summaryrefslogtreecommitdiff
path: root/src/acl.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2010-05-30Minor indent of codeMukund Sivaraman1-1/+2
2010-01-14check_numeric_acl() should return -1 when IPs don't match.David Shanks1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2009-12-07Add access_list to the config struct instead of a global variable in acl.c.Michael Adam1-14/+9
Change insert_acl, check_acl and flush_access_list to take a corresponding argument. Michael
2009-12-07acl: add function flush_access_list().Michael Adam1-0/+24
2009-11-17acl: split initialization of the access_list out into a functionMichael Adam1-10/+20
2009-11-10Fix a segfault in insert_acl and checks against string-type aclsMichael Adam1-4/+0
The "address" member of struct acl_s is a union of a char * and the numeric ip. So freeing the string after appending it to the vector list is bad in two respects: 1. If the acl type was numeric, then this could (and would) lead to a segfault due to the numeric IP data interpreted as pointer to the string to be freed. 2. If the acl type was string, then the acl inserted into the list contained a reference to this address string that was freed. So in the worst case dereferencing this freed string could segfault, or at least this could lead to unexpectedly failing acl checks. Michael
2009-10-10acl: Fix "comparison between signed and unsigned" warning on 32bitMichael Adam1-4/+4
This reads the mask bits as an unsigned int instead of as signend. This is also what mask bits really are - there is no negative mask. :-) Michael
2009-10-10Use size_t not ssize_t for len argument. This is always >= 0.Michael Adam1-1/+1
2009-10-09Use ssize_t for len argumentMukund Sivaraman1-1/+1
2009-09-28Include limits.h for LONG_MAX and LONG_MINMukund Sivaraman1-0/+2
Not including limits.h caused an issue when building on FreeBSD.
2009-09-21Remove trailing comma from acl_type enumMukund Sivaraman1-1/+1
2009-09-20Remove inline keyword from static functionsMukund Sivaraman1-1/+1
The compiler inlines static functions as necessary anyway. No more inline keywords exist in Tinyproxy source code. We want to avoid using this keyword anyway.
2009-09-15Indent code to Tinyproxy coding styleMukund Sivaraman1-256/+226
The modified files were indented with GNU indent using the following command: indent -npro -kr -i8 -ts8 -sob -l80 -ss -cs -cp1 -bs -nlps -nprs -pcs \ -saf -sai -saw -sc -cdw -ce -nut -il0 No other changes of any sort were made.
2009-08-07Rename tinyproxy.[ch] to main.[ch]Mukund Sivaraman1-1/+1
2009-08-04check_acl(): initialize "perm" to eliminate compiler warning.Michael Adam1-1/+1
Provides safe fallback for switch statement, just in case.. Michael
2009-08-04check_acl(): remove the fd argument - it is not used.Michael Adam1-2/+1
Host name and IP address are provided instead. Michael
2009-08-04check_acl(): fix function header comment.Michael Adam1-1/+1
Michael
2009-08-04check_acl(): add explicit cast to return value of vector_getentry()Michael Adam1-1/+1
to reduce compiler warnings. Michael
2009-08-04check_acl(): add cast to recuce compiler warning (unsigned / signed comparison)Michael Adam1-1/+1
vector_lenth() returns < 0 if the vectore is NULL but this has been checked before, so we can safely cast. Michael
2008-12-29Indenting changeMukund Sivaraman1-1/+4
2008-12-08Convert tabs to spacesMukund Sivaraman1-73/+73
2008-12-01Reformat code to GNU coding styleMukund Sivaraman1-239/+264
This is a commit which simply ran all C source code files through GNU indent. No other modifications were made.
2008-08-24pos can never be less than 0 as it's of type size_tMukund Sivaraman1-1/+1
Also fix the type which is passed in from various places.
