Context Navigation

← Previous Changeset
Next Changeset →

Changeset 100

Timestamp:

04/24/04 21:34:10 (9 years ago)

Author:

alexcv

Message:

re-indented with spaces instead of tabs, width = 4.

Files:

: 1 modified

trunk/wifidog/src/firewall.c (modified) (15 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/wifidog/src/firewall.c

r99	r100
19	19	\********************************************************************/
20	20
21		/* $Header$ */
	21	/*
	22	* $Header: /cvsroot/wifidog/wifidog/src/firewall.c,v 1.32 2004/04/23
	23	* 11:37:43 aprilp Exp $
	24	*/
22	25	/** @internal
23	26	@file firewall.c
…	…
30	33	extern s_config config;
31	34
32		pthread_mutex_t nodes_mutex;
33
34		t_node *firstnode = NULL;
	35	pthread_mutex_t nodes_mutex;
	36
	37	t_node *firstnode = NULL;
35	38
36	39	/**
…	…
49	52	fw_allow(char ip, char mac, int tag)
50	53	{
51		~~char~~ s_tag[16];
52		~~char~~ script[MAX_BUF];
53		~~struct stat~~ st;
54		~~char~~ *command[] = {script, "allow", ip, mac, s_tag, NULL};
55
56		sprintf(s_tag, "%-10d", tag);
57		sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
58		SCRIPT_FWACCESS);
	54	char s_tag[16];
	55	char script[MAX_BUF];
	56	struct stat st;
	57	char *command[] = {script, "allow", ip, mac, s_tag, NULL};
	58
	59	sprintf(s_tag, "%-10d", tag);
	60	sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
	61	SCRIPT_FWACCESS);
59	62
60	63	debug(LOG_DEBUG, "Allowing ip %s mac %s with MARK %s", ip, mac, s_tag);
61	64
62		if (-1 == (stat(script, &st))) {
63		debug(LOG_ERR, "Could not find %s: %s", script,
64		strerror(errno));
65		return(1);
66		}
67
68		return(execute(command));
	65	if (-1 == (stat(script, &st))) {
	66	debug(LOG_ERR, "Could not find %s: %s", script,
	67	strerror(errno));
	68	return (1);
	69	}
	70	return (execute(command));
69	71	}
70	72
…	…
83	85	fw_deny(char ip, char mac, int tag)
84	86	{
85		~~char~~ s_tag[16];
86		~~char~~ script[MAX_BUF];
87		~~struct stat~~ st;
88		~~char~~ *command[] = {script, "deny", ip, mac, s_tag, NULL};
89
90		sprintf(s_tag, "%-10d", tag);
91		sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
92		SCRIPT_FWACCESS);
	87	char s_tag[16];
	88	char script[MAX_BUF];
	89	struct stat st;
	90	char *command[] = {script, "deny", ip, mac, s_tag, NULL};
	91
	92	sprintf(s_tag, "%-10d", tag);
	93	sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
	94	SCRIPT_FWACCESS);
93	95
94	96	debug(LOG_DEBUG, "Denying ip %s mac %s with MARK %s", ip, mac, s_tag);
95	97
96		if (-1 == (stat(script, &st))) {
97		debug(LOG_ERR, "Could not find %s: %s", script,
98		strerror(errno));
99		return(1);
100		}
101
102		return(execute(command));
	98	if (-1 == (stat(script, &st))) {
	99	debug(LOG_ERR, "Could not find %s: %s", script,
	100	strerror(errno));
	101	return (1);
	102	}
	103	return (execute(command));
103	104	}
104	105
…	…
113	114	execute(char **argv)
114	115	{
115		~~int~~ pid, status, rc;
116
117		debug(LOG_DEBUG, "Executing '%s'", argv[0]);
118
119		~~if ((pid = fork()) < 0) {~~ /* fork a child process */
120		debug(LOG_ERR, "fork(): %s", strerror(errno));
121		exit(1);
122		~~} else if (pid == 0) {~~ /* for the child process: */
123		~~if (execvp(argv, argv) < 0) {~~ / execute the command */
124		debug(LOG_ERR, "fork(): %s", strerror(errno));
125		exit(1);
126		}
127		~~} else {~~ /* for the parent: */
128		do {
129		rc = wait(&status);
