1 /* authd/providers/opm.c - small open proxy monitor
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
28 #define SELF_PID (opm_provider.id)
30 #define OPM_READSIZE 128
32 typedef enum protocol_t
41 /* Lookup data associated with auth client */
44 rb_dlink_list scans
; /* List of scans */
49 typedef void (*opm_callback_t
)(struct opm_scan
*);
57 bool ssl
; /* Connect to proxy with SSL */
58 bool ipv6
; /* Proxy supports IPv6 */
60 opm_callback_t callback
;
65 /* A listener for proxy replies */
70 struct rb_sockaddr_storage addr
;
74 /* An individual proxy scan */
77 struct auth_client
*auth
;
78 rb_fde_t
*F
; /* fd for scan */
80 struct opm_proxy
*proxy
; /* Associated proxy */
81 struct opm_listener
*listener
; /* Associated listener */
86 /* Proxies that we scan for */
87 static rb_dlink_list proxy_scanners
;
89 static ACCB accept_opm
;
90 static PF read_opm_reply
;
92 static CNCB opm_connected
;
94 static void opm_cancel(struct auth_client
*auth
);
95 static bool create_listener(const char *ip
, uint16_t port
);
97 static int opm_timeout
= 10;
98 static bool opm_enable
= false;
100 #define LISTEN_IPV4 0
101 #define LISTEN_IPV6 1
104 static struct opm_listener listeners
[2];
106 static inline protocol_t
107 get_protocol_from_string(const char *str
)
109 if(strcasecmp(str
, "socks4") == 0)
111 else if(strcasecmp(str
, "socks5") == 0)
113 else if(strcasecmp(str
, "httpconnect") == 0)
114 return PROTO_HTTP_CONNECT
;
115 else if(strcasecmp(str
, "httpsconnect") == 0)
116 return PROTO_HTTPS_CONNECT
;
121 static inline struct opm_proxy
*
122 find_proxy_scanner(protocol_t proto
, uint16_t port
)
126 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
128 struct opm_proxy
*proxy
= ptr
->data
;
130 if(proxy
->proto
== proto
&& proxy
->port
== port
)
137 /* This is called when an open proxy connects to us */
139 read_opm_reply(rb_fde_t
*F
, void *data
)
142 struct auth_client
*auth
= data
;
143 struct opm_lookup
*lookup
;
144 char readbuf
[OPM_READSIZE
];
147 lrb_assert(auth
!= NULL
);
148 lookup
= get_provider_data(auth
, SELF_PID
);
149 lrb_assert(lookup
!= NULL
);
151 if((len
= rb_read(F
, readbuf
, sizeof(readbuf
))) < 0 && rb_ignore_errno(errno
))
153 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
163 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
165 struct opm_proxy
*proxy
= ptr
->data
;
167 if(strncmp(proxy
->note
, readbuf
, strlen(proxy
->note
)) == 0)
169 rb_dlink_node
*ptr
, *nptr
;
171 /* Cancel outstanding lookups */
172 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
174 struct opm_scan
*scan
= ptr
->data
;
180 /* No longer needed, client is going away */
183 reject_client(auth
, SELF_PID
, readbuf
, "Open proxy detected");
192 accept_opm(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
194 struct auth_client
*auth
= NULL
;
195 struct opm_listener
*listener
= data
;
196 struct rb_sockaddr_storage localaddr
;
197 unsigned int llen
= sizeof(struct rb_sockaddr_storage
);
198 rb_dictionary_iter iter
;
200 if(status
!= 0 || listener
== NULL
)
206 if(getsockname(rb_get_fd(F
), (struct sockaddr
*)&localaddr
, &llen
))
208 /* This can happen if the client goes away after accept */
213 /* Correlate connection with client(s) */
214 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
216 if(GET_SS_FAMILY(&auth
->c_addr
) != GET_SS_FAMILY(&localaddr
))
219 /* Compare the addresses */
220 switch(GET_SS_FAMILY(&localaddr
))
224 struct sockaddr_in
*s
= (struct sockaddr_in
*)&localaddr
, *c
= (struct sockaddr_in
*)&auth
->c_addr
;
226 if(s
->sin_addr
.s_addr
== c
->sin_addr
.s_addr
)
228 /* Match... check if it's real */
229 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
237 struct sockaddr_in6
*s
= (struct sockaddr_in6
*)&localaddr
, *c
= (struct sockaddr_in6
*)&auth
->c_addr
;
239 if(IN6_ARE_ADDR_EQUAL(&s
