[userv-utils] / ipif / service.c

/*
 * userv service (or standalone program)
 * for per-user IP subranges.
 *
 * This is invoked as root, directly from userv.
 * Its arguments are supposed to be, in order:
 *  <base-prefix>/<base-prefix-len>
 *      Specifies the base address and prefix to restrict the
 *      addresses used to.
 *  <gid-min>-<gid-max>:<gid-add>/<gid-mask>[,...]
 *      The ranges specified by <gid-min> are checked <gid-max> until
 *      one is found which matches at least one gid in USERV_GID.
 *      Then the gid will have <gid-add> added to it and will then be
 *      masked so that it is <gid-mask> long (higher set bits are
 *      discarded).  The result is added to the base prefix.  It is an
 *      error for no gid to match.  Alternatively, if this argument
 *      is `*' then USERV_GID is not checked.
 *  --  Indicates that the remaining arguments are user-supplied
 *      and therefore untrusted.
 *  <local-addr>,<peer-addr>,<mtu>,<proto>
 *      As for slattach.  Supported protocols are slip, cslip, and
 *      adaptive.  Alternatively, set to `debug' to print debugging
 *      info.  <local-addr> is address of the interface on chiark;
 *      <peer-addr> is the address of the point-to-point peer.
 *  <prefix>/<mask>,<prefix>/<mask>,...
 *      List of additional routes to add for this interface.
 *      May be the empty argument.
 *
 * Should be run from userv with no-disconnect-hup.
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <errno.h>

#define NARGS 5
#define MAXEXROUTES 5
#define ATXTLEN 12

static const char *proto;
static unsigned long baseprefix, basemask;
static unsigned long localaddr, peeraddr, mtu;
static int nexroutes;
static struct exroute {
  unsigned long prefix, mask;
  char prefixtxt[ATXTLEN], masktxt[ATXTLEN];
} exroutes[MAXEXROUTES];

char localtxt[ATXTLEN];
char peertxt[ATXTLEN];

static void fatal(const char *msg) {
  fprintf(stderr,"userv-ipif: service: fatal error: %s\n",msg);
  exit(8);
}
  
static void sysfatal(const char *msg) {
  fprintf(stderr,"userv-ipif: service: fatal system error: %s: %s\n",
	  msg, strerror(errno));
  exit(12);
}
  
static void badusage(void) {
  fputs("userv-ipif: service: bad usage or permission denied\n",stderr);
  exit(16);
}

static char *ip2txt(unsigned long addr, char *buf) {
  sprintf(buf, "%lu.%lu.%lu.%lu",
	  (addr>>24) & 0x0ff,
	  (addr>>16) & 0x0ff,
	  (addr>>8) & 0x0ff,
	  (addr) & 0x0ff);
  return buf;
}

static unsigned long eat_number(const char **argp, const char *what,
				unsigned long min, unsigned long max,
				const char *endchars, int *endchar_r) {
  /* If !endchars then the endchar must be a nul, otherwise it may be
   * a nul (resulting in *argp set to 0) or something else (*argp set
   * to point to after delim, *endchar_r set to delim).
   * *endchar_r may be 0.
   */
  unsigned long rv;
  char *ep;
  int endchar;

  if (!*argp) { fprintf(stderr,"missing number %s\n",what); badusage(); }
  rv= strtoul(*argp,&ep,0);
  if ((endchar= *ep)) {
    if (!endchars) { fprintf(stderr,"junk after number %s\n",what); badusage(); }
    if (!strchr(endchars,endchar)) {
      fprintf(stderr,"invalid delimiter %c after number %s: expected %s (or none?)\n",
	      endchar,what,endchars);
      badusage();
    }
    *argp= ep+1;
  } else {
    *argp= 0;
  }
  if (endchar_r) *endchar_r= endchar;
  if (rv < min || rv > max) {
    fprintf(stderr,"number %s value %lu out of range %lu..%lu",
	    what, rv, min, max);
    badusage();
  }
  return rv;
}

static void addrnet_mustbein(const char *what,
			     unsigned long prefix, unsigned long mask,
			     unsigned long mprefix, unsigned long mmask) {
  if (!(~mask & mmask) && (prefix & mmask) == mprefix) return;
  fprintf(stderr, "%s %08lx/%08lx not in required subspace %08lx/%08lx\n",
	  what, prefix, mask, mprefix, mmask);
  badusage();
}

static void addrnet_mustdiffer(const char *w1, unsigned long p1, unsigned long m1,
			       const char *w2, unsigned long p2, unsigned long m2) {
  unsigned long mask;

