GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

sec-mod: eliminated redundant parameters

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-05-10 09:42:33 +02:00
committed by Nikos Mavrogiannopoulos
parent 10dcf1a82d
commit d1d83d909c
3 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/sec-mod-auth.c
View File

@@ -367,7 +367,7 @@ static void stats_add_to(stats_st *dst, stats_st *src1, stats_st *src2)
}
static
int send_failed_session_open_reply(int cfd, sec_mod_st *sec)
int send_failed_session_open_reply(sec_mod_st *sec)
{
SecAuthSessionReplyMsg rep = SEC_AUTH_SESSION_REPLY_MSG__INIT;
void *lpool;
@@ -380,7 +380,7 @@ int send_failed_session_open_reply(int cfd, sec_mod_st *sec)
return ERR_BAD_COMMAND;
}
ret = send_msg(lpool, cfd, SM_CMD_AUTH_SESSION_REPLY, &rep,
ret = send_msg(lpool, sec->cmd_fd, SM_CMD_AUTH_SESSION_REPLY, &rep,
(pack_size_func) sec_auth_session_reply_msg__get_packed_size,
(pack_func) sec_auth_session_reply_msg__pack);
if (ret < 0) {
@@ -393,7 +393,7 @@ int send_failed_session_open_reply(int cfd, sec_mod_st *sec)
}
static
int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionMsg *req)
int handle_sec_auth_session_open(sec_mod_st *sec, const SecAuthSessionMsg *req)
{
client_entry_st *e;
void *lpool;
@@ -403,7 +403,7 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
if (req->sid.len != SID_SIZE) {
seclog(sec, LOG_ERR, "auth session open but with illegal sid size (%d)!",
(int)req->sid.len);
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
e = find_client_entry(sec, req->sid.data);
@@ -411,25 +411,25 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
char tmp[BASE64_LENGTH(SID_SIZE) + 1];
base64_encode((char *)req->sid.data, req->sid.len, (char *)tmp, sizeof(tmp));
seclog(sec, LOG_INFO, "session open but with non-existing SID: %s!", tmp);
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
if (e->status != PS_AUTH_COMPLETED) {
seclog(sec, LOG_ERR, "session open received in unauthenticated client %s "SESSION_STR"!", e->auth_info.username, e->auth_info.psid);
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
if (e->time != -1 && time(0) > e->time + sec->config->cookie_timeout) {
seclog(sec, LOG_ERR, "session expired; denied session for user '%s' "SESSION_STR, e->auth_info.username, e->auth_info.psid);
e->status = PS_AUTH_FAILED;
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
if (req->has_cookie == 0 || (req->cookie.len != e->cookie_size) ||
memcmp(req->cookie.data, e->cookie, e->cookie_size) != 0) {
seclog(sec, LOG_ERR, "cookie error; denied session for user '%s' "SESSION_STR, e->auth_info.username, e->auth_info.psid);
e->status = PS_AUTH_FAILED;
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
if (req->ipv4)
@@ -442,7 +442,7 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
if (ret < 0) {
e->status = PS_AUTH_FAILED;
seclog(sec, LOG_INFO, "denied session for user '%s' "SESSION_STR, e->auth_info.username, e->auth_info.psid);
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
} else {
