diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-05 00:01:18 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-05 00:01:18 +0200 |
commit | 164032f3fcf86d4f08244764aab1b68a0fb6c71e (patch) | |
tree | 1541aa0612f9acc782d25d2170f2bdcd6ac2bdff /plugin | |
parent | 8f8632ef5f8e63cc9495550c09605d4cc9c58de8 (diff) | |
download | eurephia-164032f3fcf86d4f08244764aab1b68a0fb6c71e.tar.gz eurephia-164032f3fcf86d4f08244764aab1b68a0fb6c71e.tar.xz eurephia-164032f3fcf86d4f08244764aab1b68a0fb6c71e.zip |
Use macros to extract values via get_env()
This has two purposes. To make the code more readable and to use the
same maximum length of the data being retrieved from the environment table.
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/environment.h | 52 | ||||
-rw-r--r-- | plugin/eurephia-auth.c | 5 | ||||
-rw-r--r-- | plugin/eurephia.c | 72 | ||||
-rw-r--r-- | plugin/eurephiadb_session.c | 10 |
4 files changed, 97 insertions, 42 deletions
diff --git a/plugin/environment.h b/plugin/environment.h index a8355cb..7f1041f 100644 --- a/plugin/environment.h +++ b/plugin/environment.h @@ -44,4 +44,56 @@ */ char *get_env(eurephiaCTX *ctx, int logmasking, size_t len, const char *envp[], const char *fmt, ... ); + +#define MAXLEN_TLSID 2048 +#define GETENV_TLSID(ctx, env, id) get_env(ctx, 0, MAXLEN_TLSID, env, "tls_id_%i", id) + +#define MAXLEN_TLSDIGEST 60 +#define GETENV_TLSDIGEST(ctx, env, id) get_env(ctx, 0, MAXLEN_TLSDIGEST, env, "tls_digest_%i", id) + +#define MAXLEN_UNTRUSTEDIP 34 +#define GETENV_UNTRUSTEDIP(ctx, env) get_env(ctx, 0, MAXLEN_UNTRUSTEDIP, env, "untrusted_ip") + +#define MAXLEN_USERNAME 34 +#define GETENV_USERNAME(ctx, env) get_env(ctx, 0, MAXLEN_USERNAME, env, "username") + +#define MAXLEN_PASSWORD 64 +#define GETENV_PASSWORD(ctx, env) get_env(ctx, 1, MAXLEN_PASSWORD, env, "password") + +#define MAXLEN_BYTESRECEIVED 21 +#define GETENV_BYTESRECEIVED(ctx, env) get_env(ctx, 0, MAXLEN_BYTESRECEIVED, env, "bytes_received"); + +#define MAXLEN_BYTESSENT 21 +#define GETENV_BYTESSENT(ctx, env) get_env(ctx, 0, MAXLEN_BYTESSENT, env, "bytes_sent"); + +#define MAXLEN_TIMEDURATION 21 +#define GETENV_TIMEDURATION(ctx, env) get_env(ctx, 0, MAXLEN_TIMEDURATION, env, "time_duration"); + +#define MAXLEN_POOLNETMASK 34 +#define GETENV_POOLNETMASK(ctx, env) get_env(ctx, 0, MAXLEN_POOLNETMASK, env, "ifconfig_pool_netmask"); + +#define MAXLEN_POOLIPADDR 34 +#define GETENV_POOLIPADDR(ctx, env) get_env(ctx, 0, MAXLEN_POOLIPADDR, env, "ifconfig_pool_remote_ip"); + +#define MAXLEN_TRUSTEDIP 34 +#define GETENV_TRUSTEDIP(ctx, env) get_env(ctx, 0, MAXLEN_TRUSTEDIP, env, "trusted_ip"); + +#define MAXLEN_PROTO1 4 +#define GETENV_PROTO1(ctx, env) get_env(ctx, 0, MAXLEN_PROTO1, env, "proto_1"); + +#define MAXLEN_CNAME 64 +#define GETENV_CNAME(ctx, env) get_env(ctx, 0, MAXLEN_CNAME, env, "common_name"); + +#define MAXLEN_TRUSTEDPORT 6 +#define GETENV_TRUSTEDPORT(ctx, env) get_env(ctx, 0, MAXLEN_TRUSTEDPORT, env, "trusted_port"); + +#define MAXLEN_UNTRUSTEDPORT 6 +#define GETENV_UNTRUSTEDPORT(ctx, env) get_env(ctx, 0, MAXLEN_UNTRUSTEDPORT, env, "untrusted_port"); + +#define MAXLEN_DAEMON 32 +#define GETENV_DAEMON(env) get_env(NULL, 0, MAXLEN_DAEMON, env, "daemon"); + +#define MAXLEN_DAEMONLOGREDIR 32 +#define GETENV_DAEMONLOGREDIR(env) get_env(NULL, 0, MAXLEN_DAEMONLOGREDIR, env, "daemon_log_redirect"); + #endif diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c index 14ef79b..81a9d10 100644 --- a/plugin/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -40,6 +40,7 @@ #include <eurephiadb.h> #include <eurephia.h> #include <eurephia_nullsafe.h> +#include <environment.h> #ifdef ENABLE_DEBUG /* To avoid compiler warnings when ENABLE_DEBUG is not defined */ @@ -110,9 +111,9 @@ static void dump_env(FILE *f, const char *prefix, const char *envp[]) { */ static void