Skip to content

Commit

Permalink
Using structs and added overflow checks. Cleaned up code and made it …
Browse files Browse the repository at this point in the history 
…more readable.
  • Loading branch information
Jeroen committed Sep 13, 2011
1 parent fbcf699 commit 91dbd8c
Show file tree
Hide file tree
Showing 15 changed files with 243 additions and 238 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
* 2011/09/07 v1.06 Jeroen Nijhof <[email protected]>
* 2011/09/13 v1.06 Jeroen Nijhof <[email protected]>
Using structs and check for overflows
Added websense version 1 and 4 support
Websense keepalive needs to be answered by accept
Added websense keepalive
Expand Down
6 changes: 3 additions & 3 deletions blacklist.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@

#include "openufp.h"

int blacklist_backend(char *blacklist, char url[URL], int debug) {
char line[URL];
int blacklist_backend(char *blacklist, char url[URL_SIZE], int debug) {
char line[URL_SIZE];
FILE *fd = NULL;
int linenum = 0;

Expand All @@ -20,7 +20,7 @@ int blacklist_backend(char *blacklist, char url[URL], int debug) {
}

while (fgets(line, sizeof(line)-1, fd) != NULL) {
char blacklist_url[URL];
char blacklist_url[URL_SIZE];

linenum++;
if (line[0] == '#' || line[0] == '\n') continue;
Expand Down
2 changes: 1 addition & 1 deletion blacklist.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
* blacklist.h: blacklist backend
*/

extern int blacklist_backend(char *blacklist, char url[URL], int debug);
extern int blacklist_backend(char *blacklist, char url[URL_SIZE], int debug);

6 changes: 3 additions & 3 deletions cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ int close_cache(DB *dbp, int debug) {
return dbp->close(dbp, 0);
}

int in_cache(DB *dbp, char url[URL], int expire_sec, int debug) {
int in_cache(DB *dbp, char url[URL_SIZE], int expire_sec, int debug) {
DBT key, data;
int ret;
char sec[15];
Expand Down Expand Up @@ -69,7 +69,7 @@ int in_cache(DB *dbp, char url[URL], int expire_sec, int debug) {
return 0;
}

int add_cache(DB *dbp, char url[URL], int debug) {
int add_cache(DB *dbp, char url[URL_SIZE], int debug) {
DBT key, data;
int ret;
char sec[15];
Expand Down Expand Up @@ -98,7 +98,7 @@ int add_cache(DB *dbp, char url[URL], int debug) {
return -1;
}

int rm_cache(DB *dbp, char url[URL], int debug) {
int rm_cache(DB *dbp, char url[URL_SIZE], int debug) {
DBT key;
int ret;

Expand Down
6 changes: 3 additions & 3 deletions cache.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

extern DB *open_cache();
extern int close_cache(DB *dbp, int debug);
extern int in_cache(DB *dbp, char url[URL], int expire_sec, int debug);
extern int add_cache(DB *dbp, char url[URL], int debug);
extern int rm_cache(DB *dbp, char url[URL], int debug);
extern int in_cache(DB *dbp, char url[URL_SIZE], int expire_sec, int debug);
extern int add_cache(DB *dbp, char url[URL_SIZE], int debug);
extern int rm_cache(DB *dbp, char url[URL_SIZE], int debug);

128 changes: 44 additions & 84 deletions n2h2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,116 +8,76 @@

#include "openufp.h"

void n2h2_alive(int fd, struct sockaddr_in cli_addr, char req_id[REQID]) {
char mesg_alive[N2H2RES];
int i;
void n2h2_alive(int fd, struct n2h2_req *n2h2_request) {
struct n2h2_resp *n2h2_resp_alive = NULL;

mesg_alive[0] = 3;
mesg_alive[1] = 2;
for(i = 0; i < 4; i++)
mesg_alive[2+i] = req_id[i];
for(i = 0; i < 4; i++)
mesg_alive[6+i] = 0;
n2h2_resp_alive->code = htons(770);
n2h2_resp_alive->serial = n2h2_request->serial;
n2h2_resp_alive->unknown = htons(0);
n2h2_resp_alive->urlsize = htons(0);

