From 713bbdbe586ab1f30c7ad1b5ed31c16d7ee37a81 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Mon, 2 Jan 2017 15:40:10 +0100 Subject: [PATCH 001/117] remove debug output --- src/util.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/util.c b/src/util.c index a476e8c..615739e 100644 --- a/src/util.c +++ b/src/util.c @@ -384,7 +384,6 @@ cprintf( int fd, const char *format, ... ) { va_end( vlist ); if (rc > 0 && rc < sizeof(buffer)) { - printf("#%s", buffer); write(fd, buffer, strlen(buffer)); } else { debug(LOG_ERR, "failed to write format string: %s", format); From b3a21b68321158476fdf51a09c3c8a57d3b8a31b Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Wed, 30 Nov 2016 12:43:49 +0100 Subject: [PATCH 002/117] set char pointer to NULL before calling safe_vasprintf() --- src/client_list.c | 2 +- src/fw_iptables.c | 2 +- src/http_microhttpd.c | 2 +- src/tc.c | 8 ++++---- src/util.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/client_list.c b/src/client_list.c index 0d47da3..d531056 100644 --- a/src/client_list.c +++ b/src/client_list.c @@ -171,7 +171,7 @@ _client_list_append(const char ip[], const char mac[], const char token[]) char * _client_list_make_auth_token(const char ip[], const char mac[]) { - char *token; + char *token = NULL; safe_asprintf(&token,"%04hx%04hx", rand16(), rand16()); diff --git a/src/fw_iptables.c b/src/fw_iptables.c index bfb1ca6..7e34377 100644 --- a/src/fw_iptables.c +++ b/src/fw_iptables.c @@ -153,7 +153,7 @@ int iptables_do_command(const char *format, ...) { va_list vlist; - char *fmt_cmd, *cmd; + char *fmt_cmd = NULL, *cmd = NULL; s_config *config; int rc; int i; diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 93d1956..8ea95b7 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -539,7 +539,7 @@ int send_redirect_temp(struct MHD_Connection *connection, const char *url) { struct MHD_Response *response; int ret; - char *redirect; + char *redirect = NULL; const char *redirect_body = "Click here to continue to
%s"; safe_asprintf(&redirect, redirect_body, url, url); diff --git a/src/tc.c b/src/tc.c index 7627e0f..5c52d78 100644 --- a/src/tc.c +++ b/src/tc.c @@ -56,8 +56,8 @@ static int tc_do_command(const char format[], ...) { va_list vlist; - char *fmt_cmd; - char *cmd; + char *fmt_cmd = NULL; + char *cmd = NULL; int rc; va_start(vlist, format); @@ -174,7 +174,7 @@ tc_init_tc() { int upload_limit, download_limit; int upload_imq, download_imq; - char *download_imqname, *upload_imqname, *cmd; + char *download_imqname = NULL, *upload_imqname = NULL, *cmd = NULL; s_config *config; int rc = 0, ret = 0; @@ -237,7 +237,7 @@ tc_destroy_tc() old_tc_quiet = tc_quiet; tc_quiet = 1; s_config *config; - char *download_imqname, *upload_imqname, *cmd; + char *download_imqname = NULL, *upload_imqname = NULL, *cmd = NULL; config = config_get_config(); safe_asprintf(&download_imqname,"imq%d",config->download_imq); /* must free */ diff --git a/src/util.c b/src/util.c index 615739e..aa941eb 100644 --- a/src/util.c +++ b/src/util.c @@ -351,7 +351,7 @@ char * format_time(unsigned long int secs) { unsigned int days, hours, minutes, seconds; - char * str; + char *str = NULL; days = secs / (24 * 60 * 60); secs -= days * (24 * 60 * 60); From f615720ad1437bf55a6ed03caa6186fcd65bfca8 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Wed, 30 Nov 2016 23:30:58 +0100 Subject: [PATCH 003/117] add debug message on every access --- src/http_microhttpd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 8ea95b7..8a61f4d 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -242,9 +242,13 @@ libmicrohttpd_cb(void *cls, char *mac; int ret; + debug(LOG_DEBUG, "access: %s %s", method, url); + /* only allow get */ - if(0 != strcmp(method, "GET")) + if(0 != strcmp(method, "GET")) { + debug(LOG_DEBUG, "Unsupported http method %s", method); return send_error(connection, 503); + } /* switch between preauth, authenticated */ /* - always - set caching headers From b16db66604108e9ac021c8adb4af12c8b34ece1c Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 1 Dec 2016 00:00:41 +0100 Subject: [PATCH 004/117] http_microhttpd.c: before serving a file check if it's a file --- src/http_microhttpd.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 8a61f4d..20c7214 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -877,6 +877,7 @@ const char *lookup_mimetype(const char *filename) */ static int serve_file(struct MHD_Connection *connection, t_client *client, const char *url) { + struct stat stat_buf; s_config *config = config_get_config(); struct MHD_Response *response; char filename[PATH_MAX]; @@ -886,6 +887,21 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const snprintf(filename, PATH_MAX, "%s/%s", config->webroot, url); + /* check if file exists and is not a directory */ + ret = stat(filename, &stat_buf); + if (!ret) { + /* stat failed */ + return send_error(connection, 404); + } + + if (!S_ISREG(stat_buf.st_mode)) { +#ifdef S_ISLNK + /* ignore links */ + if (!S_ISLNK(stat_buf.st_mode)) +#endif /* S_ISLNK */ + return send_error(connection, 404); + } + int fd = open(filename, O_RDONLY); if (fd < 0) return send_error(connection, 404); From 55dabb695f0a1784f75b6a86bb9ac2500c38d947 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 19 Jan 2017 17:06:38 +0100 Subject: [PATCH 005/117] http_microhttpd.c: check return value of lseek() lseek() is returning a off_t which is signed in difference to size_t (unsigned). When lseek() returns an error, it was still passed to microhttpd resulting in undefined behaviour. --- src/http_microhttpd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 20c7214..cd31b71 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -883,7 +883,7 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const char filename[PATH_MAX]; int ret = MHD_NO; const char *mimetype = NULL; - size_t size; + off_t size; snprintf(filename, PATH_MAX, "%s/%s", config->webroot, url); @@ -910,6 +910,9 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const /* serving file and creating response */ size = lseek(fd, 0, SEEK_END); + if (size < 0) + return send_error(connection, 404); + response = MHD_create_response_from_fd(size, fd); if (!response) return send_error(connection, 503); From a62cbde0db55066f337f1a7db235725956429666 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 27 Jan 2017 16:34:40 +0100 Subject: [PATCH 006/117] http_microhttpd: add debug message about the corner case #164 serve_file() is ran in rare cases and try to access the webroot. This should never happen. Add debug messages around so we might get a better idea how it happen. --- src/http_microhttpd.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index cd31b71..bf515fa 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -899,6 +899,14 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const /* ignore links */ if (!S_ISLNK(stat_buf.st_mode)) #endif /* S_ISLNK */ + + if (url == NULL) + debug(LOG_ERR, "Corner case bug #164 triggered by NULL. Please report it. Sending 404"); + else if (strlen(url) <= 0) + debug(LOG_ERR, "Corner case bug #164 triggered by strlen. Please report it. Sending 404"); + else if (url[0] == '/' && strlen(url) == 1) + debug(LOG_ERR, "Corner case bug #164 triggered by /. Please report it. Sending 404"); + return send_error(connection, 404); } From c60566942f3f2cd971cda363d14469e0a618e383 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 27 Jan 2017 17:50:15 +0100 Subject: [PATCH 007/117] http_microhttpd/#164: fix check of size_t == 0 --- src/http_microhttpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index bf515fa..e606bc9 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -902,7 +902,7 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const if (url == NULL) debug(LOG_ERR, "Corner case bug #164 triggered by NULL. Please report it. Sending 404"); - else if (strlen(url) <= 0) + else if (strlen(url) == 0) debug(LOG_ERR, "Corner case bug #164 triggered by strlen. Please report it. Sending 404"); else if (url[0] == '/' && strlen(url) == 1) debug(LOG_ERR, "Corner case bug #164 triggered by /. Please report it. Sending 404"); From 4682441520b156b66d724f481984405fbad7f40d Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 19 Jan 2017 18:10:15 +0100 Subject: [PATCH 008/117] http_microhttpd.c: remove strdup from socketpath --- src/gateway.c | 2 +- src/ndsctl_thread.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gateway.c b/src/gateway.c index ecec8fa..8053046 100644 --- a/src/gateway.c +++ b/src/gateway.c @@ -287,7 +287,7 @@ main_loop(void) pthread_detach(tid_client_check); /* Start control thread */ - result = pthread_create(&tid, NULL, thread_ndsctl, (void *)safe_strdup(config->ndsctl_sock)); + result = pthread_create(&tid, NULL, thread_ndsctl, (void *)(config->ndsctl_sock)); if (result != 0) { debug(LOG_ERR, "FATAL: Failed to create thread_ndsctl - exiting"); termination_handler(1); diff --git a/src/ndsctl_thread.c b/src/ndsctl_thread.c index df11447..cc1e3fd 100644 --- a/src/ndsctl_thread.c +++ b/src/ndsctl_thread.c @@ -83,7 +83,7 @@ void* thread_ndsctl(void *arg) { int sock, fd; - char *sock_name; + const char *sock_name; struct sockaddr_un sa_un; int result; pthread_t tid; From d0d288bdafb139250c2a13668ccd1161cef55f68 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 19 Jan 2017 18:10:31 +0100 Subject: [PATCH 009/117] http_microhttpd/redirect_to_splashpage: free query() after use --- src/http_microhttpd.