[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    extended permission
From:       Tarjányi_Tamás <toci () freemail ! hu>
Date:       1999-11-26 10:59:12
[Download RAW message or body]

[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]

Hi Everybody!

(Sorry for the repeated letter but I can't find it in the 
http://www.progressive-comp.com/Lists/?l=fwtk-users&r=1&w=2&b=199911 
archive list although it exists in the searchable archive. Strange.)

I have downloaded firewall toolkit 2.1 but I have a problem.
Extended permissions does not work well on my system.
Few lines from my netperm-table:

tn-gw: hosts * -extnd -auth
authsrv: permit-operation user anybody * * time 08:00 12:00

And when the second rule is active it puts this error to the log:

authsrv[4578]: fwtkcfgerr: invalid time specification: 15:57:57 1 

This function makes the error:
/* Convert hh:mm to munutes since midnight */
static int
minutes(p)
char *p;
{
#define D(x) isdigit((unsigned char) x)
 
 p[5]='\0'; //I have changed. Originali this is not here.

 if (!D(p[0]) || !D(p[1]) || p[2] != ':' ||
            !D(p[3]) || !D(p[4]) || p[5] != '\0') {
                syslog(LLEV,"fwtkcfgerr: invalid time specification: %.10s",p);
                return -1;
        }
        return((p[0] - '0') * 600 + (p[1] - '0') * 60 +
               (p[3] - '0') * 10 +  (p[4] = '0'));
}

/*
 * Return 0 if current time is between upper and lower (inclusive)
 */


This function require
s only the hour and minutes but the system gives the second and an extra 
byte too. With the modification the format is correct and there is no error in the log but it does
not work well. 
The permit-operation rule works reverse.
(This means that set rule from 8:00 to 12:00 means operation is permitted from 12:00 to 8:00)
The deny-operation rule never works.

What could be the problem?
Has anybody noticed the same?

My system is:
 Pentium
 Debian Linux 2.1 Slink
 Firewall Toolkit 2.1

Thanks

[prev in list] [next in list] [prev in thread] [next in thread]