daemonize(const char *envp[]) { - char *daemon_string = get_env(NULL, 0, 32, envp, "daemon"); + char *daemon_string = GETENV_DAEMON(envp); if( daemon_string && daemon_string[0] == '1' ) { - char *log_redirect = get_env(NULL, 0, 32, envp, "daemon_log_redirect"); + char *log_redirect = GETENV_DAEMONLOGREDIR(envp); int fd = -1; if( log_redirect && log_redirect[0] == '1' ) { fd = dup (2); diff --git a/plugin/eurephia.c b/plugin/eurephia.c index 74b4785..f86b6cb 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -249,7 +249,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) DEBUG(ctx, 10, "** Function call: eurephia_tlsverify(...)"); // Check if IP address is blacklisted - ipaddr = (char *) get_env(ctx, 0, 34, env, "untrusted_ip"); + ipaddr = GETENV_UNTRUSTEDIP(ctx, env); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); @@ -262,7 +262,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_%i", atoi_nullsafe(depth)); + tls_digest = GETENV_TLSDIGEST(ctx, env, atoi_nullsafe(depth)); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -272,7 +272,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate is registered and allowed - tls_id = (char *) get_env(ctx, 0, 2048, env, "tls_id_%s", depth); + tls_id = GETENV_TLSID(ctx, env, atoi_nullsafe(depth)); ci = parse_tlsid(tls_id); result = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, depth); if( result < 1 ) { @@ -321,7 +321,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) // Check if IP address is blacklisted - ipaddr = (char *) get_env(ctx, 0, 34, env, "untrusted_ip"); + ipaddr = GETENV_UNTRUSTEDIP(ctx, env); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); @@ -335,7 +335,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, 0, 60, env, "tls_digest_0"); + tls_digest = GETENV_TLSDIGEST(ctx, env, 0); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -345,7 +345,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) } // Check if username is blacklisted - username = (char *) get_env(ctx, 0, 34, env, "username"); + username = GETENV_USERNAME(ctx, env); if( eDBblacklist_check(ctx, attempt_USERNAME, username) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -357,7 +357,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) } // Get certificate ID - tls_id = (char *) get_env(ctx, 0, 2048, env, "tls_id_0"); + tls_id = GETENV_TLSID(ctx, env, 0); ci = parse_tlsid(tls_id); certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, "0"); if( certid < 1 ) { @@ -374,7 +374,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) free_certinfo(ci); // Do username/password/certificate authentication - passwd = (char *)get_env(ctx, 1, 64, env, "password"); + passwd = GETENV_PASSWORD(ctx, env); if( (passwd == NULL) || (strlen_nullsafe(passwd) == 0) ) { eurephia_log(ctx, LOG_WARNING, 0, "eurephia-auth: No password received. Action aborted"); free_nullsafe(ctx, passwd); @@ -390,8 +390,8 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) // Get an authentication session, which is not a real session ticket // but it uses almost the same system - cname = get_env(ctx, 0, 64, env, "common_name"); - remport = get_env(ctx, 0, 6, env, "untrusted_port"); + cname = GETENV_CNAME(ctx, env); + remport = GETENV_UNTRUSTEDPORT(ctx, env); // an authentication session do not use assigned VPN address authsess = eDBopen_session_seed(ctx, tls_digest, cname, username, NULL, NULL, @@ -468,15 +468,15 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) { DEBUG(ctx, 10, "** Function call: eurephia_connect(...)"); // Fetch needed info - digest = get_env(ctx, 0, 60, env, "tls_digest_0"); - tlsid = get_env(ctx, 0, 2048, env, "tls_id_0"); - cname = get_env(ctx, 0, 64, env, "common_name"); - uname = get_env(ctx, 0, 34, env, "username"); - vpnipaddr = get_env(ctx, 0, 34, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, 