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index e606bc9..4a284e6 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -511,13 +511,19 @@ static int encode_and_redirect_to_splashpage(struct MHD_Connection *connection, static int redirect_to_splashpage(struct MHD_Connection *connection, t_client *client, const char *host, const char *url) { char *originurl = NULL; - char *query = ""; + char *query = NULL; + int ret = 0; get_query(connection, &query); + if (!query) { + /* no mem */ + return send_error(connection, 503); + } safe_asprintf(&originurl, "http://%s%s%s%s", host, url, strlen(query) ? "?" : "" , query); - - return encode_and_redirect_to_splashpage(connection, originurl); + ret = encode_and_redirect_to_splashpage(connection, originurl); + free(query); + return ret; } @@ -581,6 +587,8 @@ static const char *get_redirect_url(struct MHD_Connection *connection) return query_key.value; } +/* save the query or empty string into **query. + * the call must free query later */ static int get_query(struct MHD_Connection *connection, char **query) { int element_counter; From 052c7aa141dbf0dfdc841384dd274099f76008c2 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 19 Jan 2017 18:23:12 +0100 Subject: [PATCH 010/117] template: don't call strdup() on assigned variables it's not needed because we can gurantee the lifetime of the variables --- src/template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/template.c b/src/template.c index 1dba5ce..026520c 100644 --- a/src/template.c +++ b/src/template.c @@ -135,7 +135,7 @@ int tmpl_set_variable(struct templater *templor, const char *name, const char *v if(templor->variables[idx]) free((void *)templor->variables[idx]); - templor->variables[idx] = safe_strdup(value); + templor->variables[idx] = value; return 0; } From 5a7479bf5409fd38daa2293175dff4a6fdf25123 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Thu, 19 Jan 2017 18:24:31 +0100 Subject: [PATCH 011/117] microhttpd: free all template variables --- src/http_microhttpd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 4a284e6..85990ce 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -781,7 +781,6 @@ static int show_splashpage(struct MHD_Connection *connection, t_client *client) safe_asprintf(&denyaction, "http://%s:%d/%s/", config->gw_address, config->gw_port, config->denydir); safe_asprintf(&authaction, "http://%s:%d/%s/", config->gw_address, config->gw_port, config->authdir); safe_asprintf(&authtarget, "http://%s:%d/%s/?token=%s&redir=%s", config->gw_address, config->gw_port, config->authdir, client->token, redirect_url_encoded); - safe_asprintf(&authaction, "http://%s:%d/%s/", config->gw_address, config->gw_port, config->authdir); safe_asprintf(&pagesdir, "/%s", config->pagesdir); safe_asprintf(&imagesdir, "/%s", config->imagesdir); @@ -790,7 +789,6 @@ static int show_splashpage(struct MHD_Connection *connection, t_client *client) tmpl_set_variable(&templor, "authtarget", authtarget); tmpl_set_variable(&templor, "clientip", client->ip); tmpl_set_variable(&templor, "clientmac", client->mac); - // tmpl_set_variable(&templor, "content", VERSION); tmpl_set_variable(&templor, "denyaction", denyaction); tmpl_set_variable(&templor, "error_msg", ""); @@ -809,12 +807,14 @@ static int show_splashpage(struct MHD_Connection *connection, t_client *client) tmpl_set_variable(&templor, "version", VERSION); tmpl_parse(&templor, splashpage_result, size + TMPLVAR_SIZE, splashpage_tmpl, size); - free(authaction); - free(denyaction); - free(maxclients); - free(nclients); - free(uptime); free(splashpage_tmpl); + free(uptime); + free(nclients); + free(maxclients); + free(denyaction); + free(authaction); + free(authtarget); + free(pagesdir); free(imagesdir); response = MHD_create_response_from_buffer(strlen(splashpage_result), (void *)splashpage_result, MHD_RESPMEM_MUST_FREE); From c39ba97d2e1660cfbc17b4d5ba2e973b828cb18b Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 27 Jan 2017 14:41:58 +0100 Subject: [PATCH 012/117] redirect_to_splashpage(): free originurl --- src/http_microhttpd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 85990ce..ddcebd0 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -522,6 +522,7 @@ static int redirect_to_splashpage(struct MHD_Connection *connection, t_client *c safe_asprintf(&originurl, "http://%s%s%s%s", host, url, strlen(query) ? "?" : "" , query); ret = encode_and_redirect_to_splashpage(connection, originurl); + free(originurl); free(query); return ret; } From 5870ae156141efb82efb1c8e15f65b732036519a Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 27 Jan 2017 14:42:48 +0100 Subject: [PATCH 013/117] http_microhttpd/get_host_value_callback: use direct value instead of a strdup() there is no need for duplicate the object because we will only use it as const --- src/http_microhttpd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index ddcebd0..b790993 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -425,7 +425,7 @@ static int preauthenticated(struct MHD_Connection *connection, const char *url, t_client *client) { - char *host = NULL; + const char *host = NULL; const char *redirect_url; s_config *config = config_get_config(); @@ -701,14 +701,14 @@ static int send_error(struct MHD_Connection *connection, int error) */ static int get_host_value_callback(void *cls, enum MHD_ValueKind kind, const char *key, const char *value) { - char **host = (char **)cls; + const char **host = (const char **)cls; if (MHD_HEADER_KIND != kind) { *host = NULL; return MHD_NO; } if (!strcmp("Host", key)) { - *host = safe_strdup(value); + *host = value; return MHD_NO; } From 3bb6a7bc3f67e6d97db0a44d0b56348927c94595 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 27 Jan 2017 18:53:27 +0100 Subject: [PATCH 014/117] http_microhttpd/serve_file: correct logic off stat() failure check --- src/http_microhttpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index b790993..637d5eb 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -898,7 +898,7 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const /* check if file exists and is not a directory */ ret = stat(filename, &stat_buf); - if (!ret) { + if (ret) { /* stat failed */ return send_error(connection, 404); } From 062965f0e28189e8c2cf5663617e8c4daf6f1c5b Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 10:13:46 +0100 Subject: [PATCH 015/117] http_microhttpd: add 200 to send_error() --- src/http_microhttpd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 637d5eb..2a70939 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -638,6 +638,7 @@ static int send_error(struct MHD_Connection *connection, int error) { struct MHD_Response *response = NULL; // cannot automate since cannot translate automagically between error number and MHD's status codes -- and cannot rely on MHD_HTTP_ values to provide an upper bound for an array + const char *page_200 = "
Authenticated

Authenticated

"; const char *page_400 = "Error 400

Error 400 - Bad Request

"; const char *page_403 = "Error 403

Error 403 - Forbidden

"; const char *page_404 = "Error 404

Error 404 - Not Found

"; @@ -650,6 +651,12 @@ static int send_error(struct MHD_Connection *connection, int error) int ret = MHD_NO; switch (error) { + case 200: + response = MHD_create_response_from_buffer(strlen(page_200), (char *)page_200, MHD_RESPMEM_PERSISTENT); + MHD_add_response_header(response, "Content-Type", mimetype); + ret = MHD_queue_response(connection, error, response); + break; + case 400: response = MHD_create_response_from_buffer(strlen(page_400), (char *)page_400, MHD_RESPMEM_PERSISTENT); MHD_add_response_header(response, "Content-Type", mimetype); From 0f6926b041d008a04cea8a8ebfbf9a8519e4010a Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 10:15:03 +0100 Subject: [PATCH 016/117] http_microhttpd: send 200 response to authenticated user without redir query A normal user should have redirection url in the query, but it could happen someone decided to call nds direct. Response with 200 in such rare cases --- src/http_microhttpd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 2a70939..3382c56 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -363,7 +363,10 @@ static int authenticate_client(struct MHD_Connection *connection, { /* TODO: handle redirect_url == NULL */ auth_client_action(ip_addr, mac, AUTH_MAKE_AUTHENTICATED); - return send_redirect_temp(connection, redirect_url); + if (redirect_url) + return send_redirect_temp(connection, redirect_url); + else + return send_error(connection, 200); } /** From 272783fddfae53771039d16abb3024ececf31b7c Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 10:15:37 +0100 Subject: [PATCH 017/117] http_microhttpd: only include redir header in redirects if url is present --- src/http_microhttpd.