## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.6 2003/11/25 14:08:23 mdw Exp $
+## $Id: Makefile.am,v 1.7 2003/11/29 20:36:07 mdw Exp $
##
## Makefile for fw
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.7 2003/11/29 20:36:07 mdw
+## Privileged outgoing connections.
+##
## Revision 1.6 2003/11/25 14:08:23 mdw
## Debianization. Socket target options. Internet binding.
##
inet.c un.c \
inet.h un.h \
\
- acl.c fattr.c identify.c \
- acl.h fattr.h identify.h rlimits.h
+ acl.c fattr.c identify.c privconn.c \
+ acl.h fattr.h identify.h privconn.h rlimits.h
##----- That's all, folks ---------------------------------------------------
/* -*-c-*-
*
- * $Id: addr.h,v 1.3 2003/11/25 14:08:23 mdw Exp $
+ * $Id: addr.h,v 1.4 2003/11/29 20:36:07 mdw Exp $
*
* Generic interface to network address handlers
*
/*----- Revision history --------------------------------------------------*
*
* $Log: addr.h,v $
+ * Revision 1.4 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.3 2003/11/25 14:08:23 mdw
* Debianization. Socket target options. Internet binding.
*
int (*option)(scanner */*sc*/, addr_opts */*ao*/, unsigned /*type*/);
+ /* --- @confirm@ --- *
+ *
+ * Arguments: @addr *a@ = pointer to an address structure
+ * @unsigned type@ = kind of address this is
+ * @addr_opts *ao@ = address options
+ *
+ * Returns: ---
+ *
+ * Use: Called during initialization when an address is fully
+ * configured.
+ */
+
+ void (*confirm)(addr */*a*/, unsigned /*type*/, addr_opts */*ao*/);
+
/* --- @freesrcopts@ --- *
*
* Arguments: @addr_opts *ao@ = data block to remove
* Debianization!
* Fix data corruption in chan.c.
-
- * Socket target option support. Currently there's just bind address.
-
+
* Support binding to specific addresses for inet sources and targets.
- -- Mark Wooding <mdw@nsict.org> Tue, 25 Nov 2003 14:07:42 +0000
+ * Require (or prevent) privileged incoming connections in ACLs.
+
+ * Privileged outgoing connections, if started as root, with privilege
+ separation if requested to drop privileges after initialization.
+
+ -- Mark Wooding <mdw@nsict.org> Sat, 29 Nov 2003 20:35:40 +0000
Source: fw
Section: net
Priority: extra
-Build-Depends: mlib-dev (>= 2.0.2), debhelper (>= 4.0.2)
+Build-Depends: mlib-dev (>= 2.0.3), debhelper (>= 4.0.2)
Maintainer: Mark Wooding <mdw@nsict.org>
Standards-Version: 3.1.1
/* -*-c-*-
*
- * $Id: exec.c,v 1.7 2003/01/24 20:12:26 mdw Exp $
+ * $Id: exec.c,v 1.8 2003/11/29 20:36:07 mdw Exp $
*
* Source and target for executable programs
*
/*----- Revision history --------------------------------------------------*
*
* $Log: exec.c,v $
+ * Revision 1.8 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.7 2003/01/24 20:12:26 mdw
* Correctly cast uid and gid sentinel values. Parse full filenames in
* exec arguments (can't do it for program, unfortunately, since the die is
target_ops xtarget_ops = {
"exec",
- xtarget_option, xtarget_read, xtarget_create, xtarget_destroy
+ xtarget_option, xtarget_read, 0, xtarget_create, xtarget_destroy
};
/*----- That's all, folks -------------------------------------------------*/
/* -*-c-*-
*
- * $Id: file.c,v 1.5 2002/02/22 23:43:32 mdw Exp $
+ * $Id: file.c,v 1.6 2003/11/29 20:36:07 mdw Exp $
*
* File source and target
*
/*----- Revision history --------------------------------------------------*
*
* $Log: file.c,v $
+ * Revision 1.6 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.5 2002/02/22 23:43:32 mdw
* Call @xfree@ rather than @free@.
