1 /* authd/providers/opm.c - small open proxy monitor
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
29 #define SELF_PID (opm_provider.id)
31 #define OPM_READSIZE 128
33 typedef enum protocol_t
42 /* Lookup data associated with auth client */
45 rb_dlink_list scans
; /* List of scans */
50 typedef void (*opm_callback_t
)(struct opm_scan
*);
58 bool ssl
; /* Connect to proxy with SSL */
59 bool ipv6
; /* Proxy supports IPv6 */
61 opm_callback_t callback
;
66 /* A listener for proxy replies */
71 struct rb_sockaddr_storage addr
;
75 /* An individual proxy scan */
78 struct auth_client
*auth
;
79 rb_fde_t
*F
; /* fd for scan */
81 struct opm_proxy
*proxy
; /* Associated proxy */
82 struct opm_listener
*listener
; /* Associated listener */
87 /* Proxies that we scan for */
88 static rb_dlink_list proxy_scanners
;
90 static ACCB accept_opm
;
91 static PF read_opm_reply
;
93 static CNCB opm_connected
;
95 static void opm_cancel(struct auth_client
*auth
);
96 static bool create_listener(const char *ip
, uint16_t port
);
98 static int opm_timeout
= OPM_TIMEOUT_DEFAULT
;
99 static bool opm_enable
= false;
109 static struct opm_listener listeners
[LISTEN_LAST
];
111 static inline protocol_t
112 get_protocol_from_string(const char *str
)
114 if(strcasecmp(str
, "socks4") == 0)
116 else if(strcasecmp(str
, "socks5") == 0)
118 else if(strcasecmp(str
, "httpconnect") == 0)
119 return PROTO_HTTP_CONNECT
;
120 else if(strcasecmp(str
, "httpsconnect") == 0)
121 return PROTO_HTTPS_CONNECT
;
126 static inline struct opm_proxy
*
127 find_proxy_scanner(protocol_t proto
, uint16_t port
)
131 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
133 struct opm_proxy
*proxy
= ptr
->data
;
135 if(proxy
->proto
== proto
&& proxy
->port
== port
)
142 /* This is called when an open proxy connects to us */
144 read_opm_reply(rb_fde_t
*F
, void *data
)
147 struct auth_client
*auth
= data
;
148 struct opm_lookup
*lookup
;
149 char readbuf
[OPM_READSIZE
];
152 lrb_assert(auth
!= NULL
);
153 lookup
= get_provider_data(auth
, SELF_PID
);
154 lrb_assert(lookup
!= NULL
);
156 if((len
= rb_read(F
, readbuf
, sizeof(readbuf
))) < 0 && rb_ignore_errno(errno
))
158 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
168 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
170 struct opm_proxy
*proxy
= ptr
->data
;
172 if(strncmp(proxy
->note
, readbuf
, strlen(proxy
->note
)) == 0)
174 rb_dlink_node
*ptr
, *nptr
;
176 /* Cancel outstanding lookups */
177 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
179 struct opm_scan
*scan
= ptr
->data
;
185 /* No longer needed, client is going away */
188 reject_client(auth
, SELF_PID
, readbuf
, "Open proxy detected");
197 accept_opm(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
199 struct auth_client
*auth
= NULL
;
200 struct opm_listener
*listener
= data
;
201 struct rb_sockaddr_storage localaddr
;
202 unsigned int llen
= sizeof(struct rb_sockaddr_storage
);
203 rb_dictionary_iter iter
;
205 if(status
!= 0 || listener
== NULL
)
211 if(getsockname(rb_get_fd(F
), (struct sockaddr
*)&localaddr
, &llen
))
213 /* This can happen if the client goes away after accept */
218 /* Correlate connection with client(s) */
219 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
221 if(GET_SS_FAMILY(&auth
->c_addr
) != GET_SS_FAMILY(&localaddr
))
224 /* Compare the addresses */
225 switch(GET_SS_FAMILY(&localaddr
))
229 struct sockaddr_in
*s
= (struct sockaddr_in
*)&localaddr
, *c
= (struct sockaddr_in
*)&auth
->c_addr
;
231 if(s
->sin_addr
.s_addr
== c
->sin_addr
.s_addr
)
233 /* Match... check if it's real */
234 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
242 struct sockaddr_in6
*s
= (struct sockaddr_in6
*)&localaddr
, *c
= (struct sockaddr_in6
*)&auth
->c_addr
;
244 if(IN6_ARE_ADDR_EQUAL(&s
->sin6_addr
, &c
->sin6_addr
))
246 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