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 3382c56..7329d56 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -488,14 +488,20 @@ static int encode_and_redirect_to_splashpage(struct MHD_Connection *connection, int ret; s_config *config = config_get_config(); - memset(encoded, 0, sizeof(encoded)); - if (uh_urlencode(encoded, 2048, originurl, strlen(originurl)) == -1) { - debug(LOG_WARNING, "could not encode url"); + if (originurl) { + if (uh_urlencode(encoded, 2048, originurl, strlen(originurl)) == -1) { + debug(LOG_WARNING, "could not encode url"); + } else { + debug(LOG_DEBUG, "originurl: %s", originurl); + } } - safe_asprintf(&splashpageurl, "http://%s:%u%s?redir=%s", config->gw_address , config->gw_port, "/splash.html", encoded); - debug(LOG_DEBUG, "originurl: %s", originurl); + if (encoded[0]) + safe_asprintf(&splashpageurl, "http://%s:%u%s?redir=%s", config->gw_address , config->gw_port, "/splash.html", encoded); + else + safe_asprintf(&splashpageurl, "http://%s:%u%s", config->gw_address , config->gw_port, "/splash.html"); + debug(LOG_DEBUG, "splashpageurl: %s", splashpageurl); ret = send_redirect_temp(connection, splashpageurl); From 22cc8b4f2fd3f19aa34953fdbd91e99497cdd1cf Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 09:47:04 +0100 Subject: [PATCH 018/117] http_microhttpd: send meta-refresh to authed users There is a race condition when the iptables rule did not hit yet the firewall. Use meta-refresh to reload the page so the user did not loose any pages. --- src/http_microhttpd.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 7329d56..a3de8b2 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -56,6 +56,7 @@ static int encode_and_redirect_to_splashpage(struct MHD_Connection *connection, static int redirect_to_splashpage(struct MHD_Connection *connection, t_client *client, const char *host, const char *url); static int send_error(struct MHD_Connection *connection, int error); static int send_redirect_temp(struct MHD_Connection *connection, const char *url); +static int send_refresh(struct MHD_Connection *connection); static int is_foreign_hosts(struct MHD_Connection *connection, const char *host); static int is_splashpage(const char *host, const char *url); static int get_query(struct MHD_Connection *connection, char **collect_query); @@ -411,6 +412,14 @@ static int authenticated(struct MHD_Connection *connection, return send_redirect_temp(connection, redirect_to_us); } + + /* check if this is an late request meaning the user tries to get the internet, but ended up here, + * because the iptables rule came to late */ + if (is_foreign_hosts(connection, host)) { + /* might happen if the firewall rule isn't yet installed */ + return send_refresh(connection); + } + /* user doesn't wants the splashpage or tried to auth itself */ return serve_file(connection, client, url); } @@ -643,6 +652,21 @@ static int get_query(struct MHD_Connection *connection, char **query) return 0; } +static int send_refresh(struct MHD_Connection *connection) +{ + struct MHD_Response *response = NULL; + + const char *refresh = ""; + const char *mimetype = lookup_mimetype("foo.html"); + int ret; + + response = MHD_create_response_from_buffer(strlen(refresh), (char *)refresh, MHD_RESPMEM_PERSISTENT); + MHD_add_response_header(response, "Content-Type", mimetype); + ret = MHD_queue_response(connection, 200, response); + + return ret; +} + static int send_error(struct MHD_Connection *connection, int error) { struct MHD_Response *response = NULL; From 6bdea7b1db987c8e9d9477dae3da7da4fa610c9a Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 22:30:59 +0100 Subject: [PATCH 019/117] http_microhttpd/refresh: close the connection after sending a refresh otherwise the connction will be still open and the client will refresh for ever. --- src/http_microhttpd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index a3de8b2..2ad39f9 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -662,6 +662,7 @@ static int send_refresh(struct MHD_Connection *connection) response = MHD_create_response_from_buffer(strlen(refresh), (char *)refresh, MHD_RESPMEM_PERSISTENT); MHD_add_response_header(response, "Content-Type", mimetype); + MHD_add_response_header (response, MHD_HTTP_HEADER_CONNECTION, "close"); ret = MHD_queue_response(connection, 200, response); return ret; From 37ba848988e7ee3fd719aec95c2177f8620bd7fd Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 10:22:59 +0100 Subject: [PATCH 020/117] template: add "token" to the variables we have tok as variable, but use token as query string. allow also token as variable --- src/http_microhttpd.c | 1 + src/template.c | 3 ++- src/template.h | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index 2ad39f9..b9b04fd 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -845,6 +845,7 @@ static int show_splashpage(struct MHD_Connection *connection, t_client *client) tmpl_set_variable(&templor, "redir", redirect_url); tmpl_set_variable(&templor, "tok", client->token); + tmpl_set_variable(&templor, "token", client->token); tmpl_set_variable(&templor, "uptime", uptime); tmpl_set_variable(&templor, "version", VERSION); diff --git a/src/template.c b/src/template.c index 026520c..04e3cae 100644 --- a/src/template.c +++ b/src/template.c @@ -11,7 +11,7 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) #endif -const char *variable_names[18] = { +const char *variable_names[19] = { "authaction", "authtarget", "clientip", @@ -28,6 +28,7 @@ const char *variable_names[18] = { "redir", "title", "tok", + "token", "uptime", "version" }; diff --git a/src/template.h b/src/template.h index d527cc4..cb00ba2 100644 --- a/src/template.h +++ b/src/template.h @@ -6,10 +6,10 @@ /** * @brief holds all valid variable names */ -extern const char *variable_names[18]; +extern const char *variable_names[19]; struct templater { - const char *variables[18]; /* must have the same size of variable_names */ + const char *variables[19]; /* must have the same size of variable_names */ }; /** From e38d1ec6a12e417ae6e577ca37c65868f64ff392 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 10:28:55 +0100 Subject: [PATCH 021/117] http_microhttpd: allow to use tok as query to auth the user before we only allow token=123123, now tok= can be also used for that --- src/http_microhttpd.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index b9b04fd..b486b25 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -301,19 +301,23 @@ static int check_authdir_match(const char *url, const char *authdir) static int check_token_is_valid(struct MHD_Connection *connection, t_client *client) { /* token check */ - struct collect_query_key query_key = { .key = "token" }; + struct collect_query_key token_key = { .key = "token" }; + struct collect_query_key tok_key = { .key = "tok" }; - MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, &collect_query_key, &query_key); + MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, &collect_query_key, &token_key); + MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, &collect_query_key, &tok_key); /* token not found in query string */ - if (!query_key.value) + if (!token_key.value && !tok_key.value) return 0; - /* token doesn't match */ - if (strcmp(client->token, query_key.value)) - return 0; + if (token_key.value && !strcmp(client->token, token_key.value)) + return 1; - return 1; + if (tok_key.value && !strcmp(client->token, tok_key.value)) + return 1; + + return 0; } From ea1994f0a20f11dc420329b082d080076a1ff4b5 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Mon, 30 Jan 2017 23:49:28 +0100 Subject: [PATCH 022/117] Revert "http_microhttpd: add debug message about the corner case #164" This reverts commit a62cbde0db55066f337f1a7db235725956429666. The problem is found and fixed, no need for the log out. --- src/http_microhttpd.