130		~~} while (rc != pid && rc != -1);~~ /* wait for completion */
131		}
132
133		~~return~~(status);
	116	int pid, status, rc;
	117
	118	debug(LOG_DEBUG, "Executing '%s'", argv[0]);
	119
	120	if ((pid = fork()) < 0) { /* fork a child process */
	121	debug(LOG_ERR, "fork(): %s", strerror(errno));
	122	exit(1);
	123	} else if (pid == 0) { /* for the child process: */
	124	if (execvp(argv, argv) < 0) { / execute the command */
	125	debug(LOG_ERR, "fork(): %s", strerror(errno));
	126	exit(1);
	127	}
	128	} else { /* for the parent: */
	129	do {
	130	rc = wait(&status);
	131	} while (rc != pid && rc != -1); /* wait for completion */
	132	}
	133
	134	return (status);
134	135	}
135	136
…	…
141	142	* @todo Make this function portable (using shell scripts?)
142	143	*/
143		char *
	144	char *
144	145	arp_get(char *req_ip)
145	146	{
146		FILE *proc;
147		char ip[16], *mac;
148
149		if (!(proc = fopen("/proc/net/arp", "r"))) {
150		return NULL;
151		}
152
153		/* Skip first line */
154		fscanf(proc, "%s %s %s %s %s %s %s %s %*s");
155		mac = (char *)malloc(18);
156		while(!feof(proc)) {
157		fscanf(proc, "%15s %s %s %17s %s %s", ip, mac);
158		if (strcmp(ip, req_ip) == 0) {
159		return mac;
160		}
161		}
162		fclose(proc);
163
164		free(mac);
165
166		return NULL;
	147	FILE *proc;
	148	char ip[16], *mac;
	149
	150	if (!(proc = fopen("/proc/net/arp", "r"))) {
	151	return NULL;
	152	}
	153	/* Skip first line */
	154	fscanf(proc, "%s %s %s %s %s %s %s %s %*s");
	155	mac = (char *) malloc(18);
	156	while (!feof(proc)) {
	157	fscanf(proc, "%15s %s %s %17s %s %s", ip, mac);
	158	if (strcmp(ip, req_ip) == 0) {
	159	return mac;
	160	}
	161	}
	162	fclose(proc);
	163
	164	free(mac);
	165
	166	return NULL;
167	167	}
168	168
…	…
177	177	fw_init(void)
178	178	{
179		char port[16];
180		char script[MAX_BUF];
181		int rc;
182		struct stat st;
183		char *command[] = {script, config.gw_interface, config.gw_address,
184		port, config.authserv_hostname, NULL};
185
186		sprintf(port, "%-5d", config.gw_port);
187		sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
188		SCRIPT_FWINIT);
189
190		if (-1 == (stat(script, &st))) {
191		debug(LOG_ERR, "Could not find %s: %s", script,
192		strerror(errno));
193		debug(LOG_ERR, "Exiting...");
194		exit(1);
195		}
196
197		debug(LOG_NOTICE, "Setting firewall rules");
198
199		if ((rc = execute(command)) != 0) {
200		debug(LOG_ERR, "Could not setup firewall, exiting...");
201		exit(1);
202		}
203
204		return(rc);
	179	char port[16];
	180	char script[MAX_BUF];
	181	int rc;
	182	struct stat st;
	183	char *command[] = {script, config.gw_interface, config.gw_address,
	184	port, config.authserv_hostname, NULL};
	185
	186	sprintf(port, "%-5d", config.gw_port);
	187	sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
	188	SCRIPT_FWINIT);
	189
	190	if (-1 == (stat(script, &st))) {
	191	debug(LOG_ERR, "Could not find %s: %s", script,
	192	strerror(errno));
	193	debug(LOG_ERR, "Exiting...");
	194	exit(1);
	195	}
	196	debug(LOG_NOTICE, "Setting firewall rules");
	197
	198	if ((rc = execute(command)) != 0) {
	199	debug(LOG_ERR, "Could not setup firewall, exiting...");
	200	exit(1);
	201	}
	202	return (rc);
205	203	}
206	204
…	…
215	213	fw_destroy(void)
216	214	{
217		char script[MAX_BUF];
218		struct stat st;
219		char *command[] = {script, config.gw_interface, NULL };
220
221		sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