->sin6_addr
, &c
->sin6_addr
))
241 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
248 warn_opers(L_CRIT
, "OPM: unknown address type in listen function");
249 exit(EX_PROVIDER_ERROR
);
253 /* We don't care about the socket if we get here */
260 opm_connected(rb_fde_t
*F
, int error
, void *data
)
262 struct opm_scan
*scan
= data
;
263 struct opm_proxy
*proxy
= scan
->proxy
;
264 struct auth_client
*auth
= scan
->auth
;
265 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
267 if(error
|| !opm_enable
)
269 //notice_client(scan->auth->cid, "*** Scan not connected: %s", proxy->note);
273 switch(GET_SS_FAMILY(&auth
->c_addr
))
276 if(listeners
[LISTEN_IPV4
].F
== NULL
)
277 /* They cannot respond to us */
287 if(listeners
[LISTEN_IPV6
].F
== NULL
)
288 /* They cannot respond to us */
297 proxy
->callback(scan
);
301 rb_dlinkFindDelete(scan
, &lookup
->scans
);
306 socks4_connected(struct opm_scan
*scan
)
308 struct auth_client
*auth
= scan
->auth
;
309 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
310 uint8_t sendbuf
[9]; /* Size we're building */
311 uint8_t *c
= sendbuf
;
313 memcpy(c
, "\x04\x01", 2); c
+= 2; /* Socks version 4, connect command */
314 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
315 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
316 *c
= '\x00'; /* No userid */
319 if(rb_write(scan
->F
, sendbuf
, sizeof(sendbuf
)) < 0)
323 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) < 0)
328 socks5_connected(struct opm_scan
*scan
)
330 struct auth_client
*auth
= scan
->auth
;
331 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
332 uint8_t sendbuf
[25]; /* Size we're building */
333 uint8_t *c
= sendbuf
;
336 lookup
= get_provider_data(auth
, SELF_PID
);
338 /* Build the version header and socks request
339 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
340 * connect req (3 bytes): version, command (1 = connect), reserved (0)
342 memcpy(c
, "\x05\x01\x00\x05\x01\x00", 6); c
+= 6;
344 switch(GET_SS_FAMILY(&auth
->c_addr
))
347 *(c
++) = '\x01'; /* Address type (1 = IPv4) */
348 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
349 memcpy(c
, &(((struct sockaddr_in
*)&scan
->listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
353 *(c
++) = '\x04'; /* Address type (4 = IPv6) */
354 memcpy(c
, ((struct sockaddr_in6
*)&scan
->listener
->addr
)->sin6_addr
.s6_addr
, 16); c
+= 16; /* Address */
355 memcpy(c
, &(((struct sockaddr_in6
*)&scan
->listener
->addr
)->sin6_port
), 2); c
+= 2; /* Port */
363 if(rb_write(scan
->F
, sendbuf
, (size_t)(sendbuf
- c
)) <= 0)
366 /* Now the note in a separate write */
367 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
372 http_connect_connected(struct opm_scan
*scan
)
374 struct auth_client
*auth
= scan
->auth
;
375 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
376 char sendbuf
[128]; /* A bit bigger than we need but better safe than sorry */
379 /* Simple enough to build */
380 snprintf(sendbuf
, sizeof(sendbuf
), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", scan
->listener
->ip
, scan
->listener
->port
);
383 if(rb_write(scan
->F
, sendbuf
, strlen(sendbuf
)) <= 0)
386 /* Now the note in a separate write */
387 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
390 /* MiroTik needs this, and as a separate write */
391 if(rb_write(scan
->F
, "\r\n", 2) <= 0)
395 /* Establish connections */
397 establish_connection(struct auth_client
*auth
, struct opm_proxy
*proxy
)
399 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
400 struct opm_scan
*scan
= rb_malloc(sizeof(struct opm_scan
));
401 struct opm_listener
*listener
;
402 struct rb_sockaddr_storage c_a
, l_a
;
405 lrb_assert(lookup
!= NULL
);
408 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
410 if(proxy
->proto
== PROTO_SOCKS4