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index b486b25..e7e72ce 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -954,14 +954,6 @@ static int serve_file(struct MHD_Connection *connection, t_client *client, const /* ignore links */ if (!S_ISLNK(stat_buf.st_mode)) #endif /* S_ISLNK */ - - if (url == NULL) - debug(LOG_ERR, "Corner case bug #164 triggered by NULL. Please report it. Sending 404"); - else if (strlen(url) == 0) - debug(LOG_ERR, "Corner case bug #164 triggered by strlen. Please report it. Sending 404"); - else if (url[0] == '/' && strlen(url) == 1) - debug(LOG_ERR, "Corner case bug #164 triggered by /. Please report it. Sending 404"); - return send_error(connection, 404); } From 9962bd6a266c3ea6985192bb060bf9ed96e73642 Mon Sep 17 00:00:00 2001 From: zaolin Date: Thu, 16 Feb 2017 19:16:42 +0100 Subject: [PATCH 023/117] Fix CheckInterval option (#168) Signed-off-by: Philipp Deppenwiese --- docs/source/checkinterval.rst | 10 ++++++++++ src/conf.c | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 docs/source/checkinterval.rst diff --git a/docs/source/checkinterval.rst b/docs/source/checkinterval.rst new file mode 100644 index 0000000..2a1d0af --- /dev/null +++ b/docs/source/checkinterval.rst @@ -0,0 +1,10 @@ +CheckInterval Option +==================== + +**Key: CheckInterval** + +**Value: 1 - 2.147.483.647 in seconds** + +This feature was introduced in previous versions of nodogsplash. +It was used for the bin voucher support checking for invalidation +of clients. diff --git a/src/conf.c b/src/conf.c index c53b5b2..ebb3f87 100644 --- a/src/conf.c +++ b/src/conf.c @@ -986,7 +986,13 @@ config_read(const char *filename) exit(-1); } break; - + case oCheckInterval: + if(sscanf(p1, "%i", &config.checkinterval) < 1) { + debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); + debug(LOG_ERR, "Exiting..."); + exit(-1); + } + break; case oSyslogFacility: if(sscanf(p1, "%d", &config.syslog_facility) < 1) { debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); From 972d9fb1a2931e189d58d420039898c9f4f2d0cf Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Thu, 16 Feb 2017 19:21:27 +0100 Subject: [PATCH 024/117] src/conf.c: make sure checkinterval is not 0 --- src/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index ebb3f87..c67c4aa 100644 --- a/src/conf.c +++ b/src/conf.c @@ -987,7 +987,7 @@ config_read(const char *filename) } break; case oCheckInterval: - if(sscanf(p1, "%i", &config.checkinterval) < 1) { + if(sscanf(p1, "%i", &config.checkinterval) < 1 || config.checkinterval < 1) { debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); debug(LOG_ERR, "Exiting..."); exit(-1); From 43a87336242a7d3a01f82adc7f5d77ed5121b3b0 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Thu, 16 Feb 2017 22:55:54 +0100 Subject: [PATCH 025/117] remove some stray tabs/spaces --- src/client_list.h | 21 ++++++++++----------- src/http_microhttpd.c | 12 ++++++------ src/ndsctl.c | 2 +- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/src/client_list.h b/src/client_list.h index 299537a..9b8c090 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -30,24 +30,23 @@ /** Counters struct for a client's bandwidth usage (in bytes) */ typedef struct _t_counters { - unsigned long long incoming; /**< @brief Incoming data total*/ - unsigned long long outgoing; /**< @brief Outgoing data total*/ - unsigned long long incoming_history; /**< @brief Incoming data before nodogsplash restarted*/ - unsigned long long outgoing_history; /**< @brief Outgoing data before nodogsplash restarted*/ + unsigned long long incoming; /**< @brief Incoming data total*/ + unsigned long long outgoing; /**< @brief Outgoing data total*/ + unsigned long long incoming_history; /**< @brief Incoming data before nodogsplash restarted*/ + unsigned long long outgoing_history; /**< @brief Outgoing data before nodogsplash restarted*/ time_t last_updated; /**< @brief Last update of the counters */ } t_counters; /** Client node for the connected client linked list. */ -typedef struct _t_client { - struct _t_client *next; /**< @brief Pointer to the next client */ - char *ip; /**< @brief Client Ip address */ - char *mac; /**< @brief Client Mac address */ - char *token; /**< @brief Client token */ +typedef struct _t_client { + struct _t_client *next; /**< @brief Pointer to the next client */ + char *ip; /**< @brief Client Ip address */ + char *mac; /**< @brief Client Mac address */ + char *token; /**< @brief Client token */ unsigned int fw_connection_state; /**< @brief Connection state in the firewall */ time_t added_time; /**< @brief Time client added to list */ - t_counters counters; /**< @brief Counters for input/output of - the client. */ + t_counters counters; /**< @brief Counters for input/output of the client. */ int attempts; /**< @brief Number of authentication attempts */ int download_limit; /**< @brief Download limit, kb/s */ int upload_limit; /**< @brief Upload limit, kb/s */ diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index e7e72ce..fb76e6e 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -185,7 +185,7 @@ get_ip(struct MHD_Connection *connection) const union MHD_ConnectionInfo *connection_info; char *ip_addr = NULL; const struct sockaddr *client_addr; - const struct sockaddr_in *addrin; + const struct sockaddr_in *addrin; const struct sockaddr_in6 *addrin6; if (!(connection_info = MHD_get_connection_info(connection, MHD_CONNECTION_INFO_CLIENT_ADDRESS))) { return NULL; @@ -231,11 +231,11 @@ get_ip(struct MHD_Connection *connection) */ int libmicrohttpd_cb(void *cls, - struct MHD_Connection *connection, - const char *url, - const char *method, - const char *version, - const char *upload_data, size_t *upload_data_size, void **ptr) + struct MHD_Connection *connection, + const char *url, + const char *method, + const char *version, + const char *upload_data, size_t *upload_data_size, void **ptr) { t_client *client; diff --git a/src/ndsctl.c b/src/ndsctl.c index 3223ce3..274e478 100644 --- a/src/ndsctl.c +++ b/src/ndsctl.c @@ -84,7 +84,7 @@ usage(void) printf("commands:\n"); printf(" status View the status of nodogsplash\n"); printf(" clients Display machine-readable client list\n"); - printf(" json Display machine-readable client list in json format\n"); + printf(" json Display machine-readable client list in json format\n"); printf(" stop Stop the running nodogsplash\n"); printf(" auth mac|ip|token Authenticate user with specified mac, ip or token\n"); printf(" deauth mac|ip|token Deauthenticate user with specified mac, ip or token\n"); From 2ace42d4855d09c93c41526b2238a58478e875c0 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Thu, 16 Feb 2017 23:19:33 +0100 Subject: [PATCH 026/117] fix some typos --- src/client_list.c | 6 +++--- src/client_list.h | 6 +++--- src/ndsctl.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/client_list.c b/src/client_list.c index d531056..e70e764 100644 --- a/src/client_list.c +++ b/src/client_list.c @@ -214,7 +214,7 @@ client_list_add_client(const char ip[]) return client; } -/** Finds a client by its IP and MAC, returns NULL if the client could not +/** Finds a client by its IP and MAC, returns NULL if the client could not * be found * @param ip IP we are looking for in the linked list * @param mac MAC we are looking for in the linked list @@ -258,9 +258,9 @@ client_list_find_by_ip(const char ip[]) } /** - * Finds a client by its Mac, returns NULL if the client could not + * Finds a client by its MAC, returns NULL if the client could not * be found - * @param mac Mac we are looking for in the linked list + * @param mac MAC we are looking for in the linked list * @return Pointer to the client, or NULL if not found */ t_client * diff --git a/src/client_list.h b/src/client_list.h index 9b8c090..226b180 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -41,8 +41,8 @@ typedef struct _t_counters { */ typedef struct _t_client { struct _t_client *next; /**< @brief Pointer to the next client */ - char *ip; /**< @brief Client Ip address */ - char *mac; /**< @brief Client Mac address */ + char *ip; /**< @brief Client IP address */ + char *mac; /**< @brief Client MAC address */ char *token; /**< @brief Client token */ unsigned int fw_connection_state; /**< @brief Connection state in the firewall */ time_t added_time; /**< @brief Time client added to list */ @@ -73,7 +73,7 @@ t_client *client_list_find(const char ip[], const char mac[]); t_client *client_list_find_by_ip(const char ip[]); /* needed by fw_iptables.c, auth.c * and ndsctl_thread.c */ -/** @brief Finds a client only by its Mac */ +/** @brief Finds a client only by its MAC */ t_client *client_list_find_by_mac(const char mac[]); /* needed by ndsctl_thread.c */ /** @brief Finds a client by its token */ diff --git a/src/ndsctl.c b/src/ndsctl.c index 274e478..362a9a2 100644 --- a/src/ndsctl.c +++ b/src/ndsctl.c @@ -224,7 +224,7 @@ parse_commandline(int argc, char **argv) config.command = NDSCTL_DEAUTH; if ((argc - (optind + 1)) <= 0) { fprintf(stderr, "ndsctl: Error: You must specify an IP " - "or a Mac address to deauth\n"); + "or a MAC address to deauth\n"); usage(); exit(1); } From c6c744fa4c072513ada9f94706e1f0521fa05bc8 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Sat, 18 Feb 2017 22:05:08 +0100 Subject: [PATCH 027/117] cleanup space/tab mixings --- src/auth.c | 7 ++- src/client_list.h | 17 ++++--- src/conf.c | 3 +- src/conf.h | 17 +++---- src/debug.c | 6 +-- src/fw_iptables.c | 35 +++++++------- src/gateway.c | 16 +++---- src/http_microhttpd.c | 26 +++++------ src/http_microhttpd.h | 10 ++-- src/http_microhttpd_utils.c | 8 ++-- src/mimetypes.h | 80 ++++++++++++++++---------------- src/ndsctl.c | 91 ++++++++++++++++--------------------- src/ndsctl.h | 8 ++-- src/ndsctl_thread.c | 14 +++--- src/ndsctl_thread.h | 2 +- src/safe.h | 4 +- src/tc.c | 14 +++--- src/template.c | 4 +- src/util.c | 10 ++-- 19 files changed, 173 insertions(+), 199 deletions(-) diff --git a/src/auth.c b/src/auth.c index f41b743..8ba901a 100644 --- a/src/auth.c +++ b/src/auth.c @@ -46,7 +46,7 @@ /* Defined in clientlist.c */ -extern pthread_mutex_t client_list_mutex; +extern pthread_mutex_t client_list_mutex; /* Count number of authentications */ unsigned