1 /* authd/providers/opm.c - small open proxy monitor
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
28 #define SELF_PID (opm_provider.id)
30 #define OPM_READSIZE 128
32 typedef enum protocol_t
43 rb_dlink_list scans
; /* List of scans */
59 struct auth_client
*auth
;
61 struct opm_proxy
*proxy
;
62 rb_fde_t
*F
; /* fd for scan */
71 struct rb_sockaddr_storage addr
;
75 /* Proxies that we scan for */
76 static rb_dlink_list proxy_scanners
;
78 static ACCB accept_opm
;
79 static PF read_opm_reply
;
81 static CNCB socks4_connected
;
82 static CNCB socks5_connected
;
84 static void opm_cancel(struct auth_client
*auth
);
85 static bool create_listener(const char *ip
, uint16_t port
);
87 static int opm_timeout
= 10;
88 static bool opm_enable
= false;
94 static struct opm_listener listeners
[2];
96 static inline protocol_t
97 get_protocol_from_string(const char *str
)
99 if(strcasecmp(str
, "socks4") == 0)
101 else if(strcasecmp(str
, "socks5") == 0)
103 else if(strcasecmp(str
, "httpconnect") == 0)
104 return PROTO_HTTP_CONNECT
;
105 else if(strcasecmp(str
, "httpsconnect") == 0)
106 return PROTO_HTTPS_CONNECT
;
111 static inline struct opm_proxy
*
112 find_proxy_scanner(protocol_t proto
, uint16_t port
)
116 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
118 struct opm_proxy
*proxy
= ptr
->data
;
120 if(proxy
->proto
== proto
&& proxy
->port
== port
)
127 /* This is called when an open proxy connects to us */
129 read_opm_reply(rb_fde_t
*F
, void *data
)
132 struct auth_client
*auth
= data
;
133 struct opm_lookup
*lookup
;
134 char readbuf
[OPM_READSIZE
];
137 lrb_assert(auth
!= NULL
);
138 lookup
= get_provider_data(auth
, SELF_PID
);
139 lrb_assert(lookup
!= NULL
);
141 if((len
= rb_read(F
, readbuf
, sizeof(readbuf
))) < 0 && rb_ignore_errno(errno
))
143 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
153 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
155 struct opm_proxy
*proxy
= ptr
->data
;
157 if(strncmp(proxy
->note
, readbuf
, strlen(proxy
->note
)) == 0)
159 rb_dlink_node
*ptr
, *nptr
;
161 /* Cancel outstanding lookups */
162 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
164 struct opm_scan
*scan
= ptr
->data
;
170 /* No longer needed, client is going away */
173 reject_client(auth
, SELF_PID
, readbuf
, "Open proxy detected");
182 accept_opm(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
184 struct auth_client
*auth
= NULL
;
185 struct opm_listener
*listener
= data
;
186 struct rb_sockaddr_storage localaddr
;
187 unsigned int llen
= sizeof(struct rb_sockaddr_storage
);
188 rb_dictionary_iter iter
;
190 if(status
!= 0 || listener
== NULL
)
196 if(getsockname(rb_get_fd(F
), (struct sockaddr
*)&localaddr
, &llen
))
198 /* This can happen if the client goes away after accept */
203 /* Correlate connection with client(s) */
204 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
206 if(GET_SS_FAMILY(&auth
->c_addr
) != GET_SS_FAMILY(&localaddr
))
209 /* Compare the addresses */
210 switch(GET_SS_FAMILY(&localaddr
))
214 struct sockaddr_in
*s
= (struct sockaddr_in
*)&localaddr
, *c
= (struct sockaddr_in
*)&auth
->c_addr
;
216 if(s
->sin_addr
.s_addr
== c
->sin_addr
.s_addr
)
218 /* Match... check if it's real */
219 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
227 struct sockaddr_in6
*s
= (struct sockaddr_in6
*)&localaddr
, *c
= (struct sockaddr_in6
*)&auth
->c_addr
;
229 if(IN6_ARE_ADDR_EQUAL(&s
->sin6_addr
, &c
->sin6_addr
))
231 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
238 warn_opers(L_CRIT
, "OPM: unknown address type in listen function");
239 exit(EX_PROVIDER_ERROR
);
243 /* We don't care about the socket if we get here */
250 socks4_connected(rb_fde_t
*F
, int error
, void *data
)
252 struct opm_scan
*scan
= data
;
