[secnet] / util.c

/*
 * util.c
 * - output and logging support
 * - program lifetime support
 * - IP address and subnet munging routines
 * - MPI convenience functions
 */
/*
 *  This file is
 *    Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
 *
 *  It is part of secnet, which is
 *    Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
 *    Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
 *  
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2, or (at your option)
 *  any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software Foundation,
 *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
 */

#include "secnet.h"
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <unistd.h>
#include <limits.h>
#include <assert.h>
#include <sys/wait.h>
#include <time.h>
#include "util.h"
#include "unaligned.h"

#define MIN_BUFFER_SIZE 64
#define DEFAULT_BUFFER_SIZE 4096
#define MAX_BUFFER_SIZE 131072

static char *hexdigits="0123456789abcdef";

bool_t secnet_is_daemon=False;
uint32_t message_level=M_WARNING|M_ERROR|M_SECURITY|M_FATAL;
struct log_if *system_log=NULL;
static uint32_t current_phase=0;

struct phase_hook {
    hook_fn *fn;
    void *state;
    struct phase_hook *next;
};

static struct phase_hook *hooks[NR_PHASES]={NULL,};

static void vMessage(uint32_t class, char *message, va_list args)
{
    FILE *dest=stdout;
#define MESSAGE_BUFLEN 1023
    static char buff[MESSAGE_BUFLEN+1]={0,};
    uint32_t bp;
    char *nlp;

    if (secnet_is_daemon) {
	/* Messages go to the system log interface */
	bp=strlen(buff);
	vsnprintf(buff+bp,MESSAGE_BUFLEN-bp,message,args);
	/* Each line is sent separately */
	while ((nlp=strchr(buff,'\n'))) {
	    *nlp=0;
	    log(system_log,class,buff);
	    memmove(buff,nlp+1,strlen(nlp+1)+1);
	}
    } else {
	/* Messages go to stdout/stderr */
	if (class & message_level) {
	    if (class&M_FATAL || class&M_ERROR || class&M_WARNING) {
		dest=stderr;
	    }
	    vfprintf(dest,message,args);
	}
    }
}  

void Message(uint32_t class, char *message, ...)
{
    va_list ap;

    va_start(ap,message);
    vMessage(class,message,ap);
    va_end(ap);
}

static void vfatal(int status, bool_t perror, char *message, va_list args)
{
    int err;

    err=errno;

    enter_phase(PHASE_SHUTDOWN);
    if (perror) {
	Message(M_FATAL, "secnet fatal error: ");
	vMessage(M_FATAL, message, args);
	Message(M_FATAL, ": %s\n",strerror(err));
    }
    else {
	Message(M_FATAL, "secnet fatal error: ");
	vMessage(M_FATAL,message,args);
    }
    exit(status);
}

void fatal(char *message, ...)
{
    va_list args;
    va_start(args,message);
    vfatal(current_phase,False,message,args);
    va_end(args);
}

void fatal_status(int status, char *message, ...)
{
    va_list args;
    va_start(args,message);
    vfatal(status,False,message,args);
    va_end(args);
}

void fatal_perror(char *message, ...)
{
    va_list args;
    va_start(args,message);
    vfatal(current_phase,True,message,args);
    va_end(args);
}

void fatal_perror_status(int status, char *message, ...)
{
    va_list args;
    va_start(args,message);
    vfatal(status,True,message,args);
    va_end(args);
}

void cfgfatal(struct cloc loc, string_t facility, char *message, ...)
{
    va_list args;

    va_start(args,message);

    enter_phase(PHASE_SHUTDOWN);

    if (loc.file && loc.line) {
	Message(M_FATAL, "config error (%s, %s:%d): ",facility,loc.file,
		loc.line);
    } else if (!loc.file && loc.line) {
	Message(M_FATAL, "config error (%s, line %d): ",facility,loc.line);
    } else {
	Message(M_FATAL, "config error (%s): ",facility);
    }
    
    vMessage(M_FATAL,message,args);
    va_end(args);
    exit(current_phase);
}

/* Take a list of log closures and merge them */
struct loglist {
    struct log_if *l;
    struct loglist *next;
};

static void log_vmulti(void *sst, int class, char *message, va_list args)
{
    struct loglist *st=sst, *i;

    if (secnet_is_daemon) {
	for (i=st; i; i=i->next) {
	    i->l->vlog(i->l->st,class,message,args);
	}
    } else {
	vMessage(class,message,args);
	Message(class,"\n");
    }
}

static void log_multi(void *st, int priority, char *message, ...)
{
    va_list ap;

    va_start(ap,message);
    log_vmulti(st,priority,message,ap);
    va_end(ap);
}

struct log_if *init_log(list_t *ll)
{
    int i=0;
    item_t *item;
    closure_t *cl;
    struct loglist *l=NULL, *n;
    struct log_if *r;

    if (list_length(ll)==1) {
	item=list_elem(ll,0);
	cl=item->data.closure;
	if (cl->type!=CL_LOG) {
	    cfgfatal(item->loc,"init_log","closure is not a logger");
	}
	return cl->interface;
    }
    while ((item=list_elem(ll,i++))) {
	if (item->type!=t_closure) {
	    cfgfatal(item->loc,"init_log","item is not a closure");
	}
	cl=item->data.closure;
	if (cl->type!=CL_LOG) {
	    cfgfatal(item->loc,"init_log","closure is not a logger");
	}
	n=safe_malloc(sizeof(*n),"init_log");
	n->l=cl->interface;
	n->next=l;
	l=n;
    }
    if (!l) {
	fatal("init_log: no log");
    }
    r=safe_malloc(sizeof(*r), "init_log");
    r->st=l;
    r->log=log_multi;
    r->vlog=log_vmulti;
    return r;
}

struct logfile {
    closure_t cl;
    struct log_if ops;
    struct cloc loc;
    string_t logfile;
    uint32_t level;
    FILE *f;
};

static string_t months[]={
    "Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};

static void logfile_vlog(void *sst, int class, char *message, va_list args)
{
    struct logfile *st=sst;
    time_t t;
    struct tm *tm;

    if (secnet_is_daemon) {
	if (class&st->level) {
	    t=time(NULL);
	    tm=localtime(&t);
	    fprintf(st->f,"%s %2d %02d:%02d:%02d ",
		    months[tm->tm_mon],tm->tm_mday,tm->tm_hour,tm->tm_min,
		    tm->tm_sec);
	    vfprintf(st->f,message,args);
	    fprintf(st->f,"\n");
	    fflush(st->f);
	}
    } else {
	vMessage(class,message,args);
	Message(class,"\n");
    }
}

