else
fprintf(stderr, "Unable to open rc file: %s: %s\n",
rcfile, strerror(errno));
-
+
return;
}
}
} /* end while fgets rc */
+ fclose(rc);
}
/* Sanity and bounds checks for the various options.
fko_destroy(ctx);
+ free_configs(&options);
+
return(EXIT_SUCCESS);
}
+void
+free_configs(fko_cli_options_t *opts)
+{
+ if (opts->resolve_url != NULL)
+ free(opts->resolve_url);
+}
+
static int
get_rand_port(fko_ctx_t ctx)
{
extern fko_cli_options_t options;
+void free_configs(fko_cli_options_t *opts);
+
#endif /* FWKNOP_COMMON_H */
/***EOF***/
if(ctx->username == NULL)
return(FKO_ERROR_MEMORY_ALLOCATION);
-
return(FKO_SUCCESS);
}
last_stl = stl;
stl = last_stl->next;
+ free(last_stl->str);
free(last_stl);
}
}
log_msg(LOG_ERR,
"Fatal memory allocation error adding access stanza"
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* If this is not the first acc entry, we walk our acc pointer to the
fprintf(stderr, "[*] Access file: '%s' was not found.\n",
opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
if ((file_ptr = fopen(opts->config[CONF_ACCESS_FILE], "r")) == NULL)
opts->config[CONF_ACCESS_FILE]);
perror(NULL);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Initialize the access list.
fprintf(stderr,
"[*] Data error in access file: '%s'\n",
opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
fprintf(stderr,
"[*] KEY value is not properly set in stanza source '%s' in access file: '%s'\n",
curr_acc->source, opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
add_acc_string(&(curr_acc->key), val);
}
{
fprintf(stderr, "Unable to determine UID for CMD_EXEC_USER: %s.\n",
errno ? strerror(errno) : "Not a user on this system");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
curr_acc->cmd_exec_uid = pw->pw_uid;
fprintf(stderr,
"[*] GPG_HOME_DIR directory '%s' stat()/existence problem in stanza source '%s' in access file: '%s'\n",
val, curr_acc->source, opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
else if(CONF_VAR_IS(var, "GPG_DECRYPT_ID"))
fprintf(stderr,
"[*] GPG_DECRYPT_PW value is not properly set in stanza source '%s' in access file: '%s'\n",
curr_acc->source, opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
add_acc_string(&(curr_acc->gpg_decrypt_pw), val);
}
fprintf(stderr,
"[*] Could not find valid SOURCE stanza in access file: '%s'\n",
opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Sanity check the last stanza
fprintf(stderr,
"[*] Data error in access file: '%s'\n",
opts->config[CONF_ACCESS_FILE]);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Expand our the expandable fields into their respective data buckets.
if(var_ndx < 0 || var_ndx >= NUMBER_OF_CONFIG_ENTRIES)
{
fprintf(stderr, "Index value of %i is not valid\n", var_ndx);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* If this particular entry was already set (i.e. not NULL), then
if(opts->config[var_ndx] == NULL)
{
fprintf(stderr, "*Fatal memory allocation error!\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
strlcpy(opts->config[var_ndx], value, space_needed);
{
fprintf(stderr, "[*] Config file: '%s' was not found.\n",
config_file);
-
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
if ((cfile_ptr = fopen(config_file, "r")) == NULL)
config_file);
perror(NULL);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
while ((fgets(conf_line_buf, MAX_LINE_LEN, cfile_ptr)) != NULL)
fprintf(stderr,
"The -D, -K, -R, and -S options are mutually exclusive. Pick only one.\n"
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
if(opts->config[CONF_FIREWALL_EXE] == NULL)
fprintf(stderr,
"No firewall command executable is set. Please check FIREWALL_EXE in fwknopd.conf.\n"
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
return;
switch(cmd_arg) {
case 'h':
usage();
- exit(EXIT_SUCCESS);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_SUCCESS);
break;
/* Look for configuration file arg.
fprintf(stderr,
"[*] Directory '%s' could not stat()/does not exist?\n",
optarg);
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case 'i':
break;
case 'V':
fprintf(stdout, "fwknopd server %s\n", MY_VERSION);
- exit(EXIT_SUCCESS);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_SUCCESS);
break;
default:
usage();
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
if(res != 0)
{
fprintf(stderr, "Warning: Errors detected during fwknop custom chain creation.\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
if(res != 0)
{
fprintf(stderr, "Fatal: Errors detected during ipfw rules initialization.\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Allocate our rule_map array for tracking active (and expired) rules.
