make libfko pointers constant where possible
This commit is contained in:
Michael Rash
parent
4daedde364
commit
ce18de4f84
66
lib/fko.h
66
lib/fko.h
@ -202,14 +202,6 @@ typedef enum {
|
||||
#define B64_GPG_PREFIX "hQ"
|
||||
#define B64_GPG_PREFIX_STR_LEN 2
|
||||
|
||||
/* Define the consistent prefixes or salt on some encryption schemes.
|
||||
*/
|
||||
#define B64_RIJNDAEL_SALT "U2FsdGVkX1"
|
||||
#define B64_RIJNDAEL_SALT_STR_LEN 10
|
||||
|
||||
#define B64_GPG_PREFIX "hQ"
|
||||
#define B64_GPG_PREFIX_STR_LEN 2
|
||||
|
||||
/* The context holds the global state and config options, as
|
||||
* well as some intermediate results during processing. This
|
||||
* is an opaque pointer.
|
||||
@ -238,23 +230,23 @@ enum {
|
||||
/* General api calls
|
||||
*/
|
||||
DLL_API int fko_new(fko_ctx_t *ctx);
|
||||
DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg,
|
||||
const char *dec_key, const int dec_key_len, int encryption_mode,
|
||||
const char *hmac_key, const int hmac_key_len);
|
||||
DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char * const enc_msg,
|
||||
const char * const dec_key, const int dec_key_len, int encryption_mode,
|
||||
const char * const hmac_key, const int hmac_key_len);
|
||||
DLL_API void fko_destroy(fko_ctx_t ctx);
|
||||
DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key,
|
||||
const int enc_key_len, const char *hmac_key, const int hmac_key_len);
|
||||
DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key,
|
||||
const int enc_key_len, const char * const hmac_key, const int hmac_key_len);
|
||||
|
||||
|
||||
/* Set context data functions
|
||||
*/
|
||||
DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val);
|
||||
DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user);
|
||||
DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char * const val);
|
||||
DLL_API int fko_set_username(fko_ctx_t ctx, const char * const spoof_user);
|
||||
DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
|
||||
DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
|
||||
DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string);
|
||||
DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access);
|
||||
DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth);
|
||||
DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char * const msg_string);
|
||||
DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const nat_access);
|
||||
DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const server_auth);
|
||||
DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
|
||||
DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
|
||||
DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
|
||||
@ -262,26 +254,26 @@ DLL_API int fko_set_raw_spa_digest_type(fko_ctx_t ctx, const short raw_digest_ty
|
||||
DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
|
||||
DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
|
||||
DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode);
|
||||
DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg);
|
||||
DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg);
|
||||
DLL_API int fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode);
|
||||
|
||||
/* Data processing and misc utility functions
|
||||
*/
|
||||
DLL_API const char* fko_errstr(const int err_code);
|
||||
DLL_API int fko_encryption_type(const char *enc_data);
|
||||
DLL_API int fko_key_gen(char *key_base64, char *hmac_key_base64);
|
||||
DLL_API int fko_base64_encode(unsigned char *in, char *out, int in_len);
|
||||
DLL_API int fko_base64_decode(const char *in, unsigned char *out);
|
||||
DLL_API int fko_encryption_type(const char * const enc_data);
|
||||
DLL_API int fko_key_gen(char * const key_base64, char * const hmac_key_base64);
|
||||
DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len);
|
||||
DLL_API int fko_base64_decode(const char * const in, unsigned char *out);
|
||||
|
||||
DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
|
||||
DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
|
||||
DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key,
|
||||
DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key,
|
||||
const int enc_key_len);
|
||||
DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key,
|
||||
DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key,
|
||||
const int dec_key_len);
|
||||
DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char *hmac_key,
|
||||
DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char * const hmac_key,
|
||||
const int hmac_key_len);
|
||||
DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char *hmac_key,
|
||||
DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char * const hmac_key,
|
||||
const int hmac_key_len);
|
||||
DLL_API int fko_get_hmac_data(fko_ctx_t ctx, char **enc_data);
|
||||
|
||||
@ -309,14 +301,14 @@ DLL_API int fko_get_spa_data(fko_ctx_t ctx, char **spa_data);
|
||||
DLL_API int fko_get_version(fko_ctx_t ctx, char **version);
|
||||
|
||||
/* GPG-related functions */
|
||||
DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe);
|
||||
DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe);
|
||||
DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe);
|
