<File Id="filelockprocs_prototypes_H" Name="LOCKPROC.h" LongName="lockprocs_prototypes.h" DiskId="1" src="$(var.IncDir)afs\lockprocs_prototypes.h" />
<File Id="filemit_sipb_cr_H" Name="MITSIPBC.h" LongName="mit-sipb-cr.h" DiskId="1" src="$(var.IncDir)afs\mit-sipb-cr.h" />
<File Id="filenamei_ops_H" Name="nameiops.h" LongName="namei_ops.h" DiskId="1" src="$(var.IncDir)afs\namei_ops.h" />
- <File Id="filenetutils_H" Name="netutil.h" LongName="netutils.h" DiskId="1" src="$(var.IncDir)afs\netutils.h" />
<File Id="filenfs_H" Name="nfs.h" LongName="nfs.h" DiskId="1" src="$(var.IncDir)afs\nfs.h" />
<File Id="filentops_H" Name="ntops.h" LongName="ntops.h" DiskId="1" src="$(var.IncDir)afs\ntops.h" />
<File Id="fileopr_H" Name="opr.h" LongName="opr.h" DiskId="1" src="$(var.IncDir)afs\opr.h" />
char reason[1024];
int code;
- code =
- parseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason,
- AFSDIR_CLIENT_NETINFO_FILEPATH,
- AFSDIR_CLIENT_NETRESTRICT_FILEPATH);
+ code = afsconf_ParseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS,
+ reason, AFSDIR_CLIENT_NETINFO_FILEPATH,
+ AFSDIR_CLIENT_NETRESTRICT_FILEPATH);
if (code > 0) {
/* Note we're refreshing */
afs_uint32 addrbuf[MAXIPADDRS], maskbuf[MAXIPADDRS],
mtubuf[MAXIPADDRS];
char reason[1024];
- code =
- parseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason,
- AFSDIR_CLIENT_NETINFO_FILEPATH,
- AFSDIR_CLIENT_NETRESTRICT_FILEPATH);
+ code = afsconf_ParseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason,
+ AFSDIR_CLIENT_NETINFO_FILEPATH,
+ AFSDIR_CLIENT_NETRESTRICT_FILEPATH);
if (code > 0) {
if (enable_rxbind)
code = code | 0x80000000;
OBJS= cellconfig.o keys.o ktc.o userok.o writeconfig.o authcon.o \
- acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o
+ acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o netrestrict.o
KOBJS= cellconfig.o keys.o ktc.krb.o userok.o writeconfig.o authcon.o \
- acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o
+ acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o netrestrict.o
LIBS=libauth.a \
${TOP_LIBDIR}/librxkad.a \
copyauth.o: copyauth.c ${INCLS} AFS_component_version_number.o
setkey.o: setkey.c ${INCLS} AFS_component_version_number.o
realms.o: realms.c ${INCLS}
+netrestrict.o: ${INCLS}
CFLAGS_ktc.krb.o = -DAFS_KERBEROS_ENV
ktc.krb.o: ktc.c ${INCLS} ${TOP_INCDIR}/afs/vice.h
$(OUT)\ktc_nt.obj \
$(OUT)\token.obj \
$(OUT)\token.xdr.obj \
+ $(OUT)\netrestrict.obj \
$(OUT)\AFS_component_version_number.obj
AFSDOBJS =\
const char *name, const char *instance,
const char *cell);
+/* netrestrict.c */
+
+extern int afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[],
+ afs_uint32 * mask, afs_uint32 * mtu,
+ afs_uint32 maxAddrs, afs_uint32 * nAddrs,
+ char reason[], const char *fileName);
+
+extern int afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[],
+ afs_uint32 mtubuf[], afs_uint32 max,
+ char reason[], const char *niFileName,
+ const char *nrFileName);
+
/* some well-known ports and their names; new additions to table in cellconfig.c, too */
#define AFSCONF_FILESERVICE "afs"
#define AFSCONF_FILEPORT 7000
--- /dev/null
+/*
+ * Copyright 2000, International Business Machines Corporation and others.
+ * All Rights Reserved.
+ *
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+
+/*
+ * Network utility functions
+ * Parsing NetRestrict file and filtering IP addresses
+ */
+
+#include <afsconfig.h>
+#include <afs/param.h>
+
+#include <roken.h>
+#include <ctype.h>
+
+#include <rx/rx.h>
+#include <afs/dirpath.h>
+
+#include "cellconfig.h"
+
+#define AFS_IPINVALID 0xffffffff /* invalid IP address */
+#define AFS_IPINVALIDIGNORE 0xfffffffe /* no input given to extractAddr */
+#define MAX_NETFILE_LINE 2048 /* length of a line in the netrestrict file */
+#define MAXIPADDRS 1024 /* from afsd.c */
+
+static int ParseNetInfoFile_int(afs_uint32 *, afs_uint32 *, afs_uint32 *,
+ int, char reason[], const char *,
+ int);
+/*
+ * The line parameter is a pointer to a buffer containing a string of
+ * bytes of the form
+** w.x.y.z # machineName
+ * returns the network interface IP Address in NBO
+ */
+afs_uint32
+extract_Addr(char *line, int maxSize)
+{
+ char bytes[4][32];
+ int i = 0, n = 0;
+ char *endPtr;
+ afs_uint32 val[4];
+ afs_uint32 retval = 0;
+
+ /* skip empty spaces */
+ while (isspace(*line) && maxSize) {
+ line++;
+ maxSize--;
+ }
+ /* skip empty lines */
+ if (!maxSize || !*line)
+ return AFS_IPINVALIDIGNORE;
+
+ for (n = 0; n < 4; n++) {
+ while ((*line != '.') && !isspace(*line) && maxSize) { /* extract nth byte */
+ if (!isdigit(*line))
+ return AFS_IPINVALID;
+ if (i > 31)
+ return AFS_IPINVALID; /* no space */
+ bytes[n][i++] = *line++;
+ maxSize--;
+ } /* while */
+ if (!maxSize)
+ return AFS_IPINVALID;
+ bytes[n][i] = 0;
+ i = 0, line++;
+ errno = 0;
+ val[n] = strtol(bytes[n], &endPtr, 10);
+ if ((val[n] == 0) && (errno != 0 || bytes[n] == endPtr)) /* no conversion */
+ return AFS_IPINVALID;
+ } /* for */
+
+ retval = (val[0] << 24) | (val[1] << 16) | (val[2] << 8) | val[3];
+ return htonl(retval);
+}
+
+
+
+
+/* parseNetRestrictFile()
+ * Get a list of IP addresses for this host removing any address found
+ * in the config file (fileName parameter): /usr/vice/etc/NetRestrict
+ * for clients and /usr/afs/local/NetRestrict for servers.