static void logfile_log(void *state, int priority, char *message, ...)
{
    va_list ap;

    va_start(ap,message);
    logfile_vlog(state,priority,message,ap);
    va_end(ap);
}

static void logfile_phase_hook(void *sst, uint32_t new_phase)
{
    struct logfile *st=sst;
    FILE *f;

    if (background) {
	f=fopen(st->logfile,"a");
	if (!f) fatal_perror("logfile (%s:%d): cannot open \"%s\"",
			     st->loc.file,st->loc.line,st->logfile);
	st->f=f;
    }
}

static struct flagstr message_class_table[]={
    { "debug-config", M_DEBUG_CONFIG },
    { "debug-phase", M_DEBUG_PHASE },
    { "debug", M_DEBUG },
    { "all-debug", M_DEBUG|M_DEBUG_PHASE|M_DEBUG_CONFIG },
    { "info", M_INFO },
    { "notice", M_NOTICE },
    { "warning", M_WARNING },
    { "error", M_ERROR },
    { "security", M_SECURITY },
    { "fatal", M_FATAL },
    { "default", M_WARNING|M_ERROR|M_SECURITY|M_FATAL },
    { "verbose", M_INFO|M_NOTICE|M_WARNING|M_ERROR|M_SECURITY|M_FATAL },
    { "quiet", M_FATAL },
    { NULL, 0 }
};

static list_t *logfile_apply(closure_t *self, struct cloc loc, dict_t *context,
			     list_t *args)
{
    struct logfile *st;
    item_t *item;
    dict_t *dict;

    /* We should defer opening the logfile until the getresources
       phase.  We should defer writing into the logfile until after we
       become a daemon. */
    
    st=safe_malloc(sizeof(*st),"logfile_apply");
    st->cl.description="logfile";
    st->cl.type=CL_LOG;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;
    st->ops.st=st;
    st->ops.log=logfile_log;
    st->ops.vlog=logfile_vlog;
    st->loc=loc;
    st->f=stderr;

    item=list_elem(args,0);
    if (!item || item->type!=t_dict) {
	cfgfatal(loc,"logfile","argument must be a dictionary\n");
    }
    dict=item->data.dict;

    st->logfile=dict_read_string(dict,"filename",True,"logfile",loc);
    st->level=string_list_to_word(dict_lookup(dict,"class"),
				       message_class_table,"logfile");

    add_hook(PHASE_GETRESOURCES,logfile_phase_hook,st);

    return new_closure(&st->cl);
}

struct syslog {
    closure_t cl;
    struct log_if ops;
    string_t ident;
    int facility;
    bool_t open;
};

static int msgclass_to_syslogpriority(uint32_t m)
{
    switch (m) {
    case M_DEBUG_CONFIG: return LOG_DEBUG;
    case M_DEBUG_PHASE: return LOG_DEBUG;
    case M_DEBUG: return LOG_DEBUG;
    case M_INFO: return LOG_INFO;
    case M_NOTICE: return LOG_NOTICE;
    case M_WARNING: return LOG_WARNING;
    case M_ERROR: return LOG_ERR;
    case M_SECURITY: return LOG_CRIT;
    case M_FATAL: return LOG_EMERG;
    default: return LOG_NOTICE;
    }
}
    
static void syslog_vlog(void *sst, int class, char *message,
			 va_list args)
{
    struct syslog *st=sst;

    if (st->open)
	vsyslog(msgclass_to_syslogpriority(class),message,args);
    else {
	vMessage(class,message,args);
	Message(class,"\n");
    }
}

static void syslog_log(void *sst, int priority, char *message, ...)
{
    va_list ap;

    va_start(ap,message);
    syslog_vlog(sst,priority,message,ap);
    va_end(ap);
}

static struct flagstr syslog_facility_table[]={
    { "authpriv", LOG_AUTHPRIV },
    { "cron", LOG_CRON },
    { "daemon", LOG_DAEMON },
    { "kern", LOG_KERN },
    { "local0", LOG_LOCAL0 },
    { "local1", LOG_LOCAL1 },
    { "local2", LOG_LOCAL2 },
    { "local3", LOG_LOCAL3 },
    { "local4", LOG_LOCAL4 },
    { "local5", LOG_LOCAL5 },
    { "local6", LOG_LOCAL6 },
    { "local7", LOG_LOCAL7 },
    { "lpr", LOG_LPR },
    { "mail", LOG_MAIL },
    { "news", LOG_NEWS },
    { "syslog", LOG_SYSLOG },
    { "user", LOG_USER },
    { "uucp", LOG_UUCP },
    { NULL, 0 }
};

static void syslog_phase_hook(void *sst, uint32_t newphase)
{
    struct syslog *st=sst;

    if (background) {
	openlog(st->ident,0,st->facility);
	st->open=True;
    }
}

static list_t *syslog_apply(closure_t *self, struct cloc loc, dict_t *context,
			    list_t *args)
{
    struct syslog *st;
    dict_t *d;
    item_t *item;
    string_t facstr;

    st=safe_malloc(sizeof(*st),"syslog_apply");
    st->cl.description="syslog";
    st->cl.type=CL_LOG;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;
    st->ops.st=st;
    st->ops.log=syslog_log;
    st->ops.vlog=syslog_vlog;

    item=list_elem(args,0);
    if (!item || item->type!=t_dict)
	cfgfatal(loc,"syslog","parameter must be a dictionary\n");
    d=item->data.dict;

    st->ident=dict_read_string(d, "ident", False, "syslog", loc);
    facstr=dict_read_string(d, "facility", True, "syslog", loc);
    st->facility=string_to_word(facstr,loc,
				syslog_facility_table,"syslog");
    st->open=False;
    add_hook(PHASE_GETRESOURCES,syslog_phase_hook,st);

    return new_closure(&st->cl);
}    

char *safe_strdup(char *s, char *message)
{
    char *d;
    d=strdup(s);
    if (!d) {
	fatal_perror(message);
    }
    return d;
}

void *safe_malloc(size_t size, char *message)
{
    void *r;
    r=malloc(size);
    if (!r) {
	fatal_perror(message);
    }
    return r;
}

