Individual bit access in C

Im not that good at C, so go easy on me, but I wanted to be able to have individual bit access in C without using a ton of functions to do bit manipulation on a uint8_t. Tell me where I could improve upon it

#include <stdio.h>

#pragma pack(1)
union bit_array {
    struct {
        unsigned char b8:1, b7:1, b6:1, b5:1, b4:1, b3:1, b2:1, b1:1;
    } bits;
    unsigned char value;
};

int main() {
    // Creates char with binary value 11111111
    union bit_array test = { 1, 1, 1, 1, 1, 1, 1, 1 };

    // Displays 11111111 (255)
    printf("%un", test.value);

    // Sets 8th bit of binary value to 0
    // 11111111 (255) -> 11111110 (254)
    test.bits.b8 = 0;

    // Displays 11111110 (254)
    printf("%un", test.value);
    
    return 0;
}

DNS : Hints to limit access to known clients

I would like to set up for personal purposes a DNS server on the cloud and offer its service to several members of my family/friends. Based on their IP and the filtering options they’d like, DNS queries will be performed in confidence (filter only ads, filter only non-appropriate sites for kids, etc…). In fact, a homemade OpenDNS solution.

To do so, I can use the directive allow-from (or equivalent) of my DNS solution but due to the DNS protocol nature, I can use only IP address/netmasks. This would work fine for people with public static IP addresses but not for people with a dynamic one.

I was thinking about using a reverse proxy that does support allow-from FQDN directive and forward the query to the local DNS server once the FQDN/IP matches.

What do you think about it? Is there any other/more straightforward solution/idea?

azure ad – Access Denied error After migrate on-prem Local AD SP Database to Sharepoint Farm joined to AzureAD DS

I have migrated Sharepoint 2013 Farm which is joined to Local AD DS to Sharepoint 2016 Farm joined to AzureAD DS.

Client wants to take full use of AzureAD DS and want to migrate sharepoint farm to Azure VMs connected to AzureAD DS.

I created a Sharepoint 2016 farm. created normal webapp/Site collection and is able to access as expected.

When I attach sharepoint 2013 DB after upgrade it gives access denied to those upgrade web app.
Do I need to do any changes to existing usernames as they has been now talking to AzureAD DS instead of Local AD.

DNS : Hints to limitate access to known clients

I would like to set up for personal purposes a DNS server on the cloud and offer its service to several members of my family/friends. Based on their IP and the filtering options they’d like, dns query will be performed in consequence (filter only ads, filter only non appropriate sites for kids, etc…). In fact, a home-made opendns solution if you know it.

To do so, I can use the directive ‘allow-from’ (or equivalent) of my dns solution but due to the dns protocol nature, I can use only ip address/netmasks. This would work fine for people with public static IP address but not for people with a dynamic one.

I was thinking about using a reverse proxy which does support "allow-from FQDN" directive and forward the query to the local dns server once the fqdn/ip matches.

What do you think about it ? Is there any other/more straight-forward solution/idea ?

NB : I’ve searched on StackExchange before posting but didn’t find anything. However, if a post would already exist :

  • my sincere apologies;
  • may you give me the link to this post ?

Thank you very much,

Best regards,

David

SSD KVM VPS (From 1.75$)- 30% Lifetime OFF (🌎USA,NL)- ⚡️DDOS Protected⚡️ Full root access.

Host Mayo offers SSD KVM VPS with advance features like instant upgrades, DDOS protection, Gigabit Uplink and 24/7 Support. We have been in business since 2015. Over the span of last few years we have expanded our products range to cover simple web hosting to enterprise level VPS & dedicated servers. We offer exceptional customer support and guarantee 99% uptime. Today we bring exclusive vps plans with 30% recurring discount using coupon "coco"…

Read more

virtualization – How can I host VMs on my Ubuntu Server for remote access within my LAN?

I’ve read a bunch about KVM, installed it and then successfully create a VM inside it using this guide.

Now I would like to be able to access it from my other computers (Windows and Ubuntu) within my LAN.

I noticed that in Virtual Machine Manager, I can add a connection (presumably to be used from a client?). So I would probably need to configure a server/daemon… where should I start?