+ *
+ * Returns the number of valid addresses in outAddrs[] and count in
+ * nAddrs. Returns 0 on success; or 1 if the config file was not
+ * there or empty (we still return the host's IP addresses). Returns
+ * -1 on fatal failure with reason in the reason argument (so the
+ * caller can choose to ignore the entire file but should write
+ * something to a log file).
+ *
+ * All addresses should be in NBO (as returned by rx_getAllAddrMaskMtu() and
+ * parsed by extract_Addr().
+ */
+/*
+ afs_uint32 outAddrs[]; * output address array *
+ afs_uint32 *mask, *mtu; * optional mask and mtu *
+ afs_uint32 maxAddrs; * max number of addresses *
+ afs_uint32 *nAddrs; * number of Addresses in output array *
+ char reason[]; * reason for failure *
+ const char *fileName; * filename to parse *
+*/
+
+static int
+parseNetRestrictFile_int(afs_uint32 outAddrs[], afs_uint32 * mask,
+ afs_uint32 * mtu, afs_uint32 maxAddrs,
+ afs_uint32 * nAddrs, char reason[],
+ const char *fileName, const char *fileName_ni)
+{
+ FILE *fp;
+ char line[MAX_NETFILE_LINE];
+ int lineNo, usedfile = 0;
+ afs_uint32 i, neaddrs, nOutaddrs;
+ afs_uint32 addr, eAddrs[MAXIPADDRS], eMask[MAXIPADDRS], eMtu[MAXIPADDRS];
+
+ osi_Assert(outAddrs);
+ osi_Assert(reason);
+ osi_Assert(fileName);
+ osi_Assert(nAddrs);
+ if (mask)
+ osi_Assert(mtu);
+
+ /* Initialize */
+ *nAddrs = 0;
+ for (i = 0; i < maxAddrs; i++)
+ outAddrs[i] = 0;
+ strcpy(reason, "");
+
+ /* get all network interfaces from the kernel */
+ neaddrs = rx_getAllAddrMaskMtu(eAddrs, eMask, eMtu, MAXIPADDRS);
+ if (neaddrs <= 0) {
+ sprintf(reason, "No existing IP interfaces found");
+ return -1;
+ }
+ i = 0;
+ if ((neaddrs < MAXIPADDRS) && fileName_ni)
+ i = ParseNetInfoFile_int(&(eAddrs[neaddrs]), &(eMask[neaddrs]),
+ &(eMtu[neaddrs]), MAXIPADDRS-neaddrs, reason,
+ fileName_ni, 1);
+
+ if (i > 0)
+ neaddrs += i;
+
+ if ((fp = fopen(fileName, "r")) == 0) {
+ sprintf(reason, "Could not open file %s for reading:%s", fileName,
+ strerror(errno));
+ goto done;
+ }
+
+ /* For each line in the NetRestrict file */
+ lineNo = 0;
+ usedfile = 0;
+ while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) {
+ lineNo++; /* input line number */
+ addr = extract_Addr(line, strlen(line));
+ if (addr == AFS_IPINVALID) { /* syntactically invalid */
+ fprintf(stderr, "%s : line %d : parse error - invalid IP\n",
+ fileName, lineNo);
+ continue;
+ }
+ if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */
+ fprintf(stderr, "%s : line %d : invalid address ... ignoring\n",
+ fileName, lineNo);
+ continue;
+ }
+ usedfile = 1;
+
+ /* Check if we need to exclude this address */
+ for (i = 0; i < neaddrs; i++) {
+ if (eAddrs[i] && (eAddrs[i] == addr)) {
+ eAddrs[i] = 0; /* Yes - exclude it by zeroing it for now */
+ }
+ }
+ } /* while */
+
+ fclose(fp);
+
+ if (!usedfile) {
+ sprintf(reason, "No valid IP addresses in %s\n", fileName);
+ goto done;
+ }
+
+ done:
+ /* Collect the addresses we have left to return */
+ nOutaddrs = 0;
+ for (i = 0; i < neaddrs; i++) {
+ if (!eAddrs[i])
+ continue;
+ outAddrs[nOutaddrs] = eAddrs[i];
+ if (mask) {
+ mask[nOutaddrs] = eMask[i];
+ mtu[nOutaddrs] = eMtu[i];
+ }
+ if (++nOutaddrs >= maxAddrs)
+ break;
+ }
+ if (nOutaddrs == 0) {
+ sprintf(reason, "No addresses to use after parsing %s", fileName);
+ return -1;
+ }
+ *nAddrs = nOutaddrs;
+ return (usedfile ? 0 : 1); /* 0=>used the file. 1=>didn't use file */
+}
+
+int
+afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask,
+ afs_uint32 * mtu, afs_uint32 maxAddrs,
+ afs_uint32 * nAddrs, char reason[],
+ const char *fileName)
+{
+ return parseNetRestrictFile_int(outAddrs, mask, mtu, maxAddrs, nAddrs, reason, fileName, NULL);
+}
+
+/*
+ * this function reads in stuff from InterfaceAddr file in
+ * /usr/vice/etc ( if it exists ) and verifies the addresses
+ * specified.
+ * 'final' contains all those addresses that are found to
+ * be valid. This function returns the number of valid
+ * interface addresses. Pulled out from afsd.c
+ */
+static int
+ParseNetInfoFile_int(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu,
+ int max, char reason[], const char *fileName,
+ int fakeonly)
+{
+
+ afs_uint32 existingAddr[MAXIPADDRS], existingMask[MAXIPADDRS],
+ existingMtu[MAXIPADDRS];
+ char line[MAX_NETFILE_LINE];
+ FILE *fp;
+ int i, existNu, count = 0;
+ afs_uint32 addr;
+ int lineNo = 0;
+ int l;
+
+ osi_Assert(fileName);
+ osi_Assert(final);
+ osi_Assert(mask);
+ osi_Assert(mtu);
+ osi_Assert(reason);
+
+ /* get all network interfaces from the kernel */
+ existNu =
+ rx_getAllAddrMaskMtu(existingAddr, existingMask, existingMtu,
+ MAXIPADDRS);
+ if (existNu < 0)
+ return existNu;
+
+ if ((fp = fopen(fileName, "r")) == 0) {
+ /* If file does not exist or is not readable, then
+ * use all interface addresses.
