1 /* authd/providers/opm.c - small open proxy monitor
2 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice is present in all copies.
8 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
9 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
10 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
11 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
12 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
13 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
14 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
17 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
18 * POSSIBILITY OF SUCH DAMAGE.
28 #define SELF_PID (opm_provider.id)
30 #define OPM_READSIZE 128
32 typedef enum protocol_t
43 rb_dlink_list scans
; /* List of scans */
59 struct auth_client
*auth
;
61 struct opm_proxy
*proxy
;
62 rb_fde_t
*F
; /* fd for scan */
71 struct rb_sockaddr_storage addr
;
75 /* Proxies that we scan for */
76 static rb_dlink_list proxy_scanners
;
78 static ACCB accept_opm
;
79 static PF read_opm_reply
;
81 static CNCB socks4_connected
;
82 static CNCB socks5_connected
;
84 static void opm_cancel(struct auth_client
*auth
);
85 static bool create_listener(const char *ip
, uint16_t port
);
87 static int opm_timeout
= 10;
88 static bool opm_enable
= false;
94 static struct opm_listener listeners
[2];
96 static inline protocol_t
97 get_protocol_from_string(const char *str
)
99 if(strcasecmp(str
, "socks4") == 0)
101 else if(strcasecmp(str
, "socks5") == 0)
103 else if(strcasecmp(str
, "httpconnect") == 0)
104 return PROTO_HTTP_CONNECT
;
105 else if(strcasecmp(str
, "httpsconnect") == 0)
106 return PROTO_HTTPS_CONNECT
;
111 static inline struct opm_proxy
*
112 find_proxy_scanner(protocol_t proto
, uint16_t port
)
116 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
118 struct opm_proxy
*proxy
= ptr
->data
;
120 if(proxy
->proto
== proto
&& proxy
->port
== port
)
127 /* This is called when an open proxy connects to us */
129 read_opm_reply(rb_fde_t
*F
, void *data
)
132 struct auth_client
*auth
= data
;
133 struct opm_lookup
*lookup
;
134 char readbuf
[OPM_READSIZE
];
137 lrb_assert(auth
!= NULL
);
138 lookup
= get_provider_data(auth
, SELF_PID
);
139 lrb_assert(lookup
!= NULL
);
141 if((len
= rb_read(F
, readbuf
, sizeof(readbuf
))) < 0 && rb_ignore_errno(errno
))
143 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
153 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
155 struct opm_proxy
*proxy
= ptr
->data
;
157 if(strncmp(proxy
->note
, readbuf
, strlen(proxy
->note
)) == 0)
159 rb_dlink_node
*ptr
, *nptr
;
161 /* Cancel outstanding lookups */
162 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
164 struct opm_scan
*scan
= ptr
->data
;
170 /* No longer needed, client is going away */
173 reject_client(auth
, SELF_PID
, readbuf
, "Open proxy detected");
182 accept_opm(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
184 struct auth_client
*auth
= NULL
;
185 struct opm_listener
*listener
= data
;
186 struct rb_sockaddr_storage localaddr
;
187 unsigned int llen
= sizeof(struct rb_sockaddr_storage
);
188 rb_dictionary_iter iter
;
190 if(status
!= 0 || listener
== NULL
)
196 if(getsockname(rb_get_fd(F
), (struct sockaddr
*)&localaddr
, &llen
))