)
412 /* SOCKS4 doesn't support IPv6 */
416 listener
= &listeners
[LISTEN_IPV6
];
420 listener
= &listeners
[LISTEN_IPV4
];
422 if(listener
->F
== NULL
)
424 /* We can't respond */
429 c_a
= auth
->c_addr
; /* Client */
430 l_a
= listener
->addr
; /* Listener (connect using its IP) */
434 scan
->listener
= listener
;
435 if((scan
->F
= rb_socket(GET_SS_FAMILY(&auth
->c_addr
), SOCK_STREAM
, 0, proxy
->note
)) == NULL
)
437 warn_opers(L_WARN
, "OPM: could not create OPM socket (proto %s): %s", proxy
->note
, strerror(errno
));
442 /* Disable Nagle's algorithim - buffering could affect scans */
443 (void)setsockopt(rb_get_fd(scan
->F
), IPPROTO_TCP
, TCP_NODELAY
, (char *)&opt
, sizeof(opt
));
445 SET_SS_PORT(&l_a
, 0);
446 SET_SS_PORT(&c_a
, htons(proxy
->port
));
448 rb_dlinkAdd(scan
, &scan
->node
, &lookup
->scans
);
451 rb_connect_tcp(scan
->F
,
452 (struct sockaddr
*)&c_a
,
453 (struct sockaddr
*)&l_a
,
455 opm_connected
, scan
, opm_timeout
);
457 rb_connect_tcp_ssl(scan
->F
,
458 (struct sockaddr
*)&c_a
,
459 (struct sockaddr
*)&l_a
,
461 opm_connected
, scan
, opm_timeout
);
465 create_listener(const char *ip
, uint16_t port
)
467 struct auth_client
*auth
;
468 struct opm_listener
*listener
;
469 struct rb_sockaddr_storage addr
;
470 rb_dictionary_iter iter
;
474 if(!rb_inet_pton_sock(ip
, (struct sockaddr
*)&addr
))
476 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%hu", ip
, port
);
477 exit(EX_PROVIDER_ERROR
);
480 SET_SS_PORT(&addr
, htons(port
));
483 if(GET_SS_FAMILY(&addr
) == AF_INET6
)
485 struct sockaddr_in6
*a1
, *a2
;
487 listener
= &listeners
[LISTEN_IPV6
];
489 a1
= (struct sockaddr_in6
*)&addr
;
490 a2
= (struct sockaddr_in6
*)&listener
->addr
;
492 if(IN6_ARE_ADDR_EQUAL(&a1
->sin6_addr
, &a2
->sin6_addr
) &&
493 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
496 /* Listener already exists */
503 struct sockaddr_in
*a1
, *a2
;
505 listener
= &listeners
[LISTEN_IPV4
];
507 a1
= (struct sockaddr_in
*)&addr
;
508 a2
= (struct sockaddr_in
*)&listener
->addr
;
510 if(a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
&&
511 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
514 /* Listener already exists */
519 if((F
= rb_socket(GET_SS_FAMILY(&addr
), SOCK_STREAM
, 0, "OPM listener socket")) == NULL
)
521 /* This shouldn't fail, or we have big problems... */
522 warn_opers(L_CRIT
, "OPM: cannot create socket: %s", strerror(errno
));
523 exit(EX_PROVIDER_ERROR
);
526 if(setsockopt(rb_get_fd(F
), SOL_SOCKET
, SO_REUSEADDR
, (char *)&opt
, sizeof(opt
)))
528 /* This shouldn't fail either... */
529 warn_opers(L_CRIT
, "OPM: cannot set options on socket: %s", strerror(errno
));
530 exit(EX_PROVIDER_ERROR
);
533 if(bind(rb_get_fd(F
), (struct sockaddr
*)&addr
, GET_SS_LEN(&addr
)))
535 /* Shit happens, let's not cripple authd over /this/ since it could be user error */
536 warn_opers(L_WARN
, "OPM: cannot bind on socket: %s", strerror(errno
));
541 if(rb_listen(F
, SOMAXCONN
, false)) /* deferred accept could interfere with detection */
543 /* Again, could be user error */
544 warn_opers(L_WARN
, "OPM: cannot listen on socket: %s", strerror(errno
));
549 /* From this point forward we assume we have a listener */
551 if(listener
->F
!= NULL
)
552 /* Close old listener */
553 rb_close(listener
->F
);
557 /* Cancel clients that may be on old listener
558 * XXX - should rescan clients that need it
560 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
566 rb_strlcpy(listener
->ip
, ip
, sizeof(listener
->ip
));
567 listener
->port
= port
;
568 listener
->addr
= addr
;
570 opm_enable
= true; /* Implicitly set this to true for now if we have a listener */
571 rb_accept_tcp(listener
->F
, NULL
, accept_opm
, listener
);
576 opm_scan(struct auth_client
*auth
)
579 struct opm_lookup
*lookup
;