/* Convert a buffer into its MP_INT representation */
void read_mpbin(MP_INT *a, uint8_t *bin, int binsize)
{
    char *buff;
    int i;

    buff=safe_malloc(binsize*2 + 1,"read_mpbin");

    for (i=0; i<binsize; i++) {
	buff[i*2]=hexdigits[(bin[i] & 0xf0) >> 4];
	buff[i*2+1]=hexdigits[(bin[i] & 0xf)];
    }
    buff[binsize*2]=0;

    mpz_set_str(a, buff, 16);
    free(buff);
}

/* Convert a MP_INT into a hex string */
char *write_mpstring(MP_INT *a)
{
    char *buff;

    buff=safe_malloc(mpz_sizeinbase(a,16)+2,"write_mpstring");
    mpz_get_str(buff, 16, a);
    return buff;
}

static uint8_t hexval(uint8_t c)
{
    switch (c) {
    case '0': return 0;
    case '1': return 1;
    case '2': return 2;
    case '3': return 3;
    case '4': return 4;
    case '5': return 5;
    case '6': return 6;
    case '7': return 7;
    case '8': return 8;
    case '9': return 9;
    case 'a': return 10;
    case 'A': return 10;
    case 'b': return 11;
    case 'B': return 11;
    case 'c': return 12;
    case 'C': return 12;
    case 'd': return 13;
    case 'D': return 13;
    case 'e': return 14;
    case 'E': return 14;
    case 'f': return 15;
    case 'F': return 15;
    }
    return -1;
}

/* Convert a MP_INT into a buffer; return length; truncate if necessary */
uint32_t write_mpbin(MP_INT *a, uint8_t *buffer, uint32_t buflen)
{
    char *hb;
    int i,j,l;
    
    if (buflen==0) return 0;
    hb=write_mpstring(a);
    
    l=strlen(hb);
    i=0; j=0;
    if (l&1) {
	/* The number starts with a half-byte */
	buffer[i++]=hexval(hb[j++]);
    }
    for (; hb[j] && i<buflen; i++) {
	buffer[i]=(hexval(hb[j])<<4)|hexval(hb[j+1]);
	j+=2;
    }
    free(hb);
    return i;
}

bool_t subnet_match(struct subnet *s, uint32_t address)
{
    return (s->prefix==(address&s->mask));
}

bool_t subnet_matches_list(struct subnet_list *list, uint32_t address)
{
    uint32_t i;
    for (i=0; i<list->entries; i++) {
	if (list->list[i].prefix == (address&list->list[i].mask)) return True;
    }
    return False;
}

bool_t subnets_intersect(struct subnet a, struct subnet b)
{
    uint32_t mask=a.mask&b.mask;
    return ((a.prefix&mask)==(b.prefix&mask));
}

bool_t subnet_intersects_with_list(struct subnet a, struct subnet_list *b)
{
    uint32_t i;

    for (i=0; i<b->entries; i++) {
	if (subnets_intersect(a,b->list[i])) return True;
    }
    return False;
}

bool_t subnet_lists_intersect(struct subnet_list *a, struct subnet_list *b)
{
    uint32_t i;
    for (i=0; i<a->entries; i++) {
	if (subnet_intersects_with_list(a->list[i],b)) return True;
    }
    return False;
}

/* The string buffer must be at least 16 bytes long */
string_t ipaddr_to_string(uint32_t addr)
{
    uint8_t a,b,c,d;
    string_t s;

    s=safe_malloc(16,"ipaddr_to_string");
    a=addr>>24;
    b=addr>>16;
    c=addr>>8;
    d=addr;
    snprintf(s, 16, "%d.%d.%d.%d", a, b, c, d);
    return s;
}

string_t subnet_to_string(struct subnet *sn)
{
    uint32_t mask=sn->mask, addr=sn->prefix;
    uint8_t a,b,c,d;
    string_t s;
    int i;

    s=safe_malloc(19,"subnet_to_string");
    a=addr>>24;
    b=addr>>16;
    c=addr>>8;
    d=addr;
    for (i=0; mask; i++) {
	mask=(mask<<1);
    }
    if (i!=sn->len) {
	fatal("subnet_to_string: invalid subnet structure!\n");
    }
    snprintf(s, 19, "%d.%d.%d.%d/%d", a, b, c, d, sn->len);
    return s;
}

int sys_cmd(const char *path, char *arg, ...)
{
    va_list ap;
    int rv;
    pid_t c;

    va_start(ap,arg);
    c=fork();
    if (c) {
	/* Parent -> wait for child */
	waitpid(c,&rv,0);
    } else if (c==0) {
	char *args[100];
	int i;
	/* Child -> exec command */
	args[0]=arg;
	i=1;
	while ((args[i++]=va_arg(ap,char *)));
	execvp(path,args);
	exit(1);
    } else {
	/* Error */
	fatal_perror("sys_cmd(%s,%s,...)");
    }

    va_end(ap);
    return rv;
}

static char *phases[NR_PHASES]={
    "PHASE_INIT",
    "PHASE_GETOPTS",
    "PHASE_READCONFIG",
    "PHASE_SETUP",
    "PHASE_GETRESOURCES",
    "PHASE_DROPPRIV",
    "PHASE_RUN",
    "PHASE_SHUTDOWN"
};

void enter_phase(uint32_t new_phase)
{
    struct phase_hook *i;

    if (hooks[new_phase])
	Message(M_DEBUG_PHASE,"Running hooks for %s...\n", phases[new_phase]);
    current_phase=new_phase;

    for (i=hooks[new_phase]; i; i=i->next)
	i->fn(i->state, new_phase);
    Message(M_DEBUG_PHASE,"Now in %s\n",phases[new_phase]);
}

bool_t add_hook(uint32_t phase, hook_fn *fn, void *state)
{
    struct phase_hook *h;

    h=safe_malloc(sizeof(*h),"add_hook");
    h->fn=fn;
    h->state=state;
    h->next=hooks[phase];
    hooks[phase]=h;
    return True;
}

bool_t remove_hook(uint32_t phase, hook_fn *fn, void *state)
{
    fatal("remove_hook: not implemented\n");

    return False;
}

void log(struct log_if *lf, int priority, char *message, ...)
{
    va_list ap;
    
    va_start(ap,message);
    lf->vlog(lf->st,priority,message,ap);
    va_end(ap);
}

struct buffer {
    closure_t cl;
    struct buffer_if ops;
};

void buffer_assert_free(struct buffer_if *buffer, string_t file, uint32_t line)
{
    if (!buffer->free) {
	fatal("BUF_ASSERT_FREE, %s line %d, owned by %s\n",
	      file,line,buffer->owner);
    }
}