int authenticated_since_start = 0; @@ -61,7 +61,7 @@ thread_client_timeout_check(void *arg) { pthread_cond_t cond = PTHREAD_COND_INITIALIZER; pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; - struct timespec timeout; + struct timespec timeout; while (1) { debug(LOG_DEBUG, "Running fw_refresh_client_list()"); @@ -99,8 +99,7 @@ auth_client_action(const char ip[], const char mac[], t_authaction action) /* Client should already have hit the server and be on the client list */ if (client == NULL) { - debug(LOG_ERR, "Client %s %s action %d is not on client list", - ip, mac, action); + debug(LOG_ERR, "Client %s %s action %d is not on client list", ip, mac, action); UNLOCK_CLIENT_LIST(); return; } diff --git a/src/client_list.h b/src/client_list.h index 226b180..d0c3f28 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -34,22 +34,22 @@ typedef struct _t_counters { unsigned long long outgoing; /**< @brief Outgoing data total*/ unsigned long long incoming_history; /**< @brief Incoming data before nodogsplash restarted*/ unsigned long long outgoing_history; /**< @brief Outgoing data before nodogsplash restarted*/ - time_t last_updated; /**< @brief Last update of the counters */ + time_t last_updated; /**< @brief Last update of the counters */ } t_counters; /** Client node for the connected client linked list. */ typedef struct _t_client { - struct _t_client *next; /**< @brief Pointer to the next client */ - char *ip; /**< @brief Client IP address */ + struct _t_client *next; /**< @brief Pointer to the next client */ + char *ip; /**< @brief Client IP address */ char *mac; /**< @brief Client MAC address */ char *token; /**< @brief Client token */ - unsigned int fw_connection_state; /**< @brief Connection state in the firewall */ + unsigned int fw_connection_state; /**< @brief Connection state in the firewall */ time_t added_time; /**< @brief Time client added to list */ t_counters counters; /**< @brief Counters for input/output of the client. */ - int attempts; /**< @brief Number of authentication attempts */ - int download_limit; /**< @brief Download limit, kb/s */ - int upload_limit; /**< @brief Upload limit, kb/s */ + int attempts; /**< @brief Number of authentication attempts */ + int download_limit; /**< @brief Download limit, kb/s */ + int upload_limit; /**< @brief Upload limit, kb/s */ int idx; } t_client; @@ -70,8 +70,7 @@ t_client *client_list_add_client(const char ip[]); t_client *client_list_find(const char ip[], const char mac[]); /** @brief Finds a client only by its IP */ -t_client *client_list_find_by_ip(const char ip[]); /* needed by fw_iptables.c, auth.c - * and ndsctl_thread.c */ +t_client *client_list_find_by_ip(const char ip[]); /* needed by fw_iptables.c, auth.c * and ndsctl_thread.c */ /** @brief Finds a client only by its MAC */ t_client *client_list_find_by_mac(const char mac[]); /* needed by ndsctl_thread.c */ diff --git a/src/conf.c b/src/conf.c index c67c4aa..9da80c9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -287,8 +287,7 @@ config_parse_opcode(const char *cp, const char *filename, int linenum) if (strcasecmp(cp, keywords[i].name) == 0) return keywords[i].opcode; - debug(LOG_ERR, "%s: line %d: Bad configuration option: %s", - filename, linenum, cp); + debug(LOG_ERR, "%s: line %d: Bad configuration option: %s", filename, linenum, cp); return oBadOption; } diff --git a/src/conf.h b/src/conf.h index 3fe77c5..082f7fb 100644 --- a/src/conf.h +++ b/src/conf.h @@ -171,12 +171,9 @@ typedef struct { char *username; /**< @brief Username for username authentication */ char *password; /**< @brief Password for password authentication */ int passwordattempts; /**< @brief Number of attempted password authentications allowed */ - int clienttimeout; /**< @brief How many CheckIntervals before an inactive client - must be re-authenticated */ - int clientforceout; /**< @brief How many CheckIntervals before a client - must be re-authenticated */ - int checkinterval; /**< @brief Period the the client timeout check - thread will run, in seconds */ + int clienttimeout; /**< @brief How many CheckIntervals before an inactive client must be re-authenticated */ + int clientforceout; /**< @brief How many CheckIntervals before a client must be re-authenticated */ + int checkinterval; /**< @brief Period the the client timeout check thread will run, in seconds */ int authenticate_immediately; /**< @brief boolean, whether to auth noninteractively */ int set_mss; /**< @brief boolean, whether to set mss */ int mss_value; /**< @brief int, mss value; <= 0 clamp to pmtu */ @@ -189,15 +186,15 @@ typedef struct { int syslog_facility; /**< @brief facility to use when using syslog for logging */ int decongest_httpd_threads; /**< @brief boolean, whether to avoid httpd thread congestion */ int httpd_thread_threshold; /**< @brief number of concurrent httpd threads before trying decongestion */ - int httpd_thread_delay_ms; /**< @brief ms delay before starting a httpd thread after threshold */ + int httpd_thread_delay_ms; /**< @brief ms delay before starting a httpd thread after threshold */ int macmechanism; /**< @brief mechanism wrt MAC addrs */ t_firewall_ruleset *rulesets; /**< @brief firewall rules */ t_MAC *trustedmaclist; /**< @brief list of trusted macs */ t_MAC *blockedmaclist; /**< @brief list of blocked macs */ t_MAC *allowedmaclist; /**< @brief list of allowed macs */ - unsigned int FW_MARK_AUTHENTICATED; /**< @brief iptables mark for authenticated packets */ - unsigned int FW_MARK_BLOCKED; /**< @brief iptables mark for blocked packets */ - unsigned int FW_MARK_TRUSTED; /**< @brief iptables mark for trusted packets */ + unsigned int FW_MARK_AUTHENTICATED; /**< @brief iptables mark for authenticated packets */ + unsigned int FW_MARK_BLOCKED; /**< @brief iptables mark for blocked packets */ + unsigned int FW_MARK_TRUSTED; /**< @brief iptables mark for trusted packets */ int ip6; /**< @brief enable IPv6 */ } s_config; diff --git a/src/debug.c b/src/debug.c index 38da013..a740862 100644 --- a/src/debug.c +++ b/src/debug.c @@ -53,15 +53,13 @@ _debug(const char filename[], int line, int level, const char *format, ...) sigprocmask(SIG_BLOCK, &block_chld, NULL); if (level <= LOG_WARNING) { - fprintf(stderr, "[%d][%.24s][%u](%s:%d) ", level, ctime_r(&ts, buf), getpid(), - filename, line); + fprintf(stderr, "[%d][%.24s][%u](%s:%d) ", level, ctime_r(&ts, buf), getpid(), filename, line); va_start(vlist, format); vfprintf(stderr, format, vlist); va_end(vlist); fputc('\n', stderr); } else if (!config->daemon) { - fprintf(stdout, "[%d][%.24s][%u](%s:%d) ", level, ctime_r(&ts, buf), getpid(), - filename, line); + fprintf(stdout, "[%d][%.24s][%u](%s:%d) ", level, ctime_r(&ts, buf), getpid(), filename, line); va_start(vlist, format); vfprintf(stdout, format, vlist); va_end(vlist); diff --git a/src/fw_iptables.c b/src/fw_iptables.c index 7e34377..7a58731 100644 --- a/src/fw_iptables.c +++ b/src/fw_iptables.c @@ -51,12 +51,12 @@ #include "util.h" #include "tc.h" -static char * _iptables_compile(const char[], const char[], t_firewall_rule *); +static char *_iptables_compile(const char[], const char[], t_firewall_rule *); static int _iptables_append_ruleset(const char[], const char[], const char[]); static int _iptables_init_marks(void); -extern pthread_mutex_t client_list_mutex; -extern pthread_mutex_t config_mutex; +extern pthread_mutex_t client_list_mutex; +extern pthread_mutex_t config_mutex; /** * Make nonzero to supress the error output of the firewall during destruction. @@ -99,17 +99,17 @@ _iptables_init_marks() FW_MARK_MASK = FW_MARK_BLOCKED | FW_MARK_TRUSTED | FW_MARK_AUTHENTICATED; debug(LOG_INFO,"Iptables mark %s: 0x%x", - fw_connection_state_as_string(FW_MARK_PREAUTHENTICATED), - FW_MARK_PREAUTHENTICATED); + fw_connection_state_as_string(FW_MARK_PREAUTHENTICATED), + FW_MARK_PREAUTHENTICATED); debug(LOG_INFO,"Iptables mark %s: 0x%x", - fw_connection_state_as_string(FW_MARK_AUTHENTICATED), - FW_MARK_AUTHENTICATED); + fw_connection_state_as_string(FW_MARK_AUTHENTICATED), + FW_MARK_AUTHENTICATED); debug(LOG_INFO,"Iptables mark %s: 0x%x", - fw_connection_state_as_string(FW_MARK_TRUSTED), - FW_MARK_TRUSTED); + fw_connection_state_as_string(FW_MARK_TRUSTED), + FW_MARK_TRUSTED); debug(LOG_INFO,"Iptables mark %s: 0x%x", - fw_connection_state_as_string(FW_MARK_BLOCKED), - FW_MARK_BLOCKED); + fw_connection_state_as_string(FW_MARK_BLOCKED), + FW_MARK_BLOCKED); return 0; } @@ -407,8 +407,7 @@ iptables_fw_init(void) rc |= iptables_allow_mac(pa->mac); } } else { - debug(LOG_ERR, "Unknown MAC mechanism: %d", - macmechanism); + debug(LOG_ERR, "Unknown MAC mechanism: %d", macmechanism); rc = -1; } @@ -698,9 +697,9 @@ iptables_fw_destroy(void) */ int iptables_fw_destroy_mention( - const char * table, - const char * chain, - const char * mention + const char *table, + const char *chain, + const char *mention ) { FILE *p = NULL; @@ -888,8 +887,8 @@ iptables_fw_counters_update(void) { FILE *output; char *script, - ip[INET6_ADDRSTRLEN], - target[MAX_BUF]; + ip[INET6_ADDRSTRLEN], + target[MAX_BUF]; int rc; int