Cross Reference: /freebsd-11.0-release/contrib/pf/authpf/authpf.c

Deleted Added

sdiff udiff text old ( 126355 ) new ( 127024 )

full compact

authpf.c (126355)	authpf.c (127024)
1/* $FreeBSD: head/contrib/pf/authpf/authpf.c 126355 2004-02-28 17:32:53Z mlaier $ */	1/* $FreeBSD: head/contrib/pf/authpf/authpf.c 127024 2004-03-15 13:41:17Z mlaier $ */
2/* $OpenBSD: authpf.c,v 1.68 2003/08/21 19:13:23 frantzen Exp $ / 3 4/ 5 * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org). 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 11 unchanged lines hidden (view full) --- 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28	2/* $OpenBSD: authpf.c,v 1.68 2003/08/21 19:13:23 frantzen Exp $ / 3 4/ 5 * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org). 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 11 unchanged lines hidden (view full) --- 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28
29#include <sys/types.h>	29#include <sys/param.h>
30#include <sys/file.h> 31#include <sys/ioctl.h> 32#include <sys/socket.h> 33#include <sys/time.h> 34 35#include <net/if.h> 36#include <net/pfvar.h> 37#include <arpa/inet.h> --- 7 unchanged lines hidden (view full) --- 45#include <string.h> 46#include <syslog.h> 47#include <unistd.h> 48 49#include <pfctl_parser.h> 50 51#include "pathnames.h" 52	30#include <sys/file.h> 31#include <sys/ioctl.h> 32#include <sys/socket.h> 33#include <sys/time.h> 34 35#include <net/if.h> 36#include <net/pfvar.h> 37#include <arpa/inet.h> --- 7 unchanged lines hidden (view full) --- 45#include <string.h> 46#include <syslog.h> 47#include <unistd.h> 48 49#include <pfctl_parser.h> 50 51#include "pathnames.h" 52
53#if defined(__FreeBSD__) 54#define __dead __volatile 55#endif
56extern int symset(const char , const char , int); 57 58static int read_config(FILE ); 59static void print_message(char ); 60static int allowed_luser(char ); 61static int check_luser(char , char ); 62static int remove_stale_rulesets(void); 63static int change_filter(int, const char , const char ); --- 8 unchanged lines hidden* (view full) --- 72char luser[MAXLOGNAME]; /* username / 73char ipsrc[256]; / ip as a string / 74char pidfile[MAXPATHLEN]; / we save pid in this file. / 75 76struct timeval Tstart, Tend; / start and end times of session */ 77 78volatile sig_atomic_t want_death; 79static void need_death(int signo);	53extern int symset(const char , const char , int); 54 55static int read_config(FILE ); 56static void print_message(char ); 57static int allowed_luser(char ); 58static int check_luser(char , char ); 59static int remove_stale_rulesets(void); 60static int change_filter(int, const char , const char ); --- 8 unchanged lines hidden* (view full) --- 69char luser[MAXLOGNAME]; /* username / 70char ipsrc[256]; / ip as a string / 71char pidfile[MAXPATHLEN]; / we save pid in this file. / 72 73struct timeval Tstart, Tend; / start and end times of session */ 74 75volatile sig_atomic_t want_death; 76static void need_death(int signo);
	77#ifdef __FreeBSD__ 78static __dead2 void do_death(int); 79#else
80static __dead void do_death(int);	80static __dead void do_death(int);
	81#endif
81 82/* 83 * User shell for authenticating gateways. Sole purpose is to allow 84 * a user to ssh to a gateway, and have the gateway modify packet 85 * filters to allow access, then remove access when the user finishes 86 * up. Meant to be used only from ssh(1) connections. 87 / 88int --- 195 unchanged lines hidden* (view full) --- 284 printf("\r\n\r\nSorry, this service is currently unavailable due to "); 285 printf("technical difficulties\r\n\r\n"); 286 print_message(PATH_PROBLEM); 287 printf("\r\nYour authentication process (pid %ld) was unable to run\n", 288 (long)getpid()); 289 sleep(180); /* them lusers read reaaaaal slow / 290die: 291* do_death(0);	82 83/* 84 * User shell for authenticating gateways. Sole purpose is to allow 85 * a user to ssh to a gateway, and have the gateway modify packet 86 * filters to allow access, then remove access when the user finishes 87 * up. Meant to be used only from ssh(1) connections. 88 / 89int --- 195 unchanged lines hidden* (view full) --- 285 printf("\r\n\r\nSorry, this service is currently unavailable due to "); 286 printf("technical difficulties\r\n\r\n"); 287 print_message(PATH_PROBLEM); 288 printf("\r\nYour authentication process (pid %ld) was unable to run\n", 289 (long)getpid()); 290 sleep(180); /* them lusers read reaaaaal slow / 291die: 292* do_death(0);
292#if defined(__FreeBSD__) 293 return 0; /* gcc hack to prevent warning / 294*#endif	293 294 /* NOTREACHED */
295} 296 297/* 298 * reads config file in PATH_CONFFILE to set optional behaviours up 299 / 300static int 301read_config(FILE f) 302{ --- 422 unchanged lines hidden (view full) --- 725need_death(int signo) 726{ 727 want_death = 1; 728} 729 730/* 731 * function that removes our stuff when we go away. 732 */	295} 296 297/* 298 * reads config file in PATH_CONFFILE to set optional behaviours up 299 / 300static int 301read_config(FILE f) 302{ --- 422 unchanged lines hidden (view full) --- 725need_death(int signo) 726{ 727 want_death = 1; 728} 729 730/* 731 * function that removes our stuff when we go away. 732 */
	733#ifdef __FreeBSD__ 734static __dead2 void 735#else
733static __dead void	736static __dead void
	737#endif
734do_death(int active) 735{ 736 int ret = 0; 737 738 if (active) { 739 change_filter(0, luser, ipsrc); 740 authpf_kill_states(); 741 remove_stale_rulesets(); --- 137 unchanged lines hidden ---	738do_death(int active) 739{ 740 int ret = 0; 741 742 if (active) { 743 change_filter(0, luser, ipsrc); 744 authpf_kill_states(); 745 remove_stale_rulesets(); --- 137 unchanged lines hidden ---