diff options
Diffstat (limited to 'src/acl.c')
-rw-r--r-- | src/acl.c | 146 |
1 files changed, 73 insertions, 73 deletions
@@ -72,13 +72,13 @@ static vector_t access_list = NULL; */ inline static int fill_netmask_array (char *bitmask_string, unsigned char array[], - unsigned int len) + unsigned int len) { unsigned int i; long int mask; char *endptr; - errno = 0; /* to distinguish success/failure after call */ + errno = 0; /* to distinguish success/failure after call */ mask = strtol (bitmask_string, &endptr, 10); /* check for various conversion errors */ @@ -94,19 +94,19 @@ fill_netmask_array (char *bitmask_string, unsigned char array[], for (i = 0; i != len; ++i) { if (mask >= 8) - { - array[i] = 0xff; - mask -= 8; - } + { + array[i] = 0xff; + mask -= 8; + } else if (mask > 0) - { - array[i] = (unsigned char) (0xff << (8 - mask)); - mask = 0; - } + { + array[i] = (unsigned char) (0xff << (8 - mask)); + mask = 0; + } else - { - array[i] = 0; - } + { + array[i] = 0; + } } return 0; @@ -138,10 +138,10 @@ insert_acl (char *location, acl_access_t access_type) { access_list = vector_create (); if (!access_list) - { - log_message (LOG_ERR, "Unable to allocate memory for access list"); - return -1; - } + { + log_message (LOG_ERR, "Unable to allocate memory for access list"); + return -1; + } } /* @@ -167,30 +167,30 @@ insert_acl (char *location, acl_access_t access_type) */ p = strchr (location, '/'); if (p != NULL) - { - /* - * We have a slash, so it's intended to be an - * IP address with mask - */ - *p = '\0'; - if (full_inet_pton (location, ip_dst) <= 0) - return -1; - - acl.type = ACL_NUMERIC; - memcpy (acl.address.ip.octet, ip_dst, IPV6_LEN); - - if (fill_netmask_array (p + 1, &(acl.address.ip.mask[0]), IPV6_LEN) - < 0) - return -1; - } + { + /* + * We have a slash, so it's intended to be an + * IP address with mask + */ + *p = '\0'; + if (full_inet_pton (location, ip_dst) <= 0) + return -1; + + acl.type = ACL_NUMERIC; + memcpy (acl.address.ip.octet, ip_dst, IPV6_LEN); + + if (fill_netmask_array (p + 1, &(acl.address.ip.mask[0]), IPV6_LEN) + < 0) + return -1; + } else - { - /* In all likelihood a string */ - acl.type = ACL_STRING; - acl.address.string = safestrdup (location); - if (!acl.address.string) - return -1; - } + { + /* In all likelihood a string */ + acl.type = ACL_STRING; + acl.address.string = safestrdup (location); + if (!acl.address.string) + return -1; + } } /* @@ -212,7 +212,7 @@ insert_acl (char *location, acl_access_t access_type) */ static int acl_string_processing (struct acl_s *acl, - const char *ip_address, const char *string_address) + const char *ip_address, const char *string_address) { int match; struct addrinfo hints, *res, *ressave; @@ -234,31 +234,31 @@ acl_string_processing (struct acl_s *acl, hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (getaddrinfo (acl->address.string, NULL, &hints, &res) != 0) - goto STRING_TEST; + goto STRING_TEST; ressave = res; match = FALSE; do - { - get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf)); - if (strcmp (ip_address, ipbuf) == 0) - { - match = TRUE; - break; - } - } + { + get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf)); + if (strcmp (ip_address, ipbuf) == 0) + { + match = TRUE; + break; + } + } while ((res = res->ai_next) != NULL); freeaddrinfo (ressave); if (match) - { - if (acl->access == ACL_DENY) - return 0; - else - return 1; - } + { + if (acl->access == ACL_DENY) + return 0; + else + return 1; + } } STRING_TEST: @@ -277,9 +277,9 @@ STRING_TEST: acl->address.string) == 0) { if (acl->access == ACL_DENY) - return 0; + return 0; else - return 1; + return 1; } /* Indicate that no tests succeeded, so skip to next control. */ @@ -313,7 +313,7 @@ check_numeric_acl (const struct acl_s *acl, const char *ip) /* If x and y don't match, the IP addresses don't match */ if (x != y) - return 0; + return 0; } /* The addresses match, return the permission */ @@ -348,32 +348,32 @@ check_acl (int fd, const char *ip, const char *host) { acl = vector_getentry (access_list, i, NULL); switch (acl->type) - { - case ACL_STRING: - perm = acl_string_processing (acl, ip, host); - break; - - case ACL_NUMERIC: - if (ip[0] == '\0') - continue; - perm = check_numeric_acl (acl, ip); - break; - } + { + case ACL_STRING: + perm = acl_string_processing (acl, ip, host); + break; + + case ACL_NUMERIC: + if (ip[0] == '\0') + continue; + perm = check_numeric_acl (acl, ip); + break; + } /* * Check the return value too see if the IP address is * allowed or denied. */ if (perm == 0) - break; + break; else if (perm == 1) - return perm; + return perm; } /* * Deny all connections by default. */ log_message (LOG_NOTICE, "Unauthorized connection from \"%s\" [%s].", - host, ip); + host, ip); return 0; } |