void buffer_assert_used(struct buffer_if *buffer, string_t file, uint32_t line)
{
    if (buffer->free) {
	fatal("BUF_ASSERT_USED, %s line %d, last owned by %s\n",
	      file,line,buffer->owner);
    }
}

void buffer_init(struct buffer_if *buffer, uint32_t max_start_pad)
{
    buffer->start=buffer->base+max_start_pad;
    buffer->size=0;
}

void *buf_append(struct buffer_if *buf, uint32_t amount) {
    void *p;
    p=buf->start + buf->size;
    buf->size+=amount;
    return p;
}

void *buf_prepend(struct buffer_if *buf, uint32_t amount) {
    buf->size+=amount;
    return buf->start-=amount;
}

void *buf_unappend(struct buffer_if *buf, uint32_t amount) {
    if (buf->size < amount) return 0;
    return buf->start+(buf->size-=amount);
}

void *buf_unprepend(struct buffer_if *buf, uint32_t amount) {
    void *p;
    p=buf->start;
    buf->start+=amount;
    buf->size-=amount;
    return p;
}

/* Append a two-byte length and the string to the buffer. Length is in
   network byte order. */
void buf_append_string(struct buffer_if *buf, string_t s)
{
    uint16_t len;

    len=strlen(s);
    buf_append_uint16(buf,len);
    memcpy(buf_append(buf,len),s,len);
}

void buffer_new(struct buffer_if *buf, uint32_t len)
{
    buf->free=True;
    buf->owner=NULL;
    buf->flags=0;
    buf->loc.file=NULL;
    buf->loc.line=0;
    buf->size=0;
    buf->len=len;
    buf->start=NULL;
    buf->base=safe_malloc(len,"buffer_new");
}

static list_t *buffer_apply(closure_t *self, struct cloc loc, dict_t *context,
			    list_t *args)
{
    struct buffer *st;
    item_t *item;
    dict_t *dict;
    bool_t lockdown=False;
    uint32_t len=DEFAULT_BUFFER_SIZE;
    
    st=safe_malloc(sizeof(*st),"buffer_apply");
    st->cl.description="buffer";
    st->cl.type=CL_BUFFER;
    st->cl.apply=NULL;
    st->cl.interface=&st->ops;

    /* First argument, if present, is buffer length */
    item=list_elem(args,0);
    if (item) {
	if (item->type!=t_number) {
	    cfgfatal(st->ops.loc,"buffer","first parameter must be a "
		     "number (buffer size)\n");
	}
	len=item->data.number;
	if (len<MIN_BUFFER_SIZE) {
	    cfgfatal(st->ops.loc,"buffer","ludicrously small buffer size\n");
	}
	if (len>MAX_BUFFER_SIZE) {
	    cfgfatal(st->ops.loc,"buffer","ludicrously large buffer size\n");
	}
    }
    /* Second argument, if present, is a dictionary */
    item=list_elem(args,1);
    if (item) {
	if (item->type!=t_dict) {
	    cfgfatal(st->ops.loc,"buffer","second parameter must be a "
		     "dictionary\n");
	}
	dict=item->data.dict;
	lockdown=dict_read_bool(dict,"lockdown",False,"buffer",st->ops.loc,
				False);
    }

    buffer_new(&st->ops,len);
    if (lockdown) {
	/* XXX mlock the buffer if possible */
    }
    