253 warn_opers(L_CRIT
, "OPM: unknown address type in listen function");
254 exit(EX_PROVIDER_ERROR
);
258 /* We don't care about the socket if we get here */
265 opm_connected(rb_fde_t
*F
, int error
, void *data
)
267 struct opm_scan
*scan
= data
;
268 struct opm_proxy
*proxy
= scan
->proxy
;
269 struct auth_client
*auth
= scan
->auth
;
270 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
272 if(error
|| !opm_enable
)
274 //notice_client(scan->auth->cid, "*** Scan not connected: %s", proxy->note);
278 switch(GET_SS_FAMILY(&auth
->c_addr
))
281 if(listeners
[LISTEN_IPV4
].F
== NULL
)
282 /* They cannot respond to us */
292 if(listeners
[LISTEN_IPV6
].F
== NULL
)
293 /* They cannot respond to us */
302 proxy
->callback(scan
);
306 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
311 socks4_connected(struct opm_scan
*scan
)
313 uint8_t sendbuf
[9]; /* Size we're building */
314 uint8_t *c
= sendbuf
;
316 memcpy(c
, "\x04\x01", 2); c
+= 2; /* Socks version 4, connect command */
317 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
318 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
319 *c
= '\x00'; /* No userid */
322 if(rb_write(scan
->F
, sendbuf
, sizeof(sendbuf
)) < 0)
326 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) < 0)
331 socks5_connected(struct opm_scan
*scan
)
333 struct auth_client
*auth
= scan
->auth
;
334 uint8_t sendbuf
[25]; /* Size we're building */
335 uint8_t *c
= sendbuf
;
337 /* Build the version header and socks request
338 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
339 * connect req (3 bytes): version, command (1 = connect), reserved (0)
341 memcpy(c
, "\x05\x01\x00\x05\x01\x00", 6); c
+= 6;
343 switch(GET_SS_FAMILY(&auth
->c_addr
))
346 *(c
++) = '\x01'; /* Address type (1 = IPv4) */
347 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
348 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
352 *(c
++) = '\x04'; /* Address type (4 = IPv6) */
353 memcpy(c
, ((struct sockaddr_in6
*)&scan
->listener
->addr
)->sin6_addr
.s6_addr
, 16); c
+= 16; /* Address */
354 memcpy(c
, &(((struct sockaddr_in6
*)&scan
->listener
->addr
)->sin6_port
), 2); c
+= 2; /* Port */
362 if(rb_write(scan
->F
, sendbuf
, (size_t)(sendbuf
- c
)) <= 0)
365 /* Now the note in a separate write */
366 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
371 http_connect_connected(struct opm_scan
*scan
)
373 struct auth_client
*auth
= scan
->auth
;
374 char sendbuf
[128]; /* A bit bigger than we need but better safe than sorry */
376 /* Simple enough to build */
377 snprintf(sendbuf
, sizeof(sendbuf
), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", scan
->listener
->ip
, scan
->listener
->port
);
380 if(rb_write(scan
->F
, sendbuf
, strlen(sendbuf
)) <= 0)
383 /* Now the note in a separate write */
384 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
387 /* MiroTik needs this, and as a separate write */
388 if(rb_write(scan
->F
, "\r\n", 2) <= 0)
392 /* Establish connections */
394 establish_connection(struct auth_client
*auth
, struct opm_proxy
*proxy
)
396 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
397 struct opm_scan
*scan
= rb_malloc(sizeof(struct opm_scan
));
398 struct opm_listener
*listener
;
399 struct rb_sockaddr_storage c_a
, l_a
;
402 lrb_assert(lookup
!= NULL
);
405 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
407 if(proxy
->proto
== PROTO_SOCKS4
)
409 /* SOCKS4 doesn't support IPv6 */
413 listener
= &listeners
[LISTEN_IPV6
];
417 listener
= &listeners
[LISTEN_IPV4
];
419 if(listener
->F
== NULL
)
421 /* We can't respond */
426 c_a
= auth
->c_addr
; /* Client */
427 l_a
= listener
->addr
; /* Listener (connect using its IP) */
431 scan
->listener
= listener
;
432 if((scan
->F
= rb_socket(GET_SS_FAMILY(&auth
->c_addr
), SOCK_STREAM
, 0, proxy
->note
)) == NULL
)
434 warn_opers(L_WARN