198 /* This can happen if the client goes away after accept */
203 /* Correlate connection with client(s) */
204 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
206 if(GET_SS_FAMILY(&auth
->c_addr
) != GET_SS_FAMILY(&localaddr
))
209 /* Compare the addresses */
210 switch(GET_SS_FAMILY(&localaddr
))
214 struct sockaddr_in
*s
= (struct sockaddr_in
*)&localaddr
, *c
= (struct sockaddr_in
*)&auth
->c_addr
;
216 if(s
->sin_addr
.s_addr
== c
->sin_addr
.s_addr
)
218 /* Match... check if it's real */
219 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
227 struct sockaddr_in6
*s
= (struct sockaddr_in6
*)&localaddr
, *c
= (struct sockaddr_in6
*)&auth
->c_addr
;
229 if(IN6_ARE_ADDR_EQUAL(&s
->sin6_addr
, &c
->sin6_addr
))
231 rb_setselect(F
, RB_SELECT_READ
, read_opm_reply
, auth
);
238 warn_opers(L_CRIT
, "OPM: unknown address type in listen function");
239 exit(EX_PROVIDER_ERROR
);
243 /* We don't care about the socket if we get here */
250 socks4_connected(rb_fde_t
*F
, int error
, void *data
)
252 struct opm_scan
*scan
= data
;
253 struct opm_lookup
*lookup
;
254 struct auth_client
*auth
;
255 uint8_t sendbuf
[9]; /* Size we're building */
256 uint8_t *c
= sendbuf
;
259 if(error
|| !opm_enable
)
262 lrb_assert(scan
!= NULL
);
265 lookup
= get_provider_data(auth
, SELF_PID
);
267 memcpy(c
, "\x04\x01", 2); c
+= 2; /* Socks version 4, connect command */
269 switch(GET_SS_FAMILY(&auth
->c_addr
))
272 if(listeners
[LISTEN_IPV4
].F
== NULL
)
273 /* They cannot respond to us */
276 memcpy(c
, &(((struct sockaddr_in
*)&listeners
[LISTEN_IPV4
].addr
)->sin_port
), 2); c
+= 2; /* Port */
277 memcpy(c
, &(((struct sockaddr_in
*)&listeners
[LISTEN_IPV4
].addr
)->sin_addr
.s_addr
), 4); c
+= 4; /* Address */
281 /* socks4 doesn't support IPv6 */
287 *c
= '\x00'; /* No userid */
290 if(rb_write(scan
->F
, sendbuf
, sizeof(sendbuf
)) < 0)
294 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) < 0)
299 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
304 socks5_connected(rb_fde_t
*F
, int error
, void *data
)
306 struct opm_scan
*scan
= data
;
307 struct opm_lookup
*lookup
;
308 struct opm_listener
*listener
;
309 struct auth_client
*auth
;
310 uint8_t sendbuf
[25]; /* Size we're building */
311 uint8_t *c
= sendbuf
;
314 if(error
|| !opm_enable
)
317 lrb_assert(scan
!= NULL
);
320 lookup
= get_provider_data(auth
, SELF_PID
);
322 /* Build the version header and socks request
323 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
324 * connect req (3 bytes): version, command (1 = connect), reserved (0)
326 memcpy(c
, "\x05\x01\x00\x05\x01\x00", 6); c
+= 6;
328 switch(GET_SS_FAMILY(&auth
->c_addr
))
331 listener
= &listeners
[LISTEN_IPV4
];
335 *(c
++) = '\x01'; /* Address type (1 = IPv4) */
336 memcpy(c
, &(((struct sockaddr_in
*)&listener
->addr
)->sin_addr
.s_addr
), 4); c
+= 4;/* Address */
337 memcpy(c
, &(((struct sockaddr_in
*)&listener
->addr
)->sin_port
), 2); c
+= 2; /* Port */
341 listener
= &listeners
[LISTEN_IPV6
];
345 *(c
++) = '\x04'; /* Address type (4 = IPv6) */
346 memcpy(c
, ((struct sockaddr_in6
*)&listener
->addr
)->sin6_addr
.s6_addr
, 16); c
+= 16; /* Address */
347 memcpy(c
, &(((struct sockaddr_in6
*)&listener
->addr
)->sin6_port
), 2); c
+= 2; /* Port */
355 if(rb_write(scan