+ */
+ sprintf(reason,
+ "Failed to open %s(%s)\nUsing all configured addresses\n",
+ fileName, strerror(errno));
+ for (i = 0; i < existNu; i++) {
+ final[i] = existingAddr[i];
+ mask[i] = existingMask[i];
+ mtu[i] = existingMtu[i];
+ }
+ return existNu;
+ }
+
+ /* For each line in the NetInfo file */
+ while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) {
+ int fake = 0;
+
+ /* See if first char is an 'F' for fake */
+ /* Added to allow the fileserver to advertise fake IPS for use with
+ * the translation tables for NAT-like firewalls - defect 12462 */
+ for (fake = 0; ((fake < strlen(line)) && isspace(line[fake]));
+ fake++);
+ if ((fake < strlen(line))
+ && ((line[fake] == 'f') || (line[fake] == 'F'))) {
+ fake++;
+ } else {
+ fake = 0;
+ }
+
+ lineNo++; /* input line number */
+ addr = extract_Addr(&line[fake], strlen(&line[fake]));
+
+ if (addr == AFS_IPINVALID) { /* syntactically invalid */
+ fprintf(stderr, "afs:%s : line %d : parse error\n", fileName,
+ lineNo);
+ continue;
+ }
+ if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */
+ continue;
+ }
+
+ /* See if it is an address that really exists */
+ for (i = 0; i < existNu; i++) {
+ if (existingAddr[i] == addr)
+ break;
+ }
+ if ((i >= existNu) && (!fake))
+ continue; /* not found/fake - ignore */
+
+ /* Check if it is a duplicate address we alread have */
+ for (l = 0; l < count; l++) {
+ if (final[l] == addr)
+ break;
+ }
+ if (l < count) {
+ fprintf(stderr, "afs:%x specified twice in NetInfo file\n",
+ ntohl(addr));
+ continue; /* duplicate addr - ignore */
+ }
+
+ if (count > max) { /* no more space */
+ fprintf(stderr,
+ "afs:Too many interfaces. The current kernel configuration supports a maximum of %d interfaces\n",
+ max);
+ } else if (fake) {
+ if (!fake)
+ fprintf(stderr, "Client (2) also has address %s\n", line);
+ final[count] = addr;
+ mask[count] = 0xffffffff;
+ mtu[count] = htonl(1500);
+ count++;
+ } else if (!fakeonly) {
+ final[count] = existingAddr[i];
+ mask[count] = existingMask[i];
+ mtu[count] = existingMtu[i];
+ count++;
+ }
+ } /* while */
+
+ /* in case of any error, we use all the interfaces present */
+ if (count <= 0) {
+ sprintf(reason,
+ "Error in reading/parsing Interface file\nUsing all configured interface addresses \n");
+ for (i = 0; i < existNu; i++) {
+ final[i] = existingAddr[i];
+ mask[i] = existingMask[i];
+ mtu[i] = existingMtu[i];
+ }
+ return existNu;
+ }
+ return count;
+}
+
+int
+afsconf_ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu,
+ int max, char reason[], const char *fileName)
+{
+ return ParseNetInfoFile_int(final, mask, mtu, max, reason, fileName, 0);
+}
+
+/*
+ * Given two arrays of addresses, masks and mtus find the common ones
+ * and return them in the first buffer. Return number of common
+ * entries.
+ */
+static int
+filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[], afs_uint32 mask1[],
+ afs_uint32 mask2[], afs_uint32 mtu1[], afs_uint32 mtu2[], int n1,
+ int n2)
+{
+ afs_uint32 taddr[MAXIPADDRS];
+ afs_uint32 tmask[MAXIPADDRS];
+ afs_uint32 tmtu[MAXIPADDRS];
+ int count = 0, i = 0, j = 0, found = 0;
+
+ osi_Assert(addr1);
+ osi_Assert(addr2);
+ osi_Assert(mask1);
+ osi_Assert(mask2);
+ osi_Assert(mtu1);
+ osi_Assert(mtu2);
+
+ for (i = 0; i < n1; i++) {
+ found = 0;
+ for (j = 0; j < n2; j++) {
+ if (addr1[i] == addr2[j]) {
+ found = 1;
+ break;
+ }
+ }
+
+ /* Always mask loopback address */
+ if (found && rx_IsLoopbackAddr(addr1[i]))
+ found = 0;
+
+ if (found) {
+ taddr[count] = addr1[i];
+ tmask[count] = mask1[i];
+ tmtu[count] = mtu1[i];
+ count++;
+ }
+ }
+ /* copy everything into addr1, mask1 and mtu1 */
+ for (i = 0; i < count; i++) {
+ addr1[i] = taddr[i];
+ if (mask1) {
+ mask1[i] = tmask[i];
+ mtu1[i] = tmtu[i];
+ }
+ }
+ /* and zero out the rest */
+ for (i = count; i < n1; i++) {
+ addr1[i] = 0;
+ if (mask1) {
+ mask1[i] = 0;
+ mtu1[i] = 0;
+ }
+ }
+ return count;
+}
+
+/*
+ * parse both netinfo and netrerstrict files and return the final
+ * set of IP addresses to use
+ */
+/* max - Entries in addrbuf, maskbuf and mtubuf */
+int
+afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[],
+ afs_uint32 mtubuf[], afs_uint32 max, char reason[],
+ const char *niFileName, const char *nrFileName)
+{
+ afs_uint32 addrbuf1[MAXIPADDRS], maskbuf1[MAXIPADDRS],
+ mtubuf1[MAXIPADDRS];
+ afs_uint32 addrbuf2[MAXIPADDRS], maskbuf2[MAXIPADDRS],
+ mtubuf2[MAXIPADDRS];
+ int nAddrs1 = 0;
+ afs_uint32 nAddrs2 = 0;
+ int code, i;
+
+ nAddrs1 =
+ afsconf_ParseNetInfoFile(addrbuf1, maskbuf1, mtubuf1, MAXIPADDRS,
+ reason, niFileName);
+ code =
+ parseNetRestrictFile_int(addrbuf2, maskbuf2, mtubuf2, MAXIPADDRS,
+ &nAddrs2, reason, nrFileName, niFileName);
+ if ((nAddrs1 < 0) && (code)) {
+ /* both failed */
+ return -1;
+ } else if ((nAddrs1 > 0) && (code)) {
+ /* netinfo succeeded and netrestrict failed */
+ for (i = 0; ((i < nAddrs1) && (i < max)); i++) {
+ addrbuf[i] = addrbuf1[i];
+ if (maskbuf) {
+ maskbuf[i] = maskbuf1[i];
+ mtubuf[i] = mtubuf1[i];
+ }
+ }
+ return i;
+ } else if ((!code) && (nAddrs1 < 0)) {
+ /* netrestrict succeeded and netinfo failed */
+ for (i = 0; ((i < nAddrs2) && (i < max)); i++) {
