#define B64_GPG_PREFIX "hQ"
#define B64_GPG_PREFIX_STR_LEN 2
-/* Define the consistent prefixes or salt on some encryption schemes.
-*/
-#define B64_RIJNDAEL_SALT "U2FsdGVkX1"
-#define B64_RIJNDAEL_SALT_STR_LEN 10
-
-#define B64_GPG_PREFIX "hQ"
-#define B64_GPG_PREFIX_STR_LEN 2
-
/* The context holds the global state and config options, as
* well as some intermediate results during processing. This
* is an opaque pointer.
/* General api calls
*/
DLL_API int fko_new(fko_ctx_t *ctx);
-DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg,
- const char *dec_key, const int dec_key_len, int encryption_mode,
- const char *hmac_key, const int hmac_key_len);
+DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char * const enc_msg,
+ const char * const dec_key, const int dec_key_len, int encryption_mode,
+ const char * const hmac_key, const int hmac_key_len);
DLL_API void fko_destroy(fko_ctx_t ctx);
-DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key,
- const int enc_key_len, const char *hmac_key, const int hmac_key_len);
+DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key,
+ const int enc_key_len, const char * const hmac_key, const int hmac_key_len);
/* Set context data functions
*/
-DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val);
-DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user);
+DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char * const val);
+DLL_API int fko_set_username(fko_ctx_t ctx, const char * const spoof_user);
DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
-DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string);
-DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access);
-DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth);
+DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char * const msg_string);
+DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const nat_access);
+DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const server_auth);
DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode);
-DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg);
+DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg);
DLL_API int fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode);
/* Data processing and misc utility functions
*/
DLL_API const char* fko_errstr(const int err_code);
-DLL_API int fko_encryption_type(const char *enc_data);
-DLL_API int fko_key_gen(char *key_base64, char *hmac_key_base64);
-DLL_API int fko_base64_encode(unsigned char *in, char *out, int in_len);
-DLL_API int fko_base64_decode(const char *in, unsigned char *out);
+DLL_API int fko_encryption_type(const char * const enc_data);
+DLL_API int fko_key_gen(char * const key_base64, char * const hmac_key_base64);
+DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len);
+DLL_API int fko_base64_decode(const char * const in, unsigned char *out);
DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
-DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key,
+DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key,
const int enc_key_len);
-DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key,
+DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key,
const int dec_key_len);
-DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char *hmac_key,
+DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char * const hmac_key,
const int hmac_key_len);
-DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char *hmac_key,
+DLL_API int fko_calculate_hmac(fko_ctx_t ctx, const char * const hmac_key,
const int hmac_key_len);
DLL_API int fko_get_hmac_data(fko_ctx_t ctx, char **enc_data);
DLL_API int fko_get_version(fko_ctx_t ctx, char **version);
/* GPG-related functions */
-DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe);
+DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe);
DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe);
-DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip);
+DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char * const recip);
DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip);
-DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer);
+DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer);
DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer);
-DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir);
+DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir);
DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx,
const unsigned char val);
DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx,
- unsigned char *val);
+ unsigned char * const val);
DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx,
const unsigned char val);
DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx,
- unsigned char *val);
+ unsigned char * const val);
DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);
DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr);
DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum);
DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat);
-DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id,
- unsigned char *result);
-DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *fpr,
- unsigned char *result);
+DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
+ unsigned char * const result);
+DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr,
+ unsigned char * const result);
#ifdef __cplusplus
}
/* Encrypt the encoded SPA data.
*/
int
-fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
+fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len)
{
int res = 0;
/* Decode, decrypt, and parse SPA data into the context.
*/
int
-fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key, const int key_len)
+fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key, const int key_len)
{
int enc_type, res;
/* Return the assumed encryption type based on the raw encrypted data.
*/
int
-fko_encryption_type(const char *enc_data)
+fko_encryption_type(const char * const enc_data)
{
int enc_data_len;
/* Set the GPG home dir.
*/
int
-fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe)
+fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe)
{
#if HAVE_LIBGPGME
struct stat st;
/* Set the GPG signer key name.
*/
int
-fko_set_gpg_signer(fko_ctx_t ctx, const char *signer)
+fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer)
{
#if HAVE_LIBGPGME
int res;
/* Set the GPG home dir.
*/
int
-fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir)
+fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir)
{
#if HAVE_LIBGPGME
struct stat st;
}
int
-fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val)
+fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char * const val)
{
#if HAVE_LIBGPGME
/* Must be initialized
}
int
-fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val)
+fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char * const val)
{
#if HAVE_LIBGPGME
/* Must be initialized
}
int
-fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result)
+fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
+ unsigned char * const result)
{
#if HAVE_LIBGPGME
char *curr_id;
}
int
-fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *id, unsigned char *result)
+fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const id,
+ unsigned char * const result)
{
#if HAVE_LIBGPGME
/* Must be initialized
* and parsing the provided data into the context data.