->F
, sendbuf
, (size_t)(sendbuf
- c
)) <= 0)
358 /* Now the note in a separate write */
359 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
364 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
369 http_connect_connected(rb_fde_t
*F
, int error
, void *data
)
371 struct opm_scan
*scan
= data
;
372 struct opm_lookup
*lookup
;
373 struct opm_listener
*listener
;
374 struct auth_client
*auth
;
375 char sendbuf
[128]; /* A bit bigger than we need but better safe than sorry */
379 if(error
|| !opm_enable
)
382 lrb_assert(scan
!= NULL
);
385 lookup
= get_provider_data(auth
, SELF_PID
);
387 switch(GET_SS_FAMILY(&auth
->c_addr
))
390 listener
= &listeners
[LISTEN_IPV4
];
396 listener
= &listeners
[LISTEN_IPV6
];
405 /* Simple enough to build */
406 snprintf(sendbuf
, sizeof(sendbuf
), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", listener
->ip
, listener
->port
);
409 if(rb_write(scan
->F
, sendbuf
, strlen(sendbuf
)) <= 0)
412 /* Now the note in a separate write */
413 if(rb_write(scan
->F
, scan
->proxy
->note
, strlen(scan
->proxy
->note
) + 1) <= 0)
416 /* MiroTik needs this, and as a separate write */
417 if(rb_write(scan
->F
, "\r\n", 2) <= 0)
422 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
426 /* Establish connections */
428 establish_connection(struct auth_client
*auth
, struct opm_proxy
*proxy
)
430 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
431 struct opm_listener
*listener
;
432 struct opm_scan
*scan
= rb_malloc(sizeof(struct opm_scan
));
433 struct rb_sockaddr_storage c_a
, l_a
;
437 lrb_assert(lookup
!= NULL
);
443 /* SOCKS4 is IPv4 only */
444 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
450 callback
= socks4_connected
;
453 callback
= socks5_connected
;
455 case PROTO_HTTP_CONNECT
:
456 case PROTO_HTTPS_CONNECT
:
457 callback
= http_connect_connected
;
464 if(GET_SS_FAMILY(&auth
->c_addr
) == AF_INET6
)
465 listener
= &listeners
[LISTEN_IPV6
];
468 listener
= &listeners
[LISTEN_IPV4
];
470 c_a
= auth
->c_addr
; /* Client */
471 l_a
= listener
->addr
; /* Listener */
475 if((scan
->F
= rb_socket(GET_SS_FAMILY(&auth
->c_addr
), SOCK_STREAM
, 0, proxy
->note
)) == NULL
)
477 warn_opers(L_WARN
, "OPM: could not create OPM socket (proto %s): %s", proxy
->note
, strerror(errno
));
482 /* Disable Nagle's algorithim - buffering could affect scans */
483 (void)setsockopt(rb_get_fd(scan
->F
), IPPROTO_TCP
, TCP_NODELAY
, (char *)&opt
, sizeof(opt
));
485 SET_SS_PORT(&l_a
, 0);
486 SET_SS_PORT(&c_a
, htons(proxy
->port
));
488 rb_dlinkAdd(scan
, &scan
->node
, &lookup
->scans
);
491 rb_connect_tcp(scan
->F
,
492 (struct sockaddr
*)&c_a
,
493 (struct sockaddr
*)&l_a
,
495 callback
, scan
, opm_timeout
);
497 rb_connect_tcp_ssl(scan
->F
,
498 (struct sockaddr
*)&c_a
,
499 (struct sockaddr
*)&l_a
,
501 callback
, scan
, opm_timeout
);
505 create_listener(const char *ip
, uint16_t port
)
507 struct auth_client
*auth
;
508 struct opm_listener
*listener
;
509 struct rb_sockaddr_storage addr
;
510 rb_dictionary_iter iter
;
514 if(!rb_inet_pton_sock(ip
, (struct sockaddr
*)&addr
))
516 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%hu", ip
, port
);
517 exit(EX_PROVIDER_ERROR
);
520 SET_SS_PORT(&addr
, htons(port
));
523 if(GET_SS_FAMILY(&addr