222		SCRIPT_FWDESTROY);
223
224		if (-1 == (stat(script, &st))) {
225		debug(LOG_ERR, "Could not find %s: %s", script,
226		strerror(errno));
227		return(1);
228		}
229
230		debug(LOG_NOTICE, "Flushing firewall rules");
231
232		return(execute(command));
	215	char script[MAX_BUF];
	216	struct stat st;
	217	char *command[] = {script, config.gw_interface, NULL};
	218
	219	sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
	220	SCRIPT_FWDESTROY);
	221
	222	if (-1 == (stat(script, &st))) {
	223	debug(LOG_ERR, "Could not find %s: %s", script,
	224	strerror(errno));
	225	return (1);
	226	}
	227	debug(LOG_NOTICE, "Flushing firewall rules");
	228
	229	return (execute(command));
233	230	}
234	231
…	…
239	236	fw_counter(void)
240	237	{
241		FILE *output;
242		long int counter;
243		t_authresponse authresponse;
244		int tag,
245		rc;
246		char ip[255],
247		mac[255],
248		script[MAX_BUF],
249		*token;
250		t_node *p1;
251
252		sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
253		SCRIPT_FWCOUNTERS);
254
255		if (!(output = popen(script, "r"))) {
256		debug(LOG_ERR, "popen(): %s", strerror(errno));
257		} else {
258		while (!(feof(output)) && output) {
259		rc = fscanf(output, "%ld %s %s %d", &counter, ip,
260		mac, &tag);
261		if (rc == 4 && rc != EOF) {
262
263		pthread_mutex_lock(&nodes_mutex);
264
265		p1 = node_find_by_ip(ip);
	238	FILE *output;
	239	long int counter;
	240	t_authresponse authresponse;
	241	int tag, rc;
	242	char ip[255], mac[255], script[MAX_BUF], *token;
	243	t_node *p1;
	244
	245	sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype,
	246	SCRIPT_FWCOUNTERS);
	247
	248	if (!(output = popen(script, "r"))) {
	249	debug(LOG_ERR, "popen(): %s", strerror(errno));
	250	} else {
	251	while (!(feof(output)) && output) {
	252	rc = fscanf(output, "%ld %s %s %d", &counter, ip,
	253	mac, &tag);
	254	if (rc == 4 && rc != EOF) {
	255
	256	pthread_mutex_lock(&nodes_mutex);
	257
	258	p1 = node_find_by_ip(ip);
266	259
267	260	if (p1) {
268		token = strdup(p1->token);
269
270		pthread_mutex_unlock(&nodes_mutex);
271		authenticate(&authresponse, ip, mac, token, counter);
272		pthread_mutex_lock(&nodes_mutex);
273
274		free(token);
275
276		p1 = node_find_by_ip(ip);
277		if (p1 == NULL) {
278		debug(LOG_DEBUG, "Node was "
279		"freed while being "
280		"re-validated!");
	261	token = strdup(p1->token);
	262
	263	pthread_mutex_unlock(&nodes_mutex);
	264	authenticate(&authresponse, ip, mac, token, counter);
	265	pthread_mutex_lock(&nodes_mutex);
	266
	267	free(token);
	268
	269	p1 = node_find_by_ip(ip);
	270	if (p1 == NULL) {
	271	debug(LOG_DEBUG, "Node was "
	272	"freed while being "
	273	"re-validated!");
281	274	}
282
283	275	debug(LOG_INFO, "User %s counter currently %d, new counter %d", p1->ip, p1->counter, counter);
284	276	if (counter > p1->counter) {
285	277	p1->counter = counter;
286		debug(LOG_INFO, "Updated "
287		"client %s counter to "
288		"%ld bytes", ip,
289		counter);
	278	debug(LOG_INFO, "Updated "
	279	"client %s counter to "
	280	"%ld bytes", ip,
	281	counter);
290	282	p1->noactivity = time(NULL);
291	283	} else {
292		debug(LOG_INFO, "No activity recorded %s", p1->ip);
	284	debug(LOG_INFO, "No activity recorded %s", p1->ip);
293	285	}
294	286	if (p1->noactivity +
295		(config.checkinterval * config.clienttimeout)
296		<= time(NULL)) {