*
target_ops ftarget_ops = {
"file",
- ftarget_option, ftarget_read, ftarget_create, ftarget_destroy
+ ftarget_option, ftarget_read, 0, ftarget_create, ftarget_destroy
};
/*----- That's all, folks -------------------------------------------------*/
.\" -*-nroff-*-
.\"
-.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $
+.\" $Id: fw.1,v 1.17 2003/11/29 20:36:07 mdw Exp $
.\"
.\" Manual page for fw
.\"
.\" ---- Revision history ---------------------------------------------------
.\"
.\" $Log: fw.1,v $
+.\" Revision 1.17 2003/11/29 20:36:07 mdw
+.\" Privileged outgoing connections.
+.\"
.\" Revision 1.16 2003/11/25 14:46:50 mdw
.\" Update docco for new options.
.\"
convenient. This option is useful if the destination is doing
host-based access control and your server is multi-homed.
.OE
+.OS "Socket options"
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
+.OD
+Make a privileged connection (i.e., from a low-numbered port) to the
+target. This only works if
+.B fw
+was started with root privileges. However, it still works if
+.B fw
+has
+.I dropped
+privileges after initialization (the
+.B \-s
+option). Before dropping privileges,
+.B fw
+forks off a separate process which continues to run with root
+privileges, and on demand passes sockets bound to privileged ports and
+connected to the appropriate peer back to the main program. The
+privileged child only passes back sockets connected to peer addresses
+named in the configuration; even if the
+.B fw
+process is compromised, it can't make privileged connections to other
+addresses. Note that because of this privilege separation, it's also
+not possible to reconfigure
+.B fw
+to make privileged connections to different peer addresses later. by
+changing configuration files and sending the daemon a
+.BR SIGHUP .
+.OE
.PP
The access control rules are examined in the order: local entries first,
then global ones, each in the order given in the configuration file.
.RB [ = ]
.BR any | \c
.I addr
+.br
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
.PP
.BR socket.unix.fattr. *
.
/* -*-c-*-
*
- * $Id: fw.c,v 1.15 2003/11/25 14:46:50 mdw Exp $
+ * $Id: fw.c,v 1.16 2003/11/29 20:36:07 mdw Exp $
*
* Port forwarding thingy
*
/*----- Revision history --------------------------------------------------*
*
* $Log: fw.c,v $
+ * Revision 1.16 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.15 2003/11/25 14:46:50 mdw
* Update docco for new options.
*
#include "fattr.h"
#include "file.h"
#include "fw.h"
+#include "privconn.h"
#include "scan.h"
#include "socket.h"
#include "source.h"
/* --- Combine the source and target --- */
s->ops->attach(s, sc, t);
+ if (t->ops->confirm)
+ t->ops->confirm(t);
}
/* --- Include configuration from a file --- *
socket.inet.source.[allow|deny] priv-port\n\
socket.inet.source.addr [=] any|ADDR\n\
socket.inet.dest.addr [=] any|ADDR\n\
+ socket.inet.dest.priv-port [=] yes|no\n\
\n\
socket.unix.fattr.*\n\
");
/* --- Drop privileges --- */
+ if (drop != (uid_t)-1)
+ privconn_split(sel);
#ifdef HAVE_SETGROUPS
if ((dropg != (gid_t)-1 && (setgid(dropg) || setgroups(1, &dropg))) ||
(drop != (uid_t)-1 && setuid(drop)))
socket.inet.source.[allow|deny] [host] ADDR [/ ADDR]
socket.inet.source.addr [=] any|ADDR
socket.inet.dest.addr [=] any|ADDR
+ oscket.inet.dest.priv-port [=] yes|no
socket.unix.source.fattr.*
/* -*-c-*-
*
- * $Id: identify.c,v 1.7 2002/02/22 23:43:32 mdw Exp $
+ * $Id: identify.c,v 1.8 2003/11/29 20:36:07 mdw Exp $
*
* Identifies and logs the client of a connection
*
/*----- Revision history --------------------------------------------------*
*
* $Log: identify.c,v $
+ * Revision 1.8 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.7 2002/02/22 23:43:32 mdw
* Call @xfree@ rather than @free@.
