Ticket #501: patch_501_benoitg_2010_03_02.patch

src/fw_iptables.c

@@ -555 +555 @@
                                         debug(LOG_DEBUG, "%s - Updated counter.outgoing to %llu bytes.  Updated last_updated to %d", ip, counter, p1->counters.last_updated);
                                 }
                         } else {
-                                debug(LOG_ERR, "Could not find %s in client list", ip);
+                                debug(LOG_ERR, "iptables_fw_counters_update(): Could not find %s in client list, this should not happen unless if the gateway crashed", ip);
+                                debug(LOG_ERR, "Preventively deleting firewall rules for %s in table %s", ip, TABLE_WIFIDOG_OUTGOING);
+                                iptables_fw_destroy_mention("mangle", TABLE_WIFIDOG_OUTGOING, ip);
+                                debug(LOG_ERR, "Preventively deleting firewall rules for %s in table %s", ip, TABLE_WIFIDOG_INCOMING);
+                                iptables_fw_destroy_mention("mangle", TABLE_WIFIDOG_INCOMING, ip);
                         }
                         UNLOCK_CLIENT_LIST();
                 }
@@ -593 +597 @@
                                         debug(LOG_DEBUG, "%s - Updated counter.incoming to %llu bytes", ip, counter);
                                 }
                         } else {
-                                debug(LOG_ERR, "Could not find %s in client list", ip);
+                                debug(LOG_ERR, "iptables_fw_counters_update(): Could not find %s in client list, this should not happen unless if the gateway crashed", ip);
+                                debug(LOG_ERR, "Preventively deleting firewall rules for %s in table %s", ip, TABLE_WIFIDOG_OUTGOING);
+                                iptables_fw_destroy_mention("mangle", TABLE_WIFIDOG_OUTGOING, ip);
+                                debug(LOG_ERR, "Preventively deleting firewall rules for %s in table %s", ip, TABLE_WIFIDOG_INCOMING);
+                                iptables_fw_destroy_mention("mangle", TABLE_WIFIDOG_INCOMING, ip);
                         }
                         UNLOCK_CLIENT_LIST();
                 }

src/auth.c

@@ -106 +106 @@
         client = client_list_find_by_ip(r->clientAddr);
 
         if (client == NULL) {
-                debug(LOG_ERR, "Could not find client for %s", r->clientAddr);
+                debug(LOG_ERR, "authenticate_client(): Could not find client for %s", r->clientAddr);
                 UNLOCK_CLIENT_LIST();
                 return;
         }
@@ -129 +129 @@
         client = client_list_find(r->clientAddr, mac);
         
         if (client == NULL) {
-                debug(LOG_ERR, "Could not find client node for %s (%s)", r->clientAddr, mac);
+                debug(LOG_ERR, "authenticate_client(): Could not find client node for %s (%s)", r->clientAddr, mac);
                 UNLOCK_CLIENT_LIST();
                 free(token);
                 free(mac);
@@ -153 +153 @@
 
         case AUTH_DENIED:
                 /* Central server said invalid token */
-                debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac);
+                debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - deleting from firewall and redirecting them to denied message", client->token, client->ip, client->mac);
+                fw_deny(client->ip, client->mac, FW_MARK_KNOWN);
                 safe_asprintf(&urlFragment, "%smessage=%s",
                         auth_server->authserv_msg_script_path_fragment,
                         GATEWAY_MESSAGE_DENIED