, "OPM: could not create OPM socket (proto %s): %s", proxy
->note
, strerror(errno
));
439 /* Disable Nagle's algorithim - buffering could affect scans */
440 (void)setsockopt(rb_get_fd(scan
->F
), IPPROTO_TCP
, TCP_NODELAY
, (char *)&opt
, sizeof(opt
));
442 SET_SS_PORT(&l_a
, 0);
443 SET_SS_PORT(&c_a
, htons(proxy
->port
));
445 rb_dlinkAdd(scan
, &scan
->node
, &lookup
->scans
);
448 rb_connect_tcp(scan
->F
,
449 (struct sockaddr
*)&c_a
,
450 (struct sockaddr
*)&l_a
,
451 opm_connected
, scan
, opm_timeout
);
453 rb_connect_tcp_ssl(scan
->F
,
454 (struct sockaddr
*)&c_a
,
455 (struct sockaddr
*)&l_a
,
456 opm_connected
, scan
, opm_timeout
);
460 create_listener(const char *ip
, uint16_t port
)
462 struct auth_client
*auth
;
463 struct opm_listener
*listener
;
464 struct rb_sockaddr_storage addr
;
465 rb_dictionary_iter iter
;
469 if(!rb_inet_pton_sock(ip
, (struct sockaddr
*)&addr
))
471 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%hu", ip
, port
);
472 exit(EX_PROVIDER_ERROR
);
475 SET_SS_PORT(&addr
, htons(port
));
478 if(GET_SS_FAMILY(&addr
) == AF_INET6
)
480 struct sockaddr_in6
*a1
, *a2
;
482 listener
= &listeners
[LISTEN_IPV6
];
484 a1
= (struct sockaddr_in6
*)&addr
;
485 a2
= (struct sockaddr_in6
*)&listener
->addr
;
487 if(IN6_ARE_ADDR_EQUAL(&a1
->sin6_addr
, &a2
->sin6_addr
) &&
488 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
491 /* Listener already exists */
498 struct sockaddr_in
*a1
, *a2
;
500 listener
= &listeners
[LISTEN_IPV4
];
502 a1
= (struct sockaddr_in
*)&addr
;
503 a2
= (struct sockaddr_in
*)&listener
->addr
;
505 if(a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
&&
506 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
509 /* Listener already exists */
514 if((F
= rb_socket(GET_SS_FAMILY(&addr
), SOCK_STREAM
, 0, "OPM listener socket")) == NULL
)
516 /* This shouldn't fail, or we have big problems... */
517 warn_opers(L_CRIT
, "OPM: cannot create socket: %s", strerror(errno
));
518 exit(EX_PROVIDER_ERROR
);
521 if(setsockopt(rb_get_fd(F
), SOL_SOCKET
, SO_REUSEADDR
, (char *)&opt
, sizeof(opt
)))
523 /* This shouldn't fail either... */
524 warn_opers(L_CRIT
, "OPM: cannot set options on socket: %s", strerror(errno
));
525 exit(EX_PROVIDER_ERROR
);
528 if(bind(rb_get_fd(F
), (struct sockaddr
*)&addr
, GET_SS_LEN(&addr
)))
530 /* Shit happens, let's not cripple authd over /this/ since it could be user error */
531 warn_opers(L_WARN
, "OPM: cannot bind on socket: %s", strerror(errno
));
536 if(rb_listen(F
, SOMAXCONN
, false)) /* deferred accept could interfere with detection */
538 /* Again, could be user error */
539 warn_opers(L_WARN
, "OPM: cannot listen on socket: %s", strerror(errno
));
544 /* From this point forward we assume we have a listener */
546 if(listener
->F
!= NULL
)
547 /* Close old listener */
548 rb_close(listener
->F
);
552 /* Cancel clients that may be on old listener
553 * XXX - should rescan clients that need it
555 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
558 /* auth is now invalid as we have no reference */
562 rb_strlcpy(listener
->ip
, ip
, sizeof(listener
->ip
));
563 listener
->port
= port
;
564 listener
->addr
= addr
;
566 opm_enable
= true; /* Implicitly set this to true for now if we have a listener */
567 rb_accept_tcp(listener
->F
, NULL
, accept_opm
, listener
);
572 opm_scan(struct auth_client
*auth
)
575 struct opm_lookup
*lookup
;
577 lrb_assert(auth
!= NULL
);
579 lookup
= get_provider_data(auth
, SELF_PID
);
580 set_provider_timeout_relative(auth
, SELF_PID
, opm_timeout
);
582 lookup
->in_progress
= true;
584 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
586 struct opm_proxy
*proxy
= ptr
->data
;
587 //notice_client(auth->cid, "*** Scanning for proxy type %s", proxy->note);
588 establish_connection(auth
, proxy
);
591 notice_client(auth
->cid
, "*** Scanning for open proxies...");