*
/* --- Report the final result --- */
- fw_log(i->when, "[%s] %s from %s@%s [%s]",
+ fw_log(i->when, "[%s] %s from %s@%s [%s:%u]",
i->q.desc, i->q.act,
- i->user, i->host, inet_ntoa(i->q.rsin.sin_addr));
+ i->user, i->host,
+ inet_ntoa(i->q.rsin.sin_addr), (unsigned)ntohs(i->q.rsin.sin_port));
/* --- Dispose of the block --- */
/* -*-c-*-
*
- * $Id: inet.c,v 1.5 2003/11/25 14:08:23 mdw Exp $
+ * $Id: inet.c,v 1.6 2003/11/29 20:36:07 mdw Exp $
*
* Protocol specific definitions for IPv4 sockets
*
/*----- Revision history --------------------------------------------------*
*
* $Log: inet.c,v $
+ * Revision 1.6 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.5 2003/11/25 14:08:23 mdw
* Debianization. Socket target options. Internet binding.
*
#include "fw.h"
#include "identify.h"
#include "inet.h"
+#include "privconn.h"
#include "reffd.h"
#include "scan.h"
#include "socket.h"
typedef struct inet_targopts {
inet_opts io;
+ int ipriv;
} inet_targopts;
+#define ADDRF_PRIVCONN 16u
+
static inet_srcopts inet_globalsrc =
{ { { 0 }, { INADDR_ANY } }, 0, &inet_globalsrc.acl };
static inet_targopts inet_globaltarg =
{
inet_targopts *io = CREATE(inet_targopts);
*io = inet_globaltarg;
+ io->ipriv = -1;
return (&io->io.ao);
}
if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "from") == 0)
token(sc);
- if (sc->t == CTOK_WORD && strcmp(sc->d.buf, "priv-port") == 0) {
+ if (sc->t == CTOK_WORD && (strcmp(sc->d.buf, "priv") == 0 ||
+ strcmp(sc->d.buf, "priv-port") == 0)) {
acl_addpriv(&io->acltail, act);
token(sc);
} else {
addropt(sc, &io->io);
CONF_ACCEPT;
}
+ if (strcmp(sc->d.buf, "priv") == 0 ||
+ strcmp(sc->d.buf, "priv-port") == 0) {
+ token(sc);
+ if (sc->t == '=') token(sc);
+ if (conf_enum(sc, "no,yes", ENUM_ABBREV, "privileged connection status"))
+ io->io.ao.f |= ADDRF_PRIVCONN;
+ else
+ io->io.ao.f &= ~ADDRF_PRIVCONN;
+ CONF_ACCEPT;
+ }
CONF_END;
}
CONF_END;
}
+/* --- @confirm@ --- */
+
+static void inet_confirm(addr *a, unsigned type, addr_opts *ao)
+{
+ inet_addrx *ia = (inet_addrx *)a;
+
+ switch (type) {
+ case ADDR_DEST: {
+ inet_targopts *io = (inet_targopts *)ao;
+ if ((io->io.ao.f & ADDRF_PRIVCONN) &&
+ (io->ipriv = privconn_adddest(ia->sin.sin_addr,
+ ia->sin.sin_port)) < 0)
+ die(1, "couldn't add privileged connection target (too late)");
+ } break;
+ }
+}
+
/* --- @freeopts@ --- */
static void inet_freesrcopts(addr_opts *ao)
inet_targopts *io = (inet_targopts *)ao;
int fd;
+ if (io->ipriv >= 0) {
+ return (privconn_connect(c, sel, io->ipriv, io->io.bind,
+ starget_connected, e));
+ }
if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0)
goto fail_0;
if (io->io.bind.s_addr != INADDR_ANY) {
addr_ops inet_ops = {
"inet",
inet_read, inet_destroy, inet_print,
- inet_initsrcopts, inet_option, inet_freesrcopts,
+ inet_initsrcopts, inet_option, inet_confirm, inet_freesrcopts,
inet_bind, 0, inet_accept,
inet_inittargopts, inet_freetargopts,
inet_connect
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: privconn.c,v 1.1 2003/11/29 20:36:07 mdw Exp $
+ *
+ * Making privileged connections
+ *
+ * (c) 2003 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of the `fw' port forwarder.
