*
*/
-#include "config.h"
+#include "secnet.h"
#include <stdio.h>
-#include <stdarg.h>
#include <string.h>
#include <errno.h>
-#include <syslog.h>
#include <unistd.h>
-#include <values.h>
+#include <limits.h>
#include <assert.h>
+#include <sys/wait.h>
#include "util.h"
-#include "secnet.h"
+#include "unaligned.h"
#define MIN_BUFFER_SIZE 64
#define DEFAULT_BUFFER_SIZE 4096
return i;
}
-bool_t subnet_match(struct subnet_list *list, uint32_t address)
+bool_t subnet_match(struct subnet *s, uint32_t address)
+{
+ return (s->prefix==(address&s->mask));
+}
+
+bool_t subnet_matches_list(struct subnet_list *list, uint32_t address)
{
uint32_t i;
for (i=0; i<list->entries; i++) {
return False;
}
+bool_t subnets_intersect(struct subnet a, struct subnet b)
+{
+ uint32_t mask=a.mask&b.mask;
+ return ((a.prefix&mask)==(b.prefix&mask));
+}
+
+bool_t subnet_intersects_with_list(struct subnet a, struct subnet_list *b)
+{
+ uint32_t i;
+
+ for (i=0; i<b->entries; i++) {
+ if (subnets_intersect(a,b->list[i])) return True;
+ }
+ return False;
+}
+
+bool_t subnet_lists_intersect(struct subnet_list *a, struct subnet_list *b)
+{
+ uint32_t i;
+ for (i=0; i<a->entries; i++) {
+ if (subnet_intersects_with_list(a->list[i],b)) return True;
+ }
+ return False;
+}
+
/* The string buffer must be at least 16 bytes long */
string_t ipaddr_to_string(uint32_t addr)
{
for (i=0; mask; i++) {
mask=(mask<<1);
}
- snprintf(s, 19, "%d.%d.%d.%d/%d", a, b, c, d, i);
+ if (i!=sn->len) {
+ fatal("subnet_to_string: invalid subnet structure!\n");
+ }
+ snprintf(s, 19, "%d.%d.%d.%d/%d", a, b, c, d, sn->len);
return s;
}
+int sys_cmd(const char *path, char *arg, ...)
+{
+ va_list ap;
+ int rv;
+ pid_t c;
+
+ va_start(ap,arg);
+ c=fork();
+ if (c) {
+ /* Parent -> wait for child */
+ waitpid(c,&rv,0);
+ } else if (c==0) {
+ char *args[100];
+ int i;
+ /* Child -> exec command */
+ args[0]=arg;
+ i=1;
+ while ((args[i++]=va_arg(ap,char *)));
+ execvp(path,args);
+ exit(1);
+ } else {
+ /* Error */
+ fatal_perror("sys_cmd(%s,%s,...)");
+ }
+
+ va_end(ap);
+ return rv;
+}
+
/* Take a list of log closures and merge them */
struct loglist {
struct log_if *l;
"PHASE_GETOPTS",
"PHASE_READCONFIG",
"PHASE_SETUP",
+ "PHASE_GETRESOURCES",
"PHASE_DROPPRIV",
"PHASE_RUN",
"PHASE_SHUTDOWN"
{
struct phase_hook *i;
- Message(M_DEBUG_PHASE,"entering %s... ", phases[new_phase]);
+ if (hooks[new_phase])
+ Message(M_DEBUG_PHASE,"Running hooks for %s...\n", phases[new_phase]);
current_phase=new_phase;
for (i=hooks[new_phase]; i; i=i->next)
i->fn(i->state, new_phase);
- Message(M_DEBUG_PHASE,"now in %s\n",phases[new_phase]);
+ Message(M_DEBUG_PHASE,"Now in %s\n",phases[new_phase]);
}
bool_t add_hook(uint32_t phase, hook_fn *fn, void *state)
uint16_t len;
len=strlen(s);
- *(uint16_t *)buf_append(buf,2)=htons(len);
+ buf_append_uint16(buf,len);
memcpy(buf_append(buf,len),s,len);
}
item_t *item;
dict_t *dict;
bool_t lockdown=False;
+ uint32_t len=DEFAULT_BUFFER_SIZE;
st=safe_malloc(sizeof(*st),"buffer_apply");
st->cl.description="buffer";
st->cl.type=CL_BUFFER;
st->cl.apply=NULL;
st->cl.interface=&st->ops;
- st->ops.free=True;
- st->ops.owner=NULL;
- st->ops.flags=0;
- st->ops.loc=loc;
- st->ops.size=0;
- st->ops.len=DEFAULT_BUFFER_SIZE;
- st->ops.start=NULL;
/* First argument, if present, is buffer length */
item=list_elem(args,0);
cfgfatal(st->ops.loc,"buffer","first parameter must be a "
"number (buffer size)\n");
}
- st->ops.len=item->data.number;
- if (st->ops.len<MIN_BUFFER_SIZE) {
+ len=item->data.number;
+ if (len<MIN_BUFFER_SIZE) {
cfgfatal(st->ops.loc,"buffer","ludicrously small buffer size\n");
}
- if (st->ops.len>MAX_BUFFER_SIZE) {
+ if (len>MAX_BUFFER_SIZE) {
cfgfatal(st->ops.loc,"buffer","ludicrously large buffer size\n");
}
}
False);
}
- st->ops.base=safe_malloc(st->ops.len,"buffer");
+ buffer_new(&st->ops,len);
if (lockdown) {
- Message(M_WARNING,"buffer: XXX lockdown\n");
+ /* XXX mlock the buffer if possible */
}
return new_closure(&st->cl);