 .Sh DESCRIPTION |
|
72 .Nm |
|
73 @@ -83,6 +85,9 @@ |
|
74 .It Fl A |
|
75 Only permit anonymous FTP connections. |
|
76 Either user "ftp" or user "anonymous" is allowed. |
|
77 +Solaris Note: you need to specify |
|
78 +.Cm on | off |
|
79 +to enable/disable anonymous-only mode. |
|
80 .It Fl a Ar address |
|
81 The proxy will use this as the source address for the control |
|
82 connection to a server. |
|
83 @@ -93,9 +98,6 @@ |
|
84 Debug level, ranging from 0 to 7. |
|
85 Higher is more verbose. |
|
86 The default is 5. |
|
87 -.It Fl d |
|
88 -Do not daemonize. |
|
89 -The process will stay in the foreground, logging to standard error. |
|
90 .It Fl m Ar maxsessions |
|
91 Maximum number of concurrent FTP sessions. |
|
92 When the proxy reaches this limit, new connections are denied. |
|
93 @@ -118,6 +120,9 @@ |
|
94 .It Fl r |
|
95 Rewrite sourceport to 20 in active mode to suit ancient clients that insist |
|
96 on this RFC property. |
|
97 +Solaris Note: you need to specify |
|
98 +.Cm on | off |
|
99 +to enable/disable RFC compliant mode. |
|
100 .It Fl T Ar tag |
|
101 The filter rules will add tag |
|
102 .Ar tag |
|
103 @@ -147,6 +152,20 @@ |
|
104 .Sq log all |
|
105 flag. |
|
106 The pf rules do not log by default. |
|
107 +Solaris Note: the option is tri-state. |
|
108 +You need to specify one of the values below: |
|
109 +.Bl -tag -width "all" -offset 3n -compact |
|
110 +.It off |
|
111 +nothing is logged |
|
112 +.It on |
|
113 +log only packets, which create state for data session (equivalent to |
|
114 +.Fl v |
|
115 +on OpenBSD) |
|
116 +.It all |
|
117 +log all packets, which belong to data session (equivalent to |
|
118 +.Fl vv |
|
119 +on OpenBSD) |
|
120 +.El |
|
121 .El |
|
122 .Sh CONFIGURATION |
|
123 To make use of the proxy, |
|
124 @@ -156,10 +175,19 @@ |
|
125 last rule explicitly allowing FTP sessions from the proxy may not be |
|
126 necessary. |
|
127 .Bd -literal -offset 2n |
|
128 -anchor "ftp-proxy/*" |
|
129 +anchor "_auto/network:firewall:ftp-proxy:YOUR_INSTANCE_NAME/*" |
|
130 pass in quick inet proto tcp to port ftp rdr-to 127.0.0.1 port 8021 |
|
131 pass out inet proto tcp from (self) to any port ftp |
|
132 .Ed |
|
133 +.Sh SOLARIS |
|
134 +Solaris runs |
|
135 +.Nm |
|
136 +as a |
|
137 +.Xr smf 5 |
|
138 +service: |
|
139 +.Bd -literal -offset indent |
|
140 +svc:/network/firewall/ftp-proxy |
|
141 +.Ed |
|
142 .Pp |
|
143 To run |
|
144 .Nm |
|
145 @@ -168,8 +196,157 @@ |
|
146 svc:/network/socket-filter:pf_divert |
|
147 .Ed |
|
148 instance must be online in the global zone. |
|
149 +.Pp |
|
150 +The options described in DESCRIPTION section are set using smf properties. |
|
151 +Properties processed by |
|
152 +.Nm |
|
153 +enable |
|
154 +.Xr smf_method 5 |
|
155 +in order to configure the |
|
156 +.Nm |
|
157 +daemon are listed below. |
|
158 +.Bl -tag -width "ftp-proxy/always-use-ftp-data-port" -offset 3n -compact |
|
159 +.It ftp-proxy/anonymous-only |
|
160 +If set to |
|
161 +.Cm on |
|
162 +the proxy is started with the |
|
163 +.Fl A |
|
164 +option, which allows anonymous FTP logins only. |
|
165 +The value |
|
166 +.Cm off |
|
167 +is used as default. |
|
168 +.It ftp-proxy/proxy-NAT-address |
|
169 +This property sets the |
|
170 +.Fl a |
|
171 +option, the source IP address the proxy uses |
|
172 +to connect to a server. |
|
173 +.It ftp-proxy/proxy-listen-address |
|
174 +This property sets the |
|
175 +.Fl b |
|
176 +option, which is the address, where the proxy accepts a connection from |
|
177 +a client. |
|
178 +.It ftp-proxy/proxy-listen-port |
|
179 +This property sets the |
|
180 +.Fl p |
|
181 +option which is the port number, where the proxy accepts |
|
182 +a connection from a client. |
|
183 +.It ftp-proxy/debug-level |
|
184 +This property sets the |
|
185 +.Fl D |
|
186 +option, which is a debug level (0-7). |
|
187 +If not set, the default value 5 is used. |
|
188 +.It ftp-proxy/max-sessions |
|
189 +This property sets the |
|
190 +.Fl m |
|
191 +option, which is the maximum of concurrent FTP sessions served by |
|
192 +the proxy. |
|
193 +The valid range is from 1 to 500. |
|
194 +If not specified the value 100 is used by default. |
|
195 +.It ftp-proxy/reverse-mode-address |
|
196 +This property sets the |
|
197 +.Fl R |
|
198 +option. |
|
199 +It is the fixed server address, which is typically used to access |
|
200 +a FTP server behind NAT. |
|
201 +.It ftp-proxy/reverse-mode-port |
|
202 +This property sets the |
|
203 +.Fl P |
|
204 +option, which is the port number used by a FTP server behind NAT. |
|
205 +The default value is 21. |
|
206 +.It ftp-proxy/always-use-ftp-data-port |
|
207 +This property sets the |
|
208 +.Fl r |
|
209 +option, the value |
|
210 +.Cm off |
|
211 +is used as default. |
|
212 +If set to |
|
213 +.Cm on |
|
214 +the proxy will always use port 20 for active data connections. |
|
215 +.It ftp-proxy/tag |
|
216 +This property sets the |
|
217 +.Fl T |
|
218 +option, which tags data connection packets with the desired tag. |
|
219 +.It ftp-proxy/timeout |
|
220 +This property sets the |
|
221 +.Fl t |
|
222 +option, which specifies the number of seconds a FTP command session |
|
223 +may remain idle. |
|
224 +The maximum value is 86400 seconds (1 day). |
|
225 +.It ftp-proxy/log |
|
226 +This property sets the |
|
227 +.Fl v |
|
228 +option. |
|
229 +There are three possible values. |
|
230 +For |
|
231 +.Cm off , |
|
232 +no log action will be added to FTP data connection rules created |
|
233 +by the proxy. |
|
234 +The value |
|
235 +.Cm on |
|
236 +adds the log action. |
|
237 +Specifying the value |
|
238 +.Cm all |
|
239 +adds the |
|
240 +.Sq log all |
|
241 +action. |
|
242 +.El |
|
243 +.Pp |
|
244 +.Nm |
|
245 +on Solaris comes with two extra options, which make service configuration easier. |
|
246 +.Bl -tag -offset 3n -compact |
|
247 +.It Fl c Ar smf-instance |
|
248 +Shows/changes settings kept in |
|
249 +.Xr smf 5 |
|
250 +repository for the specified |
|
251 +.Ar smf-instance |
|
252 +of the |
|
253 +.Nm |
|
254 +service. |
|
255 +.It Fl C Ar smf-instance |
|
256 +Creates a new instance of the |
|
257 +.Nm |
|
258 +service and uses |
|
259 +.Ar smf-instance |
|
260 +for its name. |
|
261 +.El |
|
262 +.Pp |
|
263 +To tell proxy service to bind the listen socket to 192.168.1.2 address, |
|
264 +one has to use the command below: |
|
265 +.Bd -literal -offset indent |
|
266 +ftp-proxy -c default -b 192.168.1.2 |
|
267 +.Ed |
|
268 +.Pp |
|
269 +To create anonymous-only proxy listening to port 8821, bound to |