594 /* This is called every time a provider is completed as long as we are marked not done */
596 opm_initiate(struct auth_client
*auth
, uint32_t provider
)
598 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
599 uint32_t rdns_pid
, ident_pid
;
601 lrb_assert(provider
!= SELF_PID
);
602 lrb_assert(!is_provider_done(auth
, SELF_PID
));
603 lrb_assert(rb_dlink_list_length(&proxy_scanners
) > 0);
605 if(lookup
== NULL
|| lookup
->in_progress
)
608 else if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
609 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
610 /* Don't start until ident and rdns are finished (or not loaded) */
617 opm_start(struct auth_client
*auth
)
619 uint32_t rdns_pid
, ident_pid
;
621 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
623 if(!opm_enable
|| rb_dlink_list_length(&proxy_scanners
) == 0)
624 /* Nothing to do... */
627 auth_client_ref(auth
);
629 set_provider_data(auth
, SELF_PID
, rb_malloc(sizeof(struct opm_lookup
)));
631 if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
632 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
634 /* Don't start until ident and rdns are finished (or not loaded) */
638 set_provider_running(auth
, SELF_PID
);
643 opm_cancel(struct auth_client
*auth
)
645 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
649 rb_dlink_node
*ptr
, *nptr
;
651 notice_client(auth
->cid
, "*** Did not detect open proxies");
653 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
655 struct opm_scan
*scan
= ptr
->data
;
663 set_provider_data(auth
, SELF_PID
, NULL
);
664 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
665 provider_done(auth
, SELF_PID
);
667 auth_client_unref(auth
);
674 struct auth_client
*auth
;
675 rb_dictionary_iter iter
;
677 /* Nuke all opm lookups */
678 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
681 /* auth is now invalid as we have no reference */
687 add_conf_opm_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
689 int timeout
= atoi(parv
[0]);
693 warn_opers(L_CRIT
, "opm: opm timeout < 0 (value: %d)", timeout
);
697 opm_timeout
= timeout
;
701 set_opm_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
703 bool enable
= (*parv
[0] == '1');
707 if(listeners
[LISTEN_IPV4
].F
!= NULL
|| listeners
[LISTEN_IPV6
].F
!= NULL
)
709 struct auth_client
*auth
;
710 rb_dictionary_iter iter
;
712 /* Close the listening socket */
713 if(listeners
[LISTEN_IPV4
].F
!= NULL
)
714 rb_close(listeners
[LISTEN_IPV4
].F
);
716 if(listeners
[LISTEN_IPV6
].F
!= NULL
)
717 rb_close(listeners
[LISTEN_IPV6
].F
);
719 listeners
[LISTEN_IPV4
].F
= listeners
[LISTEN_IPV6
].F
= NULL
;
721 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
724 /* auth is now invalid as we have no reference */
730 if(listeners
[LISTEN_IPV4
].ip
[0] != '\0' && listeners
[LISTEN_IPV4
].port
!= 0)
732 if(listeners
[LISTEN_IPV4
].F
== NULL
)
733 /* Pre-configured IP/port, just re-establish */
734 create_listener(listeners
[LISTEN_IPV4
].ip
, listeners
[LISTEN_IPV4
].port
);
737 if(listeners
[LISTEN_IPV6
].ip
[0] != '\0' && listeners
[LISTEN_IPV6
].port
!= 0)
739 if(listeners
[LISTEN_IPV6
].F
== NULL
)
740 /* Pre-configured IP/port, just re-establish */
741 create_listener(listeners
[LISTEN_IPV6
].ip
, listeners
[LISTEN_IPV6
].port
);
749 set_opm_listener(const char *key __unused
, int parc __unused
, const char **parv
)
751 const char *ip
= parv
[0];
752 int iport
= atoi(parv
[1]);
754 if(iport
> 65535 || iport
<= 0)
756 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%s", parv
[0], parv
[1]);
757 exit(EX_PROVIDER_ERROR
);
760 create_listener(ip
, (uint16_t)iport
);
764 create_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
766 int iport
= atoi(parv
[1]);
767 struct opm_proxy
*proxy
= rb_malloc(sizeof(struct opm_proxy
));
769 if(iport
<= 0 || iport
> 65535)
771 warn_opers(L_CRIT
