~ubuntu-branches/ubuntu/saucy/nut/saucy

« back to all changes in this revision

Viewing changes to server/access.c

Committer: Bazaar Package Importer
Author(s): Arnaud Quette
Date: 2004-05-28 13:10:01 UTC
mto: (16.1.1 squeeze)
mto: This revision was merged to the branch mainline in revision 3.
Revision ID: james.westby@ubuntu.com-20040528131001-yj2m9qcez4ya2w14

Tags: upstream-1.4.2

Import upstream version 1.4.2

files added:
MAINTAINERS

NEWS

UPGRADING

aclocal.m4

clients/libupsclient.a

clients/upsclient.c

clients/upsclient.h

clients/upsimagearg.h

clients/upslog.h

clients/upsrw.c

clients/upsstats.h

common/state.c

conf/upsstats-single.html

conf/upsstats.html

config.guess

config.sub

data

data/Makefile.in

data/cmdvartab

docs/README

docs/cables/apc.txt

docs/cables/ge-imv-victron.txt

docs/cables/imv.txt

docs/cables/mgeups.txt

docs/contact-closure.txt

docs/developers.txt

docs/driver.list

docs/new-drivers.txt

docs/new-names.txt

docs/osd-notify.txt

docs/powersaving.txt

docs/snmp.txt

docs/sock-protocol.txt

docs/ssl.txt

drivers

drivers/Makefile.drvbuild

drivers/Makefile.in

drivers/apccmib.h

drivers/apcsmart.c

drivers/apcsmart.h

drivers/bcmxcp.c

drivers/bcmxcp.h

drivers/belkin.c

drivers/belkin.h

drivers/bestfortress.c

drivers/bestuferrups.c

drivers/bestups.c

drivers/blazer.c

drivers/cyberpower.c

drivers/dstate.c

drivers/dstate.h

drivers/dummycons.c

drivers/energizerups.c

drivers/esupssmart.c

drivers/etapro.c

drivers/everups.c

drivers/fentonups.c

drivers/fentonups.h

drivers/ferrups.c

drivers/gendb

drivers/genericups.c

drivers/genericups.h

drivers/hid-usb.h

drivers/hidparser.c

drivers/hidparser.h

drivers/hidtypes.h

drivers/hidups.c

drivers/hidups.h

drivers/hp.c

drivers/ietfmib.h

drivers/isbmex.c

drivers/libhid.c

drivers/libhid.h

drivers/libusb.c

drivers/liebert.c

drivers/main.c

drivers/main.h

drivers/masterguard.c

drivers/mge-shut.c

drivers/mge-shut.h

drivers/mge-utalk.c

drivers/mge-utalk.h

drivers/mgehid.h

drivers/mgemib.h

drivers/microdowell.c

drivers/microdowell.h

drivers/newapc.c

drivers/newapc.h

drivers/newhidups

drivers/newhidups.c

drivers/newhidups.h

drivers/oneac.c

drivers/oneac.h

drivers/powercom.c

drivers/powercom.h

drivers/powernet.c

drivers/powernet.h

drivers/safenet.c

drivers/safenet.h

drivers/sec.c

drivers/sec.h

drivers/skel.c

drivers/sms.c

drivers/sms.h

drivers/snmp-ups.c

drivers/snmp-ups.h

drivers/tripplite.c

drivers/tripplitesu.c

drivers/upscommon.c

drivers/upsdrvctl.c

drivers/victronups.c

include/cmd-map-init.h

include/cmd-map.h

include/extstate.h

include/shared-tables-init.h

include/state.h

include/upshandler.h

include/var-map-init.h

include/var-map.h

man/bcmxcp.8

man/bestfortress.8

man/bestuferrups.8

man/cyberpower.8

man/dummycons.8

man/energizerups.8

man/etapro.8

man/everups.8

man/ferrups.8

man/genericups.8

man/hidups.8

man/hp.8

man/isbmex.8

man/liebert.8

man/masterguard.8

man/mge-shut.8

man/mge-utalk.8

man/microdowell.8

man/newhidups.8

man/oneac.8

man/powernet.8

man/safenet.8

man/sec.8

man/sms.8

man/snmp-ups.8

man/tripplite.8

man/tripplitesu.8

man/upscli_connect.3

man/upscli_disconnect.3

man/upscli_fd.3

man/upscli_get.3

man/upscli_getlist.3

man/upscli_getvar.3

man/upscli_list_next.3

man/upscli_list_start.3

man/upscli_readline.3