|
270 +192.168.1.2, one uses the command as follows: |
|
271 +.Bd -literal -offset indent |
|
272 +ftp-proxy -C anonymous -b 192.168.1.2 -p 8821 -A on |
|
273 +.Ed |
|
274 +.Pp |
|
275 +To switch the anonymous instance created above to the regular mode (disable |
|
276 +anonymous-only), one uses the command like this: |
|
277 +.Bd -literal -offset indent |
|
278 +ftp-proxy -c anonymous -A off |
|
279 +.Ed |
|
280 +.Pp |
|
281 +To display the anonymous instance configuration use the command as follows: |
|
282 +.Bd -literal -offset indent |
|
283 +ftp-proxy -c anonymous |
|
284 +.Ed |
|
285 +To manage the service, you need the |
|
286 +.Sy solaris.smf.manage.network.firewall |
|
287 +authorization. |
|
288 +To configure service instances, you need the |
|
289 +.Sy solaris.smf.value.network.firewall |
|
290 +authorization. |
|
291 +Both these authorizations are granted through the Network Firewall Management |
|
292 +profile. |
|
293 +To create new service instances, you need the |
|
294 +.Sy solaris.smf.modify |
|
295 +authorization. |
|
296 .Sh SEE ALSO |
|
297 -.Xr pf.conf 5 |
|
298 +.Xr pf.conf 5 , |
|
299 +.Xr smf 5 , |
|
300 +.Xr svccfg (1M) |
|
301 .Sh CAVEATS |
|
302 .Pp |
|
303 Negotiated data connection ports below 1024 are not allowed. |
|
304 @@ -177,3 +354,8 @@ |
|
305 The negotiated IP address for active modes is ignored for security |
|
306 reasons. |
|
307 This makes third party file transfers impossible. |
|
308 +.Pp |
|
309 +.Nm |
|
310 +runs as the |
|
311 +.Dq daemon |
|
312 +user. |
|
313 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/ftp-proxy.c ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/ftp-proxy.c |
|
314 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/ftp-proxy.c 2016-02-10 04:12:16.600723376 -0800 |
|
315 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/ftp-proxy.c 2016-02-24 06:58:52.001603474 -0800 |
|
316 @@ -46,6 +46,7 @@ |
|
317 #include <sys/random.h> |
|
318 #include <inttypes.h> |
|
319 #include <priv.h> |
|
320 +#include "smf-config.h" |
|
321 #endif /* _SOLARIS_ */ |
|
322 #include <syslog.h> |
|
323 #include <unistd.h> |
|
324 @@ -62,8 +63,10 @@ |
|
325 #define NTOP_BUFS 3 |
|
326 #define TCP_BACKLOG 10 |
|
327 |
|
328 +#ifndef _SOLARIS_ |
|
329 #define CHROOT_DIR "/var/empty" |
|
330 #define NOPRIV_USER "proxy" |
|
331 +#endif /* !_SOLARIS_ */ |
|
332 |
|
333 /* pfctl standard NAT range. */ |
|
334 #define PF_NAT_PROXY_PORT_LOW 50001 |
|
335 @@ -97,6 +100,28 @@ |
|
336 #define DIVERT_MODULE_NAME "pf_divertf" |
|
337 #endif /* _SOLARIS_ */ |
|
338 |
|
339 +#ifdef _SOLARIS_ |
|
340 +#define FTP_PROXY_GETOPTSTR "A:a:b:D:dm:P:p:R:r:T:t:v:c:C:X:" |
|
341 +#define SET_CFGFLAG(_set_, _f_) (_set_) |= (_f_) |
|
342 +#define SKIP_CHK(_x_) ((_x_) == NULL) |
|
343 + |
|
344 +#define DROP_PRIV(priv) \ |
|
345 + do { \ |
|
346 + if (priv_set(PRIV_OFF, PRIV_PERMITTED, (priv), \ |
|
347 + NULL) != 0) { \ |
|
348 + fprintf(stderr, \ |
|
349 + "Unable to drop privileges.\n"); \ |
|
350 + exit (-1); \ |
|
351 + } \ |
|
352 + } while (0) |
|
353 +#else /* !_SOLARIS_ */ |
|
354 +#define FTP_PROXY_GETOPTSTR "6Aa:b:D:dm:P:p:q:R:rT:t:v" |
|
355 +#define SET_CFGFLAG(_set_, _f_) |
|
356 +#define SKIP_CHK(_x_) (1) |
|
357 + |
|
358 +#define DROP_PRIV(priv) |
|
359 +#endif /* _SOLARIS_ */ |
|
360 + |
|
361 enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV }; |
|
362 |
|
363 struct session { |
|
364 @@ -127,7 +152,9 @@ |
|
365 int client_parse_anon(struct session *s); |
|
366 int client_parse_cmd(struct session *s); |
|
367 void client_read(struct bufferevent *, void *); |
|
368 +#ifndef _SOLARIS_ |
|
369 int drop_privs(void); |
|
370 +#endif /* !_SOLARIS_ */ |
|
371 void end_session(struct session *); |
|
372 void exit_daemon(void); |
|
373 int get_line(char *, size_t *); |
|
374 @@ -348,6 +375,7 @@ |
|
375 } while (read == buf_avail); |
|
376 } |
|
377 |
|
378 +#ifndef _SOLARIS_ |
|
379 int |
|
380 drop_privs(void) |
|
381 { |
|
382 @@ -363,9 +391,9 @@ |
|
383 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 || |
|
384 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) |
|
385 return (0); |
|
386 - |
|
387 return (1); |
|
388 } |
|
389 +#endif /* !_SOLARIS_ */ |
|
390 |
|
391 void |
|
392 end_session(struct session *s) |
|
393 @@ -561,9 +589,6 @@ |
|
394 logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id, |
|
395 sock_ntop(client_sa)); |
|
396 |
|
397 - /* |
|
398 - * Find out the real server and port that the client wanted. |
|
399 - */ |
|
400 len = sizeof(struct sockaddr_storage); |
|
401 if (getsockname(s->client_fd, server_sa, &len) < 0) { |
|
402 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id, |
|
403 @@ -770,6 +795,13 @@ |
|
404 struct event ev_sighup, ev_sigint, ev_sigterm; |
|
405 int ch, error, listenfd, on; |
|
406 const char *errstr; |
|
407 +#ifdef _SOLARIS_ |
|
408 + const char *smf_instance = NULL; |
|
409 + int smf_create = 0; |
|
410 + int cfg_flags = 0; |
|
411 +#endif /* _SOLARIS_ */ |
|
412 + |
|
413 + DROP_PRIV(PRIV_PROC_EXEC); |
|
414 |
|
415 /* Defaults. */ |
|
416 anonymous_only = 0; |
|
417 @@ -792,7 +824,8 @@ |
|
418 id_count = 1; |
|
419 session_count = 0; |
|
420 |
|
421 - while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) { |
|
422 + while ((ch = getopt(argc, argv, |
|
423 + FTP_PROXY_GETOPTSTR)) != -1) { |
|
424 switch (ch) { |
|
425 #ifndef _SOLARIS_ |
|
426 case '6': |
|
427 @@ -800,33 +833,49 @@ |
|
428 break; |
|
429 #endif /* !_SOLARIS_ */ |
|
430 case 'A': |
|
431 +#ifdef _SOLARIS_ |
|
432 + if (strcasecmp(optarg, "off") == 0) { |
|
433 + anonymous_only = 0; |
|
434 + } else { |
|
435 + anonymous_only = 1; |
|
436 + } |
|
437 +#else /* !_SOLARIS_ */ |
|
438 anonymous_only = 1; |
|
439 +#endif /* _SOLARIS_ */ |
|
440 + SET_CFGFLAG(cfg_flags, SMF_CFG_ANON_SET); |
|
441 break; |
|
442 case 'a': |
|
443 fixed_proxy = optarg; |
|
444 + SET_CFGFLAG(cfg_flags, SMF_CFG_FIXED_PROXY_SET); |
|
445 break; |
|
446 case 'b': |
|
447 listen_ip = optarg; |
|
448 + SET_CFGFLAG(cfg_flags, SMF_CFG_LISTEN_ADDR_SET); |
|
449 break; |
|
450 case 'D': |
|
451 loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG, |
|
452 &errstr); |
|
453 if (errstr) |
|
454 errx(1, "loglevel %s", errstr); |
|
455 + SET_CFGFLAG(cfg_flags, SMF_CFG_DEBUG_LEVEL_SET); |
|
456 break; |
|
457 case 'd': |
|
458 daemonize = 0; |
|
459 + DROP_PRIV(PRIV_PROC_FORK); |
|
460 break; |
|
461 case 'm': |
|
462 max_sessions = strtonum(optarg, 1, 500, &errstr); |
|
463 if (errstr) |
|
464 errx(1, "max sessions %s", errstr); |
|
