struct client {
int fd; /* The connection to the client */
selbuf b; /* Accumulate lines of input */
+ union addr raddr; /* Remote address */
struct query q; /* The clients query and our reply */
struct sel_timer t; /* Timeout for idle or doomed conn */
struct listen *l; /* Back to the listener (and ops) */
/* Format the message FMT and queue it to be sent to the client. Client
* input will be disabled until the write completes.
*/
-static void write_to_client(struct client *c, const char *fmt, ...)
+static void PRINTF_LIKE(2, 3)
+ write_to_client(struct client *c, const char *fmt, ...)
{
va_list ap;
char buf[WRBUFSZ];
struct policy upol = POLICY_INIT(A_LIMIT);
struct policy_file pf;
char buf[16];
- int i;
+ int i, t;
/* If the connection has closed, then tidy stuff away. */
c->q.s[L].port = c->q.s[R].port = 0;
skipws(&q); if (*q) goto bad;
/* Identify the connection. Act on the result. */
+ c->q.s[R].addr = c->raddr;
identify(&c->q);
switch (c->q.resp) {
*/
DRESET(&d);
dstr_putf(&d, "%s/.yaid.policy", pw->pw_dir);
- if (open_policy_file(&pf, d.buf, "user policy file", &c->q))
+ if (open_policy_file(&pf, d.buf, "user policy file", &c->q, OPF_NOENTOK))
continue;
- while (!read_policy_file(&pf)) {
+ while ((t = read_policy_file(&pf)) < T_ERROR) {
- /* Give up after 100 lines. If the user's policy is that complicated,
- * something's gone very wrong. Or there's too much commentary or
- * something.
+ /* Give up after 100 lines or if there's an error. If the user's
+ * policy is that complicated, something's gone very wrong. Or there's
+ * too much commentary or something.
*/
if (pf.lno > 100) {
logmsg(&c->q, LOG_ERR, "%s:%d: user policy file too long",
break;
}
+ /* If this was a blank line, just go around again. */
+ if (t != T_OK) continue;
+
/* If this isn't a match, go around for the next rule. */
if (!match_policy(&pf.p, &c->q)) continue;
c->q.ao = l->ao;
/* Collect the local and remote addresses. */
- l->ao->sockaddr_to_addr(&ssr, &c->q.s[R].addr);
+ l->ao->sockaddr_to_addr(&ssr, &c->raddr);
ssz = sizeof(ssl);
if (getsockname(sk, (struct sockaddr *)&ssl, &ssz)) {
logmsg(0, LOG_ERR,
}
/* Quit because of a fatal signal. */
-static void quit(int sig, void *p)
+static void NORETURN quit(int sig, void *p)
{
const char *signame = p;