man/upscli_sendline.3

man/upscli_splitname.3

man/upscli_ssl.3

man/upscli_strerror.3

man/upscli_upserror.3

man/upsclient.3

man/upsrw.8

man/upsstats.html.5

man/victronups.8

scripts/HP-UX

scripts/HP-UX/Makefile

scripts/HP-UX/nut-drvctl

scripts/HP-UX/nut-drvctl.sh

scripts/HP-UX/nut-upsd

scripts/HP-UX/nut-upsd.sh

scripts/HP-UX/nut-upsmon

scripts/HP-UX/nut-upsmon.sh

scripts/RedHat

scripts/RedHat/README

scripts/RedHat/halt.patch

scripts/RedHat/ups

scripts/RedHat/upsd

scripts/RedHat/upsd.in

scripts/RedHat/upsmon

scripts/RedHat/upsmon.in

scripts/hotplug

scripts/hotplug/README

scripts/hotplug/libhid.usermap

scripts/hotplug/libhidups.in

scripts/misc/osd-notify

server/access.c

server/access.h

server/ctype.h

server/desc.c

server/desc.h

server/levels.h

server/neterr.h

server/netget.c

server/netinstcmd.c

server/netlist.c

server/netset.c

server/oldnet.c

server/sockdebug.c

server/ssl.c

server/ssl.h

server/sstate.c

server/sstate.h

server/upstype.h

server/user-data.h

files removed:
acconfig.h

clients/multimon.c

clients/multimon.h

clients/upsct.c

clients/upsct2.c

clients/upsfetch.c

clients/upsfetch.h

common/strlcat.c

conf/multimon.conf

docs/Changes.trust

docs/access.txt

docs/belkin.txt

docs/bestferrups801-807.txt

docs/cables/victron.txt

docs/driver-control.txt

docs/dummycons.txt

docs/dummyups.txt

docs/generic-ups.txt

docs/mge-ellipse.txt

docs/model-arguments.txt

docs/multilink.txt

docs/new-modules.txt

docs/powercom.txt

docs/tips.txt

docs/ups-trust425+625.txt

man/multimon.cgi.8

man/multimon.conf.5

man/newvictron.8

man/upsct.8

man/upsct2.8

models

models/Makefile.in

models/Makefile.modelbuild

models/aeg.c

models/apcsmart.c

models/apcsmart.h

models/belkin.c

models/belkin.h

models/bestferrups801-807.c

models/bestfort.c

models/bestuferrups.c

models/bestups.c

models/cyberpower.c

models/dummycons.c

models/dummyups.c

models/engetron.c

models/everups.c

models/fentonups.c

models/fentonups.h

models/genericups.c

models/genericups.h

models/genmb

models/hidups.c

models/hidups.h

models/hp.c

models/ipt-anzen.c

models/main.c

models/main.h

models/masterguard.c

models/mge-ellipse.c

models/mge-ellipse.h

models/mgeups.c

models/multilink.c

models/mustekups.c

models/mustekups.h

models/newapc.c

models/newapc.h

models/newpowercom.c

models/newpowercom.h

models/newvictron.c

models/optiups.c

models/powercom.c

models/powercom.h

models/sec.c

models/sec.h

models/skel.c

models/sms.c

models/sms.h

models/toshiba1500.c

models/tripplite.c

models/ups-trust425+625.c

models/ups-trust425+625.h

models/upscommon.c

models/upsdrvctl.c

models/upseyeux.c

models/upseyeux.h

models/victronups.c

packaging/RedHat/awkhaltprog

scripts/Debian

scripts/Debian/README

scripts/Debian/nut

scripts/FreeBSD

scripts/FreeBSD/upsd.sh.sample

scripts/RedHat-6.0

scripts/RedHat-6.0/README

scripts/RedHat-6.0/ups

scripts/RedHat-6.0/ups-config

scripts/RedHat-6.0/upsd.in

scripts/RedHat-6.0/upsmon.in

scripts/RedHat-6.0/upspowerdown

scripts/RedHat-6.0/upspowerdown.rh7

scripts/SuSE-7.1

scripts/SuSE-7.1/upsd

scripts/SuSE-7.1/upsmon

scripts/dld-6v0

scripts/dld-6v0/ups

scripts/misc/wait4power

server/statedebug.c

files modified:
CHANGES

CREDITS

INSTALL

Makefile.in

README

clients/Makefile.in

clients/cgilib.c

clients/cgilib.h