465 + SET_CFGFLAG(cfg_flags, SMF_CFG_MAX_SESSION_SET); |
|
466 break; |
|
467 case 'P': |
|
468 fixed_server_port = optarg; |
|
469 + SET_CFGFLAG(cfg_flags, SMF_CFG_FIXED_SERVER_PORT_SET); |
|
470 break; |
|
471 case 'p': |
|
472 listen_port = optarg; |
|
473 + SET_CFGFLAG(cfg_flags, SMF_CFG_LISTEN_PORT_SET); |
|
474 break; |
|
475 #ifndef _SOLARIS_ |
|
476 case 'q': |
|
477 @@ -837,40 +886,83 @@ |
|
478 #endif /* !_SOLARIS_ */ |
|
479 case 'R': |
|
480 fixed_server = optarg; |
|
481 + SET_CFGFLAG(cfg_flags, SMF_CFG_FIXED_SERVER_SET); |
|
482 break; |
|
483 case 'r': |
|
484 +#ifdef _SOLARIS_ |
|
485 + if (strcasecmp(optarg, "off") == 0) { |
|
486 + rfc_mode = 0; |
|
487 + } else { |
|
488 + rfc_mode = 1; |
|
489 + } |
|
490 + SET_CFGFLAG(cfg_flags, SMF_CFG_RFC_MODE_SET); |
|
491 +#else /* !_SOLARIS_ */ |
|
492 rfc_mode = 1; |
|
493 +#endif /* _SOLARIS_ */ |
|
494 break; |
|
495 case 'T': |
|
496 if (strlen(optarg) >= PF_TAG_NAME_SIZE) |
|
497 errx(1, "tagname too long"); |
|
498 tagname = optarg; |
|
499 + SET_CFGFLAG(cfg_flags, SMF_CFG_TAG_SET); |
|
500 break; |
|
501 case 't': |
|
502 timeout = strtonum(optarg, 0, 86400, &errstr); |
|
503 if (errstr) |
|
504 errx(1, "timeout %s", errstr); |
|
505 + SET_CFGFLAG(cfg_flags, SMF_CFG_TIMEOUT_SET); |
|
506 break; |
|
507 case 'v': |
|
508 +#ifdef _SOLARIS_ |
|
509 + if (strcasecmp(optarg, "all") == 0) { |
|
510 + verbose = 2; |
|
511 + } else if (strcasecmp(optarg, "on") == 0) { |
|
512 + verbose = 1; |
|
513 + } else { |
|
514 + verbose = 0; |
|
515 + } |
|
516 + SET_CFGFLAG(cfg_flags, SMF_CFG_LOG_SET); |
|
517 +#else /* !_SOLARIS_ */ |
|
518 verbose++; |
|
519 if (verbose > 2) |
|
520 usage(); |
|
521 +#endif /* _SOLARIS_ */ |
|
522 + break; |
|
523 +#ifdef _SOLARIS_ |
|
524 + case 'C': |
|
525 + smf_create = 1; |
|
526 + /* FALLTHRU */ |
|
527 + case 'c': |
|
528 + smf_instance = optarg; |
|
529 + break; |
|
530 + case 'X': |
|
531 + FTP_PROXY_ANCHOR = optarg; |
|
532 break; |
|
533 +#endif /* _SOLARIS_ */ |
|
534 default: |
|
535 usage(); |
|
536 } |
|
537 } |
|
538 |
|
539 +#ifdef _SOLARIS_ |
|
540 + if ((FTP_PROXY_ANCHOR == NULL) && (smf_instance == NULL)) { |
|
541 + fprintf(stderr, "The ftp-proxy can be started only via SMF.\n"); |
|
542 + exit (-1); |
|
543 + } |
|
544 +#endif /* _SOLARIS_ */ |
|
545 + |
|
546 if (listen_ip == NULL) |
|
547 listen_ip = ipv6_mode ? "::1" : "127.0.0.1"; |
|
548 |
|
549 +#ifndef _SOLARIS_ |
|
550 /* Check for root to save the user from cryptic failure messages. */ |
|
551 if (getuid() != 0) |
|
552 errx(1, "needs to start as root"); |
|
553 +#endif /* !_SOLARIS_ */ |
|
554 |
|
555 /* Raise max. open files limit to satisfy max. sessions. */ |
|
556 rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10; |
|
557 - if (setrlimit(RLIMIT_NOFILE, &rlp) == -1) |
|
558 + if (SKIP_CHK(smf_instance) && (setrlimit(RLIMIT_NOFILE, &rlp) == -1)) |
|
559 err(1, "setrlimit"); |
|
560 |
|
561 if (fixed_proxy) { |
|
562 @@ -895,7 +987,12 @@ |
|
563 freeaddrinfo(res); |
|
564 } |
|
565 |
|
566 +#ifdef _SOLARIS_ |
|
567 + /* Steps not needed when we are just working with SMF. */ |
|
568 + if (fixed_server && (smf_instance == NULL)) { |
|
569 +#else /* !_SOLARIS_ */ |
|
570 if (fixed_server) { |
|
571 +#endif /* _SOLARIS_ */ |
|
572 memset(&hints, 0, sizeof hints); |
|
573 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET; |
|
574 hints.ai_socktype = SOCK_STREAM; |
|
575 @@ -917,6 +1014,61 @@ |
|
576 freeaddrinfo(res); |
|
577 } |
|
578 |
|
579 +#ifdef _SOLARIS_ |
|
580 + if (smf_instance != NULL) { |
|
581 + /* |
|
582 + * If we are creating new instance, we will use default |
|
583 + * values for properties. |
|
584 + */ |
|
585 + if (smf_create == 1) { |
|
586 + cfg_flags = -1; |
|
587 + } |
|
588 + |
|
589 + if (cfg_flags == 0) { |
|
590 + if (smf_print_ftpcfg(smf_instance) != 0) { |
|
591 + exit (-1); |
|
592 + } |
|
593 + exit(0); |
|
594 + } else { |
|
595 + smf_ftp_cfg.cfg_set = cfg_flags; |
|
596 + smf_ftp_cfg.cfg_anonymous_only = anonymous_only; |
|
597 + smf_ftp_cfg.cfg_listen_addr = SMF_COPY_STR(listen_ip); |
|
598 + smf_ftp_cfg.cfg_listen_port = strtonum(listen_port, 1, |
|
599 + 65535, NULL); |
|
600 + if (smf_ftp_cfg.cfg_listen_port == 0) { |
|
601 + fprintf(stderr, |
|
602 + "Invalid listen port specified.\n"); |
|
603 + exit (-1); |
|
604 + } |
|
605 + smf_ftp_cfg.cfg_debug_level = loglevel; |
|
606 + smf_ftp_cfg.cfg_max_sessions = max_sessions; |
|
607 + smf_ftp_cfg.cfg_fixed_server = |
|
608 + SMF_COPY_STR(fixed_server); |
|
609 + smf_ftp_cfg.cfg_fixed_server_port = strtonum( |
|
610 + fixed_server_port, 1, 65535, NULL); |
|
611 + if (smf_ftp_cfg.cfg_fixed_server_port == 0) { |
|
612 + fprintf(stderr, |
|
613 + "Invalid fixed server port specified.\n"); |
|
614 + exit (-1); |
|
615 + } |
|
616 + smf_ftp_cfg.cfg_rfc_mode = rfc_mode; |
|
617 + smf_ftp_cfg.cfg_tag = SMF_COPY_STR(tagname); |
|
618 + smf_ftp_cfg.cfg_timeout = timeout; |
|
619 + smf_ftp_cfg.cfg_log = verbose; |
|
620 + smf_ftp_cfg.cfg_fixed_proxy = SMF_COPY_STR(fixed_proxy); |
|
621 + if (smf_write_ftpcfg(smf_instance, smf_create) == -1) { |
|
622 + err(1, "...Giving up"); |
|
623 + } else { |
|
624 + printf("configuration for\n\t%s (%s:%s)\nhas been saved\n", |
|
625 + smf_instance, |
|
626 + BASE_FMRI, |
|
627 + smf_instance); |
|
628 + } |
|
629 + exit(0); |
|
630 + } |
|
631 + } |
|
632 +#endif /* _SOLARIS_ */ |
|
633 + |
|
634 /* Setup listener. */ |
|
635 memset(&hints, 0, sizeof hints); |
|
636 hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE; |
|
637 @@ -946,19 +1098,21 @@ |
|
638 |
|
639 /* Initialize pf. */ |
|
640 init_filter(qname, tagname, verbose); |
|
641 - |
|
642 if (daemonize) { |
|
643 if (daemon(0, 0) == -1) |
|
644 err(1, "cannot daemonize"); |
|
645 + DROP_PRIV(PRIV_PROC_FORK); |
|
646 openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON); |
|
647 } |
|
648 |
|
649 /* Use logmsg for output from here on. */ |
|
650 |
|
651 +#ifndef _SOLARIS_ |
|
652 if (!drop_privs()) { |
|
653 logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno)); |
|
654 exit(1); |
|
655 } |
|
656 +#endif /* !_SOLARIS_ */ |
|
657 |
|
658 event_init(); |
|
659 |
|
660 @@ -1327,9 +1481,16 @@ |
|
661 void |
|
662 usage(void) |
|
663 { |
|
664 +#ifdef _SOLARIS_ |
|
665 + fprintf(stderr, "usage: %s [-A on | off] [-a address] [-b address]" |
|
666 + " [{-c | -C} instance] [-D level] [-m maxsessions]\n [-P port]" |
|
667 + " [-p port] [-R address] [-r on | off] [-T tag]\n" |
|
668 + " [-t timeout] [-v all | on | off]\n", __progname); |
|
669 +#else /* !_SOLARIS_ */ |