af; s_config *config; diff --git a/src/gateway.c b/src/gateway.c index 8053046..ef88063 100644 --- a/src/gateway.c +++ b/src/gateway.c @@ -218,7 +218,7 @@ static void main_loop(void) { int result = 0; - pthread_t tid; + pthread_t tid; s_config *config; config = config_get_config(); @@ -248,13 +248,13 @@ main_loop(void) /* Initializes the web server */ if ((webserver = MHD_start_daemon( - MHD_USE_EPOLL_INTERNALLY, - config->gw_port, - NULL, NULL, - libmicrohttpd_cb, NULL, - MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 120, - MHD_OPTION_LISTENING_ADDRESS_REUSE, 1, - MHD_OPTION_END)) == NULL) { + MHD_USE_EPOLL_INTERNALLY, + config->gw_port, + NULL, NULL, + libmicrohttpd_cb, NULL, + MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 120, + MHD_OPTION_LISTENING_ADDRESS_REUSE, 1, + MHD_OPTION_END)) == NULL) { debug(LOG_ERR, "Could not create web server: %s", strerror(errno)); exit(1); } diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c index fb76e6e..fccbd7e 100644 --- a/src/http_microhttpd.c +++ b/src/http_microhttpd.c @@ -143,7 +143,7 @@ static int is_splashpage(const char *host, const char *url) if (host == NULL) { /* no hostname given * '/' -> splash - * '' -> splash [is this even possible with MHD? + * '' -> splash [is this even possible with MHD? */ if (strlen(url) == 0 || !strcmp("/", url)) { @@ -158,7 +158,7 @@ static int is_splashpage(const char *host, const char *url) } /* '/' -> splash - * '' -> splash + * '' -> splash */ if (strlen(url) == 0 || !strcmp("/", url)) { @@ -361,10 +361,10 @@ static int try_to_authenticate(struct MHD_Connection *connection, t_client *clie * @return */ static int authenticate_client(struct MHD_Connection *connection, - const char *ip_addr, - const char *mac, - const char *redirect_url, - t_client *client) + const char *ip_addr, + const char *mac, + const char *redirect_url, + t_client *client) { /* TODO: handle redirect_url == NULL */ auth_client_action(ip_addr, mac, AUTH_MAKE_AUTHENTICATED); @@ -390,10 +390,10 @@ static int authenticate_client(struct MHD_Connection *connection, * - when a user calls deny url -> deauth it */ static int authenticated(struct MHD_Connection *connection, - const char *ip_addr, - const char *mac, - const char *url, - t_client *client) + const char *ip_addr, + const char *mac, + const char *url, + t_client *client) { s_config *config = config_get_config(); const char *redirect_url; @@ -560,7 +560,7 @@ static int redirect_to_splashpage(struct MHD_Connection *connection, t_client *c static t_client * add_client(const char *ip_addr) { - t_client *client; + t_client *client; LOCK_CLIENT_LIST(); client = client_list_add_client(ip_addr); @@ -581,7 +581,7 @@ int send_redirect_temp(struct MHD_Connection *connection, const char *url) if (!response) return send_error(connection, 503); - // MHD_set_response_options(response, MHD_RF_HTTP_VERSION_1_0_ONLY, MHD_RO_END); + // MHD_set_response_options(response, MHD_RF_HTTP_VERSION_1_0_ONLY, MHD_RO_END); MHD_add_response_header(response, "Location", url); MHD_add_response_header(response, "Connection", "close"); ret = MHD_queue_response(connection, MHD_HTTP_TEMPORARY_REDIRECT, response); @@ -630,7 +630,7 @@ static int get_query(struct MHD_Connection *connection, char **query) collect_query.i = 0; collect_query.elements = elements; - // static int get_host_value_callback(void *cls, enum MHD_ValueKind kind, const char *key, const char *value) { + // static int get_host_value_callback(void *cls, enum MHD_ValueKind kind, const char *key, const char *value) { MHD_get_connection_values(connection, MHD_GET_ARGUMENT_KIND, collect_query_string, &collect_query); for(i=0; i -/* blen is the size of buf; slen is the length of src. The input-string need -** not be, and the output string will not be, null-terminated. Returns the +/* blen is the size of buf; slen is the length of src. The input-string need +** not be, and the output string will not be, null-terminated. Returns the ** length of the decoded string, -1 on buffer overflow, -2 on malformed string. */ int uh_urldecode(char *buf, int blen, const char *src, int slen) { @@ -65,7 +65,7 @@ int uh_urlencode(char *buf, int blen, const char *src, int slen) } else if ((len+3) <= blen) { buf[len++] = '%'; buf[len++] = hex[(src[i] >> 4) & 15]; - buf[len++] = hex[ src[i] & 15]; + buf[len++] = hex[ src[i] & 15]; } else { len = -1; break; @@ -79,7 +79,7 @@ int uh_b64decode(char *buf, int blen, const void *src, int slen) { const unsigned char *str = src; unsigned int cout = 0; - unsigned int cin = 0; + unsigned int cin = 0; int len = 0; int i = 0; diff --git a/src/mimetypes.h b/src/mimetypes.h index b6d1b71..157212f 100644 --- a/src/mimetypes.h +++ b/src/mimetypes.h @@ -27,62 +27,62 @@ struct mimetype { static const struct mimetype uh_mime_types[] = { - { "txt", "text/plain" }, - { "log", "text/plain" }, + { "txt", "text/plain" }, + { "log", "text/plain" }, { "js", "text/javascript" }, - { "css", "text/css" }, - { "htm", "text/html; charset=utf-8" }, + { "css", "text/css" }, + { "htm", "text/html; charset=utf-8" }, { "html", "text/html; charset=utf-8" }, { "diff", "text/x-patch" }, - { "patch", "text/x-patch" }, - { "c", "text/x-csrc" }, - { "h", "text/x-chdr" }, - { "o", "text/x-object" }, + { "patch", "text/x-patch" }, + { "c", "text/x-csrc" }, + { "h", "text/x-chdr" }, + { "o", "text/x-object" }, { "ko", "text/x-object" }, - { "bmp", "image/bmp" }, - { "gif", "image/gif" }, - { "png", "image/png" }, - { "jpg", "image/jpeg" }, + { "bmp", "image/bmp" }, + { "gif", "image/gif" }, + { "png", "image/png" }, + { "jpg", "image/jpeg" }, { "jpeg", "image/jpeg" }, - { "svg", "image/svg+xml" }, + { "svg", "image/svg+xml" }, { "json", "application/json" }, - { "jsonp", "application/javascript" }, - { "zip", "application/zip" }, - { "pdf", "application/pdf" }, - { "xml", "application/xml" }, - { "xsl", "application/xml" }, - { "doc", "application/msword" }, - { "ppt", "application/vnd.ms-powerpoint" }, - { "xls", "application/vnd.ms-excel" }, - { "odt", "application/vnd.oasis.opendocument.text" }, - { "odp", "application/vnd.oasis.opendocument.presentation" }, + { "jsonp", "application/javascript" }, + { "zip", "application/zip" }, + { "pdf", "application/pdf" }, + { "xml", "application/xml" }, + { "xsl", "application/xml" }, + { "doc", "application/msword" }, + { "ppt", "application/vnd.ms-powerpoint" }, + { "xls", "application/vnd.ms-excel" }, + { "odt", "application/vnd.oasis.opendocument.text" }, + { "odp", "application/vnd.oasis.opendocument.presentation" }, { "pl", "application/x-perl" }, { "sh", "application/x-shellscript" }, - { "php", "application/x-php" }, - { "deb", "application/x-deb" }, - { "iso", "application/x-cd-image" }, - { "tar.gz", "application/x-compressed-tar" }, - { "tgz", "application/x-compressed-tar" }, + { "php", "application/x-php" }, + { "deb", "application/x-deb" }, + { "iso", "application/x-cd-image" }, + { "tar.gz", "application/x-compressed-tar" }, + { "tgz", "application/x-compressed-tar" }, { "gz", "application/x-gzip" }, - { "tar.bz2", "application/x-bzip-compressed-tar" }, - { "tbz", "application/x-bzip-compressed-tar" }, - { "bz2", "application/x-bzip" }, - { "tar", "application/x-tar" }, - { "rar", "application/x-rar-compressed" }, + { "tar.bz2", "application/x-bzip-compressed-tar" }, + { "tbz", "application/x-bzip-compressed-tar" }, + { "bz2", "application/x-bzip" }, + { "tar", "application/x-tar" }, + { "rar", "application/x-rar-compressed" }, - { "mp3", "audio/mpeg" }, - { "ogg", "audio/x-vorbis+ogg" }, + { "mp3", "audio/mpeg" }, + { "ogg", "audio/x-vorbis+ogg" }, { "wav", "audio/x-wav" }, - { "mpg", "video/mpeg" }, + { "mpg", "video/mpeg" }, { "mpeg", "video/mpeg" }, - { "avi", "video/x-msvideo" }, + { "avi", "video/x-msvideo" }, - { "README", "text/plain" }, - { "log", "text/plain" }, - { "cfg", "text/plain" }, + { "README", "text/plain" }, + { "log", "text/plain" }, + { "cfg", "text/plain" }, { "conf", "text/plain" }, { "pac", "application/x-ns-proxy-autoconfig" }, diff --git a/src/ndsctl.c b/src/ndsctl.c index 362a9a2..0fca137 100644 --- a/src/ndsctl.c +++ b/src/ndsctl.c @@ -160,8 +160,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "block") == 0) { config.command = NDSCTL_BLOCK; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to block\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to block\n"); usage(); exit(1); } @@ -169,8 +168,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "unblock") == 0) { config.command = NDSCTL_UNBLOCK; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to unblock\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to unblock\n"); usage(); exit(1); } @@ -178,8 +176,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "allow") == 0) { config.command = NDSCTL_ALLOW; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to allow\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to allow\n"); usage(); exit(1); } @@ -187,8 +184,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "unallow") == 0) { config.command = NDSCTL_UNALLOW; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to