// send alive response
sendto(fd, mesg_alive, N2H2RES, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr));
send(fd, n2h2_resp_alive, N2H2_HDR, 0);
free(n2h2_resp_alive);
}

void n2h2_accept(int fd, struct sockaddr_in cli_addr, char req_id[REQID]) {
char mesg_accept[N2H2RES];
int i;

mesg_accept[0] = 0;
mesg_accept[1] = 2;
for(i = 0; i < 4; i++)
mesg_accept[2+i] = req_id[i];
for(i = 0; i < 4; i++)
mesg_accept[6+i] = 0;
void n2h2_accept(int fd, struct n2h2_req *n2h2_request) {
struct n2h2_resp *n2h2_resp_accept = NULL;

n2h2_resp_accept->code = htons(2);
n2h2_resp_accept->serial = n2h2_request->serial;
n2h2_resp_accept->unknown = htons(0);
n2h2_resp_accept->urlsize = htons(0);

// send accept response
sendto(fd, mesg_accept, N2H2RES, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr));
send(fd, n2h2_resp_accept, N2H2_HDR, 0);
free(n2h2_resp_accept);
}

void n2h2_deny(int fd, struct sockaddr_in cli_addr, char req_id[REQID], char *redirect_url) {
char mesg_denied[N2H2RES+URL];
int redirect_url_len = 0;
void n2h2_deny(int fd, struct n2h2_req *n2h2_request, char *redirect_url) {
struct n2h2_resp *n2h2_resp_deny = NULL;
int urlsize = 0;
int i;

mesg_denied[0] = 1;
mesg_denied[1] = 2;
for(i = 0; i < 4; i++)
mesg_denied[2+i] = req_id[i];
for(i = 0; i < 4; i++)
mesg_denied[6+i] = 0;
n2h2_resp_deny->code = htons(258);
n2h2_resp_deny->serial = n2h2_request->serial;
n2h2_resp_deny->unknown = htons(0);
n2h2_resp_deny->urlsize = htons(0);

// send custom redirect url if defined
if (redirect_url != NULL) {
redirect_url_len = strlen(redirect_url) + 1;
if (redirect_url_len <= URL) {
mesg_denied[6] = redirect_url_len / 768;
mesg_denied[7] = (redirect_url_len % 768) / 512;
mesg_denied[8] = ((redirect_url_len % 768) % 512) / 256;
mesg_denied[9] = ((redirect_url_len % 768) % 512) % 256;
for(i = 0; i < redirect_url_len; i++)
mesg_denied[N2H2RES+i] = redirect_url[i];
urlsize = strlen(redirect_url) + 1;
if (urlsize < URL_SIZE) {
n2h2_resp_deny->urlsize = htons(urlsize);
for(i = 0; i < urlsize; i++)
n2h2_resp_deny->url[i] = redirect_url[i];
}
}

// send denied response
sendto(fd, mesg_denied, N2H2RES + redirect_url_len, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr));
send(fd, n2h2_resp_deny, N2H2_HDR + urlsize, 0);
free(n2h2_resp_deny);
}

struct uf_request n2h2_request(char mesg[REQ]) {
// URL Request req(2),reqid(4),srcip(4),dstip(4),urllen(2),usrlen(2),url(urllen),user(usrlen)
struct uf_request request = {"", 0, "", "", 0, "", 0, ""};
int ips[8];
struct uf_request n2h2_validate(struct n2h2_req *n2h2_request, int msgsize) {
struct uf_request request;
int i;

// Get type of request
if ((mesg[0] == 2) && (mesg[1] == 3)) {
request.type = N2H2ALIVE;
request.type = UNKNOWN;

if (msgsize == N2H2_HDR && ntohs(n2h2_request->code) == N2H2_ALIVE) {
request.type = N2H2_ALIVE;
return request;
}
if ((mesg[0] == 2) && (mesg[1] == 0)) {
request.type = N2H2REQ;
}

// Get request id
for(i = 0; i < 4; i++)
request.id[i] = mesg[2+i];

// fetch srcip and dstip
for(i = 0; i < 8; i++) {
ips[i] = mesg[6+i];
if (ips[i] < 0)
ips[i] += 256;
if (msgsize > N2H2_REQ_SIZE && ntohs(n2h2_request->code) == N2H2_REQ && ntohs(n2h2_request->urlsize) < URL_SIZE) {
request.type = N2H2_REQ;
request.srcip = n2h2_request->srcip;
request.dstip = n2h2_request->dstip;
for(i = 0; i < ntohs(n2h2_request->urlsize); i++)
request.url[i] = n2h2_request->url[i];
return request;
}
bzero(request.srcip, sizeof(request.srcip));
bzero(request.dstip, sizeof(request.dstip));
sprintf(request.srcip, "%d.%d.%d.%d", ips[0], ips[1], ips[2], ips[3]);
sprintf(request.dstip, "%d.%d.%d.%d", ips[4], ips[5], ips[6], ips[7]);

// fetch url length
request.urllen = (mesg[14]*256) + mesg[15];
if (request.urllen < 0)
request.urllen += 256;
if (request.urllen > URL)
request.urllen = URL;

// fetch user length
request.usrlen = (mesg[16]*256) + mesg[17];
if (request.usrlen < 0)
request.usrlen += 256;
if (request.usrlen > USER)
request.usrlen = USER;

// fetch url
for(i = 0; i < request.urllen; i++)
request.url[i] = mesg[18+i];

// fetch user
for(i = 0; i < request.usrlen; i++)
request.user[i] = mesg[18+request.urllen+i];

return request;
}
Expand Down
33 changes: 26 additions & 7 deletions n2h2.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,31 @@
*/

#define N2H2 1
#define N2H2REQ 3
#define N2H2ALIVE 5
#define N2H2RES 10
#define N2H2_HDR 10
#define N2H2_ALIVE 515
#define N2H2_REQ 512
#define N2H2_REQ_SIZE 18

extern void n2h2_alive(int fd, struct sockaddr_in cli_addr, char req_id[REQID]);
extern void n2h2_accept(int fd, struct sockaddr_in cli_addr, char req_id[REQID]);
extern void n2h2_deny(int fd, struct sockaddr_in cli_addr, char req_id[REQID], char *redirect_url);
extern struct uf_request n2h2_request(char mesg[REQ]);
struct n2h2_req {
u_int16_t code;
u_int32_t serial;
struct in_addr srcip;
struct in_addr dstip;
u_int16_t urlsize;
u_int16_t usrsize;
char url[URL_SIZE];
};

struct n2h2_resp {
u_int16_t code;
u_int32_t serial;
u_int16_t unknown;
u_int16_t urlsize;
char url[URL_SIZE];
};

extern void n2h2_alive(int fd, struct n2h2_req *n2h2_request);
extern void n2h2_accept(int fd, struct n2h2_req *n2h2_request);
extern void n2h2_deny(int fd, struct n2h2_req *n2h2_request, char *redirect_url);
extern struct uf_request n2h2_validate(struct n2h2_req *n2h2_request, int msgsize);

57 changes: 36 additions & 21 deletions openufp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,9 +183,9 @@ int main(int argc, char**argv) {

if ((child_pid = fork()) == 0) {
close(openufp_fd);
int nbytes = 0;
int msgsize = 0;
int denied = 0;
char mesg[REQ];
char msg[REQ_SIZE];
struct uf_request request;
FILE *sg_fd[2];