|
670 fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]" |
|
671 " [-D level] [-m maxsessions]\n [-P port]" |
|
672 " [-p port] [-q queue] [-R address] [-T tag]\n" |
|
673 " [-t timeout]\n", __progname); |
|
674 +#endif /* _SOLARIS_ */ |
|
675 exit(1); |
|
676 } |
|
677 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/smf-config.c ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/smf-config.c |
|
678 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/smf-config.c 1969-12-31 16:00:00.000000000 -0800 |
|
679 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/smf-config.c 2016-02-24 08:45:36.636917450 -0800 |
|
680 @@ -0,0 +1,822 @@ |
|
681 +/* |
|
682 + * CDDL HEADER START |
|
683 + * |
|
684 + * The contents of this file are subject to the terms of the |
|
685 + * Common Development and Distribution License (the "License"). |
|
686 + * You may not use this file except in compliance with the License. |
|
687 + * |
|
688 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
689 + * or http://www.opensolaris.org/os/licensing. |
|
690 + * See the License for the specific language governing permissions |
|
691 + * and limitations under the License. |
|
692 + * |
|
693 + * When distributing Covered Code, include this CDDL HEADER in each |
|
694 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
695 + * If applicable, add the following below this CDDL HEADER, with the |
|
696 + * fields enclosed by brackets "[]" replaced with your own identifying |
|
697 + * information: Portions Copyright [yyyy] [name of copyright owner] |
|
698 + * |
|
699 + * CDDL HEADER END |
|
700 + * |
|
701 + */ |
|
702 + |
|
703 +/* |
|
704 + * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. |
|
705 + */ |
|
706 + |
|
707 +#include <string.h> |
|
708 +#include <strings.h> |
|
709 +#include <stdlib.h> |
|
710 +#include <err.h> |
|
711 +#include <stdarg.h> |
|
712 +#include <stdio.h> |
|
713 +#include <libscf.h> |
|
714 +#include <stddef.h> |
|
715 +#include <libscf_priv.h> |
|
716 + |
|
717 +#include "smf-config.h" |
|
718 + |
|
719 +/* #include <net/pfvar.h> */ |
|
720 + |
|
721 +#define FTP_PROXY_PG "ftp-proxy" |
|
722 +#define FTP_PROXY_PROP_VALUE_AUTH "value_authorization" |
|
723 +#define FTP_PROXY_PROP_ACTION_AUTH "action_authorization" |
|
724 +#define FTP_PROXY_VALUE_AUTH "solaris.smf.value.network.firewall" |
|
725 +#define FTP_PROXY_MANAGE_AUTH "solaris.smf.manage.network.firewall" |
|
726 + |
|
727 +/* |
|
728 + * CHKASCIIZ() |
|
729 + * Macro checks if _s_ is ASCIIZ (not NULL, not empty), if _s_ is not empty |
|
730 + * string, then _p_ is returned. |
|
731 + * |
|
732 + * Arguments: |
|
733 + * _s_ - ASCIIZ string to be tested |
|
734 + * _p_ - string to be returned when _s_ is not NULL or empty |
|
735 + * |
|
736 + * Returns: |
|
737 + * _p_ if _s_ is not NULL/empty, otherwise the empty string is returned. |
|
738 + */ |
|
739 +#define CHKASCIIZ(_s_, _p_) \ |
|
740 + ((((_s_) == NULL) || (_s_[0] == '\0')) ? "" : (_p_)) |
|
741 + |
|
742 +#define SKIP_PROP(_pv_) \ |
|
743 + ((strcmp((_pv_)->pv_prop, "action_authorization") == 0) || \ |
|
744 + (strcmp((_pv_)->pv_prop, "value_authorization") == 0)) |
|
745 + |
|
746 +#define STRIP_SVC(_x_) ((_x_) + (sizeof ("svc:/") - 1)) |
|
747 + |
|
748 +/* |
|
749 + * smf_ftp_cfg |
|
750 + * FTP proxy configuration container. |
|
751 + */ |
|
752 +smf_ftppx_cfg_t smf_ftp_cfg; |
|
753 + |
|
754 +#define SMF_OPT_OPTIONAL 0 |
|
755 +#define SMF_OPT_MANDATORY 1 |
|
756 +/* |
|
757 + * X-macro table. |
|
758 + * Columns are as follows: |
|
759 + * value key/index |
|
760 + * smf(5) property name name |
|
761 + * member in smf_ftppx_cfg_t structure |
|
762 + * function which converts ASCIIZ to member type in smf_ftppx_cfg_t |
|
763 + * function which converts member in smf_ftppx_cfg_t to ASCIIZ |
|
764 + * optional/mandatory status |
|
765 + * property type |
|
766 + */ |
|
767 +#define X_CFG_PROPS \ |
|
768 + X(SMF_ANON, "anonymous-only", cfg_anonymous_only, on_to_one, \ |
|
769 + one_to_on, SMF_OPT_OPTIONAL, SCF_TYPE_ASTRING) \ |
|
770 + X(SMF_FIXED_PROXY, "proxy-NAT-address", cfg_fixed_proxy, \ |
|
771 + nop_in, nop_out, SMF_OPT_MANDATORY, SCF_TYPE_ASTRING) \ |
|
772 + X(SMF_LISTEN_ADDR, "proxy-listen-address", cfg_listen_addr, \ |
|
773 + nop_in, nop_out, SMF_OPT_MANDATORY, SCF_TYPE_ASTRING) \ |
|
774 + X(SMF_LISTEN_PORT, "listen-port", cfg_listen_port, \ |
|
775 + int_in, int_out, SMF_OPT_OPTIONAL, SCF_TYPE_INTEGER) \ |
|
776 + X(SMF_DEBUG_LEVEL, "debug-level", cfg_debug_level, int_in, \ |
|
777 + int_out, SMF_OPT_OPTIONAL, SCF_TYPE_INTEGER) \ |
|
778 + X(SMF_MAX_SESSIONS, "maxsessions", cfg_max_sessions, \ |
|
779 + int_in, int_out, SMF_OPT_OPTIONAL, \ |
|
780 + SCF_TYPE_INTEGER) \ |
|
781 + X(SMF_RFC_MODE, "always-use-ftp-data-port", cfg_rfc_mode, \ |
|
782 + on_to_one, one_to_on, SMF_OPT_OPTIONAL, SCF_TYPE_ASTRING) \ |
|
783 + X(SMF_FIXED_SERVER_PORT, "reverse-mode-port", \ |
|
784 + cfg_fixed_server_port, int_in, int_out, SMF_OPT_OPTIONAL, \ |
|
785 + SCF_TYPE_INTEGER) \ |
|
786 + X(SMF_FIXED_SERVER, "reverse-mode-address", cfg_fixed_server, \ |
|
787 + nop_in, nop_out, SMF_OPT_OPTIONAL, SCF_TYPE_ASTRING) \ |
|
788 + X(SMF_TAG, "tag", cfg_tag, nop_in, nop_out, SMF_OPT_OPTIONAL, \ |
|
789 + SCF_TYPE_ASTRING) \ |
|
790 + X(SMF_TIMEOUT, "timeout", cfg_timeout, int_in, int_out, \ |
|
791 + SMF_OPT_OPTIONAL, SCF_TYPE_INTEGER) \ |
|
792 + X(SMF_LOG, "log", cfg_log, log_to_int, int_to_log, \ |
|
793 + SMF_OPT_OPTIONAL, SCF_TYPE_ASTRING) |
|
794 + |
|
795 +static void nop_in(void *, void *); |
|
796 +static void nop_out(void *, void *); |
|
797 +static void int_in(void *, void *); |
|
798 +static void int_out(void *, void *); |
|
799 +static void on_to_one(void *, void *); |
|
800 +static void one_to_on(void *, void *); |
|
801 +static void str_to_int(void *, void *); |
|
802 +static void int_to_str(void *, void *); |
|
803 +static void str_to_uint(void *, void *); |
|
804 +static void uint_to_str(void *, void *); |
|
805 +static void log_to_int(void *, void *); |
|
806 +static void int_to_log(void *, void *); |
|
807 + |
|
808 +/* |
|
809 + * smf_keys |
|
810 + * Keys (indexes) to `smf_propnames` dictionary. |
|
811 + */ |
|
812 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
813 + _type_) _const_, |
|
814 +enum smf_keys { |
|
815 + X_CFG_PROPS |
|
816 + SMF_CFG_PROP_COUNT |
|
817 +}; |
|
818 +#undef X |
|
819 + |
|
820 +/* |
|
821 + * smf_propnames |
|
822 + * It's an array (dictionary), which translates property code (SMF_*) to |
|