||||
|
||||
DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip);
|
||||
DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char * const recip);
|
||||
DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip);
|
||||
DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer);
|
||||
DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer);
|
||||
DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer);
|
||||
DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir);
|
||||
DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir);
|
||||
DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
|
||||
|
||||
DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
|
||||
@ -324,21 +316,21 @@ DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
|
||||
DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx,
|
||||
const unsigned char val);
|
||||
DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx,
|
||||
unsigned char *val);
|
||||
unsigned char * const val);
|
||||
DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx,
|
||||
const unsigned char val);
|
||||
DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx,
|
||||
unsigned char *val);
|
||||
unsigned char * const val);
|
||||
|
||||
DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);
|
||||
DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr);
|
||||
DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum);
|
||||
DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat);
|
||||
|
||||
DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id,
|
||||
unsigned char *result);
|
||||
DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *fpr,
|
||||
unsigned char *result);
|
||||
DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
|
||||
unsigned char * const result);
|
||||
DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr,
|
||||
unsigned char * const result);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -439,7 +439,7 @@ fko_get_spa_encryption_mode(fko_ctx_t ctx, int *enc_mode)
|
||||
/* Encrypt the encoded SPA data.
|
||||
*/
|
||||
int
|
||||
fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
|
||||
fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len)
|
||||
{
|
||||
int res = 0;
|
||||
|
||||
@ -485,7 +485,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
|
||||
/* Decode, decrypt, and parse SPA data into the context.
|
||||
*/
|
||||
int
|
||||
fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len)
|
||||
fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key, const int key_len)
|
||||
{
|
||||
int enc_type, res;
|
||||
|
||||
@ -518,7 +518,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len)
|
||||
/* Return the assumed encryption type based on the raw encrypted data.
|
||||
*/
|
||||
int
|
||||
fko_encryption_type(const char *enc_data)
|
||||
fko_encryption_type(const char * const enc_data)
|
||||
{
|
||||
int enc_data_len;
|
||||
|
||||
@ -587,7 +587,7 @@ fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip)
|
||||
/* Set the GPG home dir.
|
||||
*/
|
||||
int
|
||||
fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe)
|
||||
fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
struct stat st;
|
||||
@ -657,7 +657,7 @@ fko_get_gpg_recipient(fko_ctx_t ctx, char **recipient)
|
||||
/* Set the GPG signer key name.
|
||||
*/
|
||||
int
|
||||
fko_set_gpg_signer(fko_ctx_t ctx, const char *signer)
|
||||
fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
int res;
|
||||
@ -717,7 +717,7 @@ fko_get_gpg_signer(fko_ctx_t ctx, char **signer)
|
||||
/* Set the GPG home dir.
|
||||
*/
|
||||
int
|
||||
fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir)
|
||||
fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
struct stat st;
|
||||
@ -782,7 +782,7 @@ fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val)
|
||||
}
|
||||
|
||||
int
|
||||
fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val)
|
||||
fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char * const val)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
/* Must be initialized
|
||||
@ -816,7 +816,7 @@ fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val)
|
||||
}
|
||||
|
||||
int
|
||||
fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val)
|
||||
fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char * const val)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
/* Must be initialized
|
||||
@ -962,7 +962,8 @@ fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat)
|
||||
}
|
||||
|
||||
int
|
||||
fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result)
|
||||
fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
|
||||
unsigned char * const result)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
char *curr_id;
|
||||
@ -998,7 +999,8 @@ fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result)
|
||||
}
|
||||
|
||||
int
|
||||
fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *id, unsigned char *result)
|
||||
fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const id,
|
||||
unsigned char * const result)
|
||||
{
|
||||
#if HAVE_LIBGPGME
|
||||
/* Must be initialized
|
||||
|
||||
@ -170,9 +170,9 @@ fko_new(fko_ctx_t *r_ctx)
|
||||
* and parsing the provided data into the context data.