*/
int
-fko_new_with_data(fko_ctx_t *r_ctx, const char *enc_msg,
- const char *dec_key, const int dec_key_len,
- int encryption_mode, const char *hmac_key,
+fko_new_with_data(fko_ctx_t *r_ctx, const char * const enc_msg,
+ const char * const dec_key, const int dec_key_len,
+ int encryption_mode, const char * const hmac_key,
const int hmac_key_len)
{
fko_ctx_t ctx;
* encode them
*/
int
-fko_key_gen(char *key_base64, char *hmac_key_base64)
+fko_key_gen(char * const key_base64, char * const hmac_key_base64)
{
unsigned char key[RIJNDAEL_MAX_KEYSIZE];
unsigned char hmac_key[SHA256_BLOCK_LEN];
/* Provide an FKO wrapper around base64 encode/decode functions
*/
int
-fko_base64_encode(unsigned char *in, char *out, int in_len)
+fko_base64_encode(unsigned char * const in, char * const out, int in_len)
{
return b64_encode(in, out, in_len);
}
int
-fko_base64_decode(const char *in, unsigned char *out)
+fko_base64_decode(const char * const in, unsigned char *out)
{
return b64_decode(in, out);
}
*/
int
fko_spa_data_final(fko_ctx_t ctx,
- const char *enc_key, const int enc_key_len,
- const char *hmac_key, const int hmac_key_len)
+ const char * const enc_key, const int enc_key_len,
+ const char * const hmac_key, const int hmac_key_len)
{
char *tbuf;
int res = 0, data_with_hmac_len = 0;
/* Set the fko SPA encrypted data.
*/
int
-fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg)
+fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg)
{
int enc_msg_len;
#include "base64.h"
int fko_verify_hmac(fko_ctx_t ctx,
- const char *hmac_key, const int hmac_key_len)
+ const char * const hmac_key, const int hmac_key_len)
{
char *hmac_digest_from_data = NULL;
char *tbuf = NULL;
}
int fko_calculate_hmac(fko_ctx_t ctx,
- const char *hmac_key, const int hmac_key_len)
+ const char * const hmac_key, const int hmac_key_len)
{
unsigned char hmac[SHA256_DIGEST_STR_LEN] = {0};
char *hmac_base64 = NULL;
/* Set the SPA MESSAGE data
*/
int
-fko_set_spa_message(fko_ctx_t ctx, const char *msg)
+fko_set_spa_message(fko_ctx_t ctx, const char * const msg)
{
int res = FKO_ERROR_UNKNOWN;
/* Set the SPA Nat Access data
*/
int
-fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
+fko_set_spa_nat_access(fko_ctx_t ctx, const char * const msg)
{
int res = FKO_SUCCESS;
/* Set/Generate the SPA data random value string.
*/
int
-fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
+fko_set_rand_value(fko_ctx_t ctx, const char * const new_val)
{
#ifdef WIN32
struct _timeb tb;
/* Set the SPA Server Auth data
*/
int
-fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg)
+fko_set_spa_server_auth(fko_ctx_t ctx, const char * const msg)
{
/****************************************
* --DSS This is not supported yet
/* Get or Set the username for the fko context spa data.
*/
int
-fko_set_username(fko_ctx_t ctx, const char *spoof_user)
+fko_set_username(fko_ctx_t ctx, const char * const spoof_user)
{
char *username = NULL;
int res = FKO_SUCCESS;
#endif
/* if we still didn't get a username, continue falling back
*/
- if(username == NULL)
- {
+ if(username == NULL)
+ {
if((username = getenv("USER")) == NULL)
- {
- username = strdup("NO_USER");
- if(username == NULL)
- return(FKO_ERROR_MEMORY_ALLOCATION);
- }
+ {
+ username = strdup("NO_USER");
+ if(username == NULL)
+ return(FKO_ERROR_MEMORY_ALLOCATION);
+ }
}
}
}
* They should be implemented in each of the corresponding
* fw_util_<fw-type>.c files.
*/
-void fw_config_init(fko_srv_options_t *opts);
-void fw_initialize(const fko_srv_options_t *opts);
-int fw_cleanup(const fko_srv_options_t *opts);
-void check_firewall_rules(const fko_srv_options_t *opts);
-int fw_dump_rules(const fko_srv_options_t *opts);
-int process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spdat);
+void fw_config_init(fko_srv_options_t * const opts);
+void fw_initialize(const fko_srv_options_t * const opts);
+int fw_cleanup(const fko_srv_options_t * const opts);
+void check_firewall_rules(const fko_srv_options_t * const opts);
+int fw_dump_rules(const fko_srv_options_t * const opts);
+int process_spa_request(const fko_srv_options_t * const opts,
+ const acc_stanza_t * const acc, spa_data_t * const spadat);
#endif /* FW_UTIL_H */
}
static int
-comment_match_exists(const fko_srv_options_t *opts)
+comment_match_exists(const fko_srv_options_t * const opts)
{
int res = 1;
char *ndx = NULL;
}
static int
-add_jump_rule(const fko_srv_options_t *opts, const int chain_num)
+add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
{
int res = 0;
}
static int
-chain_exists(const fko_srv_options_t *opts, const int chain_num)
+chain_exists(const fko_srv_options_t * const opts, const int chain_num)
{
int res = 0;
* daemon to stdout.