581 lrb_assert(auth
!= NULL
);
583 lookup
= get_provider_data(auth
, SELF_PID
);
584 set_provider_timeout_relative(auth
, SELF_PID
, opm_timeout
);
586 lookup
->in_progress
= true;
588 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
590 struct opm_proxy
*proxy
= ptr
->data
;
591 //notice_client(auth->cid, "*** Scanning for proxy type %s", proxy->note);
592 establish_connection(auth
, proxy
);
595 notice_client(auth
->cid
, "*** Scanning for open proxies...");
598 /* This is called every time a provider is completed as long as we are marked not done */
600 opm_initiate(struct auth_client
*auth
, uint32_t provider
)
602 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
603 uint32_t rdns_pid
, ident_pid
;
605 lrb_assert(provider
!= SELF_PID
);
606 lrb_assert(!is_provider_done(auth
, SELF_PID
));
607 lrb_assert(rb_dlink_list_length(&proxy_scanners
) > 0);
609 if(lookup
== NULL
|| lookup
->in_progress
)
612 else if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
613 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
614 /* Don't start until ident and rdns are finished (or not loaded) */
621 opm_start(struct auth_client
*auth
)
623 uint32_t rdns_pid
, ident_pid
;
625 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
627 if(!opm_enable
|| rb_dlink_list_length(&proxy_scanners
) == 0)
629 /* Nothing to do... */
630 notice_client(auth
->cid
, "*** Proxy scanning disabled, not scanning");
634 set_provider_data(auth
, SELF_PID
, rb_malloc(sizeof(struct opm_lookup
)));
636 if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
637 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
639 /* Don't start until ident and rdns are finished (or not loaded) */
643 set_provider_running(auth
, SELF_PID
);
648 opm_cancel(struct auth_client
*auth
)
650 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
654 rb_dlink_node
*ptr
, *nptr
;
656 notice_client(auth
->cid
, "*** Did not detect open proxies");
658 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
660 struct opm_scan
*scan
= ptr
->data
;
668 set_provider_data(auth
, SELF_PID
, NULL
);
669 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
670 provider_done(auth
, SELF_PID
);
677 struct auth_client
*auth
;
678 rb_dictionary_iter iter
;
680 /* Nuke all opm lookups */
681 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
689 add_conf_opm_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
691 int timeout
= atoi(parv
[0]);
695 warn_opers(L_CRIT
, "opm: opm timeout < 0 (value: %d)", timeout
);
699 opm_timeout
= timeout
;
703 set_opm_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
705 bool enable
= (*parv
[0] == '1');
709 if(listeners
[LISTEN_IPV4
].F
!= NULL
|| listeners
[LISTEN_IPV6
].F
!= NULL
)
711 struct auth_client
*auth
;
712 rb_dictionary_iter iter
;
714 /* Close the listening socket */
715 if(listeners
[LISTEN_IPV4
].F
!= NULL
)
716 rb_close(listeners
[LISTEN_IPV4
].F
);
718 if(listeners
[LISTEN_IPV6
].F
!= NULL
)
719 rb_close(listeners
[LISTEN_IPV6
].F
);
721 listeners
[LISTEN_IPV4
].F
= listeners
[LISTEN_IPV6
].F
= NULL
;
723 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
731 if(listeners
[LISTEN_IPV4
].ip
[0] != '\0' && listeners
[LISTEN_IPV4
].port
!= 0)
733 if(listeners
[LISTEN_IPV4
].F
== NULL
)
734 /* Pre-configured IP/port, just re-establish */
735 create_listener(listeners
[LISTEN_IPV4
].ip
, listeners
[LISTEN_IPV4
].port
);
738 if(listeners
[LISTEN_IPV6
].ip
[0] != '\0' && listeners
[LISTEN_IPV6
].port
!= 0)
740 if(listeners
[LISTEN_IPV6
].F
== NULL
)
741 /* Pre-configured IP/port, just re-establish */
742 create_listener(listeners
[LISTEN_IPV6
].ip
, listeners
[LISTEN_IPV6
].port
);
750 set_opm_listener(const char *key __unused
, int parc __unused
, const char **parv
)
752 const char *ip
= parv
[0];
753 int iport
= atoi(parv
[1]);