|
||||
*/
|
||||
int
|
||||
fko_new_with_data(fko_ctx_t *r_ctx, const char *enc_msg,
|
||||
const char *dec_key, const int dec_key_len,
|
||||
int encryption_mode, const char *hmac_key,
|
||||
fko_new_with_data(fko_ctx_t *r_ctx, const char * const enc_msg,
|
||||
const char * const dec_key, const int dec_key_len,
|
||||
int encryption_mode, const char * const hmac_key,
|
||||
const int hmac_key_len)
|
||||
{
|
||||
fko_ctx_t ctx;
|
||||
@ -350,7 +350,7 @@ fko_destroy(fko_ctx_t ctx)
|
||||
* encode them
|
||||
*/
|
||||
int
|
||||
fko_key_gen(char *key_base64, char *hmac_key_base64)
|
||||
fko_key_gen(char * const key_base64, char * const hmac_key_base64)
|
||||
{
|
||||
unsigned char key[RIJNDAEL_MAX_KEYSIZE];
|
||||
unsigned char hmac_key[SHA256_BLOCK_LEN];
|
||||
@ -367,13 +367,13 @@ fko_key_gen(char *key_base64, char *hmac_key_base64)
|
||||
/* Provide an FKO wrapper around base64 encode/decode functions
|
||||
*/
|
||||
int
|
||||
fko_base64_encode(unsigned char *in, char *out, int in_len)
|
||||
fko_base64_encode(unsigned char * const in, char * const out, int in_len)
|
||||
{
|
||||
return b64_encode(in, out, in_len);
|
||||
}
|
||||
|
||||
int
|
||||
fko_base64_decode(const char *in, unsigned char *out)
|
||||
fko_base64_decode(const char * const in, unsigned char *out)
|
||||
{
|
||||
return b64_decode(in, out);
|
||||
}
|
||||
@ -399,8 +399,8 @@ fko_get_version(fko_ctx_t ctx, char **version)
|
||||
*/
|
||||
int
|
||||
fko_spa_data_final(fko_ctx_t ctx,
|
||||
const char *enc_key, const int enc_key_len,
|
||||
const char *hmac_key, const int hmac_key_len)
|
||||
const char * const enc_key, const int enc_key_len,
|
||||
const char * const hmac_key, const int hmac_key_len)
|
||||
{
|
||||
char *tbuf;
|
||||
int res = 0, data_with_hmac_len = 0;
|
||||
@ -475,7 +475,7 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data)
|
||||
/* Set the fko SPA encrypted data.
|
||||
*/
|
||||
int
|
||||
fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg)
|
||||
fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg)
|
||||
{
|
||||
int enc_msg_len;
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
#include "base64.h"
|
||||
|
||||
int fko_verify_hmac(fko_ctx_t ctx,
|
||||
const char *hmac_key, const int hmac_key_len)
|
||||
const char * const hmac_key, const int hmac_key_len)
|
||||
{
|
||||
char *hmac_digest_from_data = NULL;
|
||||
char *tbuf = NULL;
|
||||
@ -141,7 +141,7 @@ fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode)
|
||||
}
|
||||
|
||||
int fko_calculate_hmac(fko_ctx_t ctx,
|
||||
const char *hmac_key, const int hmac_key_len)
|
||||
const char * const hmac_key, const int hmac_key_len)
|
||||
{
|
||||
unsigned char hmac[SHA256_DIGEST_STR_LEN] = {0};
|
||||
char *hmac_base64 = NULL;
|
||||
|
||||
@ -156,7 +156,7 @@ fko_get_spa_message_type(fko_ctx_t ctx, short *msg_type)
|
||||
/* Set the SPA MESSAGE data
|
||||
*/
|
||||
int
|
||||
fko_set_spa_message(fko_ctx_t ctx, const char *msg)
|
||||
fko_set_spa_message(fko_ctx_t ctx, const char * const msg)
|
||||
{
|
||||
int res = FKO_ERROR_UNKNOWN;
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
/* Set the SPA Nat Access data
|
||||
*/
|
||||
int
|
||||
fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
|
||||
fko_set_spa_nat_access(fko_ctx_t ctx, const char * const msg)
|
||||
{
|
||||
int res = FKO_SUCCESS;
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@
|
||||
/* Set/Generate the SPA data random value string.