) == AF_INET6
)
525 struct sockaddr_in6
*a1
, *a2
;
527 listener
= &listeners
[LISTEN_IPV6
];
529 a1
= (struct sockaddr_in6
*)&addr
;
530 a2
= (struct sockaddr_in6
*)&listener
->addr
;
532 if(IN6_ARE_ADDR_EQUAL(&a1
->sin6_addr
, &a2
->sin6_addr
) &&
533 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
536 /* Listener already exists */
543 struct sockaddr_in
*a1
, *a2
;
545 listener
= &listeners
[LISTEN_IPV4
];
547 a1
= (struct sockaddr_in
*)&addr
;
548 a2
= (struct sockaddr_in
*)&listener
->addr
;
550 if(a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
&&
551 GET_SS_PORT(&addr
) == GET_SS_PORT(&listener
->addr
) &&
554 /* Listener already exists */
559 if((F
= rb_socket(GET_SS_FAMILY(&addr
), SOCK_STREAM
, 0, "OPM listener socket")) == NULL
)
561 /* This shouldn't fail, or we have big problems... */
562 warn_opers(L_CRIT
, "OPM: cannot create socket: %s", strerror(errno
));
563 exit(EX_PROVIDER_ERROR
);
566 if(setsockopt(rb_get_fd(F
), SOL_SOCKET
, SO_REUSEADDR
, (char *)&opt
, sizeof(opt
)))
568 /* This shouldn't fail either... */
569 warn_opers(L_CRIT
, "OPM: cannot set options on socket: %s", strerror(errno
));
570 exit(EX_PROVIDER_ERROR
);
573 if(bind(rb_get_fd(F
), (struct sockaddr
*)&addr
, GET_SS_LEN(&addr
)))
575 /* Shit happens, let's not cripple authd over /this/ since it could be user error */
576 warn_opers(L_WARN
, "OPM: cannot bind on socket: %s", strerror(errno
));
581 if(rb_listen(F
, SOMAXCONN
, false)) /* deferred accept could interfere with detection */
583 /* Again, could be user error */
584 warn_opers(L_WARN
, "OPM: cannot listen on socket: %s", strerror(errno
));
589 /* From this point forward we assume we have a listener */
591 if(listener
->F
!= NULL
)
592 /* Close old listener */
593 rb_close(listener
->F
);
597 /* Cancel clients that may be on old listener
598 * XXX - should rescan clients that need it
600 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
606 rb_strlcpy(listener
->ip
, ip
, sizeof(listener
->ip
));
607 listener
->port
= port
;
608 listener
->addr
= addr
;
610 opm_enable
= true; /* Implicitly set this to true for now if we have a listener */
611 rb_accept_tcp(listener
->F
, NULL
, accept_opm
, listener
);
616 opm_scan(struct auth_client
*auth
)
619 struct opm_lookup
*lookup
;
621 lrb_assert(auth
!= NULL
);
623 lookup
= get_provider_data(auth
, SELF_PID
);
624 set_provider_timeout_relative(auth
, SELF_PID
, opm_timeout
);
626 lookup
->in_progress
= true;
628 RB_DLINK_FOREACH(ptr
, proxy_scanners
.head
)
630 struct opm_proxy
*proxy
= ptr
->data
;
631 establish_connection(auth
, proxy
);
634 notice_client(auth
->cid
, "*** Scanning for open proxies...");
637 /* This is called every time a provider is completed as long as we are marked not done */
639 opm_initiate(struct auth_client
*auth
, uint32_t provider
)
641 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
642 uint32_t rdns_pid
, ident_pid
;
644 lrb_assert(provider
!= SELF_PID
);
645 lrb_assert(!is_provider_done(auth
, SELF_PID
));
646 lrb_assert(rb_dlink_list_length(&proxy_scanners
) > 0);
648 if(lookup
== NULL
|| lookup
->in_progress
)
651 else if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
652 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