253 struct opm_lookup
*lookup
;
254 struct auth_client
*auth
;
255 uint8_t sendbuf
[9]; /* Size we're building */
256 uint8_t *c
= sendbuf
;
259 if(error
|| !opm_enable
)
262 lrb_assert(scan
!= NULL
);
265 lookup
= get_provider_data(auth
, SELF_PID
);
267 memcpy(c
, "\x04\x01", 2); c
+= 2; /* Socks version 4, connect command */
269 switch(GET_SS_FAMILY(&auth
->c_addr
))
272 if(listeners
[LISTEN_IPV4
].F
== NULL
)
273 /* They cannot respond to us */
276 memcpy(c
, &(((struct sockaddr_in
*)&listeners
[LISTEN_IPV4
].addr
)->sin_port
), 2); c
+= 2; /* Port */
277 memcpy(c
, &(((struct sockaddr_in
*)&listeners
[LISTEN_IPV4
].addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
281 /* socks4 doesn't support IPv6 */
287 *c
= '\x00'; /* No userid */
290 if(rb_write(scan
->F
, sendbuf
, sizeof(sendbuf
)) < 0)
294 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) < 0)
299 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
304 socks5_connected(rb_fde_t
*F
, int error
, void *data
)
306 struct opm_scan
*scan
= data
;
307 struct opm_lookup
*lookup
;
308 struct opm_listener
*listener
;
309 struct auth_client
*auth
;
310 uint8_t sendbuf
[25]; /* Size we're building */
311 uint8_t *c
= sendbuf
;
314 if(error
|| !opm_enable
)
317 lrb_assert(scan
!= NULL
);
320 lookup
= get_provider_data(auth
, SELF_PID
);
322 /* Build the version header and socks request
323 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
324 * connect req (3 bytes): version, command (1 = connect), reserved (0)
326 memcpy(c
, "\x05\x01\x00\x05\x01\x00", 6); c
+= 6;
328 switch(GET_SS_FAMILY(&auth
->c_addr
))
331 listener
= &listeners
[LISTEN_IPV4
];
335 *(c
++) = '\x01'; /* Address type (1 = IPv4) */
336 memcpy(c
, &(((struct sockaddr_in
*)&listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4;/* Address */
337 memcpy(c
, &(((struct sockaddr_in
*)&listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
341 listener
= &listeners
[LISTEN_IPV6
];
345 *(c
++) = '\x04'; /* Address type (4 = IPv6) */
346 memcpy(c
, ((struct sockaddr_in6
*)&listener
->addr
)->sin6_addr
.s6_addr
, 16); c
+= 16; /* Address */
347 memcpy(c
, &(((struct sockaddr_in6
*)&listener
->addr
)->sin6_port
), 2); c
+= 2; /* Port */
355 if(rb_write(scan
->F
, sendbuf
, (size_t)(sendbuf
- c
)) <= 0)
358 /* Now the note in a separate write */
359 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
364 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
369 http_connect_connected(rb_fde_t
*F
, int error
, void *data
)
371 struct opm_scan
*scan
= data
;
372 struct opm_lookup
*lookup
;
373 struct opm_listener
*listener
;
374 struct auth_client
*auth
;
375 char sendbuf
[128]; /* A bit bigger than we need but better safe than sorry */
379 if(error
|| !opm_enable
)
382 lrb_assert(scan
!= NULL
);
385 lookup
= get_provider_data(auth
, SELF_PID
);
387 switch(GET_SS_FAMILY(&auth
->c_addr
))
390 listener
= &listeners
[LISTEN_IPV4
];
396 listener
= &listeners
[LISTEN_IPV6
];
405 /* Simple enough to build */
406 snprintf(sendbuf
, sizeof(sendbuf
), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", listener
->ip
, listener
->port
);
409 if(rb_write(scan
->F
, sendbuf
, strlen(sendbuf
)) <= 0)
412 /* Now the note in a separate write */
413 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
416 /* MiroTik needs this, and as a separate write */
417 if(rb_write(scan
->F
, "\r\n", 2) <= 0)
422 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
426 /* Establish connections */
428 establish_connection(struct auth_client
*auth
, struct opm_proxy
*proxy
)
430 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
431 struct opm_listener
*listener
;
432 struct opm_scan
*scan
= rb_malloc(sizeof(struct opm_scan
));
433 struct rb_sockaddr_storage c_a
, l_a
;
437 lrb_assert(lookup
!= NULL