    return new_closure(&st->cl);
}

init_module util_module;
void util_module(dict_t *dict)
{
    add_closure(dict,"logfile",logfile_apply);
    add_closure(dict,"syslog",syslog_apply);
    add_closure(dict,"sysbuffer",buffer_apply);
}
Commit	Line	Data
b2a56f7c SE	1	/*
	2	* util.c
	3	* - output and logging support
	4	* - program lifetime support
	5	* - IP address and subnet munging routines
	6	* - MPI convenience functions
	7	*/
	8	/*
	9	* This file is
	10	* Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
2fe58dfd	11	*
b2a56f7c SE	12	* It is part of secnet, which is
	13	* Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
	14	* Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
	15	*
	16	* This program is free software; you can redistribute it and/or modify
	17	* it under the terms of the GNU General Public License as published by
	18	* the Free Software Foundation; either version 2, or (at your option)
	19	* any later version.
	20	*
	21	* This program is distributed in the hope that it will be useful,
	22	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	23	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	24	* GNU General Public License for more details.
	25	*
	26	* You should have received a copy of the GNU General Public License
	27	* along with this program; if not, write to the Free Software Foundation,
	28	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
2fe58dfd SE	29	*/
2fe58dfd SE	30
8689b3a9	31	#include "secnet.h"
2fe58dfd	32	#include <stdio.h>
2fe58dfd SE	33	#include <string.h>
2fe58dfd SE	34	#include <errno.h>
b2a56f7c	35	#include <syslog.h>
2fe58dfd	36	#include <unistd.h>
59635212	37	#include <limits.h>
2fe58dfd	38	#include <assert.h>
4efd681a	39	#include <sys/wait.h>
b2a56f7c	40	#include <time.h>
2fe58dfd	41	#include "util.h"
59635212	42	#include "unaligned.h"
2fe58dfd SE	43
	44	#define MIN_BUFFER_SIZE 64
	45	#define DEFAULT_BUFFER_SIZE 4096
	46	#define MAX_BUFFER_SIZE 131072
	47
	48	static char *hexdigits="0123456789abcdef";
	49
b2a56f7c SE	50	bool_t secnet_is_daemon=False;
	51	uint32_t message_level=M_WARNING\|M_ERROR\|M_SECURITY\|M_FATAL;
	52	struct log_if *system_log=NULL;
2fe58dfd SE	53	static uint32_t current_phase=0;
	54
	55	struct phase_hook {
	56	hook_fn *fn;
	57	void *state;
	58	struct phase_hook *next;
	59	};
	60
	61	static struct phase_hook *hooks[NR_PHASES]={NULL,};
	62
	63	static void vMessage(uint32_t class, char *message, va_list args)
	64	{
	65	FILE *dest=stdout;
b2a56f7c SE	66	#define MESSAGE_BUFLEN 1023
	67	static char buff[MESSAGE_BUFLEN+1]={0,};
	68	uint32_t bp;
	69	char *nlp;
	70
	71	if (secnet_is_daemon) {
	72	/* Messages go to the system log interface */
	73	bp=strlen(buff);
	74	vsnprintf(buff+bp,MESSAGE_BUFLEN-bp,message,args);
	75	/* Each line is sent separately */
	76	while ((nlp=strchr(buff,'\n'))) {
	77	*nlp=0;
	78	log(system_log,class,buff);
	79	memmove(buff,nlp+1,strlen(nlp+1)+1);
	80	}
	81	} else {
	82	/* Messages go to stdout/stderr */
	83	if (class & message_level) {
	84	if (class&M_FATAL \|\| class&M_ERROR \|\| class&M_WARNING) {
	85	dest=stderr;
	86	}
	87	vfprintf(dest,message,args);
2fe58dfd	88	}
2fe58dfd	89	}
2fe58dfd SE	90	}
	91
	92	void Message(uint32_t class, char *message, ...)
	93	{
	94	va_list ap;
	95
	96	va_start(ap,message);
2fe58dfd	97	vMessage(class,message,ap);
2fe58dfd SE	98	va_end(ap);
	99	}
	100
	101	static void vfatal(int status, bool_t perror, char *message, va_list args)
	102	{
	103	int err;
	104
	105	err=errno;
	106
	107	enter_phase(PHASE_SHUTDOWN);
	108	if (perror) {
	109	Message(M_FATAL, "secnet fatal error: ");
	110	vMessage(M_FATAL, message, args);
	111	Message(M_FATAL, ": %s\n",strerror(err));
	112	}
	113	else {
	114	Message(M_FATAL, "secnet fatal error: ");
	115	vMessage(M_FATAL,message,args);
	116	}
	117	exit(status);
	118	}
	119
	120	void fatal(char *message, ...)
	121	{
	122	va_list args;
	123	va_start(args,message);
	124	vfatal(current_phase,False,message,args);
	125	va_end(args);
	126	}
	127
	128	void fatal_status(int status, char *message, ...)
	129	{
	130	va_list args;
	131	va_start(args,message);
	132	vfatal(status,False,message,args);
	133	va_end(args);
	134	}
	135
	136	void fatal_perror(char *message, ...)
	137	{
	138	va_list args;
	139	va_start(args,message);
	140	vfatal(current_phase,True,message,args);
	141	va_end(args);
	142	}
	143
	144	void fatal_perror_status(int status, char *message, ...)
	145	{
	146	va_list args;
	147	va_start(args,message);
	148	vfatal(status,True,message,args);
	149	va_end(args);
	150	}
	151
	152	void cfgfatal(struct cloc loc, string_t facility, char *message, ...)
	153	{
	154	va_list args;
	155
	156	va_start(args,message);
	157
	158	enter_phase(PHASE_SHUTDOWN);
	159
	160	if (loc.file && loc.line) {
	161	Message(M_FATAL, "config error (%s, %s:%d): ",facility,loc.file,
162	loc.line);
163	} else if (!loc.file && loc.line) {
164	Message(M_FATAL, "config error (%s, line %d): ",facility,loc.line);
165	} else {
166	Message(M_FATAL, "config error (%s): ",facility);
167	}
168
169	vMessage(M_FATAL,message,args);
170	va_end(args);
171	exit(current_phase);
172	}
173
b2a56f7c SE	174	/* Take a list of log closures and merge them */
	175	struct loglist {
	176	struct log_if *l;
	177	struct loglist *next;
	178	};
	179
	180	static void log_vmulti(void sst, int class, char message, va_list args)
	181	{
	182	struct loglist st=sst, i;
	183
	184	if (secnet_is_daemon) {
	185	for (i=st; i; i=i->next) {
	186	i->l->vlog(i->l->st,class,message,args);
	187	}
	188	} else {
	189	vMessage(class,message,args);