clients/status.h

clients/upsc.c

clients/upscmd.c

clients/upsimage.c

clients/upslog.c

clients/upsmon.c

clients/upsmon.h

clients/upssched.c

clients/upssched.h

clients/upsset.c

clients/upsstats.c

common/Makefile.in

common/common.c

common/parseconf.c

common/upsconf.c

conf/Makefile.in

conf/hosts.conf

conf/ups.conf

conf/upsd.conf

conf/upsd.users

conf/upsmon.conf

conf/upssched.conf

configure

configure.in

docs/FAQ

docs/big-servers.txt

docs/cables/sms.txt

docs/chroot.txt

docs/commands.txt

docs/config-files.txt

docs/configure.txt

docs/data-room.txt

docs/design.txt

docs/pager.txt

docs/protocol.txt

docs/shutdown.txt

docs/todo.txt

docs/upssched.txt

include/common.h

include/config.h.in

include/parseconf.h

include/proto.h

include/shared-tables.h

include/shared.h

include/upscommon.h

include/version.h

man/Makefile.in

man/apcsmart.8

man/belkin.8

man/bestups.8

man/fentonups.8

man/hosts.conf.5

man/newapc.8

man/nutupsdrv.8

man/powercom.8

man/ups.conf.5

man/upsc.8

man/upscmd.8

man/upsd.8

man/upsd.conf.5

man/upsd.users.5

man/upsdrvctl.8

man/upsimage.cgi.8

man/upslog.8

man/upsmon.8

man/upsmon.conf.5

man/upssched.8

man/upssched.conf.5

man/upsset.cgi.8

man/upsset.conf.5

man/upsstats.cgi.8

packaging/RedHat/nut.spec

packaging/RedHat/nut.spec.in

scripts/README

server/Makefile.in

server/conf.c

server/conf.h

server/netcmds.h

server/upsd.c

server/upsd.h

server/user.c

server/user.h

Show diffs side-by-side

added added

removed removed

server/access.c

/* access.c - functions for access control

This program is free software; you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation; either version 2 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include "common.h"

#include "access.h"

#include "levels.h"

struct acl_t *acl_head = NULL;

struct access_t *access_head = NULL;

/* see if <addr> matches the acl <aclname> */

int acl_check(const char *aclname, const struct sockaddr_in *addr)

{

struct acl_t *tmp;

int aclchk, addrchk;

tmp = acl_head;

while (tmp != NULL) {

if (!strcmp(tmp->name, aclname)) {

aclchk = tmp->addr & tmp->mask;

addrchk = ntohl(addr->sin_addr.s_addr) & tmp->mask;

if (aclchk == addrchk)

return 1; /* match */

}

tmp = tmp->next;

}

return 0; /* not found */

}

/* this is only used for simple stuff: MONITOR and BASE */

int access_check(const struct sockaddr_in *addr, int level)

{

struct access_t *tmp;

int ret;

/* check for insanity */

if (level > LEVEL_MONITOR) {

upslogx(LOG_ERR, "checkaccess called with level=%d", level);

return 0; /* failed */

}

tmp = access_head;

while (tmp != NULL) {

ret = acl_check(tmp->aclname, addr);

upsdebugx(3, "acl_check: %s: match %d, level %d (%d)",

tmp->aclname, ret, tmp->level, level);

/* if ip matches and access line provides the right level.. */

if ((ret == 1) && (tmp->level >= level)) {

if (tmp->action == ACTION_GRANT)

return 1; /* allowed */

upsdebugx(1, "access denied");

return 0;

} /* if (ip matches) && (level is provided) */

/* otherwise ip didn't match or the level was inadequate */

tmp = tmp->next;

}

/* default = deny */

return 0;

}

/* add to the master list of ACL names */

void acl_add(const char *aclname, char *ipblock)

{

struct acl_t *tmp, *last;

char *addr, *mask;

100

/* are we sane? */

101

if ((!aclname) || (!ipblock))

102

return;