e->session_is_open = 1;
}
@@ -460,7 +460,7 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
if (ret < 0) {
seclog(sec, LOG_ERR, "error reading additional configuration for '%s' "SESSION_STR, e->auth_info.username, e->auth_info.psid);
talloc_free(lpool);
return send_failed_session_open_reply(cfd, sec);
return send_failed_session_open_reply(sec);
}
}
@@ -470,7 +470,7 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
rep.has_interim_update_secs = 1;
}
ret = send_msg(lpool, cfd, SM_CMD_AUTH_SESSION_REPLY, &rep,
ret = send_msg(lpool, sec->cmd_fd, SM_CMD_AUTH_SESSION_REPLY, &rep,
(pack_size_func) sec_auth_session_reply_msg__get_packed_size,
(pack_func) sec_auth_session_reply_msg__pack);
if (ret < 0) {
@@ -487,7 +487,7 @@ int handle_sec_auth_session_open(int cfd, sec_mod_st *sec, const SecAuthSessionM
}
static
int handle_sec_auth_session_close(int cfd, sec_mod_st *sec, const SecAuthSessionMsg *req)
int handle_sec_auth_session_close(sec_mod_st *sec, const SecAuthSessionMsg *req)
{
client_entry_st *e;
int ret;
@@ -504,14 +504,14 @@ int handle_sec_auth_session_close(int cfd, sec_mod_st *sec, const SecAuthSession
char tmp[BASE64_LENGTH(SID_SIZE) + 1];
base64_encode((char *)req->sid.data, req->sid.len, (char *)tmp, sizeof(tmp));
seclog(sec, LOG_INFO, "session close but with non-existing SID: %s", tmp);
return send_msg(e, cfd, SM_CMD_AUTH_CLI_STATS, &rep,
return send_msg(e, sec->cmd_fd, SM_CMD_AUTH_CLI_STATS, &rep,
(pack_size_func) cli_stats_msg__get_packed_size,
(pack_func) cli_stats_msg__pack);
}
if (e->status < PS_AUTH_COMPLETED) {
seclog(sec, LOG_DEBUG, "session close received in unauthenticated client %s "SESSION_STR"!", e->auth_info.username, e->auth_info.psid);
return send_msg(e, cfd, SM_CMD_AUTH_CLI_STATS, &rep,
return send_msg(e, sec->cmd_fd, SM_CMD_AUTH_CLI_STATS, &rep,
(pack_size_func) cli_stats_msg__get_packed_size,
(pack_func) cli_stats_msg__pack);
}
@@ -533,7 +533,7 @@ int handle_sec_auth_session_close(int cfd, sec_mod_st *sec, const SecAuthSession
rep.has_secmod_client_entries = 1;
rep.secmod_client_entries = sec_mod_client_db_elems(sec);
ret = send_msg(e, cfd, SM_CMD_AUTH_CLI_STATS, &rep,
ret = send_msg(e, sec->cmd_fd, SM_CMD_AUTH_CLI_STATS, &rep,
(pack_size_func) cli_stats_msg__get_packed_size,
(pack_func) cli_stats_msg__pack);
if (ret < 0) {
@@ -550,16 +550,16 @@ int handle_sec_auth_session_close(int cfd, sec_mod_st *sec, const SecAuthSession
}
int handle_sec_auth_session_cmd(int cfd, sec_mod_st *sec, const SecAuthSessionMsg *req,
int handle_sec_auth_session_cmd(sec_mod_st *sec, const SecAuthSessionMsg *req,
unsigned cmd)
{
if (cmd == SM_CMD_AUTH_SESSION_OPEN)
return handle_sec_auth_session_open(cfd, sec, req);
return handle_sec_auth_session_open(sec, req);
else
return handle_sec_auth_session_close(cfd, sec, req);
return handle_sec_auth_session_close(sec, req);
}
void handle_sec_auth_ban_ip_reply(int cfd, sec_mod_st *sec, const BanIpReplyMsg *msg)
void handle_sec_auth_ban_ip_reply(sec_mod_st *sec, const BanIpReplyMsg *msg)
{
client_entry_st *e;

