Navigation

← Previous Changeset
Next Changeset →

Changeset 252

Timestamp:

10/28/04 12:12:44 (4 years ago)

Author:

alexcv

Message:

Possibly broken check in

Files:

trunk/wifidog/ChangeLog (modified) (1 diff)
trunk/wifidog/libhttpd/api.c (modified) (8 diffs)
trunk/wifidog/src/conf.c (modified) (7 diffs)
trunk/wifidog/src/conf.h (modified) (3 diffs)
trunk/wifidog/src/fw_iptables.c (modified) (3 diffs)
trunk/wifidog/src/ping_thread.c (modified) (1 diff)
trunk/wifidog/src/util.c (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wifidog/ChangeLog

r250	r252
1	1	# $Header$
	2	2004-10-28 Alexandre Carmel-Veilleux <acv@acv.ca>
	3	* multiple files: Implemented a FirewallRule config command, it
	4	doesn't actually do anything yet.
	5	* libhttpd: #if 0'd out lots of request parsing code
	6
2	7	2004-10-27 Philippe April <philippe@philippeapril.com>
3	8	* ipkg/rules: removed --build=mipsel from ./configure
	9
4	10	2004-10-26 Philippe April <philippe@philippeapril.com>
5	11	* ipkg/rules: sed -i is not standard, did a workaround.

trunk/wifidog/libhttpd/api.c

r190	r252
458	458	break;
459	459	}
	460	#if 0
460	461	/**
461	462	* Philippe commenting this out, it crashed with a
…	…
482	483	}
483	484	}
484		*/
	485	*/
	486	#endif
	487	#if 0
485	488	if (strncasecmp(buf,"Authorization: ",15) == 0)
486	489	{
…	…
510	513	}
511	514	}
	515	#endif
	516	#if 0
512	517	if (strncasecmp(buf,"Referer: ",9) == 0)
513	518	{
…	…
519	524	}
520	525	}
	526	#endif
521	527	/* acv@acv.ca/wifidog: Added decoding of host: if
522	528	* present. */
…	…
531	537	}
532	538	/* End modification */
	539	#if 0
533	540	if (strncasecmp(buf,"If-Modified-Since: ",19) == 0)
534	541	{
…	…
559	566	server->request.contentLength=atoi(cp);
560	567	}
	568	#endif
561	569	continue;
562	570	}
…	…
566	574	** Process and POST data
567	575	*/
	576	#if 0
568	577	if (server->request.contentLength > 0)
569	578	{
…	…
573	582
574	583	}
575
	584	#endif
	585
576	586	/*
577	587	** Process any URL data

trunk/wifidog/src/conf.c

r238	r252
80	80	oCheckInterval,
81	81	oWdctlSocket,
82		oSyslogFacility
	82	oSyslogFacility,
	83	oFirewallRule
83	84	} OpCodes;
84	85
…	…
110	111	{ "httpport", oAuthServHTTPPort },
111	112	{ "path", oAuthServPath },
	113	{ "firewallrule", oFirewallRule },
112	114	{ NULL, oBadOption },
113	115	};
…	…
117	119	static int parse_boolean_value(char *);
118	120	static void parse_auth_server(FILE , char , int *);
	121	static int parse_firewall_rule(char token, char leftover);
119	122
120	123	/** Accessor for the current gateway configuration
…	…
149	152	config.log_syslog = DEFAULT_LOG_SYSLOG;
150	153	config.wdctl_sock = strdup(DEFAULT_WDCTL_SOCK);
	154	config.rules = NULL;
151	155	}
152	156
…	…
310	314
311	315	/**
	316	@param token first keyword
	317	@param leftover rest of the line
	318	*/
	319	#define TO_NEXT_WORD(s, e) do { \
	320	while (s != '\0' && !isblank(s)) { \
	321	s++; \
	322	} \
	323	if (*s != '\0') { \
	324	*s = '\0'; \
	325	s++; \
	326	while (isblank(*s)) \
	327	s++; \
	328	} else { \
	329	e = 1; \
	330	} \
	331	} while (0)
	332
	333	static int
	334	parse_firewall_rule(char token, char leftover)
	335	{
	336	int i;
	337	int block_allow = 0; /*< 0 == block, 1 == allow /
	338	int all_nums = 1; /*< If 0, port contained non-numerics /
	339	int finished = 0; /*< reached end of line /
	340	char port = NULL; /< port to open/block /
	341	char protocol = NULL; /< protocol to block, tcp/udp/icmp /
	342	char mask = NULL; /< Netmask /
	343	char other_kw = NULL; /< other key word /
	344	t_firewall_rule *tmp;
	345	t_firewall_rule *tmp2;
	346
	347	debug(LOG_DEBUG, "leftover: %s", ++leftover);
	348	debug(LOG_DEBUG, "token: %s", token);
	349
	350	/* lower case */
	351	for (i = 0; *(leftover + i) != '\0'
	352	&& ((leftover + i) = tolower((leftover + i))); i++);
	353
	354	/* Parse token */
	355	if (!strcasecmp(token, "block")) {
	356	block_allow = 0;
	357	} else if (!strcasecmp(token, "allow")) {
	358	block_allow = 1;
	359	} else {
	360	debug(LOG_ERR, "Invalid rule type %s, expecting "
	361	"\"block\" or \"allow\"", token);
	362	return -1;
	363	}
	364
	365	/* Parse the remainder */
	366	/* Get the protocol */
	367	protocol = leftover;
	368	TO_NEXT_WORD(leftover, finished);
	369	if (strcmp(protocol, "tcp") && strcmp(protocol, "udp")
	370	&& strcmp(protocol, "icmp") \|\| finished) {
	371	debug(LOG_ERR, "Invalid protocol %s in FirewallRule",
	372	protocol);
	373	return -1; /< Fail /
	374	}
	375
	376	/* should be exactly "port" */
	377	other_kw = leftover;
	378	TO_NEXT_WORD(leftover, finished);
	379	if (strcmp(other_kw, "port") \|\| finished) {
	380	debug(LOG_ERR, "Invalid or unexpected keyword %s, "
	381	"expecting \"port\"", other_kw);
	382	return -2; /< Fail /
	383	}
	384
	385	/* Get port now */
	386	port = leftover;
	387	TO_NEXT_WORD(leftover, finished);
	388	for (i = 0; *(port + i) != '\0'; i++)
	389	if (!isdigit(*(port + i)))
	390	all_nums = 0; /< No longer only digits /
	391	if (!all_nums) {
	392	debug(LOG_ERR, "Invalid port %s", port);
	393	return -3; /< Fail /
	394	}
	395
	396	/* Now, further stuff is optional */
	397	if (!finished) {
	398	/* should be exactly "to" */
	399	other_kw = leftover;
	400	TO_NEXT_WORD(leftover, finished);
	401	if (strcmp(other_kw, "to") \|\| finished) {
	402	debug(LOG_ERR, "Invalid or unexpected keyword %s, "
	403	"expecting \"to\"", other_kw);
	404	return -4; /< Fail /
	405	}
	406
	407	/* Get port now */
	408	mask = leftover;
	409	TO_NEXT_WORD(leftover, finished);
	410	all_nums = 1;
	411	for (i = 0; *(mask + i) != '\0'; i++)
	412	if (!isdigit((mask + i)) && ((mask + i) != '.')
	413	&& (*(mask + i) != '/'))
	414	all_nums = 0; /< No longer only digits /
	415	if (!all_nums) {
	416	debug(LOG_ERR, "Invalid mask %s", mask);
	417	return -3; /< Fail /
	418	}
	419	}
	420
	421	/* Generate rule record */
	422	tmp = (t_firewall_rule *)malloc(sizeof(t_firewall_rule));
	423	memset((void *)tmp, 0, sizeof(t_firewall_rule));
	424	tmp->block_allow = block_allow;
	425	tmp->protocol = strdup(protocol);
	426	tmp->port = strdup(port);
	427	if (mask == NULL)
	428	tmp->mask = strdup("0.0.0.0/0");
	429	else
	430	tmp->mask = strdup(mask);
	431
	432	debug(LOG_DEBUG, "Adding Firewall Rule %s %s port %s to %s",
	433	token, tmp->protocol, tmp->port, tmp->mask);
	434
	435	/* Append the rule record */
	436	if (config.rules == NULL) {
	437	config.rules = tmp;
	438	} else {
	439	tmp2 = config.rules;
	440	while (tmp2->next != NULL)
	441	tmp2 = tmp2->next;
	442	tmp2->next = tmp;
	443	}
	444
	445	return 1;
	446	}
	447
	448	/**
312	449	@param filename Full path of the configuration file to be read
313	450	*/
…	…
386	523	&linenum);
387	524	break;
	525	case oFirewallRule:
	526	parse_firewall_rule(p1, p2);
	527	break;
388	528	case oHTTPDName:
389	529	config.httpdname = strdup(p1);
…	…
412	552	sscanf(p1, "%d", &config.clienttimeout);
413	553	break;
414		case oSyslogFacility:
	554	case oSyslogFacility:
415	555	sscanf(p1, "%d", &config.syslog_facility);
416	556	break;

