diff --git a/lib/fko.h b/lib/fko.h index 3fa1b372..9a75dc80 100644 --- a/lib/fko.h +++ b/lib/fko.h @@ -202,14 +202,6 @@ typedef enum { #define B64_GPG_PREFIX "hQ" #define B64_GPG_PREFIX_STR_LEN 2 -/* Define the consistent prefixes or salt on some encryption schemes. -*/ -#define B64_RIJNDAEL_SALT "U2FsdGVkX1" -#define B64_RIJNDAEL_SALT_STR_LEN 10 - -#define B64_GPG_PREFIX "hQ" -#define B64_GPG_PREFIX_STR_LEN 2 - /* The context holds the global state and config options, as * well as some intermediate results during processing. This * is an opaque pointer. @@ -238,23 +230,23 @@ enum { /* General api calls */ DLL_API int fko_new(fko_ctx_t *ctx); -DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg, - const char *dec_key, const int dec_key_len, int encryption_mode, - const char *hmac_key, const int hmac_key_len); +DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char * const enc_msg, + const char * const dec_key, const int dec_key_len, int encryption_mode, + const char * const hmac_key, const int hmac_key_len); DLL_API void fko_destroy(fko_ctx_t ctx); -DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key, - const int enc_key_len, const char *hmac_key, const int hmac_key_len); +DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key, + const int enc_key_len, const char * const hmac_key, const int hmac_key_len); /* Set context data functions */ -DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val); -DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user); +DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char * const val); +DLL_API int fko_set_username(fko_ctx_t ctx, const char * const spoof_user); DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset); DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type); -DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string); -DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access); -DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth); +DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char * const msg_string); +DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const nat_access); +DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const server_auth); DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout); DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type); DLL_API int fko_set_spa_digest(fko_ctx_t ctx); @@ -262,26 +254,26 @@ DLL_API int fko_set_raw_spa_digest_type(fko_ctx_t ctx, const short raw_digest_ty DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx); DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type); DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode); -DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg); +DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg); DLL_API int fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode); /* Data processing and misc utility functions */ DLL_API const char* fko_errstr(const int err_code); -DLL_API int fko_encryption_type(const char *enc_data); -DLL_API int fko_key_gen(char *key_base64, char *hmac_key_base64); -DLL_API int fko_base64_encode(unsigned char *in, char *out, int in_len); -DLL_API int fko_base64_decode(const char *in, unsigned char *out); +DLL_API int fko_encryption_type(const char * const enc_data); +DLL_API int fko_key_gen(char * const key_base64, char * const hmac_key_base64); +DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len); +DLL_API int fko_base64_decode(const char * const in, unsigned char *out); DLL_API int fko_encode_spa_data(fko_ctx_t ctx); DLL_API int fko_decode_spa_data(fko_ctx_t ctx); -DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, +DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len); -DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, +DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key, const int dec_key_len); -DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char *hmac_key, +DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char * const hmac_key, const int hmac_key_len); -DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char *hmac_key, +DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char * const hmac_key, const int hmac_key_len); DLL_API int fko_get_hmac_data(fko_ctx_t ctx, char **enc_data); @@ -309,14 +301,14 @@ DLL_API int fko_get_spa_data(fko_ctx_t ctx, char **spa_data); DLL_API int fko_get_version(fko_ctx_t