	190	Message(class,"\n");
	191	}
	192	}
	193
	194	static void log_multi(void st, int priority, char message, ...)
	195	{
	196	va_list ap;
	197
	198	va_start(ap,message);
	199	log_vmulti(st,priority,message,ap);
	200	va_end(ap);
	201	}
	202
	203	struct log_if init_log(list_t ll)
	204	{
	205	int i=0;
	206	item_t *item;
	207	closure_t *cl;
	208	struct loglist l=NULL, n;
	209	struct log_if *r;
	210
	211	if (list_length(ll)==1) {
	212	item=list_elem(ll,0);
	213	cl=item->data.closure;
	214	if (cl->type!=CL_LOG) {
	215	cfgfatal(item->loc,"init_log","closure is not a logger");
	216	}
	217	return cl->interface;
	218	}
	219	while ((item=list_elem(ll,i++))) {
	220	if (item->type!=t_closure) {
	221	cfgfatal(item->loc,"init_log","item is not a closure");
	222	}
	223	cl=item->data.closure;
	224	if (cl->type!=CL_LOG) {
	225	cfgfatal(item->loc,"init_log","closure is not a logger");
	226	}
	227	n=safe_malloc(sizeof(*n),"init_log");
	228	n->l=cl->interface;
	229	n->next=l;
	230	l=n;
	231	}
	232	if (!l) {
	233	fatal("init_log: no log");
	234	}
	235	r=safe_malloc(sizeof(*r), "init_log");
	236	r->st=l;
	237	r->log=log_multi;
238	r->vlog=log_vmulti;
239	return r;
240	}
241
242	struct logfile {
243	closure_t cl;
244	struct log_if ops;
245	struct cloc loc;
246	string_t logfile;
247	uint32_t level;
248	FILE *f;
249	};
250
251	static string_t months[]={
252	"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"};
253
254	static void logfile_vlog(void sst, int class, char message, va_list args)
255	{
256	struct logfile *st=sst;
257	time_t t;
258	struct tm *tm;
259
260	if (secnet_is_daemon) {
261	if (class&st->level) {
262	t=time(NULL);
263	tm=localtime(&t);
264	fprintf(st->f,"%s %2d %02d:%02d:%02d ",
265	months[tm->tm_mon],tm->tm_mday,tm->tm_hour,tm->tm_min,
266	tm->tm_sec);
267	vfprintf(st->f,message,args);
268	fprintf(st->f,"\n");
269	fflush(st->f);
270	}
271	} else {
272	vMessage(class,message,args);
273	Message(class,"\n");
274	}
275	}
276
277	static void logfile_log(void state, int priority, char message, ...)
278	{
279	va_list ap;
280
281	va_start(ap,message);
282	logfile_vlog(state,priority,message,ap);
283	va_end(ap);
284	}
285
286	static void logfile_phase_hook(void *sst, uint32_t new_phase)
287	{
288	struct logfile *st=sst;
289	FILE *f;
290
291	if (background) {
292	f=fopen(st->logfile,"a");
293	if (!f) fatal_perror("logfile (%s:%d): cannot open \"%s\"",
294	st->loc.file,st->loc.line,st->logfile);
295	st->f=f;
296	}
297	}
298
299	static struct flagstr message_class_table[]={
300	{ "debug-config", M_DEBUG_CONFIG },
301	{ "debug-phase", M_DEBUG_PHASE },
302	{ "debug", M_DEBUG },
303	{ "all-debug", M_DEBUG\|M_DEBUG_PHASE\|M_DEBUG_CONFIG },
304	{ "info", M_INFO },
305	{ "notice", M_NOTICE },
306	{ "warning", M_WARNING },
307	{ "error", M_ERROR },
308	{ "security", M_SECURITY },
309	{ "fatal", M_FATAL },
310	{ "default", M_WARNING\|M_ERROR\|M_SECURITY\|M_FATAL },
311	{ "verbose", M_INFO\|M_NOTICE\|M_WARNING\|M_ERROR\|M_SECURITY\|M_FATAL },
312	{ "quiet", M_FATAL },
313	{ NULL, 0 }
314	};
315
316	static list_t logfile_apply(closure_t self, struct cloc loc, dict_t *context,
317	list_t *args)
318	{
319	struct logfile *st;
320	item_t *item;
321	dict_t *dict;
322
323	/* We should defer opening the logfile until the getresources
324	phase. We should defer writing into the logfile until after we
325	become a daemon. */
326
327	st=safe_malloc(sizeof(*st),"logfile_apply");
328	st->cl.description="logfile";
329	st->cl.type=CL_LOG;
330	st->cl.apply=NULL;
331	st->cl.interface=&st->ops;
332	st->ops.st=st;
333	st->ops.log=logfile_log;
334	st->ops.vlog=logfile_vlog;
335	st->loc=loc;
336	st->f=stderr;
337
338	item=list_elem(args,0);
339	if (!item \|\| item->type!=t_dict) {
340	cfgfatal(loc,"logfile","argument must be a dictionary\n");
341	}
342	dict=item->data.dict;
343
344	st->logfile=dict_read_string(dict,"filename",True,"logfile",loc);
345	st->level=string_list_to_word(dict_lookup(dict,"class"),
346	message_class_table,"logfile");
347
348	add_hook(PHASE_GETRESOURCES,logfile_phase_hook,st);
349
350	return new_closure(&st->cl);
351	}
352
353	struct syslog {
354	closure_t cl;
355	struct log_if ops;
356	string_t ident;
357	int facility;
358	bool_t open;
359	};
360
361	static int msgclass_to_syslogpriority(uint32_t m)
362	{
363	switch (m) {
364	case M_DEBUG_CONFIG: return LOG_DEBUG;
365	case M_DEBUG_PHASE: return LOG_DEBUG;
366	case M_DEBUG: return LOG_DEBUG;
367	case M_INFO: return LOG_INFO;
368	case M_NOTICE: return LOG_NOTICE;
369	case M_WARNING: return LOG_WARNING;
370	case M_ERROR: return LOG_ERR;
371	case M_SECURITY: return LOG_CRIT;
372	case M_FATAL: return LOG_EMERG;
373	default: return LOG_NOTICE;
374	}
375	}
376
377	static void syslog_vlog(void sst, int class, char message,
378	va_list args)
379	{
380	struct syslog *st=sst;
381
382	if (st->open)
383	vsyslog(msgclass_to_syslogpriority(class),message,args);
384	else {
385	vMessage(class,message,args);
386	Message(class,"\n");
387	}
388	}
389
390	static void syslog_log(void sst, int priority, char message, ...)
391	{
392	va_list ap;
393
394	va_start(ap,message);
395	syslog_vlog(sst,priority,message,ap);
396	va_end(ap);
397	}
398
399	static struct flagstr syslog_facility_table[]={
400	{ "authpriv", LOG_AUTHPRIV },
401	{ "cron", LOG_CRON },
402	{ "daemon", LOG_DAEMON },
403	{ "kern", LOG_KERN },
404	{ "local0", LOG_LOCAL0 },
405	{ "local1", LOG_LOCAL1 },
406	{ "local2", LOG_LOCAL2 },
407	{ "local3", LOG_LOCAL3 },
408	{ "local4", LOG_LOCAL4 },
409	{ "local5", LOG_LOCAL5 },