16
src/sec-mod.c
View File

@@ -304,7 +304,7 @@ int process_packet(void *pool, int cfd, pid_t pid, sec_mod_st * sec, cmd_request
}
static
int process_packet_from_main(void *pool, int cfd, sec_mod_st * sec, cmd_request_t cmd,
int process_packet_from_main(void *pool, sec_mod_st * sec, cmd_request_t cmd,
uint8_t * buffer, size_t buffer_size)
{
gnutls_datum_t data;
@@ -328,7 +328,7 @@ int process_packet_from_main(void *pool, int cfd, sec_mod_st * sec, cmd_request_
return ERR_BAD_COMMAND;
}
handle_sec_auth_ban_ip_reply(cfd, sec, msg);
handle_sec_auth_ban_ip_reply(sec, msg);
ban_ip_reply_msg__free_unpacked(msg, &pa);
return 0;
@@ -345,7 +345,7 @@ int process_packet_from_main(void *pool, int cfd, sec_mod_st * sec, cmd_request_
return ERR_BAD_COMMAND;
}
ret = handle_sec_auth_session_cmd(cfd, sec, msg, cmd);
ret = handle_sec_auth_session_cmd(sec, msg, cmd);
sec_auth_session_msg__free_unpacked(msg, &pa);
return ret;
@@ -404,7 +404,7 @@ static void check_other_work(sec_mod_st *sec)
}
static
int serve_request_main(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffer_size)
int serve_request_main(sec_mod_st *sec, uint8_t *buffer, unsigned buffer_size)
{
int ret, e;
unsigned cmd, length;
@@ -412,7 +412,7 @@ int serve_request_main(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffe
void *pool = buffer;
/* read request */
ret = force_read_timeout(cfd, buffer, 3, MAIN_SEC_MOD_TIMEOUT);
ret = force_read_timeout(sec->cmd_fd, buffer, 3, MAIN_SEC_MOD_TIMEOUT);
if (ret == 0)
goto leave;
else if (ret < 3) {
@@ -440,7 +440,7 @@ int serve_request_main(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffe
}
/* read the body */
ret = force_read_timeout(cfd, buffer, length, MAIN_SEC_MOD_TIMEOUT);
ret = force_read_timeout(sec->cmd_fd, buffer, length, MAIN_SEC_MOD_TIMEOUT);
if (ret < 0) {
e = errno;
seclog(sec, LOG_ERR, "error receiving msg body of cmd %u with length %u: %s",
@@ -449,7 +449,7 @@ int serve_request_main(sec_mod_st *sec, int cfd, uint8_t *buffer, unsigned buffe
goto leave;
}
ret = process_packet_from_main(pool, cfd, sec, cmd, buffer, ret);
ret = process_packet_from_main(pool, sec, cmd, buffer, ret);
if (ret < 0) {
seclog(sec, LOG_ERR, "error processing data for '%s' command (%d)", cmd_request_to_str(cmd), ret);
}
@@ -730,7 +730,7 @@ void sec_mod_server(void *main_pool, struct perm_cfg_st *perm_config, const char
if (buffer == NULL) {
seclog(sec, LOG_ERR, "error in memory allocation");
} else {
ret = serve_request_main(sec, cmd_fd, buffer, buffer_size);
ret = serve_request_main(sec, buffer, buffer_size);
if (ret < 0 && ret == ERR_BAD_COMMAND) {
seclog(sec, LOG_ERR, "error processing command from main");
exit(1);

4
src/sec-mod.h
View File

@@ -122,10 +122,10 @@ void seclog_hex(const struct sec_mod_st* sec, int priority,
void sec_auth_init(sec_mod_st *sec, struct perm_cfg_st *config);
void handle_sec_auth_ban_ip_reply(int cfd, sec_mod_st *sec, const BanIpReplyMsg *msg);
void handle_sec_auth_ban_ip_reply(sec_mod_st *sec, const BanIpReplyMsg *msg);
int handle_sec_auth_init(int cfd, sec_mod_st *sec, const SecAuthInitMsg * req, pid_t pid);
int handle_sec_auth_cont(int cfd, sec_mod_st *sec, const SecAuthContMsg * req);
int handle_sec_auth_session_cmd(int cfd, sec_mod_st *sec, const SecAuthSessionMsg *req, unsigned cmd);
int handle_sec_auth_session_cmd(sec_mod_st *sec, const SecAuthSessionMsg *req, unsigned cmd);
int handle_sec_auth_stats_cmd(sec_mod_st * sec, const CliStatsMsg * req);
void sec_auth_user_deinit(sec_mod_st * sec, client_entry_st * e);