Then, how would I access it from my clients (windows/ubuntu).

Optimize user access images php

I have this code in PHP, working that manages the accesses by user role.
In practice I have to check some conditions to understand if the parameters concur, for the user, so as to verify whether or not he can view the image.
I wish I could optimize it and make it more “elegant”. Can you help me? Every time I try, it doesn’t work for me

$reqpath = strip_tags($_GET('img'));
$reqpathstart = preg_match('(/images/profile/)', $reqpath, $matches) ? '' : '/images/profile/';

if(strpos($reqpath, 'user_profile_default.png') !== false){

  $content_type = function_mime_content_type('user_profile_default.png');

  header('Expires: '.gmdate('D, d M Y H:i:s GMT', time() + (60 * 60))); 
  header("Cache-Control: no-store, no-cache,must-revalidate");
  header("Cache-Control: post-check=0, pre-check=0",false);
  header("Pragma: no-cache");
  header("Content-type: ".$content_type);
  header('Content-Length: ' . filesize($_SERVER('DOCUMENT_ROOT').'/images/profile/user_profile_default.png'));

  readfile($_SERVER('DOCUMENT_ROOT').'/images/profile/user_profile_default.png');

}else{

  $foundslash = strpos($reqpath,'/');

  if($foundslash === false){ 
    header('Location https://'.$_SERVER('HTTP_HOST'));
  }

  $uid = preg_match('/profile/(d+)//', $reqpathstart.$reqpath, $matches) ? $matches(1) : '';

  $content_type = function_mime_content_type($reqpath);

  if($content_type){
    header('Expires: '.gmdate('D, d M Y H:i:s GMT', time() + (60 * 60))); 
    header("Cache-Control: no-store, no-cache,must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0",false);
    header("Pragma: no-cache");
    header("Content-type: ".$content_type);
    header('Content-Length: ' . filesize($_SERVER('DOCUMENT_ROOT').$reqpathstart.$reqpath));

    $authed = false;
    $uc = $user->get_uc($uid);

    if($user->is_logged_in()){

      if((int)$_SESSION("uid") === (int)$uid){
        $authed = true;
      }else if($_SESSION("ur") === "Administrator"){
        $authed = true;
      }else if($_SESSION("ur") === "Promoter"){
        $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

        if($foundPractice === 'N.D.'){
          $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

          if($foundDocsPrivate === 'N.D.'){
            $authed = true;
          }else{
            $authed = false;
          }
        }else{
          $authed = false;
        }
      }else if($_SESSION("ur") === "CEO"){
        if(isset($uc) && $uc != null || !$uc){
          $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

          if($foundPractice === 'N.D.'){
            $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

            if($foundDocsPrivate === 'N.D.'){
              $authed = true;
            }else{
              $authed = false;
            }
          }else{
            $authed = false;
          }
        }else{
          $check_uc = check_uc_array($uc('uc'), $_SESSION('uc'));
          if($check_uc){

            $get_pd = $user->get_my_user_d($uc('uc'), $uid);

            if(isset($get_pd) && $get_pd){
              if($get_pd("user_id") == $_SESSION("uid")){
                $authed = true;
              }else{
                $authed = false;
              }
              
            }else{
              $pDAuth = $user->get_p_authorization_by_id($uid, $_SESSION("uid"));

              if($pDAuth){
                $authed = true;
              }else{
                $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

                if($foundPractice === 'N.D.'){
                  $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

                  if($foundDocsPrivate === 'N.D.'){
                    $authed = true;
                  }else{
                    $authed = false;
                  }
                }else{
                  $authed = false;
                }
              }
            }