);
443 /* SOCKS4 is IPv4 only */
444 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
450 callback
= socks4_connected
;
453 callback
= socks5_connected
;
455 case PROTO_HTTP_CONNECT
:
456 case PROTO_HTTPS_CONNECT
:
457 callback
= http_connect_connected
;
463 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
464 listener
= &listeners
[LISTEN_IPV6
];
467 listener
= &listeners
[LISTEN_IPV4
];
469 c_a
= auth
->c_addr
; /* Client */
470 l_a
= listener
->addr
; /* Listener */
474 if((scan
->F
= rb_socket(GET_SS_FAMILY(&auth
->c_addr
), SOCK_STREAM
, 0, proxy
->note
)) == NULL
)
476 warn_opers(L_WARN
, "OPM: could not create OPM socket (proto %s): %s", proxy
->note
, strerror(errno
));
481 /* Disable Nagle's algorithim - buffering could affect scans */
482 (void)setsockopt(rb_get_fd(scan
->F
), IPPROTO_TCP
, TCP_NODELAY
, (char *)&opt
, sizeof(opt
));
484 SET_SS_PORT(&l_a
, 0);
485 SET_SS_PORT(&c_a
, htons(proxy
->port
));
487 rb_dlinkAdd(scan
, &scan
->node
, &lookup
->scans
);
490 rb_connect_tcp(scan
->F
,
491 (struct sockaddr
*)&c_a
,
492 (struct sockaddr
*)&l_a
,
494 callback
, scan
, opm_timeout
);
496 rb_connect_tcp_ssl(scan
->F
,
497 (struct sockaddr
*)&c_a
,
498 (struct sockaddr
*)&l_a
,
500 callback
, scan
, opm_timeout
);
504 create_listener(const char *ip
, uint16_t port
)
506 struct auth_client
*auth
;
507 struct opm_listener
*listener
;
508 struct rb_sockaddr_storage addr
;
509 rb_dictionary_iter iter
;
513 if(!rb_inet_pton_sock(ip
, (struct sockaddr
*)&addr
))
515 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%hu", ip
, port
);
516 exit(EX_PROVIDER_ERROR
);
519 SET_SS_PORT(&addr
, htons(port
));
522 if(GET_SS_FAMILY(&addr
) == AF_INET6
)
524 struct sockaddr_in6
*a1
, *a2
;
526 listener
= &listeners
[LISTEN_IPV6
];
528 a1
= (struct sockaddr_in6
*)&addr
;
529 a2
= (struct sockaddr_in6
*)&listener
->addr
;
531 if(IN6_ARE_ADDR_EQUAL(&a1
->sin6_addr
, &a2
->sin6_addr
) &&
532 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
535 /* Listener already exists */
542 struct sockaddr_in
*a1
, *a2
;
544 listener
= &listeners
[LISTEN_IPV4
];
546 a1
= (struct sockaddr_in
*)&addr
;
547 a2
= (struct sockaddr_in
*)&listener
->addr
;
549 if(a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
&&
550 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
553 /* Listener already exists */
558 if((F
= rb_socket(GET_SS_FAMILY(&addr
), SOCK_STREAM
, 0, "OPM listener socket")) == NULL
)
560 /* This shouldn't fail, or we have big problems... */
561 warn_opers(L_CRIT
, "OPM: cannot create socket: %s", strerror(errno
));
562 exit(EX_PROVIDER_ERROR
);
565 if(setsockopt(rb_get_fd(F
), SOL_SOCKET
, SO_REUSEADDR
, (char *)&opt
, sizeof(opt
)))
567 /* This shouldn't fail either... */
568 warn_opers(L_CRIT
, "OPM: cannot set options on socket: %s", strerror(errno
));
569 exit(EX_PROVIDER_ERROR
);
572 if(bind(rb_get_fd(F
), (struct sockaddr
*)&addr
, GET_SS_LEN(&addr
)))
574 /* Shit happens, let's not cripple authd over /this/ since it could be user error */
575 warn_opers(L_WARN
, "OPM: cannot bind on socket: %s", strerror(errno
));
580 if(rb_listen(F
, SOMAXCONN
, false)) /* deferred accept could interfere with detection */
582 /* Again, could be user error */
583 warn_opers(L_WARN
, "OPM: cannot listen on socket: %s", strerror(errno
));
588 /* From this point forward we assume we have a listener */
590 if(listener
->F
!= NULL
)
591 /* Close old listener */
592 rb_close(listener
->F
);
596 /* Cancel clients that may be on old listener
597 * XXX - should rescan clients that need it
599 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
605 rb_strlcpy(listener
->ip
, ip
, sizeof(listener
->ip
));
606 listener
->port
= port
;
607 listener
->addr
= addr
;
609 opm_enable