823 + * property value name found `ftp-proxy` property group. |
|
824 + */ |
|
825 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
826 + _type_) _propname_, |
|
827 +static const char *smf_propnames[] = { |
|
828 + X_CFG_PROPS |
|
829 + NULL |
|
830 +}; |
|
831 +#undef X |
|
832 + |
|
833 +/* |
|
834 + * smf_cfg_offsets |
|
835 + * Table of smf_ftppx_cfg_t members. |
|
836 + */ |
|
837 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
838 + _type_) offsetof(smf_ftppx_cfg_t, _decl_), |
|
839 +static size_t smf_cfg_offsets[] = { |
|
840 + X_CFG_PROPS |
|
841 + sizeof (smf_ftppx_cfg_t) |
|
842 +}; |
|
843 +#undef X |
|
844 + |
|
845 +typedef void(*conv_in_f)(void *, void *); |
|
846 +typedef void(*conv_out_f)(void *, void *); |
|
847 +/* |
|
848 + * smf_convert_in |
|
849 + * Table of conversion functions, which convert particular smf_ftppx_cfg_t |
|
850 + * member into ASCIIZ. |
|
851 + */ |
|
852 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
853 + _type_) _conv_in_, |
|
854 +static conv_in_f smf_conv_in[] = { |
|
855 + X_CFG_PROPS |
|
856 + NULL |
|
857 +}; |
|
858 +#undef X |
|
859 + |
|
860 +/* |
|
861 + * smf_conv_out |
|
862 + * Table of conversion functions, which convert ASCIIZ fetched from smf(5) |
|
863 + * repository to member of smf_ftppx_cfg_t structure. |
|
864 + */ |
|
865 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
866 + _type_) _conv_out_, |
|
867 +static conv_out_f smf_conv_out[] = { |
|
868 + X_CFG_PROPS |
|
869 + NULL |
|
870 +}; |
|
871 +#undef X |
|
872 + |
|
873 +/* |
|
874 + * smf_mandatory |
|
875 + * Table marks configuration parameters, which must be defined by admin, |
|
876 + * before the service is enabled for the first time. |
|
877 + */ |
|
878 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
879 + _type_) _mandatory_, |
|
880 +static int smf_mandatory[] = { |
|
881 + X_CFG_PROPS |
|
882 + 0 |
|
883 +}; |
|
884 +#undef X |
|
885 + |
|
886 +/* |
|
887 + * smf_type |
|
888 + * Table of types of SMF properties. |
|
889 + */ |
|
890 +#define X(_const_, _propname_, _decl_, _conv_in_, _conv_out_, _mandatory_, \ |
|
891 + _type_) _type_, |
|
892 +static int smf_type[] = { |
|
893 + X_CFG_PROPS |
|
894 + 0 |
|
895 +}; |
|
896 +#undef X |
|
897 + |
|
898 +/* |
|
899 + * ftp-proxy property group properties |
|
900 + * +1 for NULL termination. |
|
901 + * +1 for value_authorization |
|
902 + */ |
|
903 +static scf_propvec_t prop_vec[SMF_CFG_PROP_COUNT + 1 + 1]; |
|
904 + |
|
905 +/* |
|
906 + * general property group properties |
|
907 + * +1 for NULL termination. |
|
908 + * +2 for value_authorization/action_authorization |
|
909 + */ |
|
910 +static scf_propvec_t gen_prop_vec[1 + 2]; |
|
911 + |
|
912 +static int atexit_set = 0; |
|
913 + |
|
914 +/* |
|
915 + * Conversion routines from smf_ftp_cfg structure to prop_vec member and vice |
|
916 + * versa. |
|
917 + */ |
|
918 + |
|
919 +/* |
|
920 + * nop_in() |
|
921 + * Dummy conversion ASCIIZ to ASCIIZ, no allocation happens. Used when |
|
922 + * configuration is from smf(5). |
|
923 + */ |
|
924 +static void |
|
925 +nop_in(void *asciiz, void *result) |
|
926 +{ |
|
927 + *((char **)result) = asciiz; |
|
928 +} |
|
929 + |
|
930 +/* |
|
931 + * nop_out() |
|
932 + * Dummy conversion ASCIIZ to ASCIIZ, function allocates memory for result by |
|
933 + * strdup(3C). Used when configuration is written to smf(5) repository. |
|
934 + */ |
|
935 +static void |
|
936 +nop_out(void *asciiz, void *val) |
|
937 +{ |
|
938 + *((char **)asciiz) = strdup(*(char **)val); |
|
939 +} |
|
940 + |
|
941 +/* |
|
942 + * int_in() |
|
943 + * Dummy conversion of int64_t. No allocation happens. Used when reading |
|
944 + * values from smf. |
|
945 + */ |
|
946 +static void |
|
947 +int_in(void *in, void *out) { |
|
948 + *((int64_t *)out) = *((int64_t *)in); |
|
949 +} |
|
950 + |
|
951 +/* |
|
952 + * int_out() |
|
953 + * Dummy conversion of int64_t, storing into a newly allocated memory. |
|
954 + * Used when storing values to smf repository. |
|
955 + */ |
|
956 +static void |
|
957 +int_out(void *out, void *in) { |
|
958 + int64_t **out_ = (int64_t **)out; |
|
959 + |
|
960 + *out_ = malloc(sizeof (int64_t)); |
|
961 + if (*out_ != NULL) |
|
962 + **out_ = *((int64_t *)in); |
|
963 +} |
|
964 + |
|
965 +/* |
|
966 + * on_to_one() |
|
967 + * Function converts ASCIIZ value "on" to 1. Anything else yeilds a 0. Used to |
|
968 + * read configuration from smf(5). |
|
969 + */ |
|
970 +static void |
|
971 +on_to_one(void *asciiz, void *result) |
|
972 +{ |
|
973 + *((int *)result) = ((strcasecmp((char *)asciiz, "on") == 0) ? 1 : 0); |
|
974 +} |
|
975 + |
|
976 +/* |
|
977 + * one_to_on() |
|
978 + * Function converts 0 to ASCIIZ string "off", anything else than 0 yeilds to |
|
979 + * "on". Used when configuration ie being written to smf(5). Function also |
|
980 + * allocates memory for resulting string using strdup(3C). |
|
981 + */ |
|
982 +static void |
|
983 +one_to_on(void *asciiz, void *val) |
|
984 +{ |
|
985 + if (*((int *)val) == 0) { |
|
986 + *((char **)asciiz) = strdup("off"); |
|
987 + } else { |
|
988 + *((char **)asciiz) = strdup("on"); |
|
989 + } |
|
990 +} |
|
991 + |
|
992 +/* |
|
993 + * str_to_int() |
|
994 + * Function converts integer represented as ASCIIZ to int using atoi(3C). Used |
|
995 + * when configuration is read from smf(5). |
|
996 + */ |
|
997 +static void |
|
998 +str_to_int(void *asciiz, void *result) |
|
999 +{ |
|
1000 + *((int *)result) = atoi((char *)asciiz); |
|
1001 +} |
|
1002 + |
|
1003 +/* |
|
1004 + * int_to_str() |
|
1005 + * Function converts integer number to ASCIIZ using asprintf(3C). Used when |
|
1006 + * configuration is being stored to smf(5). Memory for results get allocated by |
|
1007 + * asprintf(3C). |
|
1008 + */ |
|
1009 +static void |
|
1010 +int_to_str(void *asciiz, void *val) |
|
1011 +{ |
|
1012 + (void) asprintf((char **)asciiz, "%d", *((int *)val)); |
|
1013 +} |
|
1014 + |
|
1015 +/* |
|
1016 + * str_to_uint() |
|
1017 + * Function converts unsigned integer represented as ASCIIZ to int using |
|
1018 + * atoi(3C). Used when configuration is being read from smf(5) repository. |
|
1019 + */ |
|
1020 +static void |
|
1021 +str_to_uint(void *asciiz, void *result) |
|
1022 +{ |
|
1023 + *((unsigned int *)result) = (unsigned int) atoi((char *)asciiz); |
|
1024 +} |
|
1025 + |
|
1026 +/* |
|
1027 + * uint_to_str() |
|
1028 + * Function converts unsigned integer to ASCIIZ using asprintf(3C). Used when |
|
1029 + * configuration is written to smf(5). Memory for result is allocated by |
|