          }else{
            $authed = false;
          }
        }
      }else if($_SESSION("ur") === "Secretary"){
        if(isset($uc) && $uc != null || !$uc){
          $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

          if($foundPractice === 'N.D.'){
            $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

            if($foundDocsPrivate === 'N.D.'){
              $authed = true;
            }else{
              $authed = false;
            }
          }else{
            $authed = false;
          }
        }else{
          $check_uc = check_uc_array($uc('uc'), $_SESSION('uc'));
          if($check_uc){
              $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

              if($foundPractice === 'N.D.'){
                $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

                if($foundDocsPrivate === 'N.D.'){
                  $authed = true;
                }else{
                  $authed = false;
                }
              }else{
                $authed = false;
              }
          }else{
            $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

            if($foundPractice === 'N.D.'){
              $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

              if($foundDocsPrivate === 'N.D.'){
                $authed = true;
              }else{
                $authed = false;
              }
            }else{
              $authed = false;
            }
          }
        }
      }else if($_SESSION('user_role') === "Public"){
          $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

          if($foundPractice === 'N.D.'){

            $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

            if($foundDocsPrivate === 'N.D.'){
              $authed = true;
            }else{
              $authed = false;
            }

          }else{
            $authed = false;
          }

      }else{
          $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

          if($foundPractice === 'N.D.'){
            
            $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

            if($foundDocsPrivate === 'N.D.'){
              $authed = true;
            }else{
              $authed = false;
            }

          }else{
            $authed = false;
          }
      }

      if($authed === true){
        readfile($_SERVER('DOCUMENT_ROOT').$reqpathstart.$reqpath);
      }else{
        echo "not-permission";
        header('Location: https://'.$_SERVER('HTTP_HOST').'/404');
        exit();
      }

    }else{
      $foundPractice = preg_match('/(profile/d+/practice)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

      if($foundPractice === 'N.D.'){
        
        $foundDocsPrivate = preg_match('/(profile/d+/storage)/', $reqpathstart.$reqpath, $matches) ? $matches(1) : 'N.D.';

        if($foundDocsPrivate === 'N.D.'){
          readfile($_SERVER('DOCUMENT_ROOT').$reqpathstart.$reqpath);
        }else{
          echo "not-permission";
          header('Location: https://'.$_SERVER('HTTP_HOST').'/404');
          exit();
        }

      }else{
        echo "not-permission";
        header('Location: https://'.$_SERVER('HTTP_HOST').'/404');
        exit();
      }
    }
  }else{
    echo "not-permission";
    header('Location: https://'.$_SERVER('HTTP_HOST').'/404');
    exit();
  }
}

apparmor – HOW to customize docker container profile to implement fine-grained network access control

1.materials

apparmor policy reference https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference#AppArmor_globbing_syntax

2.my profile

#include <tunables/global>profile docker-test flags=(attach_disconnected,mediate_deleted) {

#include <abstractions/base>
deny /data/** rwl,

deny /usr/bin/top mrwklx,

deny /usr/bin/hello mrwklx,

deny network,

file,

capability,

deny network inet tcp,

deny network bind inet tcp src 192.168.1.1:80 dst 170.1.1.0:80,
}

3.my error

syntax error, unexpected TOK_ID, expecting TOK_END_OF_RULE

the error comes from the last line which contains specific ip_addr, I test it on ubuntu18.04 and my kernel version is 5.4.0-42-generic, apparmor version is 3.0.1 which I compiled from source.

dnd 5e – If I get access to a spell attack that’s NOT part of a spell, can I use it when I take the Attack action?

Some creatures have entries in their stat block that are classified as ‘melee spell attack’, or ‘ranged spell attack’, without actually being tied to the casting of a spell. Some PC subclasses also get some of those, notably the Way of the Sun Soul and the Circle of Stars, but they are framed in such a way that still leaves no doubt as to when you can use it (with the Attack action, for the Monk, and as a bonus action on your turn, for the Druid). So let’s say I get access to the former, monster-like spell attacks.

  1. Can I use it when I take the Attack action?
  2. If not, is the reason that they are listed as ‘Actions’ on the creature’s stat block? So just like I can only use the Circle of Stars Archer feature as a bonus action, this would leave me with an Action and not a general combat option. It’s probably this, but I still need clarification about point 3.
  3. The rules for the Attack action state: “With this action, you make one melee or ranged Attack”. Nowhere here it says ‘weapon attack’. So even if the only attack option for a PC still is given by holding a weapon or having the possibility to make an unarmed strike, would this allow me to make a spell attack as a part of it if such an option were available to me outside of explicitly permittive wordings (as I said, I understand that casting a spell is its own thing, using a feature like the Archer form is its own thing, etc.).

I hope I made my question clear.