+ *
+ * `fw' is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * `fw' is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with `fw'; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: privconn.c,v $
+ * Revision 1.1 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <assert.h>
+#include <errno.h>
+#include <signal.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include <mLib/conn.h>
+#include <mLib/darray.h>
+#include <mLib/fdflags.h>
+#include <mLib/fdpass.h>
+#include <mLib/report.h>
+#include <mLib/sel.h>
+
+#include "privconn.h"
+
+/*----- Data structures ---------------------------------------------------*/
+
+typedef struct connrec {
+ struct in_addr peer;
+ unsigned port;
+} connrec;
+
+typedef struct connrq {
+ int i;
+ struct in_addr bind;
+} connrq;
+
+DA_DECL(connrec_v, connrec);
+
+/*----- Static variables --------------------------------------------------*/
+
+static connrec_v cv = DA_INIT;
+static conn *qhead = 0, **qtail = &qhead;
+static int kidfd = -1;
+static sel_file sf;
+
+/*----- Main code ---------------------------------------------------------*/
+
+/* --- @doconn@ --- *
+ *
+ * Arguments: @const connrq *rq@ = index of connection record
+ *
+ * Returns: Connected file descriptor, or @-1@.
+ *
+ * Use: Main privileged connection thing.
+ */
+
+static int doconn(const connrq *rq)
+{
+ struct sockaddr_in sin_bind;
+ struct sockaddr_in sin_peer;
+ int fd;
+ int i;
+ connrec *c;
+
+ /* --- Check the argument --- */
+
+ if (rq->i < 0 || rq->i >= DA_LEN(&cv)) {
+ errno = EINVAL;
+ goto fail_0;
+ }
+ c = &DA(&cv)[rq->i];
+
+ /* --- Make a new socket --- */
+
+ if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0)
+ goto fail_0;
+
+ /* --- Bind it to a low-numbered port --- */
+
+ memset(&sin_bind, 0, sizeof(sin_bind));
+ sin_bind.sin_family = AF_INET;
+ sin_bind.sin_addr = rq->bind;
+ for (i = 1023; i >= 512; i--) {
+ sin_bind.sin_port = htons(i);
+ if (!bind(fd, (struct sockaddr *)&sin_bind, sizeof(sin_bind)))
+ goto bound;
+ if (errno != EADDRINUSE)
+ goto fail_1;
+ }
+ goto fail_1;
+
+ /* --- Connect to the peer --- *
+ *
+ * We can find out whether it's connected later, so there's no need to
+ * distinguish these cases.
+ */
+
+bound:
+ memset(&sin_peer, 0, sizeof(sin_peer));
+ sin_peer.sin_family = AF_INET;
+ sin_peer.sin_addr = c->peer;
+ sin_peer.sin_port = c->port;
+ fdflags(fd, O_NONBLOCK, O_NONBLOCK, 0, 0);
+ if (connect(fd, (struct sockaddr *)&sin_peer, sizeof(sin_peer)) < 0 &&
+ errno != EINPROGRESS)
+ goto fail_1;
+ return (fd);
+
+ /* --- Tidy up on errors --- */
+
+fail_1:
+ close(fd);
+fail_0:
+ return (-1);
+}
+
+/* --- @dochild@ --- *
+ *
+ * Arguments: @int fd@ = my file descriptor
+ *
+ * Returns: Never.
+ *
+ * Use: Child process for making privileged connections, separated
+ * from main process after initialization.