755 if(iport
> 65535 || iport
<= 0)
757 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%s", parv
[0], parv
[1]);
758 exit(EX_PROVIDER_ERROR
);
761 create_listener(ip
, (uint16_t)iport
);
765 create_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
767 int iport
= atoi(parv
[1]);
768 struct opm_proxy
*proxy
= rb_malloc(sizeof(struct opm_proxy
));
770 if(iport
<= 0 || iport
> 65535)
772 warn_opers(L_CRIT
, "OPM: got a bad scanner: %s (port %s)", parv
[0], parv
[1]);
773 exit(EX_PROVIDER_ERROR
);
776 proxy
->port
= (uint16_t)iport
;
778 switch((proxy
->proto
= get_protocol_from_string(parv
[0])))
781 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks4:%hu", proxy
->port
);
783 proxy
->callback
= socks4_connected
;
786 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks5:%hu", proxy
->port
);
788 proxy
->callback
= socks5_connected
;
790 case PROTO_HTTP_CONNECT
:
791 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpconnect:%hu", proxy
->port
);
793 proxy
->callback
= http_connect_connected
;
795 case PROTO_HTTPS_CONNECT
:
796 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpsconnect:%hu", proxy
->port
);
797 proxy
->callback
= http_connect_connected
;
801 warn_opers(L_CRIT
, "OPM: got an unknown proxy type: %s (port %hu)", parv
[0], proxy
->port
);
802 exit(EX_PROVIDER_ERROR
);
805 if(find_proxy_scanner(proxy
->proto
, proxy
->port
) != NULL
)
807 warn_opers(L_CRIT
, "OPM: got a duplicate scanner: %s (port %hu)", parv
[0], proxy
->port
);
808 exit(EX_PROVIDER_ERROR
);
811 rb_dlinkAdd(proxy
, &proxy
->node
, &proxy_scanners
);
815 delete_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
817 struct auth_client
*auth
;
818 struct opm_proxy
*proxy
;
819 protocol_t proto
= get_protocol_from_string(parv
[0]);
820 int iport
= atoi(parv
[1]);
821 rb_dictionary_iter iter
;
823 if(iport
<= 0 || iport
> 65535)
825 warn_opers(L_CRIT
, "OPM: got a bad scanner to delete: %s (port %s)", parv
[0], parv
[1]);
826 exit(EX_PROVIDER_ERROR
);
829 if(proto
== PROTO_NONE
)
831 warn_opers(L_CRIT
, "OPM: got an unknown proxy type to delete: %s (port %d)", parv
[0], iport
);
832 exit(EX_PROVIDER_ERROR
);
835 if((proxy
= find_proxy_scanner(proto
, (uint16_t)iport
)) == NULL
)
837 warn_opers(L_CRIT
, "OPM: cannot find proxy to delete: %s (port %d)", parv
[0], iport
);
838 exit(EX_PROVIDER_ERROR
);
841 /* Abort remaining clients on this scanner */
842 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
845 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
850 RB_DLINK_FOREACH(ptr
, lookup
->scans
.head
)
852 struct opm_scan
*scan
= ptr
->data
;
854 if(scan
->proxy
->port
== proxy
->port
&& scan
->proxy
->proto
== proxy
->proto
)
857 rb_dlinkFindDelete(scan
, &lookup
->scans
);
860 if(rb_dlink_list_length(&lookup
->scans
) == 0)
868 rb_dlinkFindDelete(proxy
, &proxy_scanners
);
871 if(rb_dlink_list_length(&proxy_scanners
) == 0)
876 delete_opm_scanner_all(const char *key __unused
, int parc __unused
, const char **parv __unused
)
878 struct auth_client
*auth
;
879 rb_dlink_node
*ptr
, *nptr
;
880 rb_dictionary_iter iter
;
882 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, proxy_scanners
.head
)
885 rb_dlinkDelete(ptr
, &proxy_scanners
);
888 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
897 struct auth_opts_handler opm_options
[] =
899 { "opm_timeout", 1, add_conf_opm_timeout
},
900 { "opm_enabled", 1, set_opm_enabled
},
901 { "opm_listener", 2, set_opm_listener
},
902 { "opm_scanner", 2, create_opm_scanner
},
903 { "opm_scanner_del", 2, delete_opm_scanner
},
904 { "opm_scanner_del_all", 0, delete_opm_scanner_all
},
908 struct auth_provider opm_provider
=
912 .destroy
= opm_destroy
,
914 .cancel
= opm_cancel
,
915 .timeout
= opm_cancel
,
916 .completed
= opm_initiate
,
917 .opt_handlers
= opm_options
,