653 /* Don't start until ident and rdns are finished (or not loaded) */
660 opm_start(struct auth_client
*auth
)
662 uint32_t rdns_pid
, ident_pid
;
664 lrb_assert(get_provider_data(auth
, SELF_PID
) == NULL
);
666 if(!opm_enable
|| rb_dlink_list_length(&proxy_scanners
) == 0)
668 /* Nothing to do... */
669 notice_client(auth
->cid
, "*** Proxy scanning disabled, not scanning");
673 set_provider_data(auth
, SELF_PID
, rb_malloc(sizeof(struct opm_lookup
)));
675 if((!get_provider_id("rdns", &rdns_pid
) || is_provider_done(auth
, rdns_pid
)) &&
676 (!get_provider_id("ident", &ident_pid
) || is_provider_done(auth
, ident_pid
)))
678 /* Don't start until ident and rdns are finished (or not loaded) */
682 set_provider_running(auth
, SELF_PID
);
687 opm_cancel(struct auth_client
*auth
)
689 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
693 rb_dlink_node
*ptr
, *nptr
;
695 notice_client(auth
->cid
, "*** Did not detect open proxies");
697 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, lookup
->scans
.head
)
699 struct opm_scan
*scan
= ptr
->data
;
707 set_provider_data(auth
, SELF_PID
, NULL
);
708 set_provider_timeout_absolute(auth
, SELF_PID
, 0);
709 provider_done(auth
, SELF_PID
);
716 struct auth_client
*auth
;
717 rb_dictionary_iter iter
;
719 /* Nuke all opm lookups */
720 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
728 add_conf_opm_timeout(const char *key __unused
, int parc __unused
, const char **parv
)
730 int timeout
= atoi(parv
[0]);
734 warn_opers(L_CRIT
, "opm: opm timeout < 0 (value: %d)", timeout
);
738 opm_timeout
= timeout
;
742 set_opm_enabled(const char *key __unused
, int parc __unused
, const char **parv
)
744 bool enable
= (*parv
[0] == '1');
748 if(listeners
[LISTEN_IPV4
].F
!= NULL
|| listeners
[LISTEN_IPV6
].F
!= NULL
)
750 struct auth_client
*auth
;
751 rb_dictionary_iter iter
;
753 /* Close the listening socket */
754 if(listeners
[LISTEN_IPV4
].F
!= NULL
)
755 rb_close(listeners
[LISTEN_IPV4
].F
);
757 if(listeners
[LISTEN_IPV6
].F
!= NULL
)
758 rb_close(listeners
[LISTEN_IPV6
].F
);
760 listeners
[LISTEN_IPV4
].F
= listeners
[LISTEN_IPV6
].F
= NULL
;
762 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
770 if(listeners
[LISTEN_IPV4
].ip
[0] != '\0' && listeners
[LISTEN_IPV4
].port
!= 0)
772 if(listeners
[LISTEN_IPV4
].F
== NULL
)
773 /* Pre-configured IP/port, just re-establish */
774 create_listener(listeners
[LISTEN_IPV4
].ip
, listeners
[LISTEN_IPV4
].port
);
777 if(listeners
[LISTEN_IPV6
].ip
[0] != '\0' && listeners
[LISTEN_IPV6
].port
!= 0)
779 if(listeners
[LISTEN_IPV6
].F
== NULL
)
780 /* Pre-configured IP/port, just re-establish */
781 create_listener(listeners
[LISTEN_IPV6
].ip
, listeners
[LISTEN_IPV6
].port
);
789 set_opm_listener(const char *key __unused
, int parc __unused
, const char **parv
)
791 const char *ip
= parv
[0];
792 int iport
= atoi(parv
[1]);
794 if(iport
> 65535 || iport
<= 0)
796 warn_opers(L_CRIT
, "OPM: got a bad listener: %s:%s", parv
[0], parv
[1]);
797 exit(EX_PROVIDER_ERROR
);
800 create_listener(ip
, (uint16_t)iport
);
804 create_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
806 int iport
= atoi(parv
[1]);
807 struct opm_proxy
*proxy
= rb_malloc(sizeof(struct opm_proxy
));
809 if(iport
<= 0 || iport