= true; /* Implicitly set this to true for now if we have a listener */
610 rb_accept_tcp(listener
->F
, NULL
, accept_opm
, listener
);
615 opm_scan(struct auth_client
*auth
)
618 struct opm_lookup
*lookup
;
620 lrb_assert(auth
!= NULL
);
622 lookup
= get_provider_data(auth
, SELF_PID
);
623 set_provider_timeout_relative(auth
, SELF_PID
, opm_timeout
);
625 lookup
->in_progress
= true;
627 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
629 struct opm_proxy
*proxy
= ptr
->data
;
630 establish_connection(auth
, proxy
);
633 notice_client(auth
->cid
, "*** Scanning for open proxies...");
636 /* This is called every time a provider is completed as long as we are marked not done */
638 opm_initiate(struct auth_client
*auth
, uint32_t provider
)
640 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
641 uint32_t rdns_pid
, ident_pid
;
643 lrb_assert(provider
!= SELF_PID
);
644 lrb_assert(!is_provider_done(auth
, SELF_PID
));
645 lrb_assert(rb_dlink_list_length(&proxy_scanners
) > 0);
647 if(lookup
== NULL
|| lookup
->in_progress
)
650 else if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
651 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
652 /* Don't start until ident and rdns are finished (or not loaded) */
659 opm_start(struct auth_client
*auth
)
661 uint32_t rdns_pid
, ident_pid
;
663 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
665 if(!opm_enable
|| rb_dlink_list_length(&proxy_scanners
) == 0)
667 /* Nothing to do... */
668 notice_client(auth
->cid
, "*** Proxy scanning disabled, not scanning");
672 set_provider_data(auth
, SELF_PID
, rb_malloc(sizeof(struct opm_lookup
)));
674 if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
675 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
677 /* Don't start until ident and rdns are finished (or not loaded) */
681 set_provider_running(auth
, SELF_PID
);
686 opm_cancel(struct auth_client
*auth
)
688 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
692 rb_dlink_node
*ptr
, *nptr
;
694 notice_client(auth
->cid
, "*** Did not detect open proxies");
696 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
698 struct opm_scan
*scan
= ptr
->data
;
706 set_provider_data(auth
, SELF_PID
, NULL
);
707 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
708 provider_done(auth
, SELF_PID
);
715 struct auth_client
*auth
;
716 rb_dictionary_iter iter
;
718 /* Nuke all opm lookups */
719 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
727 add_conf_opm_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
729 int timeout
= atoi(parv
[0]);
733 warn_opers(L_CRIT
, "opm: opm timeout < 0 (value: %d)", timeout
);
737 opm_timeout
= timeout
;
741 set_opm_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
743 bool enable
= (*parv
[0] == '1');
747 if(listeners
[LISTEN_IPV4
].F
!= NULL
|| listeners
[LISTEN_IPV6
].F
!= NULL
)
749 struct auth_client
*auth
;
750 rb_dictionary_iter iter
;
752 /* Close the listening socket */
753 if(listeners
[LISTEN_IPV4
].F
!= NULL
)
754 rb_close(listeners
[LISTEN_IPV4
].F
);
756 if(listeners
[LISTEN_IPV6
].F
!= NULL
)
757 rb_close(listeners
[LISTEN_IPV6
].F
);
759 listeners
[LISTEN_IPV4
].F
= listeners
[LISTEN_IPV6
].F
= NULL
;
761 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
769 if(listeners
[LISTEN_IPV4
].ip
[0] != '\0' && listeners
[LISTEN_IPV4
].port
!= 0)
771 lrb_assert(listeners
[LISTEN_IPV4
].F
== NULL
);
773 /* Pre-configured IP/port, just re-establish */
774 create_listener(listeners
[LISTEN_IPV4
].ip
, listeners
[LISTEN_IPV4
].port
);
777 if(listeners
[LISTEN_IPV6
].ip
[0] != '\0' && listeners
[LISTEN_IPV6
].port
!= 0)
779 lrb_assert(listeners
[LISTEN_IPV6
].F
== NULL
);
781 /* Pre-configured IP/port, just re-establish */
782 create_listener(listeners
[LISTEN_IPV6
].ip
, listeners
[LISTEN_IPV6
].port
);
