diff --git a/ChangeLog b/ChangeLog index 6becb827..a473f320 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ # $Id$ 2008-09-30 Wichert Akkerman + * Clean up compiler warnings (mostly signed/unsigned comparisons) * Security: strncpy may not NUL-terminate strings, so enforce this ourselves. * Make it possible to protect the status page diff --git a/src/auth.c b/src/auth.c index 99c349d5..230d9336 100644 --- a/src/auth.c +++ b/src/auth.c @@ -60,7 +60,7 @@ extern long served_this_session; @todo This thread loops infinitely, need a watchdog to verify that it is still running? */ void -thread_client_timeout_check(void *arg) +thread_client_timeout_check(const void *arg) { pthread_cond_t cond = PTHREAD_COND_INITIALIZER; pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER; diff --git a/src/auth.h b/src/auth.h index 25ae4226..89de88ce 100644 --- a/src/auth.h +++ b/src/auth.h @@ -56,6 +56,6 @@ typedef struct _t_authresponse { void authenticate_client(request *); /** @brief Periodically check if connections expired */ -void thread_client_timeout_check(void *arg); +void thread_client_timeout_check(const void *arg); #endif diff --git a/src/centralserver.c b/src/centralserver.c index edfce4a1..2e10e282 100644 --- a/src/centralserver.c +++ b/src/centralserver.c @@ -62,10 +62,11 @@ extern pthread_mutex_t config_mutex; @param outgoing Current counter of the client's total outgoing traffic, in bytes */ t_authcode -auth_server_request(t_authresponse *authresponse, char *request_type, char *ip, char *mac, char *token, unsigned long long int incoming, unsigned long long int outgoing) +auth_server_request(t_authresponse *authresponse, const char *request_type, const char *ip, const char *mac, const char *token, unsigned long long int incoming, unsigned long long int outgoing) { int sockfd; - size_t numbytes, totalbytes; + ssize_t numbytes; + size_t totalbytes; char buf[MAX_BUF]; char *tmp; int done, nfds; diff --git a/src/centralserver.h b/src/centralserver.h index fd3a4aa7..36c9ca65 100644 --- a/src/centralserver.h +++ b/src/centralserver.h @@ -46,7 +46,13 @@ #define GATEWAY_MESSAGE_ACCOUNT_LOGGED_OUT "logged-out" /** @brief Initiates a transaction with the auth server */ -t_authcode auth_server_request(t_authresponse *authresponse, char *request_type, char *ip, char *mac, char *token, unsigned long long int incoming, unsigned long long int outgoing); +t_authcode auth_server_request(t_authresponse *authresponse, + const char *request_type, + const char *ip, + const char *mac, + const char *token, + unsigned long long int incoming, + unsigned long long int outgoing); /** @brief Tries really hard to connect to an auth server. Returns a connected file descriptor or -1 on error */ int connect_auth_server(); diff --git a/src/client_list.c b/src/client_list.c index 65ab88ca..c07ec587 100644 --- a/src/client_list.c +++ b/src/client_list.c @@ -77,7 +77,7 @@ client_list_init(void) * @return Pointer to the client we just created */ t_client * -client_list_append(char *ip, char *mac, char *token) +client_list_append(const char *ip, const char *mac, const char *token) { t_client *curclient, *prevclient; @@ -117,7 +117,7 @@ client_list_append(char *ip, char *mac, char *token) * @return Pointer to the client, or NULL if not found */ t_client * -client_list_find(char *ip, char *mac) +client_list_find(const char *ip, const char *mac) { t_client *ptr; @@ -138,7 +138,7 @@ client_list_find(char *ip, char *mac) * @return Pointer to the client, or NULL if not found */ t_client * -client_list_find_by_ip(char *ip) +client_list_find_by_ip(const char *ip) { t_client *ptr; @@ -159,7 +159,7 @@ client_list_find_by_ip(char *ip) * @return Pointer to the client, or NULL if not found */ t_client * -client_list_find_by_mac(char *mac) +client_list_find_by_mac(const char *mac) { t_client *ptr; @@ -178,7 +178,7 @@ client_list_find_by_mac(char *mac) * @return Pointer to the client, or NULL if not found */ t_client * -client_list_find_by_token(char *token) +client_list_find_by_token(const char *token) { t_client *ptr; diff --git a/src/client_list.h b/src/client_list.h index ad62c9d9..28526915 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -61,20 +61,20 @@ t_client *client_get_first_client(void); void client_list_init(void); /** @brief Adds a new client to the connections list */ -t_client *client_list_append(char *ip, char *mac, char *token); +t_client *client_list_append(const char *ip, const char *mac, const char *token); /** @brief Finds a client by its IP and MAC */ -t_client *client_list_find(char *ip, char *mac); +t_client *client_list_find(const char *ip, const char *mac); /** @brief Finds a client only by its IP */ -t_client *client_list_find_by_ip(char *ip); /* needed by fw_iptables.c, auth.c +t_client *client_list_find_by_ip(const char *ip); /* needed by fw_iptables.c, auth.c * and wdctl_thread.c */ /** @brief Finds a client only by its Mac */ -t_client *client_list_find_by_mac(char *mac); /* needed by wdctl_thread.c */ +t_client *client_list_find_by_mac(const char *mac); /* needed by wdctl_thread.c */ /** @brief Finds a client by its token */ -t_client *client_list_find_by_token(char *token); +t_client *client_list_find_by_token(const char *token); /** @brief Deletes a client from the connections list */ void client_list_delete(t_client *client); diff --git a/src/conf.c b/src/conf.c index 617ba428..4fdc4135 100644 --- a/src/conf.c +++ b/src/conf.c @@ -102,47 +102,46 @@ typedef enum { static const struct { const char *name; OpCodes opcode; - int required; } keywords[] = { - { "daemon", oDaemon }, - { "debuglevel", oDebugLevel }, - { "externalinterface", oExternalInterface }, - { "gatewayid", oGatewayID }, - { "gatewayinterface", oGatewayInterface }, - { "gatewayaddress", oGatewayAddress }, - { "gatewayport", oGatewayPort }, - { "authserver", oAuthServer }, - { "httpdmaxconn", oHTTPDMaxConn }, - { "httpdname", oHTTPDName }, - { "httpdrealm", oHTTPDRealm }, - { "httpdusername", oHTTPDUsername }, - { "httpdpassword", oHTTPDPassword }, - { "clienttimeout", oClientTimeout }, - { "checkinterval", oCheckInterval }, - { "syslogfacility", oSyslogFacility }, - { "wdctlsocket", oWdctlSocket }, - { "hostname", oAuthServHostname }, - { "sslavailable", oAuthServSSLAvailable }, - { "sslport", oAuthServSSLPort }, - { "httpport", oAuthServHTTPPort }, - { "path", oAuthServPath }, + { "daemon", oDaemon }, + { "debuglevel", oDebugLevel }, + { "externalinterface", oExternalInterface }, + { "gatewayid", oGatewayID }, + { "gatewayinterface", oGatewayInterface }, + { "gatewayaddress", oGatewayAddress }, + { "gatewayport", oGatewayPort }, + { "authserver", oAuthServer }, + { "httpdmaxconn", oHTTPDMaxConn }, + { "httpdname", oHTTPDName }, + { "httpdrealm", oHTTPDRealm }, + { "httpdusername", oHTTPDUsername }, + { "httpdpassword", oHTTPDPassword }, + { "clienttimeout", oClientTimeout }, + { "checkinterval", oCheckInterval }, + { "syslogfacility", oSyslogFacility }, + { "wdctlsocket", oWdctlSocket }, + { "hostname", oAuthServHostname }, + { "sslavailable", oAuthServSSLAvailable }, + { "sslport", oAuthServSSLPort }, + { "httpport", oAuthServHTTPPort }, + { "path", oAuthServPath }, { "loginscriptpathfragment", oAuthServLoginScriptPathFragment }, { "portalscriptpathfragment", oAuthServPortalScriptPathFragment }, - { "msgscriptpathfragment", oAuthServMsgScriptPathFragment }, - { "pingscriptpathfragment", oAuthServPingScriptPathFragment }, - { "authscriptpathfragment", oAuthServAuthScriptPathFragment }, - { "firewallruleset", oFirewallRuleSet }, - { "firewallrule", oFirewallRule }, - { "trustedmaclist", oTrustedMACList }, - { "htmlmessagefile", oHtmlMessageFile }, - { NULL, oBadOption }, + { "msgscriptpathfragment", oAuthServMsgScriptPathFragment }, + { "pingscriptpathfragment", oAuthServPingScriptPathFragment }, + { "authscriptpathfragment", oAuthServAuthScriptPathFragment }, + { "firewallruleset", oFirewallRuleSet }, + { "firewallrule", oFirewallRule }, + { "trustedmaclist", oTrustedMACList }, + { "htmlmessagefile", oHtmlMessageFile }, + { NULL, oBadOption }, }; -static void config_notnull(void *parm, char *parmname); +static void config_notnull(const void *parm, const char *parmname); static int parse_boolean_value(char *); -static void parse_auth_server(FILE *, char *, int *); -static int _parse_firewall_rule(char *ruleset, char *leftover); -static void parse_firewall_ruleset(char *, FILE *, char *, int *); +static void parse_auth_server(FILE *, const char *, int *); +static int _parse_firewall_rule(const char *ruleset, char *leftover); +static void parse_firewall_ruleset(const char *, FILE *, const char *, int *); static OpCodes config_parse_token(const char *cp, const char *filename, int linenum); @@ -215,7 +214,7 @@ config_parse_token(const char *cp, const char *filename, int linenum) Parses auth server information */ static void -parse_auth_server(FILE *file, char *filename, int *linenum) +parse_auth_server(FILE *file, const char *filename, int *linenum) { char *host = NULL, *path = NULL, @@ -400,7 +399,7 @@ Advance to the next word Parses firewall rule set information */ static void -parse_firewall_ruleset(char *ruleset, FILE *file, char *filename, int *linenum) +parse_firewall_ruleset(const char *ruleset, FILE *file, const char *filename, int *linenum) { char line[MAX_BUF], *p1, @@ -477,7 +476,7 @@ parse_firewall_ruleset(char *ruleset, FILE *file, char *filename, int *linenum) Helper for parse_firewall_ruleset. Parses a single rule in a ruleset */ static int -_parse_firewall_rule(char *ruleset, char *leftover) +_parse_firewall_rule(const char *ruleset, char *leftover) { int i; int block_allow = 0; /**< 0 == block, 1 == allow */ @@ -613,7 +612,7 @@ _parse_firewall_rule(char *ruleset, char *leftover) } t_firewall_rule * -get_ruleset(char *ruleset) +get_ruleset(const char *ruleset) { t_firewall_ruleset *tmp; @@ -630,7 +629,7 @@ get_ruleset(char *ruleset) @param filename Full path of the configuration file to be read */ void -config_read(char *filename) +config_read(const char *filename) { FILE *fd; char line[MAX_BUF], *s, *p1, *p2; @@ -829,7 +828,7 @@ void config_validate(void) { config_notnull(config.gw_interface, "GatewayInterface"); - config_notnull(config.auth_servers, "AuthServer"); + config_notnull(config.auth_servers, "AuthServer"); if (missing_parms) { debug(LOG_ERR, "Configuration is not complete, exiting..."); @@ -841,7 +840,7 @@ config_validate(void) Verifies that a required parameter is not a null pointer */ static void -config_notnull(void *parm, char *parmname) +config_notnull(const void *parm, const char *parmname) { if (parm == NULL) { debug(LOG_ERR, "%s is not set", parmname); diff --git a/src/conf.h b/src/conf.h index 53a8b79d..6b09987d 100644 --- a/src/conf.h +++ b/src/conf.h @@ -165,7 +165,7 @@ void config_init(void); void config_init_override(void); /** @brief Reads the configuration file */ -void config_read(char *filename); +void config_read(const char *filename); /** @brief Check that the configuration is valid */ void config_validate(void); @@ -177,7 +177,7 @@ t_auth_serv *get_auth_server(void); void mark_auth_server_bad(t_auth_serv *); /** @brief Fetch a firewall rule set. */ -t_firewall_rule *get_ruleset(char *); +t_firewall_rule *get_ruleset(const char *); void parse_trusted_mac_list(char *); diff --git a/src/fw_iptables.c b/src/fw_iptables.c index 05501a00..1e25b4e9 100644 --- a/src/fw_iptables.c +++ b/src/fw_iptables.c @@ -48,9 +48,9 @@ #include "util.h" #include "client_list.h" -static int iptables_do_command(char *format, ...); -static char *iptables_compile(char *, char *, t_firewall_rule *); -static void iptables_load_ruleset(char *, char *, char *); +static int iptables_do_command(const char *format, ...); +static char *iptables_compile(const char *, const char *, const t_firewall_rule *); +static void iptables_load_ruleset(const char *, const char *, const char *); extern pthread_mutex_t client_list_mutex; extern pthread_mutex_t config_mutex; @@ -62,7 +62,7 @@ static int fw_quiet = 0; /** @internal * */ static int -iptables_do_command(char *format, ...) +iptables_do_command(const char *format, ...) { va_list vlist; char *fmt_cmd, @@ -81,6 +81,9 @@ iptables_do_command(char *format, ...) rc = execute(cmd, fw_quiet); + if (rc!=0) + debug(LOG_ERR, "iptables comand tailed: %s", cmd); + free(cmd); return rc; @@ -95,7 +98,7 @@ iptables_do_command(char *format, ...) * @arg rule Definition of a rule into a struct, from conf.c. */ static char * -iptables_compile(char * table, char *chain, t_firewall_rule *rule) +iptables_compile(const char * table, const char *chain, const t_firewall_rule *rule) { char command[MAX_BUF], *mode; @@ -139,7 +142,7 @@ iptables_compile(char * table, char *chain, t_firewall_rule *rule) * @arg chain IPTables chain the rules go into */ static void -iptables_load_ruleset(char * table, char *ruleset, char *chain) +iptables_load_ruleset(const char * table, const char *ruleset, const char *chain) { t_firewall_rule *rule; char *cmd; @@ -166,7 +169,7 @@ iptables_fw_clear_authservers(void) void iptables_fw_set_authservers(void) { - s_config *config; + const s_config *config; t_auth_serv *auth_server; config = config_get_config(); @@ -185,14 +188,14 @@ iptables_fw_set_authservers(void) int iptables_fw_init(void) { - s_config *config; - char * gw_interface = NULL; - char * gw_address = NULL; - char * ext_interface = NULL; - int gw_port = 0; - t_trusted_mac *p; + const s_config *config; + char * gw_interface = NULL; + char * gw_address = NULL; + char * ext_interface = NULL; + int gw_port = 0; + t_trusted_mac *p; - fw_quiet = 0; + fw_quiet = 0; LOCK_CONFIG(); config = config_get_config(); @@ -399,9 +402,9 @@ iptables_fw_destroy(void) */ int iptables_fw_destroy_mention( - char * table, - char * chain, - char * mention + const char * table, + const char * chain, + const char * mention ) { FILE *p = NULL; char *command = NULL; @@ -450,7 +453,7 @@ iptables_fw_destroy_mention( /** Set if a specific client has access through the firewall */ int -iptables_fw_access(fw_access_t type, char *ip, char *mac, int tag) +iptables_fw_access(fw_access_t type, const char *ip, const char *mac, int tag) { int rc; diff --git a/src/fw_iptables.h b/src/fw_iptables.h index 86045270..aaf5921b 100644 --- a/src/fw_iptables.h +++ b/src/fw_iptables.h @@ -63,10 +63,10 @@ void iptables_fw_clear_authservers(void); int iptables_fw_destroy(void); /** @brief Helper function for iptables_fw_destroy */ -int iptables_fw_destroy_mention( char * table, char * chain, char * mention); +int iptables_fw_destroy_mention( const char * table, const char * chain, const char * mention); /** @brief Define the access of a specific client */ -int iptables_fw_access(fw_access_t type, char *ip, char *mac, int tag); +int iptables_fw_access(fw_access_t type, const char *ip, const char *mac, int tag); /** @brief All counters in the client list */ int iptables_fw_counters_update(void); diff --git a/src/http.c b/src/http.c index 90e48904..1914f4ff 100644 --- a/src/http.c +++ b/src/http.c @@ -289,7 +289,7 @@ http_callback_auth(httpd *webserver, request *r) void send_http_page(request *r, const char *title, const char* message) { s_config *config = config_get_config(); - unsigned char *buffer; + char *buffer; struct stat stat_info; int fd; ssize_t written; @@ -306,7 +306,7 @@ void send_http_page(request *r, const char *title, const char* message) return; } - buffer=(unsigned char*)safe_malloc(stat_info.st_size+1); + buffer=(char*)safe_malloc(stat_info.st_size+1); written=read(fd, buffer, stat_info.st_size); if (written==-1) { debug(LOG_CRIT, "Failed to read HTML message file: %s", strerror(errno)); diff --git a/src/ping_thread.c b/src/ping_thread.c index cad3e261..cf1a6eff 100644 --- a/src/ping_thread.c +++ b/src/ping_thread.c @@ -93,8 +93,8 @@ thread_ping(void *arg) static void ping(void) { - size_t numbytes, - totalbytes; + ssize_t numbytes; + size_t totalbytes; int sockfd, nfds, done; char request[MAX_BUF]; fd_set readfds; diff --git a/src/util.c b/src/util.c index f9ded5e6..397a1d8c 100644 --- a/src/util.c +++ b/src/util.c @@ -51,6 +51,7 @@ #endif #ifdef __linux__ +#include #include #endif @@ -154,7 +155,7 @@ wd_gethostbyname(const char *name) } char * -get_iface_ip(char *ifname) +get_iface_ip(const char *ifname) { #if defined(__linux__) struct ifreq if_data; @@ -180,7 +181,7 @@ get_iface_ip(char *ifname) memcpy ((void *) &ip, (void *) &if_data.ifr_addr.sa_data + 2, 4); in.s_addr = ip; - ip_str = (char *)inet_ntoa(in); + ip_str = inet_ntoa(in); close(sockd); return safe_strdup(ip_str); #elif defined(__NetBSD__) @@ -212,7 +213,7 @@ get_iface_ip(char *ifname) } char * -get_iface_mac(char *ifname) +get_iface_mac(const char *ifname) { #if defined(__linux__) int r, s; diff --git a/src/util.h b/src/util.h index 154128e9..a41a59ff 100644 --- a/src/util.h +++ b/src/util.h @@ -35,10 +35,10 @@ int execute(char *cmd_line, int quiet); struct in_addr *wd_gethostbyname(const char *name); /* @brief Get IP address of an interface */ -char *get_iface_ip(char *ifname); +char *get_iface_ip(const char *ifname); /* @brief Get MAC address of an interface */ -char *get_iface_mac(char *ifname); +char *get_iface_mac(const char *ifname); /* @brief Get interface name of default gateway */ char *get_ext_iface (void); diff --git a/src/wdctl.c b/src/wdctl.c index 8b27a159..30ca3fd7 100644 --- a/src/wdctl.c +++ b/src/wdctl.c @@ -46,7 +46,7 @@ static void usage(void); static void init_config(void); static void parse_commandline(int, char **); static int connect_to_server(char *); -static int send_request(int, char *); +static size_t send_request(int, char *); static void wdctl_status(void); static void wdctl_stop(void); static void wdctl_reset(void); @@ -166,11 +166,11 @@ connect_to_server(char *sock_name) return sock; } -static int +static size_t send_request(int sock, char *request) { - ssize_t len, - written; + size_t len; + ssize_t written; len = 0; while (len != strlen(request)) { @@ -183,7 +183,7 @@ send_request(int sock, char *request) len += written; } - return((int)len); + return len; } static void @@ -238,8 +238,8 @@ wdctl_reset(void) int sock; char buffer[4096]; char request[64]; - int len, - rlen; + size_t len; + int rlen; sock = connect_to_server(config.socket);