summaryrefslogtreecommitdiff
path: root/src/acl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/acl.c')
-rw-r--r--src/acl.c146
1 files changed, 73 insertions, 73 deletions
diff --git a/src/acl.c b/src/acl.c
index 50cc73f..02155d9 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -72,13 +72,13 @@ static vector_t access_list = NULL;
*/
inline static int
fill_netmask_array (char *bitmask_string, unsigned char array[],
- unsigned int len)
+ unsigned int len)
{
unsigned int i;
long int mask;
char *endptr;
- errno = 0; /* to distinguish success/failure after call */
+ errno = 0; /* to distinguish success/failure after call */
mask = strtol (bitmask_string, &endptr, 10);
/* check for various conversion errors */
@@ -94,19 +94,19 @@ fill_netmask_array (char *bitmask_string, unsigned char array[],
for (i = 0; i != len; ++i)
{
if (mask >= 8)
- {
- array[i] = 0xff;
- mask -= 8;
- }
+ {
+ array[i] = 0xff;
+ mask -= 8;
+ }
else if (mask > 0)
- {
- array[i] = (unsigned char) (0xff << (8 - mask));
- mask = 0;
- }
+ {
+ array[i] = (unsigned char) (0xff << (8 - mask));
+ mask = 0;
+ }
else
- {
- array[i] = 0;
- }
+ {
+ array[i] = 0;
+ }
}
return 0;
@@ -138,10 +138,10 @@ insert_acl (char *location, acl_access_t access_type)
{
access_list = vector_create ();
if (!access_list)
- {
- log_message (LOG_ERR, "Unable to allocate memory for access list");
- return -1;
- }
+ {
+ log_message (LOG_ERR, "Unable to allocate memory for access list");
+ return -1;
+ }
}
/*
@@ -167,30 +167,30 @@ insert_acl (char *location, acl_access_t access_type)
*/
p = strchr (location, '/');
if (p != NULL)
- {
- /*
- * We have a slash, so it's intended to be an
- * IP address with mask
- */
- *p = '\0';
- if (full_inet_pton (location, ip_dst) <= 0)
- return -1;
-
- acl.type = ACL_NUMERIC;
- memcpy (acl.address.ip.octet, ip_dst, IPV6_LEN);
-
- if (fill_netmask_array (p + 1, &(acl.address.ip.mask[0]), IPV6_LEN)
- < 0)
- return -1;
- }
+ {
+ /*
+ * We have a slash, so it's intended to be an
+ * IP address with mask
+ */
+ *p = '\0';
+ if (full_inet_pton (location, ip_dst) <= 0)
+ return -1;
+
+ acl.type = ACL_NUMERIC;
+ memcpy (acl.address.ip.octet, ip_dst, IPV6_LEN);
+
+ if (fill_netmask_array (p + 1, &(acl.address.ip.mask[0]), IPV6_LEN)
+ < 0)
+ return -1;
+ }
else
- {
- /* In all likelihood a string */
- acl.type = ACL_STRING;
- acl.address.string = safestrdup (location);
- if (!acl.address.string)
- return -1;
- }
+ {
+ /* In all likelihood a string */
+ acl.type = ACL_STRING;
+ acl.address.string = safestrdup (location);
+ if (!acl.address.string)
+ return -1;
+ }
}
/*
@@ -212,7 +212,7 @@ insert_acl (char *location, acl_access_t access_type)
*/
static int
acl_string_processing (struct acl_s *acl,
- const char *ip_address, const char *string_address)
+ const char *ip_address, const char *string_address)
{
int match;
struct addrinfo hints, *res, *ressave;
@@ -234,31 +234,31 @@ acl_string_processing (struct acl_s *acl,
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo (acl->address.string, NULL, &hints, &res) != 0)
- goto STRING_TEST;
+ goto STRING_TEST;
ressave = res;
match = FALSE;
do
- {
- get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf));
- if (strcmp (ip_address, ipbuf) == 0)
- {
- match = TRUE;
- break;
- }
- }
+ {
+ get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf));
+ if (strcmp (ip_address, ipbuf) == 0)
+ {
+ match = TRUE;
+ break;
+ }
+ }
while ((res = res->ai_next) != NULL);
freeaddrinfo (ressave);
if (match)
- {
- if (acl->access == ACL_DENY)
- return 0;
- else
- return 1;
- }
+ {
+ if (acl->access == ACL_DENY)
+ return 0;
+ else
+ return 1;
+ }
}
STRING_TEST:
@@ -277,9 +277,9 @@ STRING_TEST:
acl->address.string) == 0)
{
if (acl->access == ACL_DENY)
- return 0;
+ return 0;
else
- return 1;
+ return 1;
}
/* Indicate that no tests succeeded, so skip to next control. */
@@ -313,7 +313,7 @@ check_numeric_acl (const struct acl_s *acl, const char *ip)
/* If x and y don't match, the IP addresses don't match */
if (x != y)
- return 0;
+ return 0;
}
/* The addresses match, return the permission */
@@ -348,32 +348,32 @@ check_acl (int fd, const char *ip, const char *host)
{
acl = vector_getentry (access_list, i, NULL);
switch (acl->type)
- {
- case ACL_STRING:
- perm = acl_string_processing (acl, ip, host);
- break;
-
- case ACL_NUMERIC:
- if (ip[0] == '\0')
- continue;
- perm = check_numeric_acl (acl, ip);
- break;
- }
+ {
+ case ACL_STRING:
+ perm = acl_string_processing (acl, ip, host);
+ break;
+
+ case ACL_NUMERIC:
+ if (ip[0] == '\0')
+ continue;
+ perm = check_numeric_acl (acl, ip);
+ break;
+ }
/*
* Check the return value too see if the IP address is
* allowed or denied.
*/
if (perm == 0)
- break;
+ break;
else if (perm == 1)
- return perm;
+ return perm;
}
/*
* Deny all connections by default.
*/
log_message (LOG_NOTICE, "Unauthorized connection from \"%s\" [%s].",
- host, ip);
+ host, ip);
return 0;
}