+ addrbuf[i] = addrbuf2[i];
+ if (maskbuf) {
+ maskbuf[i] = maskbuf2[i];
+ mtubuf[i] = mtubuf2[i];
+ }
+ }
+ return i;
+ } else if ((!code) && (nAddrs1 >= 0)) {
+ /* both succeeded */
+ /* take the intersection of addrbuf1 and addrbuf2 */
+ code =
+ filterAddrs(addrbuf1, addrbuf2, maskbuf1, maskbuf2, mtubuf1,
+ mtubuf2, nAddrs1, nAddrs2);
+ for (i = 0; ((i < code) && (i < max)); i++) {
+ addrbuf[i] = addrbuf1[i];
+ if (maskbuf) {
+ maskbuf[i] = maskbuf1[i];
+ mtubuf[i] = mtubuf1[i];
+ }
+ }
+ return i;
+ }
+ return 0;
+}
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else {
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
LIBACLOBJS=aclprocs.o netprocs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o
DIROBJS=buffer.o dir.o salvage.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) -I../util $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
LIBACLOBJS=aclprocs.o netprocs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o
DIROBJS=buffer.o dir.o salvage.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) -I../util $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
acfg_errors.o \
token.o \
token.xdr.o \
- realms.o
+ realms.o \
+ netrestrict.o
KAUTHOBJS = \
kauth.xdr.o \
realms.o: ${AUTH}/realms.c
${AFS_CCRULE} -I../auth ${AUTH}/realms.c
+netrestrict.o: ${AUTH}/netrestrict.c
+ ${AFS_CCRULE} -I../auth ${AUTH}/netrestrict.c
+
ptuser.o: ${PTSERVER}/ptuser.c
${AFS_CCRULE} -I../ptserver ${PTSERVER}/ptuser.c
$(OUT)\keys.obj \
$(OUT)\token.obj \
$(OUT)\token.xdr.obj \
- $(OUT)\acfg_errors.obj
+ $(OUT)\acfg_errors.obj \
+ $(OUT)\netrestrict.obj
KAUTHOBJS = \
$(OUT)\kauth.xdr.obj \
afsconf_SetSecurityFlags @153
afsconf_SetLocalRealm @154
afsconf_IsLocalRealmMatch @155
+ afsconf_ParseNetFiles @156
$(UOBJ)/casestrcpy.o \
$(UOBJ)/dirpath.o \
$(UOBJ)/fileutil.o \
- $(UOBJ)/netutils.o \
+ $(UOBJ)/netrestrict.o \
$(UOBJ)/et_name.o \
$(UOBJ)/com_err.o \
$(UOBJ)/error_msg.o \
$(PICOBJ)/casestrcpy.o \
$(PICOBJ)/dirpath.o \
$(PICOBJ)/fileutil.o \
- $(PICOBJ)/netutils.o \
+ $(PICOBJ)/netrestrict.o \
$(PICOBJ)/et_name.o \
$(PICOBJ)/com_err.o \
$(PICOBJ)/error_msg.o \
$(WEBOBJ)/casestrcpy.o \
$(WEBOBJ)/dirpath.o \
$(WEBOBJ)/fileutil.o \
- $(WEBOBJ)/netutils.o \
+ $(WEBOBJ)/netrestrict.o \
$(WEBOBJ)/et_name.o \
$(WEBOBJ)/com_err.o \
$(WEBOBJ)/error_msg.o \
$(WEBOBJ)/casestrcpy.o \
$(WEBOBJ)/dirpath.o \
$(WEBOBJ)/fileutil.o \
- $(WEBOBJ)/netutils.o \
+ $(WEBOBJ)/netrestrict.o \
$(WEBOBJ)/et_name.o \
$(WEBOBJ)/com_err.o \
$(WEBOBJ)/error_msg.o \
$(JUAFS)/casestrcpy.o \
$(JUAFS)/dirpath.o \
$(JUAFS)/fileutil.o \
- $(JUAFS)/netutils.o \
+ $(JUAFS)/netrestrict.o \
$(JUAFS)/et_name.o \
$(JUAFS)/com_err.o \
$(JUAFS)/error_msg.o \
$(CRULE1)
$(UOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c
$(CRULE1)
-$(UOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c
+$(UOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c
$(CRULE1)
$(UOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c
$(CRULE1)
$(CRULEPIC)
$(PICOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c
$(CRULEPIC)
-$(PICOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c
+$(PICOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c
$(CRULEPIC)
$(PICOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c
$(CRULEPIC)
$(CRULE1)
$(WEBOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c
$(CRULE1)
-$(WEBOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c
+$(WEBOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c
$(CRULE1)
$(WEBOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c
$(CRULE2)
$(CRULE1)
$(JUAFS)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c
$(CRULE1)
-$(JUAFS)/netutils.o: $(TOP_SRCDIR)/util/netutils.c
+$(JUAFS)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c
$(CRULE1)
$(JUAFS)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c
$(CRULE1)
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
RXOBJS= rx_pthread.o rxkad_errs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \
volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
RXOBJS= rx_pthread.o rxkad_errs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \
volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \
pthread_threadname.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
LWPOBJS=lock.o threadname.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o fstab.o
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o fstab.o
VLIBOBJS=volume.o vnode.o vutil.o partition.o fssync-client.o \
clone.o nuke.o devname.o listinodes.o ihandle.o \
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) -I../util $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
$(OUT)\uuid.obj \
$(OUT)\serverLog.obj \
$(OUT)\fileutil.obj \
- $(OUT)\netutils.obj \
$(OUT)\dirpath.obj \
$(OUT)\volparse.obj \
$(OUT)\flipbase64.obj \
RXOBJS = rx_pthread.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \
volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \
pthread_threadname.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
RXOBJS= rx_pthread.o rxkad_errs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \
volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \
pthread_threadname.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
LIBACLOBJS=aclprocs.o netprocs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o
DIROBJS=buffer.o dir.o salvage.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) -I../util $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
${TOP_INCDIR}/rx/rx.h ${TOP_INCDIR}/rx/xdr.h \
${TOP_INCDIR}/lock.h ubik.h ubik_int.h
-LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \
+LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libauth.a \
${TOP_LIBDIR}/libafscom_err.a ${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/libafsutil.a \
${TOP_LIBDIR}/libopr.a ${XLIBS}
#include <afs/cellconfig.h>
#ifndef AFS_NT40_ENV
#include <afs/afsutil.h>
-#include <afs/netutils.h>
#endif
#define UBIK_INTERNALS
* host as returned by rx_getAllAddr (in NBO)
*/
char reason[1024];
- count =
- parseNetFiles(myAddr, NULL, NULL, UBIK_MAX_INTERFACE_ADDR, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ count = afsconf_ParseNetFiles(myAddr, NULL, NULL,
+ UBIK_MAX_INTERFACE_ADDR, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
if (count < 0) {
ubik_print("ubik: Can't register any valid addresses:%s\n",
reason);
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
objects =base64.o ktime.o volparse.o hostparse.o exec.o \
hputil.o kreltime.o uuid.o serverLog.o \
- dirpath.o fileutil.o netutils.o flipbase64.o fstab.o \
+ dirpath.o fileutil.o flipbase64.o fstab.o \
afs_atomlist.o afs_lhash.o pthread_glock.o tabular_output.o \
pthread_threadname.o ${REGEX_OBJ}
serverLog_pic.o \
dirpath_pic.o \
fileutil_pic.o \
- netutils_pic.o \
flipbase64_pic.o \
fstab_pic.o \
afs_atomlist_pic.o \
${TOP_INCDIR}/afs/vice.h \
${TOP_INCDIR}/afs/ktime.h \
${TOP_INCDIR}/afs/fileutil.h \
- ${TOP_INCDIR}/afs/netutils.h \
${TOP_INCDIR}/afs/afsutil.h \
${TOP_INCDIR}/afs/afsutil_prototypes.h \
${TOP_INCDIR}/afs/pthread_glock.h \
${TOP_INCDIR}/afs/fileutil.h: ${srcdir}/fileutil.h
${INSTALL_DATA} $? $@
-${TOP_INCDIR}/afs/netutils.h: ${srcdir}/netutils.h
- ${INSTALL_DATA} $? $@
-
${TOP_INCDIR}/afs/afsutil.h: ${srcdir}/afsutil.h
${INSTALL_DATA} $? $@
fileutil_pic.o: ${srcdir}/fileutil.c ${includes}
$(SHD_CCRULE) ${srcdir}/fileutil.c
-netutils_pic.o: ${srcdir}/netutils.c ${includes}
- $(SHD_CCRULE) ${srcdir}/netutils.c
-
flipbase64_pic.o: ${srcdir}/flipbase64.c ${includes}
$(SHD_CCRULE) ${srcdir}/flipbase64.c
${INSTALL_DATA} ${srcdir}/vice.h ${DESTDIR}${includedir}/afs/vice.h
${INSTALL_DATA} ${srcdir}/ktime.h ${DESTDIR}${includedir}/afs/ktime.h
${INSTALL_DATA} ${srcdir}/fileutil.h ${DESTDIR}${includedir}/afs/fileutil.h
- ${INSTALL_DATA} ${srcdir}/netutils.h ${DESTDIR}${includedir}/afs/netutils.h
${INSTALL_DATA} ${srcdir}/afsutil.h ${DESTDIR}${includedir}/afs/afsutil.h
${INSTALL_DATA} ${srcdir}/afsutil_prototypes.h ${DESTDIR}${includedir}/afs/afsutil_prototypes.h
${INSTALL_DATA} ${srcdir}/pthread_glock.h ${DESTDIR}${includedir}/afs/pthread_glock.h
${INSTALL_DATA} ${srcdir}/vice.h ${DEST}/include/afs/vice.h
${INSTALL_DATA} ${srcdir}/ktime.h ${DEST}/include/afs/ktime.h
${INSTALL_DATA} ${srcdir}/fileutil.h ${DEST}/include/afs/fileutil.h
- ${INSTALL_DATA} ${srcdir}/netutils.h ${DEST}/include/afs/netutils.h
${INSTALL_DATA} ${srcdir}/afsutil.h ${DEST}/include/afs/afsutil.h
${INSTALL_DATA} ${srcdir}/afsutil_prototypes.h ${DEST}/include/afs/afsutil_prototypes.h
${INSTALL_DATA} ${srcdir}/pthread_glock.h ${DEST}/include/afs/pthread_glock.h
sh $(HELPER_SPLINT) $(CFLAGS) \
base64.c ktime.c volparse.c hostparse.c \
hputil.c kreltime.c uuid.c serverLog.c \
- dirpath.c fileutil.c netutils.c flipbase64.c \
+ dirpath.c fileutil.c flipbase64.c \
afs_atomlist.c afs_lhash.c fstab.c
$(INCFILEDIR)\afsutil.h \
$(INCFILEDIR)\errors.h \
$(INCFILEDIR)\vice.h \
- $(INCFILEDIR)\netutils.h \
$(INCFILEDIR)\pthread_glock.h \
$(INCFILEDIR)\pthread_nosigs.h \
$(INCFILEDIR)\errmap_nt.h \
$(OUT)\krb5_nt.obj \
$(OUT)\kreltime.obj \
$(OUT)\ktime.obj \
- $(OUT)\netutils.obj \
$(OUT)\regex.obj \
$(OUT)\readdir_nt.obj \
$(OUT)\serverLog.obj \
$(OUT)\krb5_nt.obj \
$(OUT)\kreltime.obj \
$(OUT)\ktime.obj \
- $(OUT)\netutils.obj \
$(OUT)\regex.obj \
$(OUT)\readdir_nt.obj \
$(OUT)\serverLog_mt.obj \
extern char *ktime_GetDateUsage(void);
extern afs_int32 ktime_InterpretDate(struct ktime_date *akdate);
-/* netutils.c */
-extern afs_uint32 extract_Addr(char *line, int maxSize);
-extern int parseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask,
- afs_uint32 * mtu, afs_uint32 maxAddrs,
- afs_uint32 * nAddrs, char reason[],
- const char *fileName);
-extern int ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask,
- afs_uint32 * mtu, int max, char reason[],
- const char *fileName);
-extern int filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[],
- afs_uint32 mask1[], afs_uint32 mask2[],
- afs_uint32 mtu1[], afs_uint32 mtu2[], int n1, int n2);
-extern int parseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[],
- afs_uint32 mtubuf[], afs_uint32 max, char reason[],
- const char *niFileName, const char *nrFileName);
-
-
/* pthread_glock.c */
+++ /dev/null
-/*
- * Copyright 2000, International Business Machines Corporation and others.