+ */
+
+static void dochild(int fd)
+{
+ int i;
+ connrq rq;
+ int nfd;
+ ssize_t sz;
+#if defined(_SC_OPEN_MAX)
+ int maxfd = sysconf(_SC_OPEN_MAX);
+#elif defined(OPEN_MAX)
+ int maxfd = OPEN_MAX;
+#else
+ int maxfd = -1;
+#endif
+ struct sigaction sa;
+ struct sigaction sa_dfl;
+
+ /* --- Clear out unnecessary file descriptors --- */
+
+ if (maxfd < 0)
+ maxfd = 256;
+ for (i = 3; i < maxfd; i++)
+ if (i != fd) close(i);
+
+ /* --- Close off signal handlers --- */
+
+ sa_dfl.sa_handler = SIG_DFL;
+ sigemptyset(&sa_dfl.sa_mask);
+ sa_dfl.sa_flags = 0;
+ for (i = 0; i < 256; i++) {
+ if (sigaction(i, 0, &sa))
+ break;
+ if (sa.sa_handler != SIG_DFL && sa.sa_handler != SIG_IGN)
+ sigaction(i, &sa_dfl, 0);
+ }
+
+ /* --- Main loop --- */
+
+ for (;;) {
+ sz = read(fd, &rq, sizeof(rq));
+ if (!sz)
+ break;
+ if (sz < 0)
+ die(1, "read error in privconn child: %s", strerror(errno));
+ if ((nfd = doconn(&rq)) < 0)
+ goto err;
+ i = 0;
+ sz = fdpass_send(fd, nfd, &i, sizeof(i));
+ if (sz < 0)
+ goto err;
+ if (sz < sizeof(i))
+ die(1, "short write in privconn child");
+ continue;
+
+ err:
+ if (write(fd, &errno, sizeof(errno)) < 0)
+ die(1, "write error in privconn child: %s", strerror(errno));
+ }
+ _exit(0);
+}
+
+/* --- @dorecvfd@ --- *
+ *
+ * Arguments: @int fd@ = file descriptor (@== kidfd@)
+ * @unsigned mode@ = what's happening (@== SEL_READ@)
+ * @void *p@ = uninteresting (@== 0@)
+ *
+ * Returns: ---
+ *
+ * Use: Receives a file descriptor from the privileged part.
+ */
+
+void dorecvfd(int fd, unsigned mode, void *p)
+{
+ conn *c, *cc;
+ ssize_t n;
+ int e;
+
+ n = fdpass_recv(kidfd, &fd, &e, sizeof(e));
+ if (!n)
+ goto close;
+ assert(qhead);
+ c = qhead;
+ qhead = (conn *)c->writer.next;
+ if (!qhead) qtail = &qhead;
+ if (n < 0 || (errno = e) != 0)
+ goto fail;
+ if (fd == -1) {
+ errno = EIO;
+ goto fail;
+ }
+ conn_fd(c, c->writer.s, fd, c->func, c->p);
+ return;
+
+fail:
+ c->func(-1, c->p);
+ return;
+
+close:
+ close(kidfd);
+ kidfd = 0;
+ errno = EIO;
+ sel_rmfile(&sf);
+ for (c = qhead; c; c = cc) {
+ cc = (conn *)c->writer.next;
+ c->func(-1, c->p);
+ }
+ qhead = 0;
+ qtail = &qhead;
+ return;
+}
+
+/* --- @privconn_split@ --- *
+ *
+ * Arguments: @sel_state *s@ = select state
+ *
+ * Returns: ---
+ *
+ * Use: Splits off the privileged binding code into a separate
+ * process.
+ */
+
+void privconn_split(sel_state *s)
+{
+ pid_t kid;
+ int fd[2];
+
+ if (kidfd != -1)
+ return;
+ if (socketpair(PF_UNIX, SOCK_STREAM, 0, fd) < 0)
+ die(1, "couldn't create privconn socketpair: %s", strerror(errno));
+ kidfd = fd[0];
+ if ((kid = fork()) < 0)
+ die(1, "couldn't fork privconn child: %s", strerror(errno));
+ if (!kid) {
+ close(kidfd);
+ dochild(fd[1]);
+ _exit(127);
+ }
+ close(fd[1]);
+ fdflags(kidfd, 0, 0, FD_CLOEXEC, FD_CLOEXEC);
+ sel_initfile(s, &sf, kidfd, SEL_READ, dorecvfd, 0);
+ sel_addfile(&sf);
+}
+
+/* --- @privconn_adddest@ --- *
+ *
+ * Arguments: @struct in_addr peer@ = address to connect to
+ * @unsigned port@ = port to connect to
+ *
+ * Returns: Index for this destination address, or @-1@ if not
+ * available.