2008-06-17Add strtol conversion error checkingRobert James Kaes1-4/+15
Moved the strtol() call into fill_netmask_array() and added additional error checking to ensure that the strtol() call succeeded. Error checking code taken from strtol() manpage. Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
2008-06-17Refactored netmask array fill with range checkRobert James Kaes1-8/+39
When building a numeric ACL with netmask, range check the supplied value. In addition, the code to walk the array has been extracted and "simplified". Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
2008-05-24Updated copyright, license notices in source codeMukund Sivaraman1-14/+18
The notices have been changed to a more GNU look. Documentation comments have been separated from the copyright header. I've tried to keep all copyright notices intact. Some author contact details have been updated.
2005-08-15* [Indent] Ran Source Through indentRobert James Kaes1-113/+116
I re-indented the source code using indent with the following options: indent -kr -bad -bap -nut -i8 -l80 -psl -sob -ss -ncs There are now _no_ tabs in the source files, and all indentation is eight spaces. Lines are 80 characters long, and the procedure type is on it's own line. Read the indent manual for more information about what each option means.
2005-07-12* Updated Copyright Email AddressesRobert James Kaes1-2/+2
Updated the copyright email addresses for Robert James Kaes. The users.sourceforge.net address should always exist.
2004-08-24Fixed up the acl_s structure so that it compiles correctly underRobert James Kaes1-21/+21
gcc 2.95.
2004-08-11Completely rewrote the ACL functionality. The new system is intendedRobert James Kaes1-158/+184
to handle IPv6 style addresses along with the existing IPv4 and string addresses. In addition, the hand-rolled "list" code has been replaced with a vector (code reuse.) Also, the code should be a little easier to understand (relatively speaking.) I do need to add some kind of testing framework (in general) to check that the new code does work with all the formats that will be thrown at it.
2004-02-13Removed unnecessary casts (mostly dealing with memory allocation.) IRobert James Kaes1-2/+2
should never have added them in the first place. They don't really buy anything, and they can hide bugs.
2003-07-31Added appropriate casts from (void*) so that the code will compileRobert James Kaes1-3/+5
cleanly with a C++ compiler. (Tested using GCC 3.3)
2002-06-05(acl_string_processing): Moved the string processing code out of check_acl() ↵Robert James Kaes1-31/+88
and into it's own function because it now does two (2) tests. If the ACL string is a complete host name, in other words doesn't start with a period, than a reverse DNS look-up is done on the host name and compared to the IP address of the client; otherwise, the normal text string comparison is done. (check_acl): Moved the string text out of the function and removed some logging code by jumping to the "Deny" code at the end of the function.
2002-05-23Changed the header includes around to reflect the new source layout.Robert James Kaes1-2/+2
2002-04-18Changed all calls to strdup to safestrdup. This should provide betterRobert James Kaes1-2/+2
memory usage tracking.
2002-04-17Changed the check_acl() function to require the peer IP address and stringRobert James Kaes1-11/+5
address from the calling function.
2002-04-09James Flemer cleaned up the make_netmask() function to remove the staticRobert James Kaes1-15/+3
table. Very nice.
2001-11-22Reformated text.Robert James Kaes1-15/+26
2001-11-03Tightened the string/numeric ACL checks.Robert James Kaes1-6/+13
2001-10-25Header reorganization. Basically all system headers are now included inRobert James Kaes1-3/+1
tinyproxy.h and all the other files include the tinyproxy.h header. This moves all the dependancy issues into one file.
2001-09-15Updated the authorization string.Robert James Kaes1-2/+2
2001-09-11Comment cleanup.Robert James Kaes1-2/+3
2001-09-08Changed all the mallocs and callocs to use the new safemalloc andRobert James Kaes1-2/+3
safecalloc.
2001-09-07Error message cleanup.Robert James Kaes1-3/+3
2001-05-27Renamed the access member of struct acl_s to acl_access.Robert James Kaes1-13/+13
Changed some of the types for the various variables to better reflect what they are actually being used for.
2001-05-23Make the netmask static and include the asserts.Robert James Kaes1-2/+8
2000-09-26Updated the free() calls to the safefree() calls.Robert James Kaes1-3/+3
2000-09-12Improvied access control semantics. Allows for a finger control forRobert James Kaes1-0/+214
allowing and denying hosts.