ctx, char **version); /* GPG-related functions */ -DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe); +DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe); DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe); -DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip); +DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char * const recip); DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip); -DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer); +DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer); DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer); -DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir); +DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir); DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir); DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx); @@ -324,21 +316,21 @@ DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx); DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val); DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx, - unsigned char *val); + unsigned char * const val); DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val); DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, - unsigned char *val); + unsigned char * const val); DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id); DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr); DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum); DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat); -DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, - unsigned char *result); -DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *fpr, - unsigned char *result); +DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id, + unsigned char * const result); +DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr, + unsigned char * const result); #ifdef __cplusplus } diff --git a/lib/fko_encryption.c b/lib/fko_encryption.c index ade50dfb..49bd5772 100644 --- a/lib/fko_encryption.c +++ b/lib/fko_encryption.c @@ -439,7 +439,7 @@ fko_get_spa_encryption_mode(fko_ctx_t ctx, int *enc_mode) /* Encrypt the encoded SPA data. */ int -fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len) +fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len) { int res = 0; @@ -485,7 +485,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len) /* Decode, decrypt, and parse SPA data into the context. */ int -fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len) +fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key, const int key_len) { int enc_type, res; @@ -518,7 +518,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len) /* Return the assumed encryption type based on the raw encrypted data. */ int -fko_encryption_type(const char *enc_data) +fko_encryption_type(const char * const enc_data) { int enc_data_len; @@ -587,7 +587,7 @@ fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip) /* Set the GPG home dir. */ int -fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe) +fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe) { #if HAVE_LIBGPGME struct stat st; @@ -657,7 +657,7 @@ fko_get_gpg_recipient(fko_ctx_t ctx, char **recipient) /* Set the GPG signer key name. */ int -fko_set_gpg_signer(fko_ctx_t ctx, const char *signer) +fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer) { #if HAVE_LIBGPGME int res; @@ -717,7 +717,7 @@ fko_get_gpg_signer(fko_ctx_t ctx, char **signer) /* Set the GPG home dir. */ int -fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir) +fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir) { #if HAVE_LIBGPGME struct stat st; @@ -782,7 +782,7 @@ fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val) } int -fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val) +fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char * const val) { #if HAVE_LIBGPGME /* Must be initialized @@ -816,7 +816,7 @@ fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val) } int -fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val) +fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char * const val) { #if HAVE_LIBGPGME /* Must be initialized @@ -962,7 +962,8 @@ fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat) } int -fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result) +fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id, + unsigned char * const result) { #if