  mask= m1&m2;
  if ((p1 & mask) != (p2 & mask)) return;
  fprintf(stderr, "%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
	  w1,p1,m1, w2,p2,m2);
  badusage();
}
  
static unsigned long eat_addr(const char **argp, const char *what,
			      unsigned long mprefix, unsigned long mmask,
			      const char *endchars, int *endchar_r) {
  char whatbuf[100];
  unsigned long rv;
  int i;

  assert(!(~mmask & mprefix));

  for (rv=0, i=0;
       i<4;
       i++) {
    rv <<= 8;
    sprintf(whatbuf,"%s byte #%d",what,i);
    rv |= eat_number(argp,whatbuf, 0,255, i<3 ? "." : endchars, endchar_r);
  }

  addrnet_mustbein(what,rv,~0UL, mprefix,mmask);
  return rv;
}

static void eat_prefixmask(const char **argp, const char *what,
			   unsigned long mprefix, unsigned long mmask,
			   const char *endchars, int *endchar_r,
			   unsigned long *prefix_r, unsigned long *mask_r, int *len_r) {
  /* mask_r and len_r may be 0 */
  char whatbuf[100];
  int len;
  unsigned long prefix, mask;

  prefix= eat_addr(argp,what, 0,0, "/",0);
  sprintf(whatbuf,"%s length",what);
  len= eat_number(argp,whatbuf, 0,32, endchars,endchar_r);

  mask= (~0UL << (32-len));
  if (prefix & ~mask) {
    fprintf(stderr,"%s prefix %08lx not fully contained in mask %08lx\n",
	    what,prefix,mask);
    badusage();
  }
  addrnet_mustbein(what,prefix,mask, mprefix,mmask);
  *prefix_r= prefix;
  if (mask_r) *mask_r= mask;
  if (len_r) *len_r= len;
}
  
int main(int argc, const char *const *argv) {
  static unsigned long gidmaxval= (unsigned long)((gid_t)-2);
  static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };

  unsigned long gidmin, gidmax, gidadd;
  int baselen;
  unsigned long routeaddr, routemask, tgid;
  const char *carg, *gidlist;
  const char *const *cprotop;
  int gidlen, i;
  char erwhatbuf[100], erwhatbuf2[100];
  
  if (argc < NARGS+1) { fputs("too few arguments\n",stderr); badusage(); }
  if (argc > NARGS+1) { fputs("too many arguments\n",stderr); badusage(); }

  carg= *++argv;
  eat_prefixmask(&carg,"base", 0UL,0UL, 0,0, &baseprefix, &basemask, &baselen);

  carg= *++argv;
  if (!strcmp(carg,"*")) {
    for (;;) {
      if (!*carg) fatal("no gid authorised");
      gidmin= eat_number(&carg,"gid-min", 0,gidmaxval, "-",0);
      gidmax= eat_number(&carg,"gid-max", gidmin,gidmaxval, ":",0);
      gidadd= eat_number(&carg,"gid-add", 0,gidmaxval, "/",0);
      gidlen= eat_number(&carg,"gid-len", 0,32-baselen, 0,0);

      gidlist= getenv("USERV_GID");
      if (!gidlist) fatal("USERV_GID not set");
      while (gidlist) {
	tgid= eat_number(&gidlist,"userv_gid", 0,gidmaxval, " ",0);
	if (tgid >= gidmin && tgid <= gidmax) goto gid_found;
      }
    }
  gid_found:
    tgid += gidadd;
    tgid &= ((1UL << gidlen) - 1);
    baselen += gidlen;
    baseprefix |= (tgid << (32-baselen));
    basemask = (~0UL << (32-baselen));
  } else {
    tgid= 0;
  }
  
  carg= *++argv;

  localaddr= eat_addr(&carg,"local-addr", baseprefix,basemask, ",",0);
  peeraddr= eat_addr(&carg,"peer-addr", baseprefix,basemask, ",",0);
  mtu= eat_number(&carg,"mtu", 576,65536, ",",0);
  
  if (!strcmp(carg,"debug")) {
    proto= 0;
  } else {
    for (cprotop= protos_ok;
	 (proto= *cprotop) && strcmp(proto,carg);
	 cprotop++);
    if (!proto) fatal("invalid protocol");
  }
  
  addrnet_mustdiffer("local-addr",localaddr,~0UL, "peer-addr",peeraddr,~0UL);
  