if(fwc.rule_map == NULL)
{
fprintf(stderr, "Fatal: Memory allocation error in fw_initialize.\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Create a check-state rule if necessary.
if (! anchor_active(opts))
{
fprintf(stderr, "Warning: the fwknop anchor is not active in the pf policy\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Delete any existing rules in the fwknop anchor
if(res == 0)
{
fprintf(stdout, "Killed fwknopd (pid=%i)\n", old_pid);
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_SUCCESS);
}
else
{
perror("Unable to kill fwknop: ");
- exit(EXIT_FAILURE);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
else
{
fprintf(stderr, "No running fwknopd detected.\n");
- exit(EXIT_FAILURE);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
else
fprintf(stdout, "No running fwknopd detected.\n");
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_SUCCESS);
}
/* Restart the currently running fwknopd?
if(res == 0)
{
fprintf(stdout, "Sent restart signal to fwknopd (pid=%i)\n", old_pid);
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_SUCCESS);
}
else
{
perror("Unable to send signal to fwknop: ");
- exit(EXIT_FAILURE);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
else
{
fprintf(stdout, "No running fwknopd detected.\n");
- exit(EXIT_FAILURE);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
}
if(opts.fw_list == 1 || opts.fw_list_all == 1)
{
fw_dump_rules(&opts);
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_SUCCESS);
}
if(opts.fw_flush == 1)
{
fprintf(stdout, "Deleting any existing firewall rules...\n");
- fw_cleanup(&opts);
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, FW_CLEANUP, EXIT_SUCCESS);
}
/* Process the access.conf file.
{
dump_config(&opts);
dump_access_list(&opts);
- exit(EXIT_SUCCESS);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_SUCCESS);
}
/* If we are a new process (just being started), proceed with normal
"* An instance of fwknopd is already running: (PID=%i).\n", old_pid
);
- exit(EXIT_FAILURE);
+ clean_exit(&opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
else if(old_pid < 0)
{
return(rpid);
}
+void
+clean_exit(fko_srv_options_t *opts, unsigned int fw_cleanup_flag, unsigned int exit_status)
+{
+ if(fw_cleanup_flag == FW_CLEANUP)
+ fw_cleanup(opts);
+
+#if USE_FILE_CACHE
+ free_replay_list(opts);
+#endif
+
+ free_logging();
+ free_configs(opts);
+ exit(exit_status);
+}
+
/***EOF***/
extern fko_srv_options_t options;
+/* For cleaning up memory before exiting
+*/
+#define FW_CLEANUP 1
+#define NO_FW_CLEANUP 0
+void clean_exit(fko_srv_options_t *opts, unsigned int fw_cleanup_flag, unsigned int exit_status);
+
#endif /* FWKNOPD_COMMON_H */
/***EOF***/
/* Now decrypt the data.
*/
res = fko_decrypt_spa_data(ctx, acc->gpg_decrypt_pw);
+
}
else
{
if(log_name == NULL)
{
fprintf(stderr, "Memory allocation error setting log_name!\n");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* Set our name.
if(pcap == NULL)
{
log_msg(LOG_ERR, "[*] pcap_open_live error: %s\n", errstr);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
if (pcap == NULL)
{
log_msg(LOG_ERR, "[*] pcap error: %s", errstr);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Set pcap filters, if any.
log_msg(LOG_ERR, "[*] Error compiling pcap filter: %s",
pcap_geterr(pcap)
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
if(pcap_setfilter(pcap, &fp) == -1)
log_msg(LOG_ERR, "[*] Error setting pcap filter: %s",
pcap_geterr(pcap)
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
log_msg(LOG_INFO, "PCAP filter is: %s", opts->config[CONF_PCAP_FILTER]);
log_msg(LOG_ERR, "[*] Error setting pcap nonblocking to %i: %s",
0, errstr
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Initialize our signal handlers. You can check the return value for
log_msg(LOG_ERR, "[*] %i consecutive pcap errors. Giving up",
pcap_errcnt
);
- exit(EXIT_FAILURE);
+ clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
}
else if(pending_break == 1 || res == -2)
if(new_file == NULL)
{
log_msg(LOG_ERR, "rotate_digest_cache_file: Memory allocation error.");
- exit(EXIT_FAILURE);
+ clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
/* The new filename is just the original with a trailing '-old'.
projects / fwknop.git / commitdiff