1030 + * asprintf(3C). |
|
1031 + */ |
|
1032 +static void |
|
1033 +uint_to_str(void *asciiz, void *val) |
|
1034 +{ |
|
1035 + (void) asprintf((char **)asciiz, "%u", *((int *)val)); |
|
1036 +} |
|
1037 + |
|
1038 +/* |
|
1039 + * log_to_int() |
|
1040 + * Function encodes ASCIIZ value for log property to numeric code. String |
|
1041 + * "all" gets converted to 2, string "on" to 1, anything else yeilds to 0. |
|
1042 + * It's used when configuration is being read from smf(5) repository. |
|
1043 + */ |
|
1044 +static void |
|
1045 +log_to_int(void *asciiz, void *result) |
|
1046 +{ |
|
1047 + if (strcasecmp((char *)asciiz, "all") == 0) { |
|
1048 + *((int *)result) = 2; |
|
1049 + } else if (strcasecmp((char *)asciiz, "on") == 0) { |
|
1050 + *((int *)result) = 1; |
|
1051 + } else { |
|
1052 + *((int *)result) = 0; |
|
1053 + } |
|
1054 +} |
|
1055 + |
|
1056 +/* |
|
1057 + * int_to_log() |
|
1058 + * Function encodes value of log property to its numeric representation. 2 |
|
1059 + * gets encoded to "all", 1 results to "on", anything else results to off. |
|
1060 + * The memory for result is allocated by strdup(3C). |
|
1061 + */ |
|
1062 +static void |
|
1063 +int_to_log(void *asciiz, void *val) |
|
1064 +{ |
|
1065 + switch (*((int *)val)) { |
|
1066 + case 2: |
|
1067 + *((char **)asciiz) = strdup("all"); |
|
1068 + break; |
|
1069 + case 1: |
|
1070 + *((char **)asciiz) = strdup("on"); |
|
1071 + break; |
|
1072 + default: |
|
1073 + *((char **)asciiz) = strdup("off"); |
|
1074 + } |
|
1075 +} |
|
1076 + |
|
1077 +static void |
|
1078 +clear_prop_vec2(scf_propvec_t *prop_vec_ptr, int count) |
|
1079 +{ |
|
1080 + while (count--) { |
|
1081 + prop_vec_ptr->pv_prop = NULL; |
|
1082 + prop_vec_ptr->pv_desc = NULL; |
|
1083 + prop_vec_ptr->pv_type = 0; |
|
1084 + prop_vec_ptr->pv_aux = 0; |
|
1085 + prop_vec_ptr->pv_mval = 0; |
|
1086 + |
|
1087 + if (prop_vec_ptr->pv_ptr != NULL) { |
|
1088 + free(prop_vec_ptr->pv_ptr); |
|
1089 + prop_vec_ptr->pv_ptr = NULL; |
|
1090 + } |
|
1091 + |
|
1092 + prop_vec_ptr++; |
|
1093 + } |
|
1094 +} |
|
1095 + |
|
1096 +/* |
|
1097 + * clear_prop_vec() |
|
1098 + * Function clears global variables `prop_vec` and `gen_prop_vec`, |
|
1099 + * which are vectors of properties. |
|
1100 + */ |
|
1101 +static void |
|
1102 +clear_prop_vec() |
|
1103 +{ |
|
1104 + clear_prop_vec2(prop_vec, |
|
1105 + sizeof (prop_vec) / sizeof (scf_propvec_t)); |
|
1106 + clear_prop_vec2(gen_prop_vec, |
|
1107 + sizeof (gen_prop_vec) / sizeof (scf_propvec_t)); |
|
1108 +} |
|
1109 + |
|
1110 +/* |
|
1111 + * cfg_to_prop_vec() |
|
1112 + * Function converts smf_ftp_cfg global variable, which holds configuration |
|
1113 + * parsed from command line arguments, to prop_vec, which is a smf(5) friendly |
|
1114 + * representation of proxy configuration. |
|
1115 + * |
|
1116 + * Additionally, it populates gen_prop_vec to specify needed authorizations. |
|
1117 + * |
|
1118 + * Returns 0 on success, -1 on out of memory error. |
|
1119 + */ |
|
1120 +static int |
|
1121 +cfg_to_prop_vec(void) |
|
1122 +{ |
|
1123 + int cfg_bit = 1; |
|
1124 + int i; |
|
1125 + scf_propvec_t *prop_vec_ptr = prop_vec; |
|
1126 + conv_out_f conv_func; |
|
1127 + |
|
1128 + clear_prop_vec(); |
|
1129 + |
|
1130 + for (i = 0; i < SMF_CFG_PROP_COUNT; i++) { |
|
1131 + if ((smf_ftp_cfg.cfg_set & cfg_bit) != 0) { |
|
1132 + prop_vec_ptr->pv_prop = smf_propnames[i]; |
|
1133 + conv_func = smf_conv_out[i]; |
|
1134 + |
|
1135 + conv_func(&prop_vec_ptr->pv_ptr, |
|
1136 + ((char *)&smf_ftp_cfg + smf_cfg_offsets[i])); |
|
1137 + if (prop_vec_ptr->pv_ptr == NULL) |
|
1138 + return (-1); |
|
1139 + prop_vec_ptr->pv_type = smf_type[i]; |
|
1140 + prop_vec_ptr++; |
|
1141 + } |
|
1142 + cfg_bit = cfg_bit << 1; |
|
1143 + } |
|
1144 + prop_vec_ptr->pv_type = SCF_TYPE_ASTRING; |
|
1145 + prop_vec_ptr->pv_prop = FTP_PROXY_PROP_VALUE_AUTH; |
|
1146 + prop_vec_ptr->pv_ptr = strdup(FTP_PROXY_VALUE_AUTH); |
|
1147 + prop_vec_ptr++; |
|
1148 + |
|
1149 + gen_prop_vec[0].pv_type = SCF_TYPE_ASTRING; |
|
1150 + gen_prop_vec[0].pv_prop = FTP_PROXY_PROP_VALUE_AUTH; |
|
1151 + gen_prop_vec[0].pv_ptr = strdup(FTP_PROXY_MANAGE_AUTH); |
|
1152 + gen_prop_vec[1].pv_type = SCF_TYPE_ASTRING; |
|
1153 + gen_prop_vec[1].pv_prop = FTP_PROXY_PROP_ACTION_AUTH; |
|
1154 + gen_prop_vec[1].pv_ptr = strdup(FTP_PROXY_MANAGE_AUTH); |
|
1155 + |
|
1156 + return (0); |
|
1157 +} |
|
1158 + |
|
1159 +/* |
|
1160 + * prop_vec_to_cfg() |
|
1161 + * Converts global variable `prop_vec` to `smf_ftp_cfg` global variable, |
|
1162 + * which is understood by main(). |
|
1163 + */ |
|
1164 +static void |
|
1165 +prop_vec_to_cfg(void) |
|
1166 +{ |
|
1167 + int i; |
|
1168 + scf_propvec_t *prop_vec_ptr = prop_vec; |
|
1169 + conv_in_f conv_func; |
|
1170 + |
|
1171 + for (i = 0; i < SMF_CFG_PROP_COUNT; i++, prop_vec_ptr++) { |
|
1172 + if (SKIP_PROP(prop_vec_ptr)) { |
|
1173 + /* |
|
1174 + * We have `hidden` properties: action/value smf |
|
1175 + * authorization. Those two are not kept in |
|
1176 + * smf_ftp_cfg. |
|
1177 + * |
|
1178 + * So we must to skip to next property in vector |
|
1179 + * without letting for loop to advance its counter, so |
|
1180 + * we compensate here by doing `i--`. |
|
1181 + */ |
|
1182 + i--; |
|
1183 + continue; |
|
1184 + }; |
|
1185 + conv_func = smf_conv_in[i]; |
|
1186 + conv_func(prop_vec_ptr->pv_ptr, |
|
1187 + ((char *)&smf_ftp_cfg + smf_cfg_offsets[i])); |
|
1188 + } |
|
1189 +} |
|
1190 + |
|
1191 +/* |
|
1192 + * smf_print_ftpcfg() |
|
1193 + * Function loads ftpcfg from smf(5) repository and prints configuration to |
|
1194 + * standard output. We use `scf_simple_prop_get(3SCF)`. |
|
1195 + * |
|
1196 + * Returns 0 on success, -1 on error.. |
|
1197 + */ |
|
1198 +int |
|
1199 +smf_print_ftpcfg(const char *smf_instance) |
|
1200 +{ |
|
1201 + scf_simple_prop_t *prop; |
|
1202 + int i; |
|
1203 + scf_propvec_t *prop_vec_ptr = prop_vec; |
|
1204 + int cfg_incomplete = 0; |
|
1205 + char *fmri; |
|
1206 + |
|
1207 + if (atexit_set == 0) { |
|
1208 + atexit(clear_prop_vec); |
|
1209 + bzero(&smf_ftp_cfg, sizeof (smf_ftppx_cfg_t)); |
|
1210 + atexit_set = 1; |
|
1211 + } |
|
1212 + |
|
1213 + (void) asprintf(&fmri, "%s:%s", BASE_FMRI, smf_instance); |
|
1214 + if (fmri == NULL) { |
|
1215 + fprintf(stderr, "Out of memory.\n"); |
|
1216 + return (-1); |
|
1217 + } |
|
1218 + |
|
1219 + clear_prop_vec(); |
|
1220 + |
|
1221 + for (i = 0; i < SMF_CFG_PROP_COUNT; i++) { |
|
1222 + prop = scf_simple_prop_get(NULL, fmri, FTP_PROXY_PG, |
|