> 65535)
811 warn_opers(L_CRIT
, "OPM: got a bad scanner: %s (port %s)", parv
[0], parv
[1]);
812 exit(EX_PROVIDER_ERROR
);
815 proxy
->port
= (uint16_t)iport
;
817 switch((proxy
->proto
= get_protocol_from_string(parv
[0])))
820 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks4:%hu", proxy
->port
);
824 snprintf(proxy
->note
, sizeof(proxy
->note
), "socks5:%hu", proxy
->port
);
827 case PROTO_HTTP_CONNECT
:
828 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpconnect:%hu", proxy
->port
);
831 case PROTO_HTTPS_CONNECT
:
832 snprintf(proxy
->note
, sizeof(proxy
->note
), "httpsconnect:%hu", proxy
->port
);
836 warn_opers(L_CRIT
, "OPM: got an unknown proxy type: %s (port %hu)", parv
[0], proxy
->port
);
837 exit(EX_PROVIDER_ERROR
);
840 if(find_proxy_scanner(proxy
->proto
, proxy
->port
) != NULL
)
842 warn_opers(L_CRIT
, "OPM: got a duplicate scanner: %s (port %hu)", parv
[0], proxy
->port
);
843 exit(EX_PROVIDER_ERROR
);
846 rb_dlinkAdd(proxy
, &proxy
->node
, &proxy_scanners
);
850 delete_opm_scanner(const char *key __unused
, int parc __unused
, const char **parv
)
852 struct auth_client
*auth
;
853 struct opm_proxy
*proxy
;
854 protocol_t proto
= get_protocol_from_string(parv
[0]);
855 int iport
= atoi(parv
[1]);
856 rb_dictionary_iter iter
;
858 if(iport
<= 0 || iport
> 65535)
860 warn_opers(L_CRIT
, "OPM: got a bad scanner to delete: %s (port %s)", parv
[0], parv
[1]);
861 exit(EX_PROVIDER_ERROR
);
864 if(proto
== PROTO_NONE
)
866 warn_opers(L_CRIT
, "OPM: got an unknown proxy type to delete: %s (port %d)", parv
[0], iport
);
867 exit(EX_PROVIDER_ERROR
);
870 if((proxy
= find_proxy_scanner(proto
, (uint16_t)iport
)) == NULL
)
872 warn_opers(L_CRIT
, "OPM: cannot find proxy to delete: %s (port %d)", parv
[0], iport
);
873 exit(EX_PROVIDER_ERROR
);
876 /* Abort remaining clients on this scanner */
877 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
880 struct opm_lookup
*lookup
= get_provider_data(auth
, SELF_PID
);
885 RB_DLINK_FOREACH(ptr
, lookup
->scans
.head
)
887 struct opm_scan
*scan
= ptr
->data
;
889 if(scan
->proxy
->port
== proxy
->port
&& scan
->proxy
->proto
== proxy
->proto
)
892 rb_dlinkDelete(&scan
->node
, &lookup
->scans
);
895 if(rb_dlink_list_length(&lookup
->scans
) == 0)
903 rb_dlinkDelete(&proxy
->node
, &proxy_scanners
);
906 if(rb_dlink_list_length(&proxy_scanners
) == 0)
911 delete_opm_scanner_all(const char *key __unused
, int parc __unused
, const char **parv __unused
)
913 struct auth_client
*auth
;
914 rb_dlink_node
*ptr
, *nptr
;
915 rb_dictionary_iter iter
;
917 RB_DLINK_FOREACH_SAFE(ptr
, nptr
, proxy_scanners
.head
)
920 rb_dlinkDelete(ptr
, &proxy_scanners
);
923 RB_DICTIONARY_FOREACH(auth
, &iter
, auth_clients
)
932 struct auth_opts_handler opm_options
[] =
934 { "opm_timeout", 1, add_conf_opm_timeout
},
935 { "opm_enabled", 1, set_opm_enabled
},
936 { "opm_listener", 2, set_opm_listener
},
937 { "opm_scanner", 2, create_opm_scanner
},
938 { "opm_scanner_del", 2, delete_opm_scanner
},
939 { "opm_scanner_del_all", 0, delete_opm_scanner_all
},
943 struct auth_provider opm_provider
=
947 .destroy
= opm_destroy
,
949 .cancel
= opm_cancel
,
950 .timeout
= opm_cancel
,
951 .completed
= opm_initiate
,
952 .opt_handlers
= opm_options
,