- * All Rights Reserved.
- *
- * This software has been released under the terms of the IBM Public
- * License. For details, see the LICENSE file in the top-level source
- * directory or online at http://www.openafs.org/dl/license10.html
- */
-
-/*
- * Network utility functions
- * Parsing NetRestrict file and filtering IP addresses
- */
-
-#include <afsconfig.h>
-#include <afs/param.h>
-
-#include <roken.h>
-#include <ctype.h>
-
-#include <rx/rx.h>
-#include <afs/dirpath.h>
-
-#include "afsutil.h"
-
-#define AFS_IPINVALID 0xffffffff /* invalid IP address */
-#define AFS_IPINVALIDIGNORE 0xfffffffe /* no input given to extractAddr */
-#define MAX_NETFILE_LINE 2048 /* length of a line in the netrestrict file */
-#define MAXIPADDRS 1024 /* from afsd.c */
-
-int ParseNetInfoFile_int(afs_uint32 *, afs_uint32 *, afs_uint32 *,
- int, char reason[], const char *,
- int);
-/*
- * The line parameter is a pointer to a buffer containing a string of
- * bytes of the form
-** w.x.y.z # machineName
- * returns the network interface IP Address in NBO
- */
-afs_uint32
-extract_Addr(char *line, int maxSize)
-{
- char bytes[4][32];
- int i = 0, n = 0;
- char *endPtr;
- afs_uint32 val[4];
- afs_uint32 retval = 0;
-
- /* skip empty spaces */
- while (isspace(*line) && maxSize) {
- line++;
- maxSize--;
- }
- /* skip empty lines */
- if (!maxSize || !*line)
- return AFS_IPINVALIDIGNORE;
-
- for (n = 0; n < 4; n++) {
- while ((*line != '.') && !isspace(*line) && maxSize) { /* extract nth byte */
- if (!isdigit(*line))
- return AFS_IPINVALID;
- if (i > 31)
- return AFS_IPINVALID; /* no space */
- bytes[n][i++] = *line++;
- maxSize--;
- } /* while */
- if (!maxSize)
- return AFS_IPINVALID;
- bytes[n][i] = 0;
- i = 0, line++;
- errno = 0;
- val[n] = strtol(bytes[n], &endPtr, 10);
- if ((val[n] == 0) && (errno != 0 || bytes[n] == endPtr)) /* no conversion */
- return AFS_IPINVALID;
- } /* for */
-
- retval = (val[0] << 24) | (val[1] << 16) | (val[2] << 8) | val[3];
- return htonl(retval);
-}
-
-
-
-
-/* parseNetRestrictFile()
- * Get a list of IP addresses for this host removing any address found
- * in the config file (fileName parameter): /usr/vice/etc/NetRestrict
- * for clients and /usr/afs/local/NetRestrict for servers.
- *
- * Returns the number of valid addresses in outAddrs[] and count in
- * nAddrs. Returns 0 on success; or 1 if the config file was not
- * there or empty (we still return the host's IP addresses). Returns
- * -1 on fatal failure with reason in the reason argument (so the
- * caller can choose to ignore the entire file but should write
- * something to a log file).
- *
- * All addresses should be in NBO (as returned by rx_getAllAddrMaskMtu() and
- * parsed by extract_Addr().