	287	(config.checkinterval * config.clienttimeout)
	288	<= time(NULL)) {
297	289	/* Timing out user */
298		debug(LOG_INFO, "Client %s was inactive for %d seconds, removing node and denying in firewall", ip,
299		config.checkinterval * config.clienttimeout);
300		fw_deny(p1->ip, p1->mac, p1->tag);
301		node_delete(p1);
302		} else {
303		/* This handles any change in the status
304		* this allows us to change the status of a
305		* user while he's connected */
306		switch(authresponse.authcode) {
307		case AUTH_DENIED:
308		case AUTH_VALIDATION_FAILED:
309		debug(LOG_NOTICE, "Client %s now denied, removing node", ip);
310		fw_deny(p1->ip, p1->mac, p1->tag);
311		node_delete(p1);
312		break;
313		case AUTH_ALLOWED:
314		if (p1->tag != MARK_KNOWN) {
315		debug(LOG_INFO, "Access has changed, refreshing firewall and clearing counters");
316		fw_deny(p1->ip, p1->mac, p1->tag);
317		p1->tag = MARK_KNOWN;
318		p1->counter = 0;
319		fw_allow(p1->ip, p1->mac, p1->tag);
320		}
321		break;
322		case AUTH_VALIDATION:
323		/* Do nothing, user is in validation period */
324		break;
325		default:
326		debug(LOG_DEBUG, "I do not know about type %d", authresponse.authcode);
327		break;
	290	debug(LOG_INFO, "Client %s was inactive for %d seconds, removing node and denying in firewall", ip,
	291	config.checkinterval * config.clienttimeout);
	292	fw_deny(p1->ip, p1->mac, p1->tag);
	293	node_delete(p1);
	294	} else {
	295	/*
	296	* This handles any change in
	297	* the status this allows us
	298	* to change the status of a
	299	* user while he's connected
	300	*/
	301	switch (authresponse.authcode) {
	302	case AUTH_DENIED:
	303	case AUTH_VALIDATION_FAILED:
	304	debug(LOG_NOTICE, "Client %s now denied, removing node", ip);
	305	fw_deny(p1->ip, p1->mac, p1->tag);
	306	node_delete(p1);
	307	break;
	308	case AUTH_ALLOWED:
	309	if (p1->tag != MARK_KNOWN) {
	310	debug(LOG_INFO, "Access has changed, refreshing firewall and clearing counters");
	311	fw_deny(p1->ip, p1->mac, p1->tag);
	312	p1->tag = MARK_KNOWN;
	313	p1->counter = 0;
	314	fw_allow(p1->ip, p1->mac, p1->tag);
	315	}
	316	break;
	317	case AUTH_VALIDATION:
	318	/*
	319	* Do nothing, user
	320	* is in validation
	321	* period
	322	*/
	323	break;
	324	default:
	325	debug(LOG_DEBUG, "I do not know about type %d", authresponse.authcode);
	326	break;
328	327	}
329	328	}
330	329	}
331
332		pthread_mutex_unlock(&nodes_mutex);
333		}
334		}
335		pclose(output);
336		}
	330	pthread_mutex_unlock(&nodes_mutex);
	331	}
	332	}
	333	pclose(output);
	334	}
337	335	}
338	336
…	…
345	343	node_init(void)
346	344	{
347		firstnode = NULL;
	345	firstnode = NULL;
348	346	}
349	347
…	…
360	358	* @return Pointer to the node we just created
361	359	*/
362		t_node *
	360	t_node *
363	361	node_add(char ip, char mac, char *token, long int counter, int active)
364	362	{
365		t_node *curnode,
366		*prevnode;
367
368		prevnode = NULL;
369		curnode = firstnode;
370
371		while (curnode != NULL) {
372		prevnode = curnode;
373		curnode = curnode->next;
374		}
375
376		curnode = (t_node *)malloc(sizeof(t_node));
377
378		if (curnode == NULL) {
379		debug(LOG_ERR, "Out of memory");
380		exit(-1);
381		}
382
383		memset(curnode, 0, sizeof(t_node));
384
385		curnode->ip = strdup(ip);
386		curnode->mac = strdup(mac);
387		curnode->token = strdup(token);
388		curnode->counter = counter;
389		curnode->active = active;
390