HAVE_LIBGPGME char *curr_id; @@ -998,7 +999,8 @@ fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result) } int -fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *id, unsigned char *result) +fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const id, + unsigned char * const result) { #if HAVE_LIBGPGME /* Must be initialized diff --git a/lib/fko_funcs.c b/lib/fko_funcs.c index dfb5b0e7..f43018ff 100644 --- a/lib/fko_funcs.c +++ b/lib/fko_funcs.c @@ -170,9 +170,9 @@ fko_new(fko_ctx_t *r_ctx) * and parsing the provided data into the context data. */ int -fko_new_with_data(fko_ctx_t *r_ctx, const char *enc_msg, - const char *dec_key, const int dec_key_len, - int encryption_mode, const char *hmac_key, +fko_new_with_data(fko_ctx_t *r_ctx, const char * const enc_msg, + const char * const dec_key, const int dec_key_len, + int encryption_mode, const char * const hmac_key, const int hmac_key_len) { fko_ctx_t ctx; @@ -350,7 +350,7 @@ fko_destroy(fko_ctx_t ctx) * encode them */ int -fko_key_gen(char *key_base64, char *hmac_key_base64) +fko_key_gen(char * const key_base64, char * const hmac_key_base64) { unsigned char key[RIJNDAEL_MAX_KEYSIZE]; unsigned char hmac_key[SHA256_BLOCK_LEN]; @@ -367,13 +367,13 @@ fko_key_gen(char *key_base64, char *hmac_key_base64) /* Provide an FKO wrapper around base64 encode/decode functions */ int -fko_base64_encode(unsigned char *in, char *out, int in_len) +fko_base64_encode(unsigned char * const in, char * const out, int in_len) { return b64_encode(in, out, in_len); } int -fko_base64_decode(const char *in, unsigned char *out) +fko_base64_decode(const char * const in, unsigned char *out) { return b64_decode(in, out); } @@ -399,8 +399,8 @@ fko_get_version(fko_ctx_t ctx, char **version) */ int fko_spa_data_final(fko_ctx_t ctx, - const char *enc_key, const int enc_key_len, - const char *hmac_key, const int hmac_key_len) + const char * const enc_key, const int enc_key_len, + const char * const hmac_key, const int hmac_key_len) { char *tbuf; int res = 0, data_with_hmac_len = 0; @@ -475,7 +475,7 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data) /* Set the fko SPA encrypted data. */ int -fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg) +fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg) { int enc_msg_len; diff --git a/lib/fko_hmac.c b/lib/fko_hmac.c index 34c3e5bc..9be7f470 100644 --- a/lib/fko_hmac.c +++ b/lib/fko_hmac.c @@ -35,7 +35,7 @@ #include "base64.h" int fko_verify_hmac(fko_ctx_t ctx, - const char *hmac_key, const int hmac_key_len) + const char * const hmac_key, const int hmac_key_len) { char *hmac_digest_from_data = NULL; char *tbuf = NULL; @@ -141,7 +141,7 @@ fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode) } int fko_calculate_hmac(fko_ctx_t ctx, - const char *hmac_key, const int hmac_key_len) + const char * const hmac_key, const int hmac_key_len) { unsigned char hmac[SHA256_DIGEST_STR_LEN] = {0}; char *hmac_base64 = NULL; diff --git a/lib/fko_message.c b/lib/fko_message.c index b057e36d..fefdbf1f 100644 --- a/lib/fko_message.c +++ b/lib/fko_message.c @@ -156,7 +156,7 @@ fko_get_spa_message_type(fko_ctx_t ctx, short *msg_type) /* Set the SPA MESSAGE data */ int -fko_set_spa_message(fko_ctx_t ctx, const char *msg) +fko_set_spa_message(fko_ctx_t ctx, const char * const msg) { int res = FKO_ERROR_UNKNOWN; diff --git a/lib/fko_nat_access.c b/lib/fko_nat_access.c index 03a7cad5..aebaced9 100644 --- a/lib/fko_nat_access.c +++ b/lib/fko_nat_access.c @@ -34,7 +34,7 @@ /* Set the SPA Nat Access data */ int -fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg) +fko_set_spa_nat_access(fko_ctx_t ctx, const char * const msg) { int res = FKO_SUCCESS; diff --git a/lib/fko_rand_value.c b/lib/fko_rand_value.c index 78619137..454bcce5 100644 --- a/lib/fko_rand_value.c +++ b/lib/fko_rand_value.c @@ -48,7 +48,7 @@ /* Set/Generate the SPA data random value string. */ int -fko_set_rand_value(fko_ctx_t ctx, const char *new_val) +fko_set_rand_value(fko_ctx_t ctx, const char * const new_val) { #ifdef WIN32 struct _timeb tb; diff --git a/lib/fko_server_auth.c b/lib/fko_server_auth.c index 51c1c880..d7f53efb 100644 --- a/lib/fko_server_auth.c +++ b/lib/fko_server_auth.c @@ -34,7 +34,7 @@ /* Set the SPA Server Auth data */ int -fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg) +fko_set_spa_server_auth(fko_ctx_t ctx, const char * const