- */
-/*
- afs_uint32 outAddrs[]; * output address array *
- afs_uint32 *mask, *mtu; * optional mask and mtu *
- afs_uint32 maxAddrs; * max number of addresses *
- afs_uint32 *nAddrs; * number of Addresses in output array *
- char reason[]; * reason for failure *
- const char *fileName; * filename to parse *
-*/
-
-int
-parseNetRestrictFile_int(afs_uint32 outAddrs[], afs_uint32 * mask,
- afs_uint32 * mtu, afs_uint32 maxAddrs,
- afs_uint32 * nAddrs, char reason[],
- const char *fileName, const char *fileName_ni)
-{
- FILE *fp;
- char line[MAX_NETFILE_LINE];
- int lineNo, usedfile = 0;
- afs_uint32 i, neaddrs, nOutaddrs;
- afs_uint32 addr, eAddrs[MAXIPADDRS], eMask[MAXIPADDRS], eMtu[MAXIPADDRS];
-
- osi_Assert(outAddrs);
- osi_Assert(reason);
- osi_Assert(fileName);
- osi_Assert(nAddrs);
- if (mask)
- osi_Assert(mtu);
-
- /* Initialize */
- *nAddrs = 0;
- for (i = 0; i < maxAddrs; i++)
- outAddrs[i] = 0;
- strcpy(reason, "");
-
- /* get all network interfaces from the kernel */
- neaddrs = rx_getAllAddrMaskMtu(eAddrs, eMask, eMtu, MAXIPADDRS);
- if (neaddrs <= 0) {
- sprintf(reason, "No existing IP interfaces found");
- return -1;
- }
- i = 0;
- if ((neaddrs < MAXIPADDRS) && fileName_ni)
- i = ParseNetInfoFile_int(&(eAddrs[neaddrs]), &(eMask[neaddrs]),
- &(eMtu[neaddrs]), MAXIPADDRS-neaddrs, reason,
- fileName_ni, 1);
-
- if (i > 0)
- neaddrs += i;
-
- if ((fp = fopen(fileName, "r")) == 0) {
- sprintf(reason, "Could not open file %s for reading:%s", fileName,
- strerror(errno));
- goto done;
- }
-
- /* For each line in the NetRestrict file */
- lineNo = 0;
- usedfile = 0;
- while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) {
- lineNo++; /* input line number */
- addr = extract_Addr(line, strlen(line));
- if (addr == AFS_IPINVALID) { /* syntactically invalid */
- fprintf(stderr, "%s : line %d : parse error - invalid IP\n",
- fileName, lineNo);
- continue;
- }
- if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */
- fprintf(stderr, "%s : line %d : invalid address ... ignoring\n",
- fileName, lineNo);
- continue;
- }
- usedfile = 1;
-
- /* Check if we need to exclude this address */
- for (i = 0; i < neaddrs; i++) {
- if (eAddrs[i] && (eAddrs[i] == addr)) {
- eAddrs[i] = 0; /* Yes - exclude it by zeroing it for now */
- }
- }
- } /* while */
-
- fclose(fp);
-
- if (!usedfile) {
- sprintf(reason, "No valid IP addresses in %s\n", fileName);
- goto done;
- }
-
- done:
- /* Collect the addresses we have left to return */
- nOutaddrs = 0;
- for (i = 0; i < neaddrs; i++) {
- if (!eAddrs[i])
- continue;
- outAddrs[nOutaddrs] = eAddrs[i];
- if (mask) {
- mask[nOutaddrs] = eMask[i];
- mtu[nOutaddrs] = eMtu[i];
- }
- if (++nOutaddrs >= maxAddrs)
- break;
- }
- if (nOutaddrs == 0) {
- sprintf(reason, "No addresses to use after parsing %s", fileName);
- return -1;
- }
- *nAddrs = nOutaddrs;
- return (usedfile ? 0 : 1); /* 0=>used the file. 1=>didn't use file */
-}
-
-int
-parseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask,
- afs_uint32 * mtu, afs_uint32 maxAddrs,
- afs_uint32 * nAddrs, char reason[],
- const char *fileName)
-{
- return parseNetRestrictFile_int(outAddrs, mask, mtu, maxAddrs, nAddrs, reason, fileName, NULL);
-}
-
-/*
- * this function reads in stuff from InterfaceAddr file in
- * /usr/vice/etc ( if it exists ) and verifies the addresses
- * specified.
- * 'final' contains all those addresses that are found to
- * be valid. This function returns the number of valid
- * interface addresses. Pulled out from afsd.c
- */
-int
-ParseNetInfoFile_int(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu,
- int max, char reason[], const char *fileName,
- int fakeonly)
-{
-
- afs_uint32 existingAddr[MAXIPADDRS], existingMask[MAXIPADDRS],
- existingMtu[MAXIPADDRS];
- char line[MAX_NETFILE_LINE];
- FILE *fp;
- int i, existNu, count = 0;
- afs_uint32 addr;
- int lineNo = 0;
- int l;
-
- osi_Assert(fileName);
- osi_Assert(final);
- osi_Assert(mask);
- osi_Assert(mtu);
- osi_Assert(reason);
-
- /* get all network interfaces from the kernel */
- existNu =
- rx_getAllAddrMaskMtu(existingAddr, existingMask, existingMtu,
- MAXIPADDRS);
- if (existNu < 0)
- return existNu;
-
- if ((fp = fopen(fileName, "r")) == 0) {
- /* If file does not exist or is not readable, then
- * use all interface addresses.
- */
- sprintf(reason,
- "Failed to open %s(%s)\nUsing all configured addresses\n",
- fileName, strerror(errno));
- for (i = 0; i < existNu; i++) {
- final[i] = existingAddr[i];
- mask[i] = existingMask[i];
- mtu[i] = existingMtu[i];
- }
- return existNu;
- }
-
- /* For each line in the NetInfo file */
- while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) {
- int fake = 0;
-
- /* See if first char is an 'F' for fake */
- /* Added to allow the fileserver to advertise fake IPS for use with
- * the translation tables for NAT-like firewalls - defect 12462 */
- for (fake = 0; ((fake < strlen(line)) && isspace(line[fake]));
- fake++);
- if ((fake < strlen(line))
- && ((line[fake] == 'f') || (line[fake] == 'F'))) {
- fake++;
- } else {
- fake = 0;
- }
-
- lineNo++; /* input line number */
- addr = extract_Addr(&line[fake], strlen(&line[fake]));
-
- if (addr == AFS_IPINVALID) { /* syntactically invalid */
- fprintf(stderr, "afs:%s : line %d : parse error\n", fileName,
- lineNo);
- continue;
- }
- if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */
- continue;
- }
-
- /* See if it is an address that really exists */
- for (i = 0; i < existNu; i++) {
- if (existingAddr[i] == addr)
- break;
- }
- if ((i >= existNu) && (!fake))
- continue; /* not found/fake - ignore */
-
- /* Check if it is a duplicate address we alread have */
- for (l = 0; l < count; l++) {
- if (final[l] == addr)
- break;
- }
- if (l < count) {
- fprintf(stderr, "afs:%x specified twice in NetInfo file\n",
- ntohl(addr));
- continue; /* duplicate addr - ignore */
- }
-
- if (count > max) { /* no more space */
- fprintf(stderr,
- "afs:Too many interfaces. The current kernel configuration supports a maximum of %d interfaces\n",
- max);
- } else if (fake) {
- if (!fake)
- fprintf(stderr, "Client (2) also has address %s\n", line);
- final[count] = addr;
- mask[count] = 0xffffffff;
- mtu[count] = htonl(1500);
- count++;
- } else if (!fakeonly) {
- final[count] = existingAddr[i];
- mask[count] = existingMask[i];
- mtu[count] = existingMtu[i];
- count++;
- }
- } /* while */
-
- /* in case of any error, we use all the interfaces present */
- if (count <= 0) {
- sprintf(reason,
- "Error in reading/parsing Interface file\nUsing all configured interface addresses \n");
- for (i = 0; i < existNu; i++) {
- final[i] = existingAddr[i];
- mask[i] = existingMask[i];
- mtu[i] = existingMtu[i];
- }
- return existNu;
- }
- return count;
-}
-
-int
-ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu,
- int max, char reason[], const char *fileName)
-{
- return ParseNetInfoFile_int(final, mask, mtu, max, reason, fileName, 0);
-}
-
-/*
- * Given two arrays of addresses, masks and mtus find the common ones
- * and return them in the first buffer. Return number of common
- * entries.