1223 + smf_propnames[i]); |
|
1224 + prop_vec_ptr->pv_prop = smf_propnames[i]; |
|
1225 + prop_vec_ptr->pv_type = scf_simple_prop_type(prop); |
|
1226 + if (prop_vec_ptr->pv_type == -1) { |
|
1227 + free(fmri); |
|
1228 + fprintf(stderr, "Failed to get property type.\n"); |
|
1229 + return (-1); |
|
1230 + } |
|
1231 + if (prop_vec_ptr->pv_type != smf_type[i]) { |
|
1232 + free(fmri); |
|
1233 + fprintf(stderr, "Property %s has unexpected type.\n", |
|
1234 + smf_propnames[i]); |
|
1235 + return (-1); |
|
1236 + } |
|
1237 + if (prop == NULL) { |
|
1238 + /* |
|
1239 + * Property not defined, so we create a kind of |
|
1240 + * 'placeholder' with empty value. |
|
1241 + * |
|
1242 + * calloc() works well for both astring and integer. |
|
1243 + */ |
|
1244 + prop_vec_ptr->pv_ptr = calloc(1, sizeof (int64_t)); |
|
1245 + cfg_incomplete |= smf_mandatory[i]; |
|
1246 + } else { |
|
1247 + if (smf_type[i] == SCF_TYPE_ASTRING) { |
|
1248 + char *propval; |
|
1249 + propval = scf_simple_prop_next_astring(prop); |
|
1250 + if (propval == NULL) { |
|
1251 + propval = ""; |
|
1252 + } |
|
1253 + prop_vec_ptr->pv_ptr = strdup(propval); |
|
1254 + |
|
1255 + if (propval[0] == 0) { |
|
1256 + cfg_incomplete |= smf_mandatory[i]; |
|
1257 + } |
|
1258 + } else { |
|
1259 + /* smf_type[i] == SCF_TYPE_INTEGER */ |
|
1260 + int64_t *propval; |
|
1261 + int64_t propval_; |
|
1262 + |
|
1263 + propval = scf_simple_prop_next_integer(prop); |
|
1264 + propval_ = (propval == NULL) ? (0) : (*propval); |
|
1265 + |
|
1266 + prop_vec_ptr->pv_ptr = malloc(sizeof (int64_t)); |
|
1267 + if (prop_vec_ptr->pv_ptr != NULL) { |
|
1268 + *((int64_t *)prop_vec_ptr->pv_ptr) = |
|
1269 + propval_; |
|
1270 + } |
|
1271 + if (propval_ == 0) { |
|
1272 + cfg_incomplete |= smf_mandatory[i]; |
|
1273 + } |
|
1274 + } |
|
1275 + scf_simple_prop_free(prop); |
|
1276 + } |
|
1277 + if (prop_vec_ptr->pv_ptr == NULL) { |
|
1278 + free(fmri); |
|
1279 + fprintf(stderr, "Out of memory.\n"); |
|
1280 + return (-1); |
|
1281 + } |
|
1282 + |
|
1283 + prop_vec_ptr++; |
|
1284 + } |
|
1285 + |
|
1286 + printf("PF FTP proxy configuration:\n"); |
|
1287 + |
|
1288 + prop_vec_ptr = prop_vec; |
|
1289 + for (i = 0; i < SMF_CFG_PROP_COUNT; i++) { |
|
1290 + if (smf_type[i] == SCF_TYPE_ASTRING) { |
|
1291 + const char *val = (const char *)prop_vec_ptr->pv_ptr; |
|
1292 + printf("\t- %s:\n\t\t%s\n", prop_vec_ptr->pv_prop, |
|
1293 + ((val[0] == '\0') ? "?? undefined ??" : val)); |
|
1294 + } else { |
|
1295 + /* smf_type[i] == SCF_TYPE_INTEGER */ |
|
1296 + int64_t val = *((int64_t *)prop_vec_ptr->pv_ptr); |
|
1297 + if (val == 0) { |
|
1298 + printf("\t- %s:\n\t\t%s\n", prop_vec_ptr->pv_prop, |
|
1299 + "?? undefined ??"); |
|
1300 + } else { |
|
1301 + printf("\t- %s:\n\t\t%d\n", prop_vec_ptr->pv_prop, |
|
1302 + (int)val); |
|
1303 + } |
|
1304 + } |
|
1305 + prop_vec_ptr++; |
|
1306 + } |
|
1307 + if (cfg_incomplete) { |
|
1308 + printf("\n\nConfiguration for %s is incomplete." |
|
1309 + " Service will not run.\n\n", fmri); |
|
1310 + } else { |
|
1311 + prop_vec_to_cfg(); |
|
1312 + printf( |
|
1313 + "\n\n%s service is being launched using cmd line below\n\n", |
|
1314 + fmri); |
|
1315 + printf("ftp-proxy " |
|
1316 + "%s -a %s -b %s -p " |
|
1317 + "%d -D %d -m %d -t %d %s %s %s %.d %s %s %s %s\n", |
|
1318 + ((smf_ftp_cfg.cfg_anonymous_only == 1) ? "-A on" : ""), |
|
1319 + smf_ftp_cfg.cfg_fixed_proxy, |
|
1320 + smf_ftp_cfg.cfg_listen_addr, |
|
1321 + (int)smf_ftp_cfg.cfg_listen_port, |
|
1322 + (int)smf_ftp_cfg.cfg_debug_level, |
|
1323 + (int)smf_ftp_cfg.cfg_max_sessions, |
|
1324 + (int)smf_ftp_cfg.cfg_timeout, |
|
1325 + CHKASCIIZ(smf_ftp_cfg.cfg_fixed_server, "-R"), |
|
1326 + CHKASCIIZ(smf_ftp_cfg.cfg_fixed_server, |
|
1327 + smf_ftp_cfg.cfg_fixed_server), |
|
1328 + (smf_ftp_cfg.cfg_fixed_server_port == 0) ? ("") : ("-P"), |
|
1329 + (int)smf_ftp_cfg.cfg_fixed_server_port, |
|
1330 + ((smf_ftp_cfg.cfg_rfc_mode != 0) ? "-r on" : ""), |
|
1331 + CHKASCIIZ(smf_ftp_cfg.cfg_tag, "-T"), |
|
1332 + CHKASCIIZ(smf_ftp_cfg.cfg_tag, smf_ftp_cfg.cfg_tag), |
|
1333 + ((smf_ftp_cfg.cfg_log == 2) ? "-vv" : |
|
1334 + ((smf_ftp_cfg.cfg_log == 1) ? "-v" : ""))); |
|
1335 + } |
|
1336 + |
|
1337 + free(fmri); |
|
1338 + |
|
1339 + return (0); |
|
1340 +} |
|
1341 + |
|
1342 +/* |
|
1343 + * smf_create_ftp_instance() |
|
1344 + * Function creates a new instance in smf(5) repository. |
|
1345 + */ |
|
1346 +static int |
|
1347 +smf_create_ftp_instance(const char *smf_instance) |
|
1348 +{ |
|
1349 + scf_handle_t *h_scf = NULL; |
|
1350 + scf_scope_t *scp_scf = NULL; |
|
1351 + scf_service_t *svc_scf = NULL; |
|
1352 + scf_instance_t *sin_scf = NULL; |
|
1353 + int rv = -1; |
|
1354 + |
|
1355 + h_scf = scf_handle_create(SCF_VERSION); |
|
1356 + if ((h_scf == NULL) || (scf_handle_bind(h_scf) == -1)) { |
|
1357 + (void) fprintf(stderr, "scf_handle_bind() failed - %s\n", |
|
1358 + scf_strerror(scf_error())); |
|
1359 + if (h_scf != NULL) { |
|
1360 + scf_handle_destroy(h_scf); |
|
1361 + } |
|
1362 + return (-1); |
|
1363 + } |
|
1364 + |
|
1365 + if ((scp_scf = scf_scope_create(h_scf)) == NULL) { |
|
1366 + (void) fprintf(stderr, "could not create scope - %s\n", |
|
1367 + scf_strerror(scf_error())); |
|
1368 + goto unbind; |
|
1369 + } |
|
1370 + |
|
1371 + if (scf_handle_get_local_scope(h_scf, scp_scf) != 0) { |
|
1372 + (void) fprintf(stderr, "could not get scope - %s\n", |
|
1373 + scf_strerror(scf_error())); |
|
1374 + goto scope_destroy; |
|
1375 + } |
|
1376 + |
|
1377 + if ((svc_scf = scf_service_create(h_scf)) == NULL) { |
|
1378 + (void) fprintf(stderr, "could not create service - %s\n", |
|
1379 + scf_strerror(scf_error())); |
|
1380 + goto scope_destroy; |
|
1381 + } |
|
1382 + |
|
1383 + if ((sin_scf = scf_instance_create(h_scf)) == NULL) { |
|
1384 + (void) fprintf(stderr, "could not get instance handle - %s\n", |
|
1385 + scf_strerror(scf_error())); |
|
1386 + goto service_destroy; |
|
1387 + } |
|
1388 + |
|
1389 + if (scf_scope_get_service(scp_scf, STRIP_SVC(BASE_FMRI), svc_scf) != |
|
1390 + SCF_SUCCESS) { |
|
1391 + (void) fprintf(stderr, "could not select service (%s)\n", |
|
1392 + scf_strerror(scf_error())); |
|
1393 + goto instance_destroy; |
|
1394 + } |
|
1395 + |
|
1396 + if (scf_service_add_instance(svc_scf, smf_instance, sin_scf) != 0) { |
|
1397 + (void) fprintf(stderr, "could not add %s instance - %s\n", |
|
1398 + smf_instance, scf_strerror(scf_error())); |
|
1399 + goto instance_destroy; |
|
1400 + } |
|
1401 + |
|