msg) { /**************************************** * --DSS This is not supported yet diff --git a/lib/fko_user.c b/lib/fko_user.c index a98135eb..1f504d6e 100644 --- a/lib/fko_user.c +++ b/lib/fko_user.c @@ -38,7 +38,7 @@ /* Get or Set the username for the fko context spa data. */ int -fko_set_username(fko_ctx_t ctx, const char *spoof_user) +fko_set_username(fko_ctx_t ctx, const char * const spoof_user) { char *username = NULL; int res = FKO_SUCCESS; @@ -74,14 +74,14 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user) #endif /* if we still didn't get a username, continue falling back */ - if(username == NULL) - { + if(username == NULL) + { if((username = getenv("USER")) == NULL) - { - username = strdup("NO_USER"); - if(username == NULL) - return(FKO_ERROR_MEMORY_ALLOCATION); - } + { + username = strdup("NO_USER"); + if(username == NULL) + return(FKO_ERROR_MEMORY_ALLOCATION); + } } } } diff --git a/server/fw_util.h b/server/fw_util.h index f958388b..d4830f62 100644 --- a/server/fw_util.h +++ b/server/fw_util.h @@ -59,12 +59,13 @@ * They should be implemented in each of the corresponding * fw_util_.c files. */ -void fw_config_init(fko_srv_options_t *opts); -void fw_initialize(const fko_srv_options_t *opts); -int fw_cleanup(const fko_srv_options_t *opts); -void check_firewall_rules(const fko_srv_options_t *opts); -int fw_dump_rules(const fko_srv_options_t *opts); -int process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spdat); +void fw_config_init(fko_srv_options_t * const opts); +void fw_initialize(const fko_srv_options_t * const opts); +int fw_cleanup(const fko_srv_options_t * const opts); +void check_firewall_rules(const fko_srv_options_t * const opts); +int fw_dump_rules(const fko_srv_options_t * const opts); +int process_spa_request(const fko_srv_options_t * const opts, + const acc_stanza_t * const acc, spa_data_t * const spadat); #endif /* FW_UTIL_H */ diff --git a/server/fw_util_iptables.c b/server/fw_util_iptables.c index d6f798ad..9e77cc2d 100644 --- a/server/fw_util_iptables.c +++ b/server/fw_util_iptables.c @@ -53,7 +53,7 @@ zero_cmd_buffers(void) } static int -comment_match_exists(const fko_srv_options_t *opts) +comment_match_exists(const fko_srv_options_t * const opts) { int res = 1; char *ndx = NULL; @@ -117,7 +117,7 @@ comment_match_exists(const fko_srv_options_t *opts) } static int -add_jump_rule(const fko_srv_options_t *opts, const int chain_num) +add_jump_rule(const fko_srv_options_t * const opts, const int chain_num) { int res = 0; @@ -148,7 +148,7 @@ add_jump_rule(const fko_srv_options_t *opts, const int chain_num) } static int -chain_exists(const fko_srv_options_t *opts, const int chain_num) +chain_exists(const fko_srv_options_t * const opts, const int chain_num) { int res = 0; @@ -227,7 +227,7 @@ jump_rule_exists(const int chain_num) * daemon to stdout. */ int -fw_dump_rules(const fko_srv_options_t *opts) +fw_dump_rules(const fko_srv_options_t * const opts) { int i; int res, got_err = 0; @@ -312,7 +312,7 @@ fw_dump_rules(const fko_srv_options_t *opts) /* Quietly flush and delete all fwknop custom chains. */ static void -delete_all_chains(const fko_srv_options_t *opts) +delete_all_chains(const fko_srv_options_t * const opts) { int i, res; int jump_rule_num; @@ -374,7 +374,7 @@ delete_all_chains(const fko_srv_options_t *opts) } static int -create_chain(const fko_srv_options_t *opts, const int chain_num) +create_chain(const fko_srv_options_t * const opts, const int chain_num) { int res = 0; @@ -404,7 +404,7 @@ create_chain(const fko_srv_options_t *opts, const int chain_num) /* Create the fwknop custom chains (at least those that are configured). */ static int -create_fw_chains(const fko_srv_options_t *opts) +create_fw_chains(const fko_srv_options_t * const opts) { int i, got_err = 0; @@ -431,18 +431,23 @@ create_fw_chains(const fko_srv_options_t *opts) return(got_err); } - static void -set_fw_chain_conf(const int type, char *conf_str) +set_fw_chain_conf(const int type, const char * const conf_str) { int i, j; char tbuf[1024] = {0}; - char *ndx = conf_str; + const char *ndx = conf_str; char *chain_fields[FW_NUM_CHAIN_FIELDS]; struct fw_chain *chain = &(fwc.chain[type]); + if(conf_str == NULL) + { + fprintf(stderr, "[*] NULL conf_str.