- */
-int
-filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[], afs_uint32 mask1[],
- afs_uint32 mask2[], afs_uint32 mtu1[], afs_uint32 mtu2[], int n1,
- int n2)
-{
- afs_uint32 taddr[MAXIPADDRS];
- afs_uint32 tmask[MAXIPADDRS];
- afs_uint32 tmtu[MAXIPADDRS];
- int count = 0, i = 0, j = 0, found = 0;
-
- osi_Assert(addr1);
- osi_Assert(addr2);
- osi_Assert(mask1);
- osi_Assert(mask2);
- osi_Assert(mtu1);
- osi_Assert(mtu2);
-
- for (i = 0; i < n1; i++) {
- found = 0;
- for (j = 0; j < n2; j++) {
- if (addr1[i] == addr2[j]) {
- found = 1;
- break;
- }
- }
-
- /* Always mask loopback address */
- if (found && rx_IsLoopbackAddr(addr1[i]))
- found = 0;
-
- if (found) {
- taddr[count] = addr1[i];
- tmask[count] = mask1[i];
- tmtu[count] = mtu1[i];
- count++;
- }
- }
- /* copy everything into addr1, mask1 and mtu1 */
- for (i = 0; i < count; i++) {
- addr1[i] = taddr[i];
- if (mask1) {
- mask1[i] = tmask[i];
- mtu1[i] = tmtu[i];
- }
- }
- /* and zero out the rest */
- for (i = count; i < n1; i++) {
- addr1[i] = 0;
- if (mask1) {
- mask1[i] = 0;
- mtu1[i] = 0;
- }
- }
- return count;
-}
-
-/*
- * parse both netinfo and netrerstrict files and return the final
- * set of IP addresses to use
- */
-/* max - Entries in addrbuf, maskbuf and mtubuf */
-int
-parseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[], afs_uint32 mtubuf[],
- afs_uint32 max, char reason[], const char *niFileName,
- const char *nrFileName)
-{
- afs_uint32 addrbuf1[MAXIPADDRS], maskbuf1[MAXIPADDRS],
- mtubuf1[MAXIPADDRS];
- afs_uint32 addrbuf2[MAXIPADDRS], maskbuf2[MAXIPADDRS],
- mtubuf2[MAXIPADDRS];
- int nAddrs1 = 0;
- afs_uint32 nAddrs2 = 0;
- int code, i;
-
- nAddrs1 =
- ParseNetInfoFile(addrbuf1, maskbuf1, mtubuf1, MAXIPADDRS, reason,
- niFileName);
- code =
- parseNetRestrictFile_int(addrbuf2, maskbuf2, mtubuf2, MAXIPADDRS,
- &nAddrs2, reason, nrFileName, niFileName);
- if ((nAddrs1 < 0) && (code)) {
- /* both failed */
- return -1;
- } else if ((nAddrs1 > 0) && (code)) {
- /* netinfo succeeded and netrestrict failed */
- for (i = 0; ((i < nAddrs1) && (i < max)); i++) {
- addrbuf[i] = addrbuf1[i];
- if (maskbuf) {
- maskbuf[i] = maskbuf1[i];
- mtubuf[i] = mtubuf1[i];
- }
- }
- return i;
- } else if ((!code) && (nAddrs1 < 0)) {
- /* netrestrict succeeded and netinfo failed */
- for (i = 0; ((i < nAddrs2) && (i < max)); i++) {
- addrbuf[i] = addrbuf2[i];
- if (maskbuf) {
- maskbuf[i] = maskbuf2[i];
- mtubuf[i] = mtubuf2[i];
- }
- }
- return i;
- } else if ((!code) && (nAddrs1 >= 0)) {
- /* both succeeded */
- /* take the intersection of addrbuf1 and addrbuf2 */
- code =
- filterAddrs(addrbuf1, addrbuf2, maskbuf1, maskbuf2, mtubuf1,
- mtubuf2, nAddrs1, nAddrs2);
- for (i = 0; ((i < code) && (i < max)); i++) {
- addrbuf[i] = addrbuf1[i];
- if (maskbuf) {
- maskbuf[i] = maskbuf1[i];
- mtubuf[i] = mtubuf1[i];
- }
- }
- return i;
- }
- return 0;
-}
+++ /dev/null
-/*
- * Copyright 2000, International Business Machines Corporation and others.
- * All Rights Reserved.
- *
- * This software has been released under the terms of the IBM Public
- * License. For details, see the LICENSE file in the top-level source
- * directory or online at http://www.openafs.org/dl/license10.html
- */
-
-#ifndef OPENAFS_NETUTILS_H
-#define OPENAFS_NETUTILS_H
-
-#include "afsutil_prototypes.h"
-
-#endif /* OPENAFS_NETUTILS_H */
LIBACLOBJS=aclprocs.o netprocs.o
-UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o
+UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o
DIROBJS=buffer.o dir.o salvage.o
flipbase64.o: ${UTIL}/flipbase64.c
$(AFS_CCRULE) $(UTIL)/flipbase64.c
-netutils.o: ${UTIL}/netutils.c
- $(AFS_CCRULE) -I../util $(UTIL)/netutils.c
-
dirpath.o: ${UTIL}/dirpath.c
$(AFS_CCRULE) $(UTIL)/dirpath.c
#include <afs/partition.h>
#include <afs/dir.h>
#ifndef AFS_NT40_ENV
-# include <afs/netutils.h>
# include <afs/softsig.h>
#endif
#include "viced_prototypes.h"
* /usr/afs/local/NetRestict)
*/
char reason[1024];
- afs_int32 code = parseNetFiles(FS_HostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ afs_int32 code;
+
+ code = afsconf_ParseNetFiles(FS_HostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
if (code < 0) {
ViceLog(0, ("Can't register any valid addresses: %s\n", reason));
exit(1);
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
#endif
{
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
projects / packages / o / openafs.git / commitdiff