|
||||
*/
|
||||
int
|
||||
fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
|
||||
fko_set_rand_value(fko_ctx_t ctx, const char * const new_val)
|
||||
{
|
||||
#ifdef WIN32
|
||||
struct _timeb tb;
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
/* Set the SPA Server Auth data
|
||||
*/
|
||||
int
|
||||
fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg)
|
||||
fko_set_spa_server_auth(fko_ctx_t ctx, const char * const msg)
|
||||
{
|
||||
/****************************************
|
||||
* --DSS This is not supported yet
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
/* Get or Set the username for the fko context spa data.
|
||||
*/
|
||||
int
|
||||
fko_set_username(fko_ctx_t ctx, const char *spoof_user)
|
||||
fko_set_username(fko_ctx_t ctx, const char * const spoof_user)
|
||||
{
|
||||
char *username = NULL;
|
||||
int res = FKO_SUCCESS;
|
||||
@ -74,14 +74,14 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user)
|
||||
#endif
|
||||
/* if we still didn't get a username, continue falling back
|
||||
*/
|
||||
if(username == NULL)
|
||||
{
|
||||
if(username == NULL)
|
||||
{
|
||||
if((username = getenv("USER")) == NULL)
|
||||
{
|
||||
username = strdup("NO_USER");
|
||||
if(username == NULL)
|
||||
return(FKO_ERROR_MEMORY_ALLOCATION);
|
||||
}
|
||||
{
|
||||
username = strdup("NO_USER");
|
||||
if(username == NULL)
|
||||
return(FKO_ERROR_MEMORY_ALLOCATION);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,12 +59,13 @@
|
||||
* They should be implemented in each of the corresponding
|
||||
* fw_util_<fw-type>.c files.
|
||||
*/
|
||||
void fw_config_init(fko_srv_options_t *opts);
|
||||
void fw_initialize(const fko_srv_options_t *opts);
|
||||
int fw_cleanup(const fko_srv_options_t *opts);
|
||||
void check_firewall_rules(const fko_srv_options_t *opts);
|
||||
int fw_dump_rules(const fko_srv_options_t *opts);
|
||||
int process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spdat);
|
||||
void fw_config_init(fko_srv_options_t * const opts);
|
||||
void fw_initialize(const fko_srv_options_t * const opts);
|
||||
int fw_cleanup(const fko_srv_options_t * const opts);
|
||||
void check_firewall_rules(const fko_srv_options_t * const opts);
|
||||
int fw_dump_rules(const fko_srv_options_t * const opts);
|
||||
int process_spa_request(const fko_srv_options_t * const opts,
|
||||
const acc_stanza_t * const acc, spa_data_t * const spadat);
|
||||
|
||||
#endif /* FW_UTIL_H */
|
||||
|
||||
|
||||
@ -53,7 +53,7 @@ zero_cmd_buffers(void)
|
||||
}
|
||||
|
||||
static int
|
||||
comment_match_exists(const fko_srv_options_t *opts)
|
||||
comment_match_exists(const fko_srv_options_t * const opts)
|
||||
{
|
||||
int res = 1;
|
||||
char *ndx = NULL;
|
||||
@ -117,7 +117,7 @@ comment_match_exists(const fko_srv_options_t *opts)
|
||||
}
|
||||
|
||||
static int
|
||||
add_jump_rule(const fko_srv_options_t *opts, const int chain_num)
|
||||
add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
|
||||
{
|
||||
int res = 0;
|
||||
|
||||
@ -148,7 +148,7 @@ add_jump_rule(const fko_srv_options_t *opts, const int chain_num)
|
||||
}
|
||||
|
||||
static int
|
||||
chain_exists(const fko_srv_options_t *opts, const int chain_num)
|
||||
chain_exists(const fko_srv_options_t * const opts, const int chain_num)
|
||||
{
|
||||
int res = 0;
|
||||
|
||||
@ -227,7 +227,7 @@ jump_rule_exists(const int chain_num)
|
||||
* daemon to stdout.