\n"); + exit(EXIT_FAILURE); + } + chain->type = type; if(ndx != NULL) @@ -497,7 +502,7 @@ set_fw_chain_conf(const int type, char *conf_str) } void -fw_config_init(fko_srv_options_t *opts) +fw_config_init(fko_srv_options_t * const opts) { memset(&fwc, 0x0, sizeof(struct fw_config)); @@ -553,7 +558,7 @@ fw_config_init(fko_srv_options_t *opts) } void -fw_initialize(const fko_srv_options_t *opts) +fw_initialize(const fko_srv_options_t * const opts) { int res; @@ -583,7 +588,7 @@ fw_initialize(const fko_srv_options_t *opts) } int -fw_cleanup(const fko_srv_options_t *opts) +fw_cleanup(const fko_srv_options_t * const opts) { if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_EXIT], "N", 1) == 0) return(0); @@ -593,7 +598,8 @@ fw_cleanup(const fko_srv_options_t *opts) } static int -rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule) +rule_exists(const fko_srv_options_t * const opts, + const char * const fw_chain, const char * const fw_rule) { int rule_exists = 0; int res = 0; @@ -623,7 +629,8 @@ rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_ return rule_exists; } -static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule) +static int create_rule(const fko_srv_options_t * const opts, + const char * const fw_chain, const char * const fw_rule) { int res; @@ -657,7 +664,8 @@ static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, cons /* Rule Processing - Create an access request... */ int -process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spadat) +process_spa_request(const fko_srv_options_t * const opts, + const acc_stanza_t * const acc, spa_data_t * const spadat) { char nat_ip[MAX_IPV4_STR_LEN] = {0}; char snat_target[SNAT_TARGET_BUFSIZE] = {0}; @@ -667,15 +675,15 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_ unsigned int nat_port = 0; acc_port_list_t *port_list = NULL; - acc_port_list_t *ple; + acc_port_list_t *ple = NULL; unsigned int fst_proto; unsigned int fst_port; - struct fw_chain *in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]); - struct fw_chain *out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]); - struct fw_chain *fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]); - struct fw_chain *dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]); + struct fw_chain * const in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]); + struct fw_chain * const out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]); + struct fw_chain * const fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]); + struct fw_chain * const dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]); struct fw_chain *snat_chain; /* We assign this later (if we need to). */ int res = 0; @@ -1010,7 +1018,7 @@ process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_ * firewall rules. */ void -check_firewall_rules(const fko_srv_options_t *opts) +check_firewall_rules(const fko_srv_options_t * const opts) { char exp_str[12]; char rule_num_str[6]; diff --git a/server/fwknopd.c b/server/fwknopd.c index eabd5e7d..47fe9104 100644 --- a/server/fwknopd.c +++ b/server/fwknopd.c @@ -42,9 +42,10 @@ /* Prototypes */ -static void check_dir_path(const char *path, const char *path_name, const unsigned char use_basename); -static int make_dir_path(const char *path); -static void daemonize_process(fko_srv_options_t *opts); +static void check_dir_path(const char * const path, + const char * const path_name, const unsigned char use_basename); +static int make_dir_path(const char * const path); +static void daemonize_process(fko_srv_options_t * const opts); static int write_pid_file(fko_srv_options_t *opts); static pid_t get_running_pid(const fko_srv_options_t *opts); @@ -381,7 +382,7 @@ main(int argc, char **argv) /* Ensure the specified directory exists. If not, create it or die. */ static void -check_dir_path(const char *filepath, const char *fp_desc, const unsigned char use_basename) +check_dir_path(const char * const filepath, const char * const fp_desc, const unsigned char use_basename) { struct stat st; int res = 0; @@ -466,7 +467,7 @@ check_dir_path(const char *filepath, const char *fp_desc, const unsigned char us } static int -make_dir_path(const char *run_dir) +make_dir_path(const char * const run_dir) { struct stat st; int res = 0, len = 0; @@ -535,7 +536,7 @@ make_dir_path(const char *run_dir) * and close unneeded standard filehandles. */ static void -daemonize_process(fko_srv_options_t *opts) +daemonize_process(fko_srv_options_t * const opts) { pid_t pid, old_pid;