*/
int
-fw_dump_rules(const fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t * const opts)
{
int i;
int res, got_err = 0;
/* Quietly flush and delete all fwknop custom chains.
*/
static void
-delete_all_chains(const fko_srv_options_t *opts)
+delete_all_chains(const fko_srv_options_t * const opts)
{
int i, res;
int jump_rule_num;
}
static int
-create_chain(const fko_srv_options_t *opts, const int chain_num)
+create_chain(const fko_srv_options_t * const opts, const int chain_num)
{
int res = 0;
/* Create the fwknop custom chains (at least those that are configured).
*/
static int
-create_fw_chains(const fko_srv_options_t *opts)
+create_fw_chains(const fko_srv_options_t * const opts)
{
int i, got_err = 0;
return(got_err);
}
-
static void
-set_fw_chain_conf(const int type, char *conf_str)
+set_fw_chain_conf(const int type, const char * const conf_str)
{
int i, j;
char tbuf[1024] = {0};
- char *ndx = conf_str;
+ const char *ndx = conf_str;
char *chain_fields[FW_NUM_CHAIN_FIELDS];
struct fw_chain *chain = &(fwc.chain[type]);
+ if(conf_str == NULL)
+ {
+ fprintf(stderr, "[*] NULL conf_str.\n");
+ exit(EXIT_FAILURE);
+ }
+
chain->type = type;
if(ndx != NULL)
}
void
-fw_config_init(fko_srv_options_t *opts)
+fw_config_init(fko_srv_options_t * const opts)
{
memset(&fwc, 0x0, sizeof(struct fw_config));
}
void
-fw_initialize(const fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t * const opts)
{
int res;
}
int
-fw_cleanup(const fko_srv_options_t *opts)
+fw_cleanup(const fko_srv_options_t * const opts)
{
if(strncasecmp(opts->config[CONF_FLUSH_IPT_AT_EXIT], "N", 1) == 0)
return(0);
}
static int
-rule_exists(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
+rule_exists(const fko_srv_options_t * const opts,
+ const char * const fw_chain, const char * const fw_rule)
{
int rule_exists = 0;
int res = 0;
return rule_exists;
}
-static int create_rule(const fko_srv_options_t *opts, const char *fw_chain, const char *fw_rule)
+static int create_rule(const fko_srv_options_t * const opts,
+ const char * const fw_chain, const char * const fw_rule)
{
int res;
/* Rule Processing - Create an access request...
*/
int
-process_spa_request(const fko_srv_options_t *opts, const acc_stanza_t *acc, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t * const opts,
+ const acc_stanza_t * const acc, spa_data_t * const spadat)
{
char nat_ip[MAX_IPV4_STR_LEN] = {0};
char snat_target[SNAT_TARGET_BUFSIZE] = {0};
unsigned int nat_port = 0;
acc_port_list_t *port_list = NULL;
- acc_port_list_t *ple;
+ acc_port_list_t *ple = NULL;
unsigned int fst_proto;
unsigned int fst_port;
- struct fw_chain *in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
- struct fw_chain *out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
- struct fw_chain *fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
- struct fw_chain *dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
+ struct fw_chain * const in_chain = &(opts->fw_config->chain[IPT_INPUT_ACCESS]);
+ struct fw_chain * const out_chain = &(opts->fw_config->chain[IPT_OUTPUT_ACCESS]);
+ struct fw_chain * const fwd_chain = &(opts->fw_config->chain[IPT_FORWARD_ACCESS]);
+ struct fw_chain * const dnat_chain = &(opts->fw_config->chain[IPT_DNAT_ACCESS]);
struct fw_chain *snat_chain; /* We assign this later (if we need to). */
int res = 0;
* firewall rules.
*/
void
-check_firewall_rules(const fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t * const opts)
{
char exp_str[12];
char rule_num_str[6];
/* Prototypes
*/
-static void check_dir_path(const char *path, const char *path_name, const unsigned char use_basename);
-static int make_dir_path(const char *path);
-static void daemonize_process(fko_srv_options_t *opts);
+static void check_dir_path(const char * const path,
+ const char * const path_name, const unsigned char use_basename);
+static int make_dir_path(const char * const path);
+static void daemonize_process(fko_srv_options_t * const opts);
static int write_pid_file(fko_srv_options_t *opts);
static pid_t get_running_pid(const fko_srv_options_t *opts);
/* Ensure the specified directory exists. If not, create it or die.
*/
static void
-check_dir_path(const char *filepath, const char *fp_desc, const unsigned char use_basename)
+check_dir_path(const char * const filepath, const char * const fp_desc, const unsigned char use_basename)
{
struct stat st;
int res = 0;
}
static int
-make_dir_path(const char *run_dir)
+make_dir_path(const char * const run_dir)
{
struct stat st;
int res = 0, len = 0;
* and close unneeded standard filehandles.
*/
static void
-daemonize_process(fko_srv_options_t *opts)
+daemonize_process(fko_srv_options_t * const opts)
{
pid_t pid, old_pid;
projects / fwknop.git / commitdiff