|
||||
*/
|
||||
int
|
||||
fw_dump_rules(const fko_srv_options_t *opts)
|
||||
fw_dump_rules(const fko_srv_options_t * const opts)
|
||||
{
|
||||
int i;
|
||||
int res, got_err = 0;
|
||||
@ -312,7 +312,7 @@ fw_dump_rules(const fko_srv_options_t *opts)
|
||||
/* Quietly flush and delete all fwknop custom chains.
|
||||
*/
|
||||
static void
|
||||
delete_all_chains(const fko_srv_options_t *opts)
|
||||
delete_all_chains(const fko_srv_options_t * const opts)
|
||||
{
|
||||
int i, res;
|
||||
int jump_rule_num;
|
||||
@ -374,7 +374,7 @@ delete_all_chains(const fko_srv_options_t *opts)
|
||||
}
|
||||
|
||||
static int
|
||||
create_chain(const fko_srv_options_t *opts, const int chain_num)
|
||||
create_chain(const fko_srv_options_t * const opts, const int chain_num)
|
||||
{
|
||||
int res = 0;
|
||||
|
||||
@ -404,7 +404,7 @@ create_chain(const fko_srv_options_t *opts, const int chain_num)
|
||||
/* Create the fwknop custom chains (at least those that are configured).
|
||||
*/
|
||||
static int
|
||||
create_fw_chains(const fko_srv_options_t *opts)
|
||||
create_fw_chains(const fko_srv_options_t * const opts)
|
||||
{
|
||||
int i, got_err = 0;
|
||||
|
||||
@ -431,18 +431,23 @@ create_fw_chains(const fko_srv_options_t *opts)
|
||||
return(got_err);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
set_fw_chain_conf(const int type, char *conf_str)
|
||||
set_fw_chain_conf(const int type, const char * const conf_str)
|
||||
{
|
||||
int i, j;
|
||||
char tbuf[1024] = {0};
|
||||
char *ndx = conf_str;
|
||||
const char *ndx = conf_str;
|
||||
|
||||
char *chain_fields[FW_NUM_CHAIN_FIELDS];
|
||||
|
||||
struct fw_chain *chain = &(fwc.chain[type]);
|
||||
|
||||
if(conf_str == NULL)
|
||||
{
|
||||
fprintf(stderr, "[*] NULL conf_str.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
chain->type = type;
|
||||
|
||||
if(ndx != NULL)
|
||||
@ -497,7 +502,7 @@ set_fw_chain_conf(const int type, char *conf_str)
|
||||
}
|
||||
|
||||
void
|
||||
fw_config_init(fko_srv_options_t *opts)
|
||||
fw_config_init(fko_srv_options_t * const opts)
|
||||
{
|
||||
|
||||
memset(&fwc, 0x0, sizeof(struct fw_config));
|
||||
@ -553,7 +558,7 @@ fw_config_init(fko_srv_options_t *opts)
|
||||
}
|
||||
|
||||
void
|
||||
fw_initialize(const fko_srv_options_t *opts)
|
||||
fw_initialize(const fko_srv_options_t * const opts)
|
||||
{
|
||||
int res;
|
||||
|
||||
@ -583,7 +588,7 @@ fw_initialize(const fko_srv_options_t *opts)
|
||||
}
|
||||
|
||||
int
|
||||
fw_cleanup(const fko_srv_options_t *opts)
|
||||
fw_cleanup(const fko_srv_options_t * const opts)
|
||||
{
|
||||
if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_EXIT], "N", 1) == 0)
|
||||
return(0);
|
||||
@ -593,7 +598,8 @@ fw_cleanup(const fko_srv_options_t *opts)
|
||||
}
|
||||
|
||||
static int
|
||||
rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
|
||||
rule_exists(const fko_srv_options_t * const opts,
|
||||
const char * const fw_chain, const char * const fw_rule)
|
||||
{
|
||||
int rule_exists = 0;
|
||||
int res = 0;
|
||||
@ -623,7 +629,8 @@ rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_
|
||||
return rule_exists;
|
||||
}
|
||||
|
||||
static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
|
||||
static int create_rule(const fko_srv_options_t * const opts,
|
||||
const char * const fw_chain, const char * const fw_rule)
|
||||
{
|
||||
int res;
|
||||
|
||||
@ -657,7 +664,8 @@ static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, cons
|
||||
/* Rule Processing - Create an access request...