unallow\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to unallow\n"); usage(); exit(1); } @@ -196,8 +192,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "trust") == 0) { config.command = NDSCTL_TRUST; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to trust\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to trust\n"); usage(); exit(1); } @@ -205,8 +200,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "untrust") == 0) { config.command = NDSCTL_UNTRUST; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a " - "MAC address to untrust\n"); + fprintf(stderr, "ndsctl: Error: You must specify a MAC address to untrust\n"); usage(); exit(1); } @@ -214,8 +208,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "auth") == 0) { config.command = NDSCTL_AUTH; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify an IP " - "address to auth\n"); + fprintf(stderr, "ndsctl: Error: You must specify an IP address to auth\n"); usage(); exit(1); } @@ -223,8 +216,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "deauth") == 0) { config.command = NDSCTL_DEAUTH; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify an IP " - "or a MAC address to deauth\n"); + fprintf(stderr, "ndsctl: Error: You must specify an IP or a MAC address to deauth\n"); usage(); exit(1); } @@ -232,8 +224,7 @@ parse_commandline(int argc, char **argv) } else if (strcmp(*(argv + optind), "loglevel") == 0) { config.command = NDSCTL_LOGLEVEL; if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify an integer " - "loglevel to loglevel\n"); + fprintf(stderr, "ndsctl: Error: You must specify an integer loglevel to loglevel\n"); usage(); exit(1); } @@ -265,7 +256,7 @@ static int connect_to_server(const char sock_name[]) { int sock; - struct sockaddr_un sa_un; + struct sockaddr_un sa_un; /* Connect to socket */ sock = socket(AF_UNIX, SOCK_STREAM, 0); @@ -273,8 +264,7 @@ connect_to_server(const char sock_name[]) sa_un.sun_family = AF_UNIX; strncpy(sa_un.sun_path, sock_name, (sizeof(sa_un.sun_path) - 1)); - if (connect(sock, (struct sockaddr *)&sa_un, - strlen(sa_un.sun_path) + sizeof(sa_un.sun_family))) { + if (connect(sock, (struct sockaddr *)&sa_un, strlen(sa_un.sun_path) + sizeof(sa_un.sun_family))) { fprintf(stderr, "ndsctl: nodogsplash probably not started (Error: %s)\n", strerror(errno)); exit(1); } @@ -285,14 +275,13 @@ connect_to_server(const char sock_name[]) static int send_request(int sock, const char request[]) { - ssize_t len, written; + ssize_t len, written; len = 0; while (len != strlen(request)) { written = write(sock, (request + len), strlen(request) - len); if (written == -1) { - fprintf(stderr, "Write to nodogsplash failed: %s\n", - strerror(errno)); + fprintf(stderr, "Write to nodogsplash failed: %s\n", strerror(errno)); exit(1); } len += written; @@ -316,8 +305,7 @@ ndsctl_action(const char cmd[], const char ifyes[], const char ifno[]) sock = connect_to_server(config.socket); - snprintf(request, sizeof(request)-strlen(NDSCTL_TERMINATOR), - "%s %s", cmd, config.param); + snprintf(request, sizeof(request)-strlen(NDSCTL_TERMINATOR), "%s %s", cmd, config.param); strcat(request, NDSCTL_TERMINATOR); len = send_request(sock, request); @@ -325,11 +313,11 @@ ndsctl_action(const char cmd[], const char ifyes[], const char ifno[]) len = 0; memset(buffer, 0, sizeof(buffer)); while ((len < sizeof(buffer)) && ((rlen = read(sock, (buffer + len), - (sizeof(buffer) - len))) > 0)) { + (sizeof(buffer) - len))) > 0)) { len += rlen; } - if(rlen<0) { + if (rlen < 0) { fprintf(stderr, "ndsctl: Error reading socket: %s\n", strerror(errno)); } @@ -338,8 +326,7 @@ ndsctl_action(const char cmd[], const char ifyes[], const char ifno[]) } else if (strcmp(buffer, "No") == 0) { printf(ifno, config.param); } else { - fprintf(stderr, "ndsctl: Error: nodogsplash sent an abnormal " - "reply.\n"); + fprintf(stderr, "ndsctl: Error: nodogsplash sent an abnormal reply.\n"); } shutdown(sock, 2); @@ -405,88 +392,88 @@ void ndsctl_loglevel(void) { ndsctl_action("loglevel", - "Log level set to %s.\n", - "Failed to set log level to %s.\n"); + "Log level set to %s.\n", + "Failed to set log level to %s.\n"); } void ndsctl_password(void) { ndsctl_action("password", - "Password set to %s.\n", - "Failed to set password to %s.\n"); + "Password set to %s.\n", + "Failed to set password to %s.\n"); } void ndsctl_username(void) { ndsctl_action("username", - "Username set to %s.\n", - "Failed to set username to %s.\n"); + "Username set to %s.\n", + "Failed to set username to %s.\n"); } void ndsctl_deauth(void) { ndsctl_action("deauth", - "Client %s deauthenticated.\n", - "Client %s not found.\n"); + "Client %s deauthenticated.\n", + "Client %s not found.\n"); } void ndsctl_auth(void) { ndsctl_action("auth", - "Client %s authenticated.\n", - "Failed to authenticate client %s.\n"); + "Client %s authenticated.\n", + "Failed to authenticate client %s.\n"); } void ndsctl_block(void) { ndsctl_action("block", - "MAC %s blocked.\n", - "Failed to block MAC %s.\n"); + "MAC %s blocked.\n", + "Failed to block MAC %s.\n"); } void ndsctl_unblock(void) { ndsctl_action("unblock", - "MAC %s unblocked.\n", - "Failed to unblock MAC %s.\n"); + "MAC %s unblocked.\n", + "Failed to unblock MAC %s.\n"); } void ndsctl_allow(void) { ndsctl_action("allow", - "MAC %s allowed.\n", - "Failed to allow MAC %s.\n"); + "MAC %s allowed.\n", + "Failed to allow MAC %s.\n"); } void ndsctl_unallow(void) { ndsctl_action("unallow", - "MAC %s unallowed.\n", - "Failed to unallow MAC %s.\n"); + "MAC %s unallowed.\n", + "Failed to unallow MAC %s.\n"); } void ndsctl_trust(void) { ndsctl_action("trust", - "MAC %s trusted.\n", - "Failed to trust MAC %s.\n"); + "MAC %s trusted.\n", + "Failed to trust MAC %s.\n"); } void ndsctl_untrust(void) { ndsctl_action("untrust", - "MAC %s untrusted.\n", - "Failed to untrust MAC %s.\n"); + "MAC %s untrusted.\n", + "Failed to untrust MAC %s.\n"); } int diff --git a/src/ndsctl.h b/src/ndsctl.h index a0abc0c..1972639 100644 --- a/src/ndsctl.h +++ b/src/ndsctl.h @@ -27,7 +27,7 @@ #ifndef _NDSCTL_H_ #define _NDSCTL_H_ -#define DEFAULT_SOCK "/tmp/ndsctl.sock" +#define DEFAULT_SOCK "/tmp/ndsctl.sock" #define NDSCTL_TERMINATOR "\r\n\r\n" @@ -52,9 +52,9 @@ typedef struct { - char *socket; - int command; - char *param; + char *socket; + int command; + char *param; } s_config; diff --git a/src/ndsctl_thread.c b/src/ndsctl_thread.c index cc1e3fd..8a451ec 100644 --- a/src/ndsctl_thread.c +++ b/src/ndsctl_thread.c @@ -84,9 +84,9 @@ thread_ndsctl(void *arg) { int sock, fd; const char *sock_name; - struct sockaddr_un sa_un; + struct sockaddr_un sa_un; int result; - pthread_t tid; + pthread_t tid; socklen_t len; struct ndsctl_args *child_thread_args; @@ -111,12 +111,10 @@ thread_ndsctl(void *arg) unlink(sock_name); debug(LOG_DEBUG, "Filling sockaddr_un"); - strcpy(sa_un.sun_path, sock_name); /* XXX No size check because we - * check a few lines before. */ + strcpy(sa_un.sun_path, sock_name); /* XXX No size check because we check a few lines before. */ sa_un.sun_family = AF_UNIX; - debug(LOG_DEBUG, "Binding socket (%s) (%d)", sa_un.sun_path, - strlen(sock_name)); + debug(LOG_DEBUG, "Binding socket (%s) (%d)", sa_un.sun_path, strlen(sock_name)); /* Which to use, AF_UNIX, PF_UNIX, AF_LOCAL, PF_LOCAL? */ if (bind(sock, (struct sockaddr *)&sa_un, strlen(sock_name) + sizeof(sa_un.sun_family))) { @@ -247,7 +245,7 @@ ndsctl_stop(pthread_t ndsctl_master_id) static void ndsctl_auth(int fd, char *arg) { - t_client *client; + t_client *client; char *ip, *mac; debug(LOG_DEBUG, "Entering ndsctl_auth..."); @@ -283,7 +281,7 @@ ndsctl_auth(int fd, char *arg) static void ndsctl_deauth(int fd, char *arg) { - t_client *client; + t_client *client; char *ip, *mac; debug(LOG_DEBUG, "Entering ndsctl_deauth..."); diff --git a/src/ndsctl_thread.h b/src/ndsctl_thread.h index 3731b3a..e382cd9 100644 --- a/src/ndsctl_thread.h +++ b/src/ndsctl_thread.h @@ -28,7 +28,7 @@ #define _NDSCTL_THREAD_H_ -#define DEFAULT_NDSCTL_SOCK "/tmp/ndsctl.sock" +#define DEFAULT_NDSCTL_SOCK "/tmp/ndsctl.sock" /** @brief Listen for nodogsplash control messages on a unix domain socket */ void *thread_ndsctl(void *arg); diff --git a/src/safe.h b/src/safe.h index 63ffbaf..6730119 100644 --- a/src/safe.h +++ b/src/safe.h @@ -19,8 +19,8 @@ \********************************************************************/ /** @file safe.h - @brief Safe versions of stdlib/string functions that error out and exit if memory allocation fails - @author Copyright (C) 2005 Mina Naguib + @brief Safe versions of stdlib/string functions that error out and exit if memory allocation fails + @author Copyright (C) 2005 Mina Naguib */ #ifndef _SAFE_H_ diff --git a/src/tc.c b/src/tc.c index 5c52d78..b02c591 100644 --- a/src/tc.c +++ b/src/tc.c @@ -132,9 +132,9 @@ tc_attach_upload_qdisc(const char dev[], int upload_limit) rc |= tc_do_command("qdisc add dev %s root handle 1: htb default 2 r2q %d", dev, 1700); rc |= tc_do_command("class add dev %s parent 1: classid 1:1 htb rate 100Mbps ceil 100Mbps burst %d cburst %d mtu %d", - dev, burst*10, burst, mtu); + dev, burst*10, burst, mtu); rc |= tc_do_command("class add dev %s parent 1:1 classid 1:2 htb rate %dkbit ceil %dkbit burst %d cburst %d mtu %d prio 1", - dev, upload_limit, upload_limit, burst*10, burst, mtu); + dev, upload_limit, upload_limit, burst*10, burst, mtu); return rc; } @@ -157,9 +157,9 @@ tc_attach_download_qdisc(const char dev[], int download_limit) rc |= tc_do_command("qdisc add dev %s root handle 1: htb default 2 r2q %d", dev, 1700); rc |= tc_do_command("class add dev %s parent 1: classid 1:1 htb rate 100Mbps ceil 100Mbps burst %d cburst %d mtu %d", - dev, burst*10, burst, mtu); + dev, burst*10, burst, mtu); rc |= tc_do_command("class add dev %s parent 1:1 classid 1:2 htb rate %dkbit ceil %dkbit burst %d cburst %d mtu %d prio 1", - dev, download_limit, download_limit, burst*10, burst, mtu); + dev, download_limit, download_limit, burst*10, burst, mtu); return rc; } @@ -194,8 +194,7 @@ tc_init_tc() ret = execute(cmd ,tc_quiet); free(cmd); if( ret != 0 ) { - debug(LOG_ERR, "Could not set %s up. Download limiting will not work", - download_imqname); + debug(LOG_ERR, "Could not set %s up. Download limiting will not work", download_imqname); } else { /* jump to the imq in mangle CHAIN_INCOMING */ rc |= iptables_do_command("-t mangle -A " CHAIN_INCOMING " -j IMQ --todev %d ", download_imq); @@ -208,8 +207,7 @@ tc_init_tc() ret = execute(cmd ,tc_quiet); free(cmd); if( ret != 0 ) { - debug(LOG_ERR, "Could not set %s up. Upload limiting will not work", - upload_imqname); + debug(LOG_ERR, "Could not set %s up. Upload limiting will not work", upload_imqname); rc = -1; } else { /* jump to the imq in mangle CHAIN_OUTGOING */ diff --git a/src/template.c b/src/template.c index 04e3cae..4cc9e9b 100644 --- a/src/template.c +++ b/src/template.c @@ -64,7 +64,7 @@ int tmpl_parse(struct templater *templor, char *dst, size_t dst_len, const char memset(dst, 0x0, dst_len); while((src_i < src_len) && (dst_i < dst_len)) { if(src[src_i] != '$') { - dst[dst_i] = src[src_i]; + dst[dst_i] = src[src_i]; dst_i++; src_i++; continue; @@ -103,7 +103,7 @@ int tmpl_parse(struct templater *templor, char *dst, size_t dst_len, const char continue; } - /* check if variable name is empty */ + /* check if variable name is empty */ if (templor->variables[varidx] == NULL || strlen(templor->variables[varidx]) == 0) { src_i += varlen; diff --git a/src/util.c b/src/util.c index aa941eb..45b15a7 100644 --- a/src/util.c +++ b/src/util.c @@ -303,9 +303,9 @@ get_ext_iface (void) char *device, *gw; int i = 1; int keep_detecting = 1; - pthread_cond_t cond = PTHREAD_COND_INITIALIZER; - pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; - struct timespec timeout; + pthread_cond_t cond = PTHREAD_COND_INITIALIZER; + pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; + struct timespec timeout; device = (char *)malloc(16); gw = (char *)malloc(16); debug(LOG_DEBUG, "get_ext_iface(): Autodectecting the external interface from routing table"); @@ -653,8 +653,8 @@ ndsctl_json(int fd) upload_bytes = client->counters.outgoing; cprintf(fd, "\"downloaded\":\"%llu\",\n\"avg_down_speed\":\"%.6g\",\n\"uploaded\":\"%llu\",\n\"avg_up_speed\":\"%.6g\"\n", - download_bytes/1000, ((double)download_bytes)/125/durationsecs, - upload_bytes/1000, ((double)upload_bytes)/125/durationsecs); + download_bytes/1000, ((double)download_bytes)/125/durationsecs, + upload_bytes/1000, ((double)upload_bytes)/125/durationsecs); indx++; client = client->next; From 7b4b794d776cda3f222b138e621043cd093c4a7a Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Sat, 18 Feb 2017 22:35:09 +0100 Subject: [PATCH 028/117] add space between if and condition --- src/auth.c | 4 +- src/client_list.c | 4 +- src/conf.c | 80 ++++++++++++++++++------------------- src/firewall.c | 12 +++--- src/fw_iptables.c | 28 ++++++------- src/gateway.c | 10 ++--- src/http_microhttpd.c | 30 +++++++------- src/http_microhttpd_utils.c | 4 +- src/ndsctl.c | 2 +- src/tc.c | 8 ++-- src/template.c | 16 ++++---- src/util.c | 44 ++++++++++---------- 12 files changed, 121 insertions(+), 121 deletions(-) diff --git a/src/auth.c b/src/auth.c index 8ba901a..0694cb5 100644 --- a/src/auth.c +++ b/src/auth.c @@ -107,7 +107,7 @@ auth_client_action(const char ip[], const char mac[], t_authaction action) switch(action) { case AUTH_MAKE_AUTHENTICATED: - if(client->fw_connection_state != FW_MARK_AUTHENTICATED) { + if (client->fw_connection_state != FW_MARK_AUTHENTICATED) { client->fw_connection_state = FW_MARK_AUTHENTICATED; iptables_fw_access(AUTH_MAKE_AUTHENTICATED, client); authenticated_since_start++; @@ -117,7 +117,7 @@ auth_client_action(const char ip[], const char mac[], t_authaction action) break; case AUTH_MAKE_DEAUTHENTICATED: - if(client->fw_connection_state == FW_MARK_AUTHENTICATED) { + if (client->fw_connection_state == FW_MARK_AUTHENTICATED) { iptables_fw_access(AUTH_MAKE_DEAUTHENTICATED, client); } client_list_delete(client); diff --git a/src/client_list.c b/src/client_list.c index e70e764..60b127e 100644 --- a/src/client_list.c +++ b/src/client_list.c @@ -113,7 +113,7 @@ _client_list_append(const char ip[], const char mac[], const char token[]) config = config_get_config(); maxclients = config->maxclients; - if(client_count >= maxclients) { + if (client_count >= maxclients) { debug(LOG_NOTICE, "Already list %d clients, cannot add %s %s", client_count, ip, mac); return NULL; } @@ -190,7 +190,7 @@ client_list_add_client(const char ip[]) t_client *client; char *mac, *token; - if(!check_ip_format(ip)) { + if (!check_ip_format(ip)) { /* Inappropriate format in IP address */ debug(LOG_NOTICE, "Illegal IP format [%s]", ip); return NULL; diff --git a/src/conf.c b/src/conf.c index 9da80c9..96bd38b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -323,7 +323,7 @@ add_ruleset(const char rulesetname[]) ruleset = get_ruleset(rulesetname); - if(ruleset != NULL) { + if (ruleset != NULL) { debug(LOG_DEBUG, "add_ruleset(): FirewallRuleSet %s already exists.", rulesetname); return ruleset; } @@ -360,7 +360,7 @@ parse_empty_ruleset_policy(char *ptr, const char *filename, int lineno) /* get the ruleset struct with this name; error if it doesn't exist */ debug(LOG_DEBUG, "Parsing EmptyRuleSetPolicy for %s", rulesetname); ruleset = get_ruleset(rulesetname); - if(ruleset == NULL) { + if (ruleset == NULL) { debug(LOG_ERR, "Unrecognized FirewallRuleSet name: %s at line %d in %s", rulesetname, lineno, filename); debug(LOG_ERR, "Exiting..."); exit(-1); @@ -379,7 +379,7 @@ parse_empty_ruleset_policy(char *ptr, const char *filename, int lineno) "block" means iptables REJECT */ if (ruleset->emptyrulesetpolicy != NULL) free(ruleset->emptyrulesetpolicy); - if(!strcasecmp(policy,"passthrough")) { + if (!strcasecmp(policy,"passthrough")) { ruleset->emptyrulesetpolicy = safe_strdup("RETURN"); } else if (!strcasecmp(policy,"allow")) { ruleset->emptyrulesetpolicy = safe_strdup("ACCEPT"); @@ -408,13 +408,13 @@ parse_firewall_ruleset(const char *rulesetname, FILE *fd, const char *filename, /* find whitespace delimited word in ruleset string; this is its name */ p1 = strchr(rulesetname,' '); - if(p1) *p1 = '\0'; + if (p1) *p1 = '\0'; p1 = strchr(rulesetname,'\t'); - if(p1) *p1 = '\0'; + if (p1) *p1 = '\0'; debug(LOG_DEBUG, "Parsing FirewallRuleSet %s", rulesetname); ruleset = get_ruleset(rulesetname); - if(ruleset == NULL) { + if (ruleset == NULL) { debug(LOG_ERR, "Unrecognized FirewallRuleSet name: %s", rulesetname); debug(LOG_ERR, "Exiting..."); exit(-1); @@ -426,10 +426,10 @@ parse_firewall_ruleset(const char *rulesetname, FILE *fd, const char *filename, p1 = _strip_whitespace(line); /* if nothing left, get next line */ - if(p1[0] == '\0') continue; + if (p1[0] == '\0') continue; /* if closing brace, we are done */ - if(p1[0] == '}') break; + if (p1[0] == '}') break; /* next, we coopt the parsing of the regular config */ @@ -437,7 +437,7 @@ parse_firewall_ruleset(const char *rulesetname, FILE *fd, const char *filename, p2 = p1; while ((*p2 != '\0') && (!isblank(*p2))) p2++; /* if this is end of line, it's a problem */ - if(p2[0] == '\0') { + if (p2[0] == '\0') { debug(LOG_ERR, "FirewallRule incomplete on line %d in %s", *linenum, filename); debug(LOG_ERR, "Exiting..."); exit(-1); @@ -527,7 +527,7 @@ _parse_firewall_rule(t_firewall_ruleset *ruleset, char *leftover) /* Get the optional port or port range */ if (strncmp(leftover, "port", 4) == 0) { - if(protocol == NULL || + if (protocol == NULL || !(strncmp(protocol, "tcp", 3) == 0 || strncmp(protocol, "udp", 3) == 0)) { debug(LOG_ERR, "Port without tcp or udp protocol"); return -3; /*< Fail */ @@ -621,7 +621,7 @@ get_empty_ruleset_policy(const char *rulesetname) { t_firewall_ruleset *rs; rs = get_ruleset(rulesetname); - if(rs == NULL) return NULL; + if (rs == NULL) return NULL; return rs->emptyrulesetpolicy; } @@ -699,7 +699,7 @@ config_read(const char *filename) s = _strip_whitespace(line); /* if nothing left, get next line */ - if(s[0] == '\0') continue; + if (s[0] == '\0') continue; /* now we require the line must have form: