Adds the --access-folder command line option

2015-12-10 12:45:28 -06:00 · 2015-12-10 12:45:28 -06:00 · a0c4acd31c
commit a0c4acd31c
parent 186101d298
6 changed files with 24 additions and 3 deletions
--- a/server/access.c
+++ b/server/access.c
@ -1356,6 +1356,13 @@ parse_access_folder(fko_srv_options_t *opts, char *access_folder, int *depth)
    char            include_file[MAX_PATH_LEN] ={0};
    struct dirent  *dp;

+    (*depth)++;
+    if ((*depth) == 1)
+    {
+        acc_stanza_init(opts);
+    }
+
+
    if((ndx = strrchr(access_folder, '/')) != NULL)
    {
        if (strlen(ndx) == 1)
--- a/server/access.h
+++ b/server/access.h
@ -45,6 +45,7 @@
 /* Function Prototypes
 */
 int parse_access_file(fko_srv_options_t *opts, char *access_filename, int *depth);
+int parse_access_folder(fko_srv_options_t *opts, char *access_folder, int *depth);
 int compare_addr_list(acc_int_list_t *source_list, const uint32_t ip);
 int acc_check_port_access(acc_stanza_t *acc, char *port_str);
 void dump_access_list(const fko_srv_options_t *opts);
--- a/server/cmd_opts.h
+++ b/server/cmd_opts.h
@ -120,6 +120,7 @@ static char *config_map[NUMBER_OF_CONFIG_ENTRIES] = {
    "FWKNOP_RUN_DIR",
    "FWKNOP_CONF_DIR",
    "ACCESS_FILE",
+    "ACCESS_FOLDER",
    "FWKNOP_PID_FILE",
 #if USE_FILE_CACHE
    "DIGEST_FILE",
@ -161,6 +162,7 @@ enum {
    DUMP_SERVER_ERR_CODES,
    EXIT_AFTER_PARSE_CONFIG,
    FAULT_INJECTION_TAG,
+    ACCESS_FOLDER,
    NOOP /* Just to be a marker for the end */
 };

@ -173,6 +175,7 @@ enum {
 static struct option cmd_opts[] =
 {
    {"access-file",          1, NULL, 'a'},
+    {"access-folder",        1, NULL, ACCESS_FOLDER},
    {"afl-fuzzing",          0, NULL, 'A'},
    {"afl-pkt-file",         1, NULL, AFL_PKT_FILE },
    {"config-file",          1, NULL, 'c'},
--- a/server/config_init.c
+++ b/server/config_init.c
@ -1202,6 +1202,9 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
            case 'a':
                set_config_entry(opts, CONF_ACCESS_FILE, optarg);
                break;
+            case ACCESS_FOLDER:
+                set_config_entry(opts, CONF_ACCESS_FOLDER, optarg);
+                break;
            case 'c':
                /* This was handled earlier */
                break;
--- a/server/fwknopd.c
+++ b/server/fwknopd.c
@ -148,10 +148,16 @@ main(int argc, char **argv)
            fprintf(stdout, "Deleting any existing firewall rules...\n");
            clean_exit(&opts, FW_CLEANUP, EXIT_SUCCESS);
        }
-
-        /* Process the access.conf file.
+        if (opts.config[CONF_ACCESS_FOLDER] != NULL) //If we have an access folder, process it
+        {
+            if (parse_access_folder(&opts, opts.config[CONF_ACCESS_FOLDER], &depth) != EXIT_SUCCESS)
+            {
+                clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
+            }
+        }
+        /* Process the access.conf file, but only if no access.conf folder was specified.
        */
-        if (parse_access_file(&opts, opts.config[CONF_ACCESS_FILE], &depth) != EXIT_SUCCESS)
+        else if (parse_access_file(&opts, opts.config[CONF_ACCESS_FILE], &depth) != EXIT_SUCCESS)
        {
            clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
        }
--- a/server/fwknopd_common.h
+++ b/server/fwknopd_common.h
@ -309,6 +309,7 @@ enum {
    CONF_FWKNOP_RUN_DIR,
    CONF_FWKNOP_CONF_DIR,
    CONF_ACCESS_FILE,
+    CONF_ACCESS_FOLDER,
    CONF_FWKNOP_PID_FILE,
 #if USE_FILE_CACHE
    CONF_DIGEST_FILE,