+ *
+ * Use: Adds a valid destination for a privileged connection.
+ */
+
+int privconn_adddest(struct in_addr peer, unsigned port)
+{
+ int i;
+ struct connrec *c;
+
+ if (kidfd != -1)
+ return (-1);
+ for (i = 0; i < DA_LEN(&cv); i++) {
+ c = &DA(&cv)[i];
+ if (peer.s_addr == c->peer.s_addr && port == c->port)
+ return (i);
+ }
+ DA_ENSURE(&cv, 1);
+ DA_EXTEND(&cv, 1);
+ c = &DA(&cv)[i];
+ c->peer = peer;
+ c->port = port;
+ return (i);
+}
+
+/* --- @privconn_connect@ --- *
+ *
+ * Arguments: @conn *c@ = connection structure to fill in
+ * @sel_state *s@ = pointer to select state to attach to
+ * @int i@ = address index to connect to
+ * @struct in_addr bind@ = address to bind to
+ * @void (*func)(int, void *)@ = function to call on connect
+ * @void *p@ = argument for the function
+ *
+ * Returns: Zero on success, @-1@ on failure.
+ *
+ * Use: Sets up a privileged connection job.
+ */
+
+int privconn_connect(conn *c, sel_state *s, int i, struct in_addr bind,
+ void (*func)(int, void *), void *p)
+{
+ int fd;
+ connrq rq;
+ ssize_t n;
+
+ rq.i = i;
+ rq.bind = bind;
+ if (kidfd == -1) {
+ if ((fd = doconn(&rq)) < 0)
+ return (-1);
+ conn_fd(c, s, fd, func, p);
+ return (0);
+ }
+
+ n = write(kidfd, &rq, sizeof(rq));
+ if (n < 0)
+ return (-1);
+ c->writer.fd = -1;
+ c->writer.s = s;
+ c->writer.next = 0;
+ c->func = func;
+ c->p = p;
+ *qtail = c;
+ qtail = (conn **)&c->writer.next;
+ return (0);
+}
+
+/*----- That's all, folks -------------------------------------------------*/
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: privconn.h,v 1.1 2003/11/29 20:36:07 mdw Exp $
+ *
+ * Making privileged connections
+ *
+ * (c) 2003 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of the `fw' port forwarder.
+ *
+ * `fw' is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * `fw' is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with `fw'; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: privconn.h,v $
+ * Revision 1.1 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
+ */
+
+#ifndef PRIVCONN_H
+#define PRIVCONN_H
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <arpa/inet.h>
+
+#include <mLib/conn.h>
+#include <mLib/sel.h>
+
+/*----- Functions provided ------------------------------------------------*/
+
+/* --- @privconn_split@ --- *
+ *
+ * Arguments: @sel_state *s@ = select state
+ *
+ * Returns: ---
+ *
+ * Use: Splits off the privileged binding code into a separate
+ * process.
+ */
+
+extern void privconn_split(sel_state */*s*/);
+
+/* --- @privconn_adddest@ --- *
+ *
+ * Arguments: @struct in_addr peer@ = address to connect to
+ * @unsigned port@ = port to connect to
+ *
+ * Returns: Index for this destination address, or @-1@ if not
+ * available.
+ *
+ * Use: Adds a valid destination for a privileged connection.
+ */
+
+extern int privconn_adddest(struct in_addr /*peer*/, unsigned /*port*/);
+
+/* --- @privconn_connect@ --- *
+ *
+ * Arguments: @conn *c@ = connection structure to fill in
+ * @sel_state *s@ = pointer to select state to attach to
+ * @int i@ = address index to connect to
+ * @struct in_addr bind@ = address to bind to
+ * @void (*func)(int, void *)@ = function to call on connect
+ * @void *p@ = argument for the function
+ *
+ * Returns: Zero on success, @-1@ on failure.