410	{ "local6", LOG_LOCAL6 },
411	{ "local7", LOG_LOCAL7 },
412	{ "lpr", LOG_LPR },
413	{ "mail", LOG_MAIL },
414	{ "news", LOG_NEWS },
415	{ "syslog", LOG_SYSLOG },
416	{ "user", LOG_USER },
417	{ "uucp", LOG_UUCP },
418	{ NULL, 0 }
419	};
420
421	static void syslog_phase_hook(void *sst, uint32_t newphase)
422	{
423	struct syslog *st=sst;
424
425	if (background) {
426	openlog(st->ident,0,st->facility);
427	st->open=True;
428	}
429	}
430
431	static list_t syslog_apply(closure_t self, struct cloc loc, dict_t *context,
432	list_t *args)
433	{
434	struct syslog *st;
435	dict_t *d;
436	item_t *item;
437	string_t facstr;
438
439	st=safe_malloc(sizeof(*st),"syslog_apply");
440	st->cl.description="syslog";
441	st->cl.type=CL_LOG;
442	st->cl.apply=NULL;
443	st->cl.interface=&st->ops;
444	st->ops.st=st;
445	st->ops.log=syslog_log;
446	st->ops.vlog=syslog_vlog;
447
448	item=list_elem(args,0);
449	if (!item \|\| item->type!=t_dict)
450	cfgfatal(loc,"syslog","parameter must be a dictionary\n");
451	d=item->data.dict;
452
453	st->ident=dict_read_string(d, "ident", False, "syslog", loc);
454	facstr=dict_read_string(d, "facility", True, "syslog", loc);
455	st->facility=string_to_word(facstr,loc,
456	syslog_facility_table,"syslog");
457	st->open=False;
458	add_hook(PHASE_GETRESOURCES,syslog_phase_hook,st);
459
460	return new_closure(&st->cl);
461	}
462
2fe58dfd SE	463	char safe_strdup(char s, char *message)
	464	{
	465	char *d;
	466	d=strdup(s);
	467	if (!d) {
	468	fatal_perror(message);
	469	}
	470	return d;
	471	}
	472
	473	void safe_malloc(size_t size, char message)
	474	{
	475	void *r;
	476	r=malloc(size);
	477	if (!r) {
	478	fatal_perror(message);
	479	}
	480	return r;
	481	}
	482
	483	/* Convert a buffer into its MP_INT representation */
	484	void read_mpbin(MP_INT a, uint8_t bin, int binsize)
	485	{
	486	char *buff;
	487	int i;
	488
	489	buff=safe_malloc(binsize*2 + 1,"read_mpbin");
	490
	491	for (i=0; i<binsize; i++) {
	492	buff[i*2]=hexdigits[(bin[i] & 0xf0) >> 4];
	493	buff[i*2+1]=hexdigits[(bin[i] & 0xf)];
	494	}
	495	buff[binsize*2]=0;
	496
	497	mpz_set_str(a, buff, 16);
	498	free(buff);
	499	}
	500
	501	/* Convert a MP_INT into a hex string */
	502	char write_mpstring(MP_INT a)
	503	{
	504	char *buff;
	505
	506	buff=safe_malloc(mpz_sizeinbase(a,16)+2,"write_mpstring");
	507	mpz_get_str(buff, 16, a);
	508	return buff;
	509	}
	510
	511	static uint8_t hexval(uint8_t c)
	512	{
	513	switch (c) {
	514	case '0': return 0;
	515	case '1': return 1;
	516	case '2': return 2;
	517	case '3': return 3;
	518	case '4': return 4;
	519	case '5': return 5;
	520	case '6': return 6;
	521	case '7': return 7;
	522	case '8': return 8;
	523	case '9': return 9;
	524	case 'a': return 10;
	525	case 'A': return 10;
	526	case 'b': return 11;
527	case 'B': return 11;
528	case 'c': return 12;
529	case 'C': return 12;
530	case 'd': return 13;
531	case 'D': return 13;
532	case 'e': return 14;
533	case 'E': return 14;
534	case 'f': return 15;
535	case 'F': return 15;
536	}
537	return -1;
538	}
539
540	/* Convert a MP_INT into a buffer; return length; truncate if necessary */
541	uint32_t write_mpbin(MP_INT a, uint8_t buffer, uint32_t buflen)
542	{
543	char *hb;
544	int i,j,l;
545
546	if (buflen==0) return 0;
547	hb=write_mpstring(a);
548
549	l=strlen(hb);
550	i=0; j=0;
551	if (l&1) {
552	/* The number starts with a half-byte */
553	buffer[i++]=hexval(hb[j++]);
554	}
555	for (; hb[j] && i<buflen; i++) {
556	buffer[i]=(hexval(hb[j])<<4)\|hexval(hb[j+1]);
557	j+=2;
558	}
559	free(hb);
560	return i;
561	}
562
70dc107b SE	563	bool_t subnet_match(struct subnet *s, uint32_t address)
	564	{
	565	return (s->prefix==(address&s->mask));
	566	}
	567
	568	bool_t subnet_matches_list(struct subnet_list *list, uint32_t address)
2fe58dfd SE	569	{
	570	uint32_t i;
	571	for (i=0; i<list->entries; i++) {
	572	if (list->list[i].prefix == (address&list->list[i].mask)) return True;
	573	}
	574	return False;
	575	}
	576
baa06aeb SE	577	bool_t subnets_intersect(struct subnet a, struct subnet b)
	578	{
	579	uint32_t mask=a.mask&b.mask;
	580	return ((a.prefix&mask)==(b.prefix&mask));
	581	}
	582
	583	bool_t subnet_intersects_with_list(struct subnet a, struct subnet_list *b)
	584	{
	585	uint32_t i;
	586
	587	for (i=0; i<b->entries; i++) {
	588	if (subnets_intersect(a,b->list[i])) return True;
	589	}
	590	return False;
	591	}
	592
	593	bool_t subnet_lists_intersect(struct subnet_list a, struct subnet_list b)
	594	{
	595	uint32_t i;
	596	for (i=0; i<a->entries; i++) {
	597	if (subnet_intersects_with_list(a->list[i],b)) return True;
	598	}
	599	return False;
	600	}
	601
2fe58dfd SE	602	/* The string buffer must be at least 16 bytes long */
	603	string_t ipaddr_to_string(uint32_t addr)
	604	{
	605	uint8_t a,b,c,d;
	606	string_t s;
	607
	608	s=safe_malloc(16,"ipaddr_to_string");
	609	a=addr>>24;
	610	b=addr>>16;
	611	c=addr>>8;
	612	d=addr;
	613	snprintf(s, 16, "%d.%d.%d.%d", a, b, c, d);
	614	return s;
	615	}
	616
	617	string_t subnet_to_string(struct subnet *sn)
	618	{
	619	uint32_t mask=sn->mask, addr=sn->prefix;
	620	uint8_t a,b,c,d;
	621	string_t s;
	622	int i;
	623
	624	s=safe_malloc(19,"subnet_to_string");
	625	a=addr>>24;
	626	b=addr>>16;
	627	c=addr>>8;
	628	d=addr;
	629	for (i=0; mask; i++) {
	630	mask=(mask<<1);
	631	}
70dc107b SE	632	if (i!=sn->len) {
	633	fatal("subnet_to_string: invalid subnet structure!\n");
	634	}
	635	snprintf(s, 19, "%d.%d.%d.%d/%d", a, b, c, d, sn->len);
2fe58dfd SE	636	return s;
	637	}
	638
4efd681a SE	639	int sys_cmd(const char path, char arg, ...)
	640	{
	641	va_list ap;
	642	int rv;
	643	pid_t c;
	644
	645	va_start(ap,arg);
	646	c=fork();
	647	if (c) {
	648	/* Parent -> wait for child */
	649	waitpid(c,&rv,0);
	650	} else if (c==0) {
	651	char *args[100];
	652	int i;
	653	/* Child -> exec command */
	654	args[0]=arg;
	655	i=1;
	656	while ((args[i++]=va_arg(ap,char *)));
	657	execvp(path,args);
	658	exit(1);
	659	} else {
	660	/* Error */
	661	fatal_perror("sys_cmd(%s,%s,...)");
	662	}
	663
	664	va_end(ap);
	665	return rv;
	666	}
	667
2fe58dfd SE	668	static char *phases[NR_PHASES]={
	669	"PHASE_INIT",
	670	"PHASE_GETOPTS",
	671	"PHASE_READCONFIG",
	672	"PHASE_SETUP",
baa06aeb	673	"PHASE_GETRESOURCES",
2fe58dfd SE	674	"PHASE_DROPPRIV",
	675	"PHASE_RUN",
	676	"PHASE_SHUTDOWN"
	677	};
	678
	679	void enter_phase(uint32_t new_phase)
	680	{
	681	struct phase_hook *i;
	682
baa06aeb SE	683	if (hooks[new_phase])
baa06aeb SE	684	Message(M_DEBUG_PHASE,"Running hooks for %s...\n", phases[new_phase]);
2fe58dfd SE	685	current_phase=new_phase;
	686
	687	for (i=hooks[new_phase]; i; i=i->next)
	688	i->fn(i->state, new_phase);
baa06aeb	689	Message(M_DEBUG_PHASE,"Now in %s\n",phases[new_phase]);
2fe58dfd SE	690	}
	691
	692	bool_t add_hook(uint32_t phase, hook_fn fn, void state)
	693	{
	694	struct phase_hook *h;
	695
	696	h=safe_malloc(sizeof(*h),"add_hook");
	697	h->fn=fn;
	698	h->state=state;
	699	h->next=hooks[phase];
	700	hooks[phase]=h;
	701	return True;
	702	}
	703
	704	bool_t remove_hook(uint32_t phase, hook_fn fn, void state)
	705	{
	706	fatal("remove_hook: not implemented\n");
	707
	708	return False;
	709	}
	710
	711	void log(struct log_if lf, int priority, char message, ...)
	712	{
	713	va_list ap;
	714
	715	va_start(ap,message);
	716	lf->vlog(lf->st,priority,message,ap);
	717	va_end(ap);
	718	}
	719
	720	struct buffer {
	721	closure_t cl;
	722	struct buffer_if ops;
	723	};
	724
	725	void buffer_assert_free(struct buffer_if *buffer, string_t file, uint32_t line)
	726	{
	727	if (!buffer->free) {
	728	fatal("BUF_ASSERT_FREE, %s line %d, owned by %s\n",
	729	file,line,buffer->owner);
	730	}
	731	}
	732
	733	void buffer_assert_used(struct buffer_if *buffer, string_t file, uint32_t line)
	734	{
	735	if (buffer->free) {
	736	fatal("BUF_ASSERT_USED, %s line %d, last owned by %s\n",
	737	file,line,buffer->owner);
	738	}
	739	}
	740
	741	void buffer_init(struct buffer_if *buffer, uint32_t max_start_pad)
	742	{
	743	buffer->start=buffer->base+max_start_pad;
	744	buffer->size=0;
	745	}
	746
	747	void buf_append(struct buffer_if buf, uint32_t amount) {
	748	void *p;
	749	p=buf->start + buf->size;
	750	buf->size+=amount;
	751	return p;
	752	}
	753
754	void buf_prepend(struct buffer_if buf, uint32_t amount) {
755	buf->size+=amount;
756	return buf->start-=amount;
757	}
758
759	void buf_unappend(struct buffer_if buf, uint32_t amount) {
760	if (buf->size < amount) return 0;
761	return buf->start+(buf->size-=amount);
762	}
763
764	void buf_unprepend(struct buffer_if buf, uint32_t amount) {
765	void *p;
766	p=buf->start;
767	buf->start+=amount;
768	buf->size-=amount;
769	return p;
770	}
771
772	/* Append a two-byte length and the string to the buffer. Length is in
773	network byte order. */
774	void buf_append_string(struct buffer_if *buf, string_t s)
775	{
776	uint16_t len;
777
778	len=strlen(s);
59635212	779	buf_append_uint16(buf,len);
2fe58dfd SE	780	memcpy(buf_append(buf,len),s,len);
	781	}
	782
	783	void buffer_new(struct buffer_if *buf, uint32_t len)
	784	{
	785	buf->free=True;
	786	buf->owner=NULL;
	787	buf->flags=0;
	788	buf->loc.file=NULL;
	789	buf->loc.line=0;
	790	buf->size=0;
	791	buf->len=len;
	792	buf->start=NULL;
	793	buf->base=safe_malloc(len,"buffer_new");
	794	}
	795
	796	static list_t buffer_apply(closure_t self, struct cloc loc, dict_t *context,
	797	list_t *args)
	798	{
	799	struct buffer *st;
	800	item_t *item;
	801	dict_t *dict;
	802	bool_t lockdown=False;
4efd681a	803	uint32_t len=DEFAULT_BUFFER_SIZE;
2fe58dfd SE	804
	805	st=safe_malloc(sizeof(*st),"buffer_apply");
	806	st->cl.description="buffer";
	807	st->cl.type=CL_BUFFER;
	808	st->cl.apply=NULL;
	809	st->cl.interface=&st->ops;
2fe58dfd SE	810
	811	/* First argument, if present, is buffer length */
	812	item=list_elem(args,0);
	813	if (item) {
	814	if (item->type!=t_number) {
	815	cfgfatal(st->ops.loc,"buffer","first parameter must be a "
	816	"number (buffer size)\n");
	817	}
4efd681a SE	818	len=item->data.number;
4efd681a SE	819	if (len<MIN_BUFFER_SIZE) {
2fe58dfd SE	820	cfgfatal(st->ops.loc,"buffer","ludicrously small buffer size\n");
2fe58dfd SE	821	}
4efd681a	822	if (len>MAX_BUFFER_SIZE) {
2fe58dfd SE	823	cfgfatal(st->ops.loc,"buffer","ludicrously large buffer size\n");
	824	}
	825	}
	826	/* Second argument, if present, is a dictionary */
	827	item=list_elem(args,1);
	828	if (item) {
	829	if (item->type!=t_dict) {
	830	cfgfatal(st->ops.loc,"buffer","second parameter must be a "
	831	"dictionary\n");
	832	}
	833	dict=item->data.dict;
	834	lockdown=dict_read_bool(dict,"lockdown",False,"buffer",st->ops.loc,
	835	False);
	836	}
	837
4efd681a	838	buffer_new(&st->ops,len);
2fe58dfd	839	if (lockdown) {
70dc107b	840	/* XXX mlock the buffer if possible */
2fe58dfd SE	841	}
	842
	843	return new_closure(&st->cl);
	844	}
	845
	846	init_module util_module;
	847	void util_module(dict_t *dict)
	848	{
	849	add_closure(dict,"logfile",logfile_apply);
b2a56f7c	850	add_closure(dict,"syslog",syslog_apply);
2fe58dfd SE	851	add_closure(dict,"sysbuffer",buffer_apply);
2fe58dfd SE	852	}