trunk/wifidog/src/conf.h

r213	r252
49	49	#define DEFAULT_AUTHSERVPATH "wifidog/"
50	50	#define DEFAULT_AUTHSERVMAXTRIES 1
51
52	51	/@}/
53	52
…	…
65	64	struct _auth_serv_t *next;
66	65	} t_auth_serv;
	66
	67	/**
	68	* Firewall rules
	69	*/
	70	typedef struct _firewall_rule_t {
	71	int block_allow; /*< @brief 1 = Allow rule, 0 = Block rule /
	72	char protocol; /< @brief tcp, udp, etc ... /
	73	char port; /< @brief Port to block/allow /
	74	char mask; /< @brief Mask for the rule destination* */
	75	struct _firewall_rule_t *next;
	76	} t_firewall_rule;
67	77
68	78	/**
…	…
97	107	int syslog_facility; /**< @brief facility to use when using syslog for
98	108	logging */
	109	t_firewall_rule rules; /< @brief firewall rules /
99	110	} s_config;
100	111

trunk/wifidog/src/fw_iptables.c

r180	r252
95	95
96	96	pthread_mutex_unlock(&config_mutex);
	97
	98	/** Insert global rules BEFORE the "defaults" */
97	99
98	100	iptables_do_command("-t nat -A " TABLE_WIFIDOG_VALIDATE " -p udp --dport 67 -j ACCEPT");
…	…
121	123	pthread_mutex_unlock(&config_mutex);
122	124
	125	/** Insert global rules BEFORE the "defaults" */
	126
123	127	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p udp --dport 67 -j ACCEPT");
124	128	iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 67 -j ACCEPT");
…	…
128	132
129	133	iptables_do_command("-t nat -N " TABLE_WIFIDOG_KNOWN);
	134
	135	/** Insert global rules BEFORE the "defaults" */
	136
130	137	iptables_do_command("-t nat -A " TABLE_WIFIDOG_KNOWN " -j ACCEPT");
131	138

trunk/wifidog/src/ping_thread.c

r247	r252
108	108	auth_server->authserv_hostname);
109	109
110		if ((h_addr = wd_gethostbyname(auth_server->authserv_hostname)) == NULL) {
	110	if ((h_addr = (struct in_addr *)wd_gethostbyname(auth_server->authserv_hostname)) == NULL) {
111	111	debug(LOG_ERR, "Failed to resolve %s via gethostbyname"
112	112	"(): %s", auth_server->authserv_hostname,

trunk/wifidog/src/util.c

r247 r252

38 38 #include <sys/types.h>
39 39 #include <sys/unistd.h>
40 #include <netinet/in.h>
40 41
41 42 #include <string.h>

r247	r252
38	38	#include <sys/types.h>
39	39	#include <sys/unistd.h>
	40	#include <netinet/in.h>
40	41
41	42	#include <string.h>

Navigation

Changeset 252

Legend:

trunk/wifidog/ChangeLog

trunk/wifidog/libhttpd/api.c

trunk/wifidog/src/conf.c

trunk/wifidog/src/conf.h

trunk/wifidog/src/fw_iptables.c

trunk/wifidog/src/ping_thread.c

trunk/wifidog/src/util.c

Download in other formats: