Skip to content

Commit

Permalink
Reformat merge, cleanup, fix wrong free
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeroennijhof
jeroennijhof committed Dec 18, 2013
1 parent 9ecaba2 commit d96bc56
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 136 deletions.
6 changes: 2 additions & 4 deletions cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,12 @@ DB *open_cache() {
int ret;

if ((ret = db_create(&dbp, NULL, 0)) != 0) {
syslog(LOG_WARNING, "cache: %s.", db_strerror(ret));
free(dbp);
syslog(LOG_WARNING, "cache db_create: %s.", db_strerror(ret));
return NULL;
}
if ((ret = dbp->open(dbp, NULL, DATABASE, NULL, DB_BTREE, DB_CREATE, 0664)) != 0) {
syslog(LOG_WARNING, "cache: %s.", db_strerror(ret));
syslog(LOG_WARNING, "cache open: %s.", db_strerror(ret));
close_cache(dbp, 0);
free(dbp);
return NULL;
}
return dbp;
Expand Down
70 changes: 12 additions & 58 deletions openufp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ void usage() {
printf("OPTIONS:\n");
printf(" -l PORT on which port openufp will listen for incoming requests\n");
printf(" -r URL when url is denied the client will be redirected to this url; n2h2 only\n");
printf(" -u utilize User Identity info from capable Cisco products. Must use with -w as frontend\n");
printf(" -c SECS cache expire time in seconds; default 3600; 0 disables caching\n");
printf(" -C URL remove specified URL from cache\n");
printf(" -d LEVEL debug level 1-3\n\n");
Expand Down Expand Up @@ -63,10 +62,8 @@ int main(int argc, char**argv) {
char *proxy_deny_pattern = NULL;
char *blacklist = NULL;
int squidguard = 0;
int usrid = 0;
int c;
char *https = "https://";
// bool isIp;

while ((c = getopt(argc, argv, "l:r:c:C:d:nwp:f:gu")) != -1) {
char *p;
Expand Down Expand Up @@ -120,15 +117,12 @@ int main(int argc, char**argv) {
case 'g':
squidguard = 1;
break;
case 'u':
usrid = 1;
break;
default:
usage();
exit(1);
}
}
if (frontend == 0 || (frontend != WEBSNS && usrid == 1) || ((proxy_ip == NULL || proxy_port == 0 || proxy_deny_pattern == NULL)
if (frontend == 0 || ((proxy_ip == NULL || proxy_port == 0 || proxy_deny_pattern == NULL)
&& blacklist == NULL && squidguard == 0)) {
usage();
exit(1);
Expand Down Expand Up @@ -177,14 +171,9 @@ int main(int argc, char**argv) {

printf("openufp v%s: started.\n", VERSION);
openlog("openufp", LOG_PID|LOG_CONS, LOG_DAEMON);
syslog(LOG_INFO, "v%s: Jeroen Nijhof <jeroen@nijhofnet.nl>", VERSION);
syslog(LOG_INFO, "v%s: Jeroen Nijhof <jeroen@jeroennijhof.nl>", VERSION);
syslog(LOG_INFO, "started listening on %d, waiting for requests...", local_port);

if (usrid == 1 && debug > 0)
{
printf("openufp started with usrname support\n");
}

if ((pid = fork()) == 0) {
struct sockaddr_in cli_addr;
socklen_t cli_size;
Expand Down Expand Up @@ -274,19 +263,9 @@ int main(int argc, char**argv) {

// Handle HTTPS for N2H2 only since IP is provided in URI:
if (strstr(https, request.url) != NULL && request.type == N2H2_REQ) {
//char substr[URL_SIZE];
//substr = strndup(request.url+8, URL_SIZE);
//isIp = isValidIpAddress(substr);

if (debug > 0) {
syslog(LOG_INFO, "received HTTPS url request");
//if (isIp) {
// syslog(LOG_INFO, "received HTTPS url request. Substring passed IP validation");
//}
}

//request.url = strndup(substr, strlen(substr));
//free(substr);
}

// check if cached
Expand All @@ -307,48 +286,23 @@ int main(int argc, char**argv) {

// parse url to squidguard
if (!cached && !denied && squidguard) {
// check whether srcip or srcip+usrid will be used:

if (usrid == 1)
{
denied = squidguard_backend_uid(sg_fd, request.srcip, request.usr, request.url, sg_redirect, debug);
}
else
{
denied = squidguard_backend(sg_fd, request.srcip, request.url, sg_redirect, debug);
}
denied = squidguard_backend(sg_fd, request.srcip, request.usr, request.url, sg_redirect, debug);
}

if (denied) {
if (frontend == N2H2 && squidguard)
{
if (frontend == N2H2 && squidguard) {
n2h2_deny(cli_fd, n2h2_request, sg_redirect);
}
else if (frontend == WEBSNS && squidguard)
{
} else if (frontend == WEBSNS && squidguard) {
websns_deny(cli_fd, websns_request, sg_redirect);
} else if (frontend == N2H2) {
n2h2_deny(cli_fd, n2h2_request, redirect_url);
} else {
websns_deny(cli_fd, websns_request, redirect_url);
}
else if (frontend == N2H2)
{
n2h2_deny(cli_fd, n2h2_request, redirect_url);
}
else
{
websns_deny(cli_fd, websns_request, redirect_url);
}

if (debug > 0)
{
if (usrid == 1)
{
syslog(LOG_INFO, "url denied: srcip %s, srcusr %s, dstip %s, url %s",
request.srcip, request.usr, request.dstip, request.url);
}
else
{
syslog(LOG_INFO, "url denied: srcip %s, dstip %s, url %s",
request.srcip, request.dstip, request.url);
}
if (debug > 0) {
syslog(LOG_INFO, "url denied: srcip %s, srcusr %s, dstip %s, url %s",
request.srcip, request.usr, request.dstip, request.url);
}
} else {
if (frontend == N2H2) {
Expand Down
68 changes: 10 additions & 58 deletions squidguard.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,69 +67,27 @@ int squidguard_closefd(FILE *sg_fd[2]) {
return 0;
}

int squidguard_backend(FILE *sg_fd[2], char srcip[15], char url[URL_SIZE], char *sg_redirect, int debug) {
int squidguard_backend(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug) {
char redirect_url[URL_SIZE];

if (debug > 2)
{
syslog(LOG_INFO, "squidguard: url check using IP only: %s for url %s", srcip, url);
//Check user; if empty, use ip only:
if (strlen(srcusr) < 1) {
if (debug > 2) {
syslog(LOG_INFO, "squidguard input: username missing, defaulting to IP notation");
}
srcusr[0] = '-';
srcusr[1] = '\0';
}

if (sg_fd[1] == NULL) {
syslog(LOG_WARNING, "squidguard: could not open fd for input.");
return 0;
}

fprintf(sg_fd[1], "%s %s/ - - GET\n", url, srcip);
fflush(sg_fd[1]);

if (sg_fd[0] == NULL) {
syslog(LOG_WARNING, "squidguard: could not open fd for output.");
return 0;
}
while (fgets(redirect_url, URL_SIZE, sg_fd[0]) != NULL) {
if (debug > 1)
syslog(LOG_INFO, "squidguard: redirect_url (%s).", redirect_url);
if (strlen(redirect_url) > 1) {
char *parse;
parse = strtok (redirect_url, " ");
strcpy(sg_redirect, parse);

if (debug > 0)
syslog(LOG_INFO, "squidguard: url blocked. parsed_red: %s -- sg_redirectURL: %s", parse, sg_redirect );

return 1;
}
if (debug > 0)
syslog(LOG_INFO, "squidguard: url accepted.");
return 0;
}
return 0;
}

int squidguard_backend_uid(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug) {
char redirect_url[URL_SIZE];

if (debug > 2)
{
syslog(LOG_INFO, "squidguard: url check using IP and Username : IP: %s User: %s for url %s", srcip, srcusr, url);
if (debug > 2) {
syslog(LOG_INFO, "squidguard: url check using ip and user: ip: %s user: %s for url %s", srcip, srcusr, url);
}

if (sg_fd[1] == NULL) {
syslog(LOG_WARNING, "squidguard: could not open fd for input.");
return 0;
}

//Check username length; if there's nothing there, use the IP only:
if (strlen(srcusr) < 1)
{
if (debug > 2)
{
syslog(LOG_INFO, "squidguard input: username missing, defaulting to IP notation");
}
srcusr[strlen(srcusr)] = '-';
}

fprintf(sg_fd[1], "%s %s/ %s - GET\n", url, srcip, srcusr);
fflush(sg_fd[1]);

Expand All @@ -155,9 +113,3 @@ int squidguard_backend_uid(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE]
return 0;
}

bool isValidIpAddress(char *ipAddress)
{
struct sockaddr_in sa;
int result = inet_pton(AF_INET, ipAddress, &(sa.sin_addr));
return result != 0;
}
3 changes: 1 addition & 2 deletions squidguard.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,4 @@

extern int squidguard_getfd(FILE *sg_fd[2]);
extern int squidguard_closefd(FILE *sg_fd[2]);
extern int squidguard_backend(FILE *sg_fd[2], char srcip[15], char url[URL_SIZE], char *sg_redirect, int debug);
extern int squidguard_backend_uid(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug);
extern int squidguard_backend(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], char *sg_redirect, int debug);
25 changes: 11 additions & 14 deletions websense.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,18 +89,16 @@ struct uf_request websns_validate(struct websns_req *websns_request, int msgsize
snprintf(request.srcip, sizeof(request.srcip), "%s", inet_ntoa(srcip));
snprintf(request.dstip, sizeof(request.dstip), "%s", inet_ntoa(dstip));

for(i = 0; i < ntohs(websns_request->urlsize); i++)
{
request.url[i] = websns_request->url[i];
}
for (i = 0; i < ntohs(websns_request->urlsize); i++) {
request.url[i] = websns_request->url[i];
}
//get remaining info in payload
i = 0;
//Offset is 2+10 for the preceding TACACS:/// string
for(j = (ntohs(websns_request->urlsize)+12); j < ntohs(websns_request->size); j++)
{
request.usr[i] = websns_request->url[j];
i++;
}
//offset is 2+10 for the preceding TACACS:/// string
for (j = (ntohs(websns_request->urlsize)+12); j < ntohs(websns_request->size); j++) {
request.usr[i] = websns_request->url[j];
i++;
}

return request;
}
Expand All @@ -115,10 +113,9 @@ void websns_convert(struct websns_req *websns_request, char msg[REQ_SIZE], int m

// check if it's version 1
if (msgsize > WEBSNS_REQ_SIZE && ntohs(websns_request->code) == WEBSNS_REQ && ntohs(websns_request->urlsize) == 0) {
if (debug > 2)
{
syslog(LOG_INFO,"Websense v1 packet received; converting to v4");
}
if (debug > 2) {
syslog(LOG_INFO,"Websense v1 packet received; converting to v4");
}
// convert to version 4
for (i = 0; i < (msgsize - 2); i++) {
if (i == 24)
Expand Down

0 comments on commit d96bc56

Please sign in to comment.