diff --git a/server/modules/filter/dbfwfilter.c b/server/modules/filter/dbfwfilter.c index 2232acd5c..a9c4d9cf8 100644 --- a/server/modules/filter/dbfwfilter.c +++ b/server/modules/filter/dbfwfilter.c @@ -30,14 +30,16 @@ *@code{.unparsed} * rules= Location of the rule file *@endcode - * Rules are defined in a separate rule file that lists all the rules and the users to whom the rules are applied. + * Rules are defined in a separate rule file that lists all the rules and the users to whom the + * rules are applied. * Rules follow a simple syntax that denies the queries that meet the requirements of the rules. * For example, to define a rule denying users from accessing the column 'salary' between * the times 15:00 and 17:00, the following rule is to be configured into the configuration file: *@code{.unparsed} * rule block_salary deny columns salary at_times 15:00:00-17:00:00 *@endcode - * The users are matched by username and network address. Wildcard values can be provided by using the '%' character. + * The users are matched by username and network address. Wildcard values can be provided by + * using the '%' character. * For example, to apply this rule to users John, connecting from any address * that starts with the octets 198.168.%, and Jane, connecting from the address 192.168.0.1: *@code{.unparsed} @@ -51,7 +53,9 @@ * @subsection secRule Rule syntax * This is the syntax used when defining rules. *@code{.unparsed} - * rule NAME deny [wildcard | columns VALUE ... | regex REGEX | limit_queries COUNT TIMEPERIOD HOLDOFF | no_where_clause] [at_times VALUE...] [on_queries [select|update|insert|delete]] + * rule NAME deny [wildcard | columns VALUE ... | regex REGEX | + * limit_queries COUNT TIMEPERIOD HOLDOFF | no_where_clause] [at_times VALUE...] + * [on_queries [select|update|insert|delete]] *@endcode * @subsection secUser User syntax * This is the syntax used when linking users to rules. It takes one or more @@ -384,7 +388,8 @@ char* strip_tags(char* str) * Parses a string that contains an IP address and converts the last octet to '%'. * This modifies the string passed as the parameter. * @param str String to parse - * @return Pointer to modified string or NULL if an error occurred or the string can't be made any less specific + * @return Pointer to modified string or NULL if an error occurred or the string can't + * be made any less specific */ char* next_ip_class(char* str) { @@ -573,7 +578,8 @@ static TIMERANGE* parse_time(const char* str) /** * Splits the reversed timerange into two. *@param tr A reversed timerange - *@return If the timerange is reversed, returns a pointer to the new TIMERANGE otherwise returns a NULL pointer + *@return If the timerange is reversed, returns a pointer to the new TIMERANGE + * otherwise returns a NULL pointer */ TIMERANGE* split_reverse_time(TIMERANGE* tr) { @@ -690,7 +696,8 @@ bool link_rules(char* orig, FW_INSTANCE* instance) if ((userptr == NULL || ruleptr == NULL || modeptr == NULL) || (userptr > modeptr || userptr > ruleptr || modeptr > ruleptr)) { - MXS_ERROR("dbfwfilter: Rule syntax incorrect, right keywords not found in the correct order: %s", orig); + MXS_ERROR("dbfwfilter: Rule syntax incorrect, " + "right keywords not found in the correct order: %s", orig); rval = false; goto parse_err; } @@ -702,7 +709,8 @@ bool link_rules(char* orig, FW_INSTANCE* instance) if (tok == NULL) { - MXS_ERROR("dbfwfilter: Rule syntax incorrect, right keywords not found in the correct order: %s", orig); + MXS_ERROR("dbfwfilter: Rule syntax incorrect, " + "right keywords not found in the correct order: %s", orig); rval = false; goto parse_err; } @@ -731,7 +739,8 @@ bool link_rules(char* orig, FW_INSTANCE* instance) } else { - MXS_ERROR("dbfwfilter: Rule syntax incorrect, 'match' was not followed by correct keyword: %s", orig); + MXS_ERROR("dbfwfilter: Rule syntax incorrect, " + "'match' was not followed by correct keyword: %s", orig); rval = false; goto parse_err; } @@ -1037,7 +1046,8 @@ bool parse_rule_definition(FW_INSTANCE* instance, RULE* ruledef, char* rule, cha if (n_char >= 2048) { - MXS_ERROR("dbfwfilter: Failed to parse rule, regular expression length is over 2048 characters."); + MXS_ERROR("dbfwfilter: Failed to parse rule, " + "regular expression length is over 2048 characters."); rval = false; goto retblock; } @@ -1585,7 +1595,12 @@ bool rule_is_active(RULE* rule) * @param query Pointer to the null-terminated query string * @return true if the query matches the rule */ -bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue, USER* user, RULELIST *rulelist, char* query) +bool rule_matches(FW_INSTANCE* my_instance, + FW_SESSION* my_session, + GWBUF *queue, + USER* user, + RULELIST *rulelist, + char* query) { char *ptr, *where, *msg = NULL; char emsg[512]; @@ -1713,7 +1728,8 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue matches = true; msg = strdup("Usage of wildcard denied."); - MXS_INFO("dbfwfilter: rule '%s': query contains a wildcard.", rulelist->rule->name); + MXS_INFO("dbfwfilter: rule '%s': query contains a wildcard.", + rulelist->rule->name); goto queryresolved; } free(where); @@ -1761,10 +1777,12 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue if (difftime(time_now, queryspeed->triggered) < queryspeed->cooldown) { - double blocked_for = queryspeed->cooldown - difftime(time_now, queryspeed->triggered); + double blocked_for = + queryspeed->cooldown - difftime(time_now, queryspeed->triggered); sprintf(emsg, "Queries denied for %f seconds", blocked_for); - MXS_INFO("dbfwfilter: rule '%s': user denied for %f seconds", rulelist->rule->name, blocked_for); + MXS_INFO("dbfwfilter: rule '%s': user denied for %f seconds", + rulelist->rule->name, blocked_for); msg = strdup(emsg); matches = true; } @@ -1788,7 +1806,8 @@ bool rule_matches(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue queryspeed->limit, queryspeed->period, queryspeed->cooldown); - double blocked_for = queryspeed->cooldown - difftime(time_now, queryspeed->triggered); + double blocked_for = + queryspeed->cooldown - difftime(time_now, queryspeed->triggered); sprintf(emsg, "Queries denied for %f seconds", blocked_for); msg = strdup(emsg); } @@ -1908,7 +1927,11 @@ retblock: * @param user The user whose rulelist is checked * @return True if the query matches all of the rules otherwise false */ -bool check_match_all(FW_INSTANCE* my_instance, FW_SESSION* my_session, GWBUF *queue, USER* user, bool strict_all) +bool check_match_all(FW_INSTANCE* my_instance, + FW_SESSION* my_session, + GWBUF *queue, + USER* user, + bool strict_all) { bool is_sql, rval = true; bool have_active_rule = false;