, "OPM: got a bad scanner: %s (port %s)", parv
[0], parv
[1]);
772 exit(EX_PROVIDER_ERROR
);
775 proxy
->port
= (uint16_t)iport
;
777 switch((proxy
->proto
= get_protocol_from_string(parv
[0])))
780 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks4:%hu", proxy
->port
);
782 proxy
->callback
= socks4_connected
;
785 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks5:%hu", proxy
->port
);
787 proxy
->callback
= socks5_connected
;
789 case PROTO_HTTP_CONNECT
:
790 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpconnect:%hu", proxy
->port
);
792 proxy
->callback
= http_connect_connected
;
794 case PROTO_HTTPS_CONNECT
:
795 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpsconnect:%hu", proxy
->port
);
796 proxy
->callback
= http_connect_connected
;
800 warn_opers(L_CRIT
, "OPM: got an unknown proxy type: %s (port %hu)", parv
[0], proxy
->port
);
801 exit(EX_PROVIDER_ERROR
);
804 if(find_proxy_scanner(proxy
->proto
, proxy
->port
) != NULL
)
806 warn_opers(L_CRIT
, "OPM: got a duplicate scanner: %s (port %hu)", parv
[0], proxy
->port
);
811 rb_dlinkAdd(proxy
, &proxy
->node
, &proxy_scanners
);
815 delete_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
817 struct auth_client
*auth
;
818 struct opm_proxy
*proxy
;
819 protocol_t proto
= get_protocol_from_string(parv
[0]);
820 int iport
= atoi(parv
[1]);
821 rb_dictionary_iter iter
;
823 if(iport
<= 0 || iport
> 65535)
825 warn_opers(L_CRIT
, "OPM: got a bad scanner to delete: %s (port %s)", parv
[0], parv
[1]);
826 exit(EX_PROVIDER_ERROR
);
829 if(proto
== PROTO_NONE
)
831 warn_opers(L_CRIT
, "OPM: got an unknown proxy type to delete: %s (port %d)", parv
[0], iport
);
832 exit(EX_PROVIDER_ERROR
);
835 if((proxy
= find_proxy_scanner(proto
, (uint16_t)iport
)) == NULL
)
837 warn_opers(L_CRIT
, "OPM: cannot find proxy to delete: %s (port %d)", parv
[0], iport
);
838 exit(EX_PROVIDER_ERROR
);
841 /* Abort remaining clients on this scanner */
842 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
845 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
850 auth_client_ref(auth
);
852 RB_DLINK_FOREACH(ptr
, lookup
->scans
.head
)
854 struct opm_scan
*scan
= ptr
->data
;
856 if(scan
->proxy
->port
== proxy
->port
&& scan
->proxy
->proto
== proxy
->proto
)
859 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
862 if(rb_dlink_list_length(&lookup
->scans
) == 0)
869 auth_client_unref(auth
);
872 rb_dlinkDelete(&proxy
->node
, &proxy_scanners
);
875 if(rb_dlink_list_length(&proxy_scanners
) == 0)
880 delete_opm_scanner_all(const char *key __unused
, int parc __unused
, const char **parv __unused
)
882 struct auth_client
*auth
;
883 rb_dlink_node
*ptr
, *nptr
;
884 rb_dictionary_iter iter
;
886 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, proxy_scanners
.head
)
889 rb_dlinkDelete(ptr
, &proxy_scanners
);
892 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
895 /* auth is now invalid as we have no reference */
902 delete_opm_listener_all(const char *key __unused
, int parc __unused
, const char **parv __unused
)
904 if(listeners
[LISTEN_IPV4
].F
!= NULL
)
905 rb_close(listeners
[LISTEN_IPV4
].F
);
908 if(listeners
[LISTEN_IPV6
].F
!= NULL
)
909 rb_close(listeners
[LISTEN_IPV6
].F
);
912 memset(&listeners
, 0, sizeof(listeners
));
916 struct auth_opts_handler opm_options
[] =
918 { "opm_timeout", 1, add_conf_opm_timeout
},
919 { "opm_enabled", 1, set_opm_enabled
},
920 { "opm_listener", 2, set_opm_listener
},
921 { "opm_listener_del_all", 0, delete_opm_listener_all
},
922 { "opm_scanner", 2, create_opm_scanner
},
923 { "opm_scanner_del", 2, delete_opm_scanner
},
924 { "opm_scanner_del_all", 0, delete_opm_scanner_all
},
928 struct auth_provider opm_provider
=
932 .destroy
= opm_destroy
,
934 .cancel
= opm_cancel
,
935 .timeout
= opm_cancel
,
936 .completed
= opm_initiate
,
937 .opt_handlers
= opm_options
,