790 set_opm_listener(const char *key __unused
, int parc __unused
, const char **parv
)
792 const char *ip
= parv
[0];
793 int iport
= atoi(parv
[1]);
795 if(iport
> 65535 || iport
<= 0)
797 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%s", parv
[0], parv
[1]);
798 exit(EX_PROVIDER_ERROR
);
801 create_listener(ip
, (uint16_t)iport
);
805 create_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
807 int iport
= atoi(parv
[1]);
808 struct opm_proxy
*proxy
= rb_malloc(sizeof(struct opm_proxy
));
810 if(iport
<= 0 || iport
> 65535)
812 warn_opers(L_CRIT
, "OPM: got a bad scanner: %s (port %s)", parv
[0], parv
[1]);
813 exit(EX_PROVIDER_ERROR
);
816 proxy
->port
= (uint16_t)iport
;
818 switch((proxy
->proto
= get_protocol_from_string(parv
[0])))
821 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks4:%hu", proxy
->port
);
825 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks5:%hu", proxy
->port
);
828 case PROTO_HTTP_CONNECT
:
829 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpconnect:%hu", proxy
->port
);
832 case PROTO_HTTPS_CONNECT
:
833 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpsconnect:%hu", proxy
->port
);
837 warn_opers(L_CRIT
, "OPM: got an unknown proxy type: %s (port %hu)", parv
[0], proxy
->port
);
838 exit(EX_PROVIDER_ERROR
);
841 if(find_proxy_scanner(proxy
->proto
, proxy
->port
) != NULL
)
843 warn_opers(L_CRIT
, "OPM: got a duplicate scanner: %s (port %hu)", parv
[0], proxy
->port
);
844 exit(EX_PROVIDER_ERROR
);
847 rb_dlinkAdd(proxy
, &proxy
->node
, &proxy_scanners
);
851 delete_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
853 struct auth_client
*auth
;
854 struct opm_proxy
*proxy
;
855 protocol_t proto
= get_protocol_from_string(parv
[0]);
856 int iport
= atoi(parv
[1]);
857 rb_dictionary_iter iter
;
859 if(iport
<= 0 || iport
> 65535)
861 warn_opers(L_CRIT
, "OPM: got a bad scanner to delete: %s (port %s)", parv
[0], parv
[1]);
862 exit(EX_PROVIDER_ERROR
);
865 if(proto
== PROTO_NONE
)
867 warn_opers(L_CRIT
, "OPM: got an unknown proxy type to delete: %s (port %d)", parv
[0], iport
);
868 exit(EX_PROVIDER_ERROR
);
871 if((proxy
= find_proxy_scanner(proto
, (uint16_t)iport
)) == NULL
)
873 warn_opers(L_CRIT
, "OPM: cannot find proxy to delete: %s (port %d)", parv
[0], iport
);
874 exit(EX_PROVIDER_ERROR
);
877 /* Abort remaining clients on this scanner */
878 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
881 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
886 RB_DLINK_FOREACH(ptr
, lookup
->scans
.head
)
888 struct opm_scan
*scan
= ptr
->data
;
890 if(scan
->proxy
->port
== proxy
->port
&& scan
->proxy
->proto
== proxy
->proto
)
893 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
896 if(rb_dlink_list_length(&lookup
->scans
) == 0)
904 rb_dlinkDelete(&proxy
->node
, &proxy_scanners
);
907 if(rb_dlink_list_length(&proxy_scanners
) == 0)
912 delete_opm_scanner_all(const char *key __unused
, int parc __unused
, const char **parv __unused
)
914 struct auth_client
*auth
;
915 rb_dlink_node
*ptr
, *nptr
;
916 rb_dictionary_iter iter
;
918 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, proxy_scanners
.head
)
921 rb_dlinkDelete(ptr
, &proxy_scanners
);
924 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
933 struct auth_opts_handler opm_options
[] =
935 { "opm_timeout", 1, add_conf_opm_timeout
},
936 { "opm_enabled", 1, set_opm_enabled
},
937 { "opm_listener", 2, set_opm_listener
},
938 { "opm_scanner", 2, create_opm_scanner
},
939 { "opm_scanner_del", 2, delete_opm_scanner
},
940 { "opm_scanner_del_all", 0, delete_opm_scanner_all
},
944 struct auth_provider opm_provider
=
948 .destroy
= opm_destroy
,
950 .cancel
= opm_cancel
,
951 .timeout
= opm_cancel
,
952 .completed
= opm_initiate
,
953 .opt_handlers
= opm_options
,