  carg= *++argv;
  for (nexroutes=0;
       *carg;
       carg++, nexroutes++) {
    if (nexroutes == MAXEXROUTES) {
      fprintf(stderr,"only %d extra routes allowed\n",MAXEXROUTES);
      fatal("too many extra routes");
    }
    sprintf(erwhatbuf,"route %d",nexroutes+1);
    
    eat_prefixmask(&carg,erwhatbuf, baseprefix,basemask, ",",0, &routeaddr,&routemask,0);
    addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
    addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
    for (i=0; i<nexroutes; i++) {
      sprintf(erwhatbuf2,"route %d",i+1);
      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask,
			 erwhatbuf2,exroutes[i].prefix,exroutes[i].mask);
    }
    exroutes[nexroutes].prefix= routeaddr;
    exroutes[nexroutes].mask= routemask;
    ip2txt(routeaddr,exroutes[nexroutes].prefixtxt);
    ip2txt(routemask,exroutes[nexroutes].masktxt);
  }
  ip2txt(localaddr,localtxt);
  ip2txt(peeraddr,peertxt);
  
  if (!proto) {
    char basetxt[ATXTLEN];
    
    printf("protocol: debug\n"
	   "base:     %08lx/%-2ld == %s/%ld\n"
	   "auth gid: %ld"
	   "local:    %08lx    == %s\n"
	   "peer:     %08lx    == %s\n"
	   "mtu:      %ld"
	   "routes:   %d",
	   baseprefix, basemask, ip2txt(baseprefix,basetxt), basemask,
	   tgid,
	   localaddr, localtxt,
	   peeraddr, peertxt,
	   mtu,
	   nexroutes);
    for (i=0; i<nexroutes; i++) {
      sprintf(erwhatbuf2, "route %d:", i+1);
      printf("%-9s %08lx/%-2ld == %s/%s\n",
	     erwhatbuf,
	     exroutes[i].prefix, exroutes[i].mask,
	     exroutes[i].prefixtxt, exroutes[i].masktxt);
    }
    if (ferror(stdout) || fclose(stdout)) sysfatal("flush stdout");
    exit(0);
  }
  abort();
}
Commit	Line	Data
1c1a9fa1	1	/*
	2	* userv service (or standalone program)
	3	* for per-user IP subranges.
	4	*
	5	* This is invoked as root, directly from userv.
	6	* Its arguments are supposed to be, in order:
	7	* <base-prefix>/<base-prefix-len>
	8	* Specifies the base address and prefix to restrict the
	9	* addresses used to.
	10	* <gid-min>-<gid-max>:<gid-add>/<gid-mask>[,...]
	11	* The ranges specified by <gid-min> are checked <gid-max> until
	12	* one is found which matches at least one gid in USERV_GID.
	13	* Then the gid will have <gid-add> added to it and will then be
	14	* masked so that it is <gid-mask> long (higher set bits are
	15	* discarded). The result is added to the base prefix. It is an
	16	* error for no gid to match. Alternatively, if this argument
	17	* is `*' then USERV_GID is not checked.
	18	* -- Indicates that the remaining arguments are user-supplied
	19	* and therefore untrusted.
	20	* <local-addr>,<peer-addr>,<mtu>,<proto>
	21	* As for slattach. Supported protocols are slip, cslip, and
	22	* adaptive. Alternatively, set to `debug' to print debugging
	23	* info. <local-addr> is address of the interface on chiark;
	24	* <peer-addr> is the address of the point-to-point peer.
	25	* <prefix>/<mask>,<prefix>/<mask>,...
	26	* List of additional routes to add for this interface.
	27	* May be the empty argument.
	28	*
	29	* Should be run from userv with no-disconnect-hup.
	30	*/
	31
	32	#include <stdio.h>
	33	#include <string.h>
	34	#include <stdlib.h>
	35	#include <assert.h>
	36	#include <errno.h>
	37
	38	#define NARGS 5
	39	#define MAXEXROUTES 5
	40	#define ATXTLEN 12
	41
	42	static const char *proto;
	43	static unsigned long baseprefix, basemask;
	44	static unsigned long localaddr, peeraddr, mtu;
	45	static int nexroutes;
	46	static struct exroute {
	47	unsigned long prefix, mask;
	48	char prefixtxt[ATXTLEN], masktxt[ATXTLEN];
	49	} exroutes[MAXEXROUTES];
	50
	51	char localtxt[ATXTLEN];
	52	char peertxt[ATXTLEN];
	53
	54	static void fatal