103

104

/* ipblock must be in the form <addr>/<mask> */

105

106

mask = strchr(ipblock, '/');

107

108

/* 192.168.1.1/32: valid */

109

/* 192.168.1.1/255.255.255.255: valid */

110

/* 192.168.1.1: invalid */

111

112

if (!mask) /* no slash = broken acl declaration */

113

return;

114

115

*mask++ = '\0';

116

addr = ipblock;

117

118

tmp = last = acl_head;

119

120

while (tmp != NULL) { /* find end */

121

last = tmp;

122

tmp = tmp->next;

123

}

124

125

tmp = xmalloc(sizeof (struct acl_t));

126

tmp->name = xstrdup(aclname);

127

tmp->addr = ntohl(inet_addr(addr));

128

tmp->next = NULL;

129

130

if (strstr(mask, ".") == NULL) { /* must be a /nn CIDR type block */

131

if (atoi(mask) != 32)

132

tmp->mask = ((unsigned int) ((1 << atoi(mask)) - 1) <<

133

(32 - atoi(mask)));

134

else

135

tmp->mask = 0xffffffff; /* avoid overflow from 2^32 */

136

}

137

else

138

tmp->mask = ntohl(inet_addr (mask));

139

140

if (last == NULL) /* first */

141

acl_head = tmp;

142

else

143

last->next = tmp;

144

}

145

146

/* add to the access linked list */

147

void access_add(const char *action, const char *level, const char *aclname)

148

{

149

struct access_t *tmp, *last;

150

151

/* more sanity checking (null password is OK) */

152

if ((!action) || (!level) || (!aclname))

153

return;

154

155

tmp = last = access_head;

156

157

while (tmp != NULL) { /* find end */

158

last = tmp;

159

tmp = tmp->next;

160

}

161

162

tmp = xmalloc(sizeof(struct access_t));

163

tmp->action = 0;

164

tmp->level = 0;

165

166

if (!strcasecmp(action, "grant"))

167

tmp->action = ACTION_GRANT;

168

if (!strcasecmp(action, "deny"))

169

tmp->action = ACTION_DENY;

170

171

/* we don't do "drop" any more - convert to deny */

172

if (!strcasecmp(action, "drop")) {

173

upslogx(LOG_WARNING, "ACCESS action of 'drop' deprecated; change to 'deny'");

174

tmp->action = ACTION_DENY;

175

}

176

177

if (!strcasecmp(level, "base"))

178

tmp->level = LEVEL_BASE;

179

if (!strcasecmp(level, "monitor"))

180

tmp->level = LEVEL_MONITOR;

181

182

/* deprecated in 1.2, removed in 1.3 */

183

if ((!strcasecmp(level, "login")) ||

184

(!strcasecmp(level, "master"))) {

185

186

upslogx(LOG_WARNING, "LOGIN and MASTER no longer supported "

187

" in upsd.conf - switch to upsd.users");

188

189

/* give them something somewhat useful */

190

tmp->level = LEVEL_MONITOR;

191

}

192

193

/* deprecated in 1.0, removed in 1.1 */

194

if (!strcasecmp(level, "manager")) {

195

upslogx(LOG_WARNING, "ACCESS type manager no longer supported -"

196

" switch to upsd.users");

197

198

/* but don't leave them totally out in the cold */

199

tmp->level = LEVEL_MONITOR;

200

}

201

202

if (!strcasecmp(level, "all"))

203

tmp->level = LEVEL_ALL;

204

205

tmp->aclname = xstrdup(aclname);

206

tmp->next = NULL;

207

208

if (last == NULL) /* first */

209

access_head = tmp;

210

else

211

last->next = tmp;

212

}

213

214

void acl_free(void)

215

{

216

struct acl_t *ptr, *next;

217

218

ptr = acl_head;

219

220

while (ptr) {

221

next = ptr->next;

222

223

if (ptr->name)

224

free(ptr->name);

225

free(ptr);

226

227

ptr = next;

228

}

229

230

acl_head = NULL;

231

}

232

233

void access_free(void)

234

{

235

struct access_t *ptr, *next;

236

237

ptr = access_head;

238

239

while (ptr) {

240

next = ptr->next;

241

242

if (ptr->aclname)

243

free(ptr->aclname);

244

free(ptr);

245

246

ptr = next;

247

}

248

249

access_head = NULL;

250

}

Older »