1402 + if (scf_instance_add_pg(sin_scf, "general", "framework", 0, |
|
1403 + NULL) != SCF_SUCCESS) { |
|
1404 + (void) fprintf(stderr, |
|
1405 + "could not create property group - %s\n", |
|
1406 + scf_strerror(scf_error())); |
|
1407 + goto instance_delete; |
|
1408 + } |
|
1409 + |
|
1410 + if (scf_instance_add_pg(sin_scf, FTP_PROXY_PG, "application", 0, |
|
1411 + NULL) != SCF_SUCCESS) { |
|
1412 + (void) fprintf(stderr, |
|
1413 + "could not create property group - %s\n", |
|
1414 + scf_strerror(scf_error())); |
|
1415 + goto instance_delete; |
|
1416 + } |
|
1417 + |
|
1418 + rv = 0; |
|
1419 + goto instance_destroy; |
|
1420 + |
|
1421 +instance_delete: |
|
1422 + if (scf_instance_delete(sin_scf) != 0) { |
|
1423 + fprintf(stderr, "Can't delete the newly created instance:"); |
|
1424 + fprintf(stderr, "\t%s\n", scf_strerror(scf_error())); |
|
1425 + } |
|
1426 +instance_destroy: |
|
1427 + scf_instance_destroy(sin_scf); |
|
1428 +service_destroy: |
|
1429 + scf_service_destroy(svc_scf); |
|
1430 +scope_destroy: |
|
1431 + scf_scope_destroy(scp_scf); |
|
1432 +unbind: |
|
1433 + scf_handle_unbind(h_scf); |
|
1434 + scf_handle_destroy(h_scf); |
|
1435 + |
|
1436 + return (rv); |
|
1437 +} |
|
1438 + |
|
1439 +/* |
|
1440 + * smf_write_ftpcfg() |
|
1441 + * Function writes proxy configuration to smf(5) repostiory. |
|
1442 + */ |
|
1443 +int |
|
1444 +smf_write_ftpcfg(const char *smf_instance, int create) |
|
1445 +{ |
|
1446 + int i; |
|
1447 + scf_propvec_t |
|
1448 + *bad_prop_vec = NULL; |
|
1449 + char *fmri; |
|
1450 + |
|
1451 + if (atexit_set == 0) { |
|
1452 + atexit(clear_prop_vec); |
|
1453 + bzero(prop_vec, sizeof (prop_vec)); |
|
1454 + atexit_set = 1; |
|
1455 + } |
|
1456 + |
|
1457 + if (cfg_to_prop_vec() != 0) { |
|
1458 + fprintf(stderr, "Out of memory.\n"); |
|
1459 + return (-1); |
|
1460 + } |
|
1461 + |
|
1462 + (void) asprintf(&fmri, "%s:%s", BASE_FMRI, smf_instance); |
|
1463 + if (fmri == NULL) { |
|
1464 + fprintf(stderr, "Out of memory.\n"); |
|
1465 + return (-1); |
|
1466 + } |
|
1467 + |
|
1468 + if (create) { |
|
1469 + if (smf_create_ftp_instance(smf_instance) != 0) { |
|
1470 + free(fmri); |
|
1471 + return (-1); |
|
1472 + } |
|
1473 + } |
|
1474 + |
|
1475 + if (create && (scf_write_propvec(fmri, "general", gen_prop_vec, |
|
1476 + &bad_prop_vec) != SCF_SUCCESS)) { |
|
1477 + fprintf(stderr, "Can't update %s configuration:", fmri); |
|
1478 + fprintf(stderr, "\t%s\n", scf_strerror(scf_error())); |
|
1479 + if (bad_prop_vec != NULL) { |
|
1480 + fprintf(stderr, "Could not set %s\n", |
|
1481 + bad_prop_vec->pv_prop); |
|
1482 + } |
|
1483 + free(fmri); |
|
1484 + exit(1); |
|
1485 + } |
|
1486 + |
|
1487 + bad_prop_vec = NULL; |
|
1488 + if (scf_write_propvec(fmri, FTP_PROXY_PG, prop_vec, &bad_prop_vec) |
|
1489 + != SCF_SUCCESS) { |
|
1490 + fprintf(stderr, "Can't update %s configuration:", fmri); |
|
1491 + fprintf(stderr, "\t%s\n", scf_strerror(scf_error())); |
|
1492 + if (bad_prop_vec != NULL) { |
|
1493 + fprintf(stderr, "Could not set %s\n", |
|
1494 + bad_prop_vec->pv_prop); |
|
1495 + } |
|
1496 + free(fmri); |
|
1497 + exit(1); |
|
1498 + } |
|
1499 + |
|
1500 + free(fmri); |
|
1501 + return (0); |
|
1502 +} |
|
1503 diff -Naur ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/smf-config.h ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/smf-config.h |
|
1504 --- ftp-proxy-OPENBSD_5_5-OPENBSD_5_5.pre-smf/smf-config.h 1969-12-31 16:00:00.000000000 -0800 |
|
1505 +++ ftp-proxy-OPENBSD_5_5-OPENBSD_5_5/smf-config.h 2016-02-19 06:43:15.097134373 -0800 |
|
1506 @@ -0,0 +1,77 @@ |
|
1507 +/* |
|
1508 + * CDDL HEADER START |
|
1509 + * |
|
1510 + * The contents of this file are subject to the terms of the |
|
1511 + * Common Development and Distribution License (the "License"). |
|
1512 + * You may not use this file except in compliance with the License. |
|
1513 + * |
|
1514 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
1515 + * or http://www.opensolaris.org/os/licensing. |
|
1516 + * See the License for the specific language governing permissions |
|
1517 + * and limitations under the License. |
|
1518 + * |
|
1519 + * When distributing Covered Code, include this CDDL HEADER in each |
|
1520 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
1521 + * If applicable, add the following below this CDDL HEADER, with the |
|
1522 + * fields enclosed by brackets "[]" replaced with your own identifying |
|
1523 + * information: Portions Copyright [yyyy] [name of copyright owner] |
|
1524 + * |
|
1525 + * CDDL HEADER END |
|
1526 + * |
|
1527 + */ |
|
1528 + |
|
1529 +/* |
|
1530 + * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. |
|
1531 + */ |
|
1532 + |
|
1533 +#ifndef _SMF_CONFIG_H_ |
|
1534 +#define _SMF_CONFIG_H_ |
|
1535 + |
|
1536 +#include <string.h> |
|
1537 + |
|
1538 +#define BASE_FMRI "svc:/network/firewall/ftp-proxy" |
|
1539 +#define DEFAULT_INSTANCE "default" |
|
1540 + |
|
1541 +#define SMF_CFG_ANON_SET 0x00000001 |
|
1542 +#define SMF_CFG_FIXED_PROXY_SET 0x00000002 |
|
1543 +#define SMF_CFG_LISTEN_ADDR_SET 0x00000004 |
|
1544 +#define SMF_CFG_LISTEN_PORT_SET 0x00000008 |
|
1545 +#define SMF_CFG_DEBUG_LEVEL_SET 0x00000010 |
|
1546 +#define SMF_CFG_MAX_SESSION_SET 0x00000020 |
|
1547 +#define SMF_CFG_RFC_MODE_SET 0x00000040 |
|
1548 +#define SMF_CFG_FIXED_SERVER_PORT_SET \ |
|
1549 + 0x00000080 |
|
1550 +#define SMF_CFG_FIXED_SERVER_SET \ |
|
1551 + 0x00000100 |
|
1552 +#define SMF_CFG_TAG_SET 0x00000200 |
|
1553 +#define SMF_CFG_TIMEOUT_SET 0x00000400 |
|
1554 +#define SMF_CFG_LOG_SET 0x00000800 |
|
1555 + |
|
1556 +#define SMF_CFG_LOG_OFF 0 |
|
1557 +#define SMF_CFG_LOG_ON 1 |
|
1558 +#define SMF_CFG_LOG_ALL 2 |
|
1559 + |
|
1560 +#define SMF_COPY_STR(_x_) (((_x_) == NULL) ? strdup("") : strdup((_x_))) |
|
1561 + |
|
1562 +typedef struct smf_ftppx_cfg { |
|
1563 + unsigned int cfg_set; /* SMF_CFG_*_SET bit field */ |
|
1564 + int cfg_anonymous_only; |
|
1565 + char *cfg_fixed_proxy; |
|
1566 + char *cfg_listen_addr; |
|
1567 + int64_t cfg_listen_port; |
|
1568 + int64_t cfg_debug_level; |
|
1569 + int64_t cfg_max_sessions; |
|
1570 + char *cfg_fixed_server; |
|
1571 + int64_t cfg_fixed_server_port; |
|
1572 + int cfg_rfc_mode; |
|
1573 + char *cfg_tag; |
|
1574 + int64_t cfg_timeout; |
|
1575 + int cfg_log; |
|
1576 +} smf_ftppx_cfg_t; |
|
1577 + |
|
1578 +extern smf_ftppx_cfg_t smf_ftp_cfg; |
|
1579 + |
|
1580 +extern int smf_print_ftpcfg(const char *); |
|
1581 +extern int smf_write_ftpcfg(const char *, int); |
|
1582 + |
|
1583 +#endif /* !_SMF_CONFIG_H_ */ |
|