+ *
+ * Use: Sets up a privileged connection job.
+ */
+
+extern int privconn_connect(conn */*c*/, sel_state */*s*/,
+ int /*i*/, struct in_addr /*bind*/,
+ void (*/*func*/)(int, void *), void */*p*/);
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#ifdef __cplusplus
+ }
+#endif
+
+#endif
/* -*-c-*-
*
- * $Id: socket.c,v 1.10 2003/11/25 14:08:23 mdw Exp $
+ * $Id: socket.c,v 1.11 2003/11/29 20:36:07 mdw Exp $
*
* Socket source and target definitions
*
/*----- Revision history --------------------------------------------------*
*
* $Log: socket.c,v $
+ * Revision 1.11 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.10 2003/11/25 14:08:23 mdw
* Debianization. Socket target options. Internet binding.
*
dstr_destroy(&d);
}
+ /* --- Confirm the address --- */
+
+ if (ss->a->ops->confirm)
+ ss->a->ops->confirm(ss->a, ADDR_SRC, ss->ao);
+
/* --- Initialize the socket for listening --- */
if ((fd = ss->a->ops->bind(ss->a, ss->ao)) < 0)
return (&st->t);
}
-/* --- @create@ --- *
- *
- * Arguments: @target *t@ = pointer to target
- * @const char *desc@ = description of connection
- *
- * Returns: Pointer to a created endpoint.
- *
- * Use: Generates a target endpoint for communication.
- */
+/* --- @confirm@ --- */
+
+static void starget_confirm(target *t)
+{
+ starget *st = (starget *)t;
+
+ if (st->a->ops->confirm)
+ st->a->ops->confirm(st->a, ADDR_DEST, st->ao);
+}
+
+/* --- @create@ --- */
static endpt *starget_create(target *t, const char *desc)
{
target_ops starget_ops = {
"socket",
- starget_option, starget_read, starget_create, starget_destroy
+ starget_option, starget_read, starget_confirm,
+ starget_create, starget_destroy
};
/*----- That's all, folks -------------------------------------------------*/
/* -*-c-*-
*
- * $Id: target.h,v 1.2 2003/11/25 14:08:23 mdw Exp $
+ * $Id: target.h,v 1.3 2003/11/29 20:36:07 mdw Exp $
*
* Description of forwarding targets
*
/*----- Revision history --------------------------------------------------*
*
* $Log: target.h,v $
+ * Revision 1.3 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.2 2003/11/25 14:08:23 mdw
* Debianization. Socket target options. Internet binding.
*
target *(*read)(scanner */*sc*/);
+ /* --- @confirm@ --- *
+ *
+ * Arguments: @target *t@ = pointer to target
+ *
+ * Returns: ---
+ *
+ * Use: Confirms configuration of a target.
+ */
+
+ void (*confirm)(target */*t*/);
+
/* --- @create@ --- *
*
* Arguments: @target *t@ = pointer to target
/* -*-c-*-
*
- * $Id: un.c,v 1.6 2003/11/25 14:08:23 mdw Exp $
+ * $Id: un.c,v 1.7 2003/11/29 20:36:07 mdw Exp $
*
* Protocol specific definitions for Unix-domain sockets
*
/*----- Revision history --------------------------------------------------*
*
* $Log: un.c,v $
+ * Revision 1.7 2003/11/29 20:36:07 mdw
+ * Privileged outgoing connections.
+ *
* Revision 1.6 2003/11/25 14:08:23 mdw
* Debianization. Socket target options. Internet binding.
*
addr_ops un_ops = {
"unix",
un_read, un_destroy, un_print,
- un_initopts, un_option, un_freeopts, un_bind, un_unbind, un_accept,
+ un_initopts, un_option, 0, un_freeopts, un_bind, un_unbind, un_accept,
0, 0, un_connect
};