Expand All @@ -199,10 +199,12 @@ int main(int argc, char**argv) {
syslog(LOG_INFO, "caching disabled.");

int cached = 0;
struct websns_req *websns_request = NULL;
struct n2h2_req *n2h2_request = NULL;
for(;;) {
bzero(&mesg, sizeof(mesg));
nbytes = recvfrom(cli_fd, mesg, REQ, 0, (struct sockaddr *)&cli_addr, &cli_size);
if (nbytes < 1) {
bzero(&msg, sizeof(msg));
msgsize = recvfrom(cli_fd, msg, REQ_SIZE, 0, (struct sockaddr *)&cli_addr, &cli_size);
if (msgsize < 1) {
syslog(LOG_WARNING, "connection closed by client.");
if (squidguard)
squidguard_closefd(sg_fd);
Expand All @@ -211,26 +213,37 @@ int main(int argc, char**argv) {
exit(1);
}

// Validate request
if (frontend == N2H2) {
request = n2h2_request(mesg);
n2h2_request = (struct n2h2_req *)msg;
request = n2h2_validate(n2h2_request, msgsize);
} else {
request = websns_request(mesg);
websns_request = (struct websns_req *)msg;
request = websns_validate(websns_request, msgsize);
}
if (request.type == UNKNOWN) {
syslog(LOG_WARNING, "request type not known, closing connecion.");
if (squidguard)
squidguard_closefd(sg_fd);
close_cache(cachedb, debug);
close(cli_fd);
exit(1);
}

// Alive Request
if (request.type == N2H2ALIVE) {
// Alive request
if (request.type == N2H2_ALIVE) {
if (debug > 2)
syslog(LOG_INFO, "n2h2: received alive request, sending alive response.");
n2h2_alive(cli_fd, cli_addr, request.id);
n2h2_alive(cli_fd, n2h2_request);
}
if (request.type == WEBSNSALIVE) {
if (request.type == WEBSNS_ALIVE) {
if (debug > 2)
syslog(LOG_INFO, "websns: received alive request, sending accept response.");
websns_alive(cli_fd, cli_addr, request.id);
syslog(LOG_INFO, "websns: received alive request, sending alive response.");
websns_alive(cli_fd, websns_request);
}

// URL Request
if (request.type == N2H2REQ || request.type == WEBSNSREQ) {
// URL request
if (request.type == N2H2_REQ || request.type == WEBSNS_REQ) {
if (debug > 0)
syslog(LOG_INFO, "received url request.");

Expand All @@ -256,22 +269,24 @@ int main(int argc, char**argv) {

if (denied) {
if (frontend == N2H2) {
n2h2_deny(cli_fd, cli_addr, request.id, redirect_url);
n2h2_deny(cli_fd, n2h2_request, redirect_url);
} else {
websns_deny(cli_fd, cli_addr, request.id, redirect_url);
websns_deny(cli_fd, websns_request, redirect_url);
}
if (debug > 0)
syslog(LOG_INFO, "url denied: srcip %s, dstip %s, url %s.", request.srcip, request.dstip, request.url);
syslog(LOG_INFO, "url denied: srcip %s, dstip %s, url %s.",
inet_ntoa(request.srcip), inet_ntoa(request.dstip), request.url);
} else {
if (frontend == N2H2) {
n2h2_accept(cli_fd, cli_addr, request.id);
n2h2_accept(cli_fd, n2h2_request);
} else {
websns_accept(cli_fd, cli_addr, request.id);
websns_accept(cli_fd, websns_request);
}
if (!cached)
add_cache(cachedb, request.url, debug);
if (debug > 0)
syslog(LOG_INFO, "url accepted: srcip %s, dstip %s, url %s.", request.srcip, request.dstip, request.url);
syslog(LOG_INFO, "url accepted: srcip %s, dstip %s, url %s.",
inet_ntoa(request.srcip), inet_ntoa(request.dstip), request.url);
}
// reset denied
denied = 0;
Expand Down
Loading

0 comments on commit 91dbd8c

Please sign in to comment.