391		if (prevnode == NULL) {
392		firstnode = curnode;
393		} else {
394		prevnode->next = curnode;
395		}
396
397		debug(LOG_INFO, "Added a new node to linked list: IP: %s Token: %s",
398		ip, token);
399
400		return curnode;
	363	t_node curnode, prevnode;
	364
	365	prevnode = NULL;
	366	curnode = firstnode;
	367
	368	while (curnode != NULL) {
	369	prevnode = curnode;
	370	curnode = curnode->next;
	371	}
	372
	373	curnode = (t_node *) malloc(sizeof(t_node));
	374
	375	if (curnode == NULL) {
	376	debug(LOG_ERR, "Out of memory");
	377	exit(-1);
	378	}
	379	memset(curnode, 0, sizeof(t_node));
	380
	381	curnode->ip = strdup(ip);
	382	curnode->mac = strdup(mac);
	383	curnode->token = strdup(token);
	384	curnode->counter = counter;
	385	curnode->active = active;
	386
	387	if (prevnode == NULL) {
	388	firstnode = curnode;
	389	} else {
	390	prevnode->next = curnode;
	391	}
	392
	393	debug(LOG_INFO, "Added a new node to linked list: IP: %s Token: %s",
	394	ip, token);
	395
	396	return curnode;
401	397	}
402	398
…	…
409	405	* @return Pointer to the node, or NULL if not found
410	406	*/
411		t_node *
	407	t_node *
412	408	node_find_by_ip(char *ip)
413	409	{
414		~~t_node~~ *ptr;
415
416		ptr = firstnode;
417		while (NULL != ptr) {
418		if (0 == strcmp(ptr->ip, ip))
419		return ptr;
420		ptr = ptr->next;
421		}
422
423		return NULL;
	410	t_node *ptr;
	411
	412	ptr = firstnode;
	413	while (NULL != ptr) {
	414	if (0 == strcmp(ptr->ip, ip))
	415	return ptr;
	416	ptr = ptr->next;
	417	}
	418
	419	return NULL;
424	420	}
425	421
…	…
431	427	* @return Pointer to the node, or NULL if not found
432	428	*/
433		t_node *
	429	t_node *
434	430	node_find_by_token(char *token)
435	431	{
436		~~t_node~~ *ptr;
437
438		ptr = firstnode;
439		while (NULL != ptr) {
440		if (0 == strcmp(ptr->token, token))
441		return ptr;
442		ptr = ptr->next;
443		}
444
445		return NULL;
	432	t_node *ptr;
	433
	434	ptr = firstnode;
	435	while (NULL != ptr) {
	436	if (0 == strcmp(ptr->token, token))
	437	return ptr;
	438	ptr = ptr->next;
	439	}
	440
	441	return NULL;
446	442	}
447	443
…	…
454	450	*/
455	451	void
456		free_node(t_node *node)
457		{
458
459		if (node->mac != NULL)
460		free(node->mac);
461
462		if (node->ip != NULL)
463		free(node->ip);
464
465		if (node->token != NULL)
466		free(node->token);
467
468		free(node);
	452	free_node(t_node * node)
	453	{
	454
	455	if (node->mac != NULL)
	456	free(node->mac);
	457
	458	if (node->ip != NULL)
	459	free(node->ip);
	460
	461	if (node->token != NULL)
	462	free(node->token);
	463
	464	free(node);
469	465	}
470	466
…	…
477	473	*/
478	474	void
479		node_delete(t_node *node)
480		{
481		t_node *ptr;
482
483		ptr = firstnode;
484
485		if (ptr == node) {
486		firstnode = ptr->next;
487		free_node(node);
488		} else {
489		while (ptr->next != NULL && ptr != node) {
490		if (ptr->next == node) {
491		ptr->next = node->next;
492		free_node(node);
493		}
494		}
495		}
496		}
497
	475	node_delete(t_node * node)
	476	{
	477	t_node *ptr;
	478
	479	ptr = firstnode;
	480
	481	if (ptr == node) {
	482	firstnode = ptr->next;
	483	free_node(node);
	484	} else {
	485	while (ptr->next != NULL && ptr != node) {
	486	if (ptr->next == node) {
	487	ptr->next = node->next;
	488	free_node(node);
	489	}
	490	}
	491	}
	492	}

Context Navigation

Changeset 100

Legend:

trunk/wifidog/src/firewall.c

Download in other formats: