Skip to content

Commit 322d0b7

Browse files
acvacv
committed
Re-indent util and firewall
1 parent 68edd86 commit 322d0b7

File tree

4 files changed

+141
-139
lines changed

4 files changed

+141
-139
lines changed

src/firewall.c

Lines changed: 96 additions & 94 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,6 @@
5959
#include "client_list.h"
6060
#include "commandline.h"
6161

62-
6362
static int _fw_deny_raw(const char *, const char *, const int);
6463

6564
/**
@@ -71,14 +70,14 @@ static int _fw_deny_raw(const char *, const char *, const int);
7170
* @return Return code of the command
7271
*/
7372
int
74-
fw_allow(t_client *client, int new_fw_connection_state)
73+
fw_allow(t_client * client, int new_fw_connection_state)
7574
{
7675
int result;
7776
int old_state = client->fw_connection_state;
7877

7978
debug(LOG_DEBUG, "Allowing %s %s with fw_connection_state %d", client->ip, client->mac, new_fw_connection_state);
8079
client->fw_connection_state = new_fw_connection_state;
81-
80+
8281
/* Grant first */
8382
result = iptables_fw_access(FW_ACCESS_ALLOW, client->ip, client->mac, new_fw_connection_state);
8483

@@ -112,12 +111,12 @@ fw_allow_host(const char *host)
112111
* @return Return code of the command
113112
*/
114113
int
115-
fw_deny(t_client *client)
114+
fw_deny(t_client * client)
116115
{
117116
int fw_connection_state = client->fw_connection_state;
118117
debug(LOG_DEBUG, "Denying %s %s with fw_connection_state %d", client->ip, client->mac, client->fw_connection_state);
119118

120-
client->fw_connection_state = FW_MARK_NONE; /* Clear */
119+
client->fw_connection_state = FW_MARK_NONE; /* Clear */
121120
return _fw_deny_raw(client->ip, client->mac, fw_connection_state);
122121
}
123122

@@ -138,51 +137,49 @@ _fw_deny_raw(const char *ip, const char *mac, const int mark)
138137
int
139138
fw_set_authdown(void)
140139
{
141-
debug(LOG_DEBUG, "Marking auth server down");
140+
debug(LOG_DEBUG, "Marking auth server down");
142141

143-
return iptables_fw_auth_unreachable(FW_MARK_AUTH_IS_DOWN);
142+
return iptables_fw_auth_unreachable(FW_MARK_AUTH_IS_DOWN);
144143
}
145144

146145
/** Remove passthrough for clients when auth server is up */
147146
int
148147
fw_set_authup(void)
149148
{
150-
debug(LOG_DEBUG, "Marking auth server up again");
149+
debug(LOG_DEBUG, "Marking auth server up again");
151150

152-
return iptables_fw_auth_reachable();
151+
return iptables_fw_auth_reachable();
153152
}
154153

155-
156-
157154
/* XXX DCY */
158155
/**
159156
* Get an IP's MAC address from the ARP cache.
160157
* Go through all the entries in /proc/net/arp until we find the requested
161158
* IP address and return the MAC address bound to it.
162159
* @todo Make this function portable (using shell scripts?)
163160
*/
164-
char *
161+
char *
165162
arp_get(const char *req_ip)
166163
{
167-
FILE *proc;
168-
char ip[16];
169-
char mac[18];
170-
char * reply;
164+
FILE *proc;
165+
char ip[16];
166+
char mac[18];
167+
char *reply;
171168

172169
if (!(proc = fopen("/proc/net/arp", "r"))) {
173170
return NULL;
174171
}
175172

176173
/* Skip first line */
177-
while (!feof(proc) && fgetc(proc) != '\n');
174+
while (!feof(proc) && fgetc(proc) != '\n') ;
178175

179-
/* Find ip, copy mac in reply */
180-
reply = NULL;
176+
/* Find ip, copy mac in reply */
177+
reply = NULL;
181178
while (!feof(proc) && (fscanf(proc, " %15[0-9.] %*s %*s %17[A-Fa-f0-9:] %*s %*s", ip, mac) == 2)) {
182-
if (strcmp(ip, req_ip) == 0) {
183-
reply = safe_strdup(mac);
184-
break;
185-
}
179+
if (strcmp(ip, req_ip) == 0) {
180+
reply = safe_strdup(mac);
181+
break;
182+
}
186183
}
187184

188185
fclose(proc);
@@ -195,9 +192,9 @@ arp_get(const char *req_ip)
195192
int
196193
fw_init(void)
197194
{
198-
int result = 0;
195+
int result = 0;
199196
int new_fw_state;
200-
t_client * client = NULL;
197+
t_client *client = NULL;
201198

202199
if (!init_icmp_socket()) {
203200
return 0;
@@ -206,38 +203,38 @@ fw_init(void)
206203
debug(LOG_INFO, "Initializing Firewall");
207204
result = iptables_fw_init();
208205