0, 34, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, 0, 34, env, "trusted_ip"); - remport = get_env(ctx, 0, 6, env, "trusted_port"); - proto = get_env(ctx, 0, 4, env, "proto_1"); + digest = GETENV_TLSDIGEST(ctx, env, 0); + tlsid = GETENV_TLSID(ctx, env, 0); + cname = GETENV_CNAME(ctx, env); + uname = GETENV_USERNAME(ctx, env); + vpnipaddr = GETENV_POOLIPADDR(ctx, env); + vpnipmask = GETENV_POOLNETMASK(ctx, env); + remipaddr = GETENV_TRUSTEDIP(ctx, env); + remport = GETENV_TRUSTEDPORT(ctx, env); + proto = GETENV_PROTO1(ctx, env); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, @@ -541,16 +541,16 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { DEBUG(ctx, 10, "** Function call: eurephia_disconnect(...)"); // Fetch needed info - digest = get_env(ctx, 0, 60, env, "tls_digest_0"); - cname = get_env(ctx, 0, 64, env, "common_name"); - uname = get_env(ctx, 0, 34, env, "username"); - vpnipaddr = get_env(ctx, 0, 34, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, 0, 34, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, 0, 34, env, "trusted_ip"); - remport = get_env(ctx, 0, 6, env, "trusted_port"); - bytes_sent= get_env(ctx, 0, 21, env, "bytes_sent"); - bytes_rec = get_env(ctx, 0, 21, env, "bytes_received"); - duration = get_env(ctx, 0, 21, env, "time_duration"); + digest = GETENV_TLSDIGEST(ctx, env, 0); + cname = GETENV_CNAME(ctx, env); + uname = GETENV_USERNAME(ctx, env); + vpnipaddr = GETENV_POOLIPADDR(ctx, env); + vpnipmask = GETENV_POOLNETMASK(ctx, env); + remipaddr = GETENV_TRUSTEDIP(ctx, env); + remport = GETENV_TRUSTEDPORT(ctx, env); + bytes_sent= GETENV_BYTESSENT(ctx, env); + bytes_rec = GETENV_BYTESRECEIVED(ctx, env); + duration = GETENV_TIMEDURATION(ctx, env); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, @@ -628,13 +628,13 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad if( strncmp(mode, "add", 3) == 0 ) { // Fetch needed info - digest = get_env(ctx, 0, 60, env, "tls_digest_0"); - cname = get_env(ctx, 0, 64, env, "common_name"); - uname = get_env(ctx, 0, 34, env, "username"); - vpnipaddr = get_env(ctx, 0, 34, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, 0, 34, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, 0, 34, env, "trusted_ip"); - remport = get_env(ctx, 0, 6, env, "trusted_port"); + digest = GETENV_TLSDIGEST(ctx, env, 0); + cname = GETENV_CNAME(ctx, env); + uname = GETENV_USERNAME(ctx, env); + vpnipaddr = GETENV_POOLIPADDR(ctx, env); + vpnipmask = GETENV_POOLNETMASK(ctx, env); + remipaddr = GETENV_TRUSTEDIP(ctx, env); + remport = GETENV_TRUSTEDPORT(ctx, env); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, diff --git a/plugin/eurephiadb_session.c b/plugin/eurephiadb_session.c index f717fd8..14370f2 100644 --- a/plugin/eurephiadb_session.c +++ b/plugin/eurephiadb_session.c @@ -41,8 +41,9 @@ #include "eurephia_log.h" #include "eurephiadb_session.h" #include <eurephiadb_session_common.h> +#include <environment.h> #include <randstr.h> -#include "sha512.h" +#include <sha512.h> // Also defined in the eurephiadb_driver.h, but not as extern. @@ -93,9 +94,10 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, new_session->type = ((vpnipaddr == NULL) && (vpnipmask == NULL) ? stAUTHENTICATION : stSESSION); // Build up a string containing all elements for the session seed - totlen = 60 + 64 + 34 + 34 + 34 + 34 + 6 + 5 + 15; - // max length of: digest + cname + username + vpnipaddr + vpnipmask + remipaddr + remport + pid - // + extra buffer + totlen = MAXLEN_TLSDIGEST + MAXLEN_CNAME + MAXLEN_USERNAME + MAXLEN_POOLIPADDR + MAXLEN_POOLNETMASK + + MAXLEN_TRUSTEDIP + MAXLEN_TRUSTEDPORT + 5 + 15; + // max length of: digest + cname + username + vpnipaddr + vpnipmask + // + remipaddr + remport + pid + extra buffer seeddata = (char *) malloc_nullsafe(ctx, totlen); if( seeddata == NULL ) { |