|
||||
*/
|
||||
int
|
||||
process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spadat)
|
||||
process_spa_request(const fko_srv_options_t * const opts,
|
||||
const acc_stanza_t * const acc, spa_data_t * const spadat)
|
||||
{
|
||||
char nat_ip[MAX_IPV4_STR_LEN] = {0};
|
||||
char snat_target[SNAT_TARGET_BUFSIZE] = {0};
|
||||
@ -667,15 +675,15 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_
|
||||
unsigned int nat_port = 0;
|
||||
|
||||
acc_port_list_t *port_list = NULL;
|
||||
acc_port_list_t *ple;
|
||||
acc_port_list_t *ple = NULL;
|
||||
|
||||
unsigned int fst_proto;
|
||||
unsigned int fst_port;
|
||||
|
||||
struct fw_chain *in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
|
||||
struct fw_chain *out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
|
||||
struct fw_chain *fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
|
||||
struct fw_chain *dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
|
||||
struct fw_chain * const in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
|
||||
struct fw_chain * const out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
|
||||
struct fw_chain * const fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
|
||||
struct fw_chain * const dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
|
||||
struct fw_chain *snat_chain; /* We assign this later (if we need to). */
|
||||
|
||||
int res = 0;
|
||||
@ -1010,7 +1018,7 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_
|
||||
* firewall rules.
|
||||
*/
|
||||
void
|
||||
check_firewall_rules(const fko_srv_options_t *opts)
|
||||
check_firewall_rules(const fko_srv_options_t * const opts)
|
||||
{
|
||||
char exp_str[12];
|
||||
char rule_num_str[6];
|
||||
|
||||
@ -42,9 +42,10 @@
|
||||
|
||||
/* Prototypes
|
||||
*/
|
||||
static void check_dir_path(const char *path, const char *path_name, const unsigned char use_basename);
|
||||
static int make_dir_path(const char *path);
|
||||
static void daemonize_process(fko_srv_options_t *opts);
|
||||
static void check_dir_path(const char * const path,
|
||||
const char * const path_name, const unsigned char use_basename);
|
||||
static int make_dir_path(const char * const path);
|
||||
static void daemonize_process(fko_srv_options_t * const opts);
|
||||
static int write_pid_file(fko_srv_options_t *opts);
|
||||
static pid_t get_running_pid(const fko_srv_options_t *opts);
|
||||
|
||||
@ -381,7 +382,7 @@ main(int argc, char **argv)
|
||||
/* Ensure the specified directory exists. If not, create it or die.
|
||||
*/
|
||||
static void
|
||||
check_dir_path(const char *filepath, const char *fp_desc, const unsigned char use_basename)
|
||||
check_dir_path(const char * const filepath, const char * const fp_desc, const unsigned char use_basename)
|
||||
{
|
||||
struct stat st;
|
||||
int res = 0;
|
||||
@ -466,7 +467,7 @@ check_dir_path(const char *filepath, const char *fp_desc, const unsigned char us
|
||||
}
|
||||
|
||||
static int
|
||||
make_dir_path(const char *run_dir)
|
||||
make_dir_path(const char * const run_dir)
|
||||
{
|
||||
struct stat st;
|
||||
int res = 0, len = 0;
|
||||
@ -535,7 +536,7 @@ make_dir_path(const char *run_dir)
|
||||
* and close unneeded standard filehandles.
|
||||
*/
|
||||
static void
|
||||
daemonize_process(fko_srv_options_t *opts)
|
||||
daemonize_process(fko_srv_options_t * const opts)
|
||||
{
|
||||
pid_t pid, old_pid;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user