209-
if (restart_orig_pid) {
210-
debug(LOG_INFO, "Restoring firewall rules for clients inherited from parent");
211-
LOCK_CLIENT_LIST();
212-
client = client_get_first_client();
213-
while (client) {
206+
if (restart_orig_pid) {
207+
debug(LOG_INFO, "Restoring firewall rules for clients inherited from parent");
208+
LOCK_CLIENT_LIST();
209+
client = client_get_first_client();
210+
while (client) {
214211
new_fw_state = client->fw_connection_state;
215212
client->fw_connection_state = FW_MARK_NONE;
216-
fw_allow(client, new_fw_state);
217-
client = client->next;
218-
}
219-
UNLOCK_CLIENT_LIST();
220-
}
213+
fw_allow(client, new_fw_state);
214+
client = client->next;
215+
}
216+
UNLOCK_CLIENT_LIST();
217+
}
221218

222-
return result;
219+
return result;
223220
}
224221

225222
/** Remove all auth server firewall whitelist rules
226223
*/
227224
void
228225
fw_clear_authservers(void)
229226
{
230-
debug(LOG_INFO, "Clearing the authservers list");
231-
iptables_fw_clear_authservers();
227+
debug(LOG_INFO, "Clearing the authservers list");
228+
iptables_fw_clear_authservers();
232229
}
233230

234231
/** Add the necessary firewall rules to whitelist the authservers
235232
*/
236233
void
237234
fw_set_authservers(void)
238235
{
239-
debug(LOG_INFO, "Setting the authservers list");
240-
iptables_fw_set_authservers();
236+
debug(LOG_INFO, "Setting the authservers list");
237+
iptables_fw_set_authservers();
241238
}
242239

243240
/** Remove the firewall rules
@@ -258,8 +255,8 @@ fw_destroy(void)
258255
void
259256
fw_sync_with_authserver(void)
260257
{
261-
t_authresponse authresponse;
262-
t_client *p1, *p2, *worklist, *tmp;
258+
t_authresponse authresponse;
259+
t_client *p1, *p2, *worklist, *tmp;
263260
s_config *config = config_get_config();
264261

265262
if (-1 == iptables_fw_counters_update()) {
@@ -287,16 +284,19 @@ fw_sync_with_authserver(void)
287284
icmp_ping(p1->ip);
288285
/* Update the counters on the remote server only if we have an auth server */
289286
if (config->auth_servers != NULL) {
290-
auth_server_request(&authresponse, REQUEST_TYPE_COUNTERS, p1->ip, p1->mac, p1->token, p1->counters.incoming, p1->counters.outgoing);
287+
auth_server_request(&authresponse, REQUEST_TYPE_COUNTERS, p1->ip, p1->mac, p1->token, p1->counters.incoming,
288+
p1->counters.outgoing);
291289
}
292290

293-
time_t current_time=time(NULL);
294-
debug(LOG_INFO, "Checking client %s for timeout: Last updated %ld (%ld seconds ago), timeout delay %ld seconds, current time %ld, ",
295-
p1->ip, p1->counters.last_updated, current_time-p1->counters.last_updated, config->checkinterval * config->clienttimeout, current_time);
291+
time_t current_time = time(NULL);
292+
debug(LOG_INFO,
293+
"Checking client %s for timeout: Last updated %ld (%ld seconds ago), timeout delay %ld seconds, current time %ld, ",
294+
p1->ip, p1->counters.last_updated, current_time - p1->counters.last_updated,
295+
config->checkinterval * config->clienttimeout, current_time);
296296
if (p1->counters.last_updated + (config->checkinterval * config->clienttimeout) <= current_time) {
297297
/* Timing out user */
298298
debug(LOG_INFO, "%s - Inactive for more than %ld seconds, removing client and denying in firewall",
299-
p1->ip, config->checkinterval * config->clienttimeout);
299+
p1->ip, config->checkinterval * config->clienttimeout);
300300
LOCK_CLIENT_LIST();
301301
tmp = client_list_find_by_client(p1);
302302
if (NULL != tmp) {
@@ -320,56 +320,59 @@ fw_sync_with_authserver(void)
320320
if (NULL == tmp) {
321321
UNLOCK_CLIENT_LIST();
322322
debug(LOG_NOTICE, "Client was already removed. Skipping auth processing");
323-
continue; /* Next client please */
323+
continue; /* Next client please */
324324
}
325-
325+
326326
if (config->auth_servers != NULL) {
327327
switch (authresponse.authcode) {
328-
case AUTH_DENIED:
329-
debug(LOG_NOTICE, "%s - Denied. Removing client and firewall rules", tmp->ip);
330-
fw_deny(tmp);
331-
client_list_delete(tmp);
332-
break;
333-
334-
case AUTH_VALIDATION_FAILED:
335-
debug(LOG_NOTICE, "%s - Validation timeout, now denied. Removing client and firewall rules", tmp->ip);
336-
fw_deny(tmp);
337-
client_list_delete(tmp);
338-
break;
339-
340-
case AUTH_ALLOWED:
341-
if (tmp->fw_connection_state != FW_MARK_KNOWN) {
342-
debug(LOG_INFO, "%s - Access has changed to allowed, refreshing firewall and clearing counters", tmp->ip);
343-
//WHY did we deny, then allow!?!? benoitg 2007-06-21
344-
//fw_deny(tmp->ip, tmp->mac, tmp->fw_connection_state); /* XXX this was possibly to avoid dupes. */
345-
346-
if (tmp->fw_connection_state != FW_MARK_PROBATION) {
347-
tmp->counters.incoming = tmp->counters.outgoing = 0;
348-
}
349-
else {
350-
//We don't want to clear counters if the user was in validation, it probably already transmitted data..
351-
debug(LOG_INFO, "%s - Skipped clearing counters after all, the user was previously in validation", tmp->ip);
352-
}
353-
fw_allow(tmp, FW_MARK_KNOWN);
328+
case AUTH_DENIED:
329+
debug(LOG_NOTICE, "%s - Denied. Removing client and firewall rules", tmp->ip);
330+
fw_deny(tmp);
331+
client_list_delete(tmp);
332+
break;
333+
334+
case AUTH_VALIDATION_FAILED:
335+
debug(LOG_NOTICE, "%s - Validation timeout, now denied. Removing client and firewall rules",
336+
tmp->ip);
337+
fw_deny(tmp);
338+
client_list_delete(tmp);
339+
break;
340+
341+
case AUTH_ALLOWED:
342+
if (tmp->fw_connection_state != FW_MARK_KNOWN) {
343+
debug(LOG_INFO, "%s - Access has changed to allowed, refreshing firewall and clearing counters",
344+
tmp->ip);
345+
//WHY did we deny, then allow!?!? benoitg 2007-06-21
346+
//fw_deny(tmp->ip, tmp->mac, tmp->fw_connection_state); /* XXX this was possibly to avoid dupes. */
347+
348+
if (tmp->fw_connection_state != FW_MARK_PROBATION) {
349+
tmp->counters.incoming = tmp->counters.outgoing = 0;
350+
} else {
351+
//We don't want to clear counters if the user was in validation, it probably already transmitted data..
352+
debug(LOG_INFO,
353+
"%s - Skipped clearing counters after all, the user was previously in validation",
354+
tmp->ip);
354355
}
355-
break;
356-
357-
case AUTH_VALIDATION:
358-
/*
359-
* Do nothing, user
360-
* is in validation
361-
* period
362-
*/
363-
debug(LOG_INFO, "%s - User in validation period", tmp->ip);
364-
break;
365-
366-
case AUTH_ERROR:
367-
debug(LOG_WARNING, "Error communicating with auth server - leaving %s as-is for now", tmp->ip);
368-
break;
369-
370-
default:
371-
debug(LOG_ERR, "I do not know about authentication code %d", authresponse.authcode);
372-
break;
356+
fw_allow(tmp, FW_MARK_KNOWN);
357+
}
358+
break;
359+
360+
case AUTH_VALIDATION:
361+
/*
362+
* Do nothing, user
363+
* is in validation
364+
* period
365+
*/
366+
debug(LOG_INFO, "%s - User in validation period", tmp->ip);
367+
break;
368+
369+
case AUTH_ERROR:
370+
debug(LOG_WARNING, "Error communicating with auth server - leaving %s as-is for now", tmp->ip);
371+
break;
372+
373+
default:
374+
debug(LOG_ERR, "I do not know about authentication code %d", authresponse.authcode);
375+
break;
373376
}
374377
}
375378
UNLOCK_CLIENT_LIST();
@@ -378,4 +381,3 @@ fw_sync_with_authserver(void)
378381

379382
client_list_destroy(worklist);
380383
}
381-

src/firewall.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ typedef enum _t_fw_marks {
3434
FW_MARK_NONE = 0, /**< @brief No mark set. */
3535
FW_MARK_PROBATION = 1, /**< @brief The client is in probation period and must be authenticated
3636
@todo: VERIFY THAT THIS IS ACCURATE*/
37-
FW_MARK_KNOWN = 2, /**< @brief The client is known to the firewall */
37+
FW_MARK_KNOWN = 2, /**< @brief The client is known to the firewall */
3838
FW_MARK_AUTH_IS_DOWN = 253, /**< @brief The auth servers are down */
3939
FW_MARK_LOCKED = 254 /**< @brief The client has been locked out */
4040
} t_fw_marks;
@@ -72,4 +72,4 @@ void fw_sync_with_authserver(void);
7272
/** @brief Get an IP's MAC address from the ARP cache.*/
7373
char *arp_get(const char *);
7474

75-
#endif /* _FIREWALL_H_ */
75+
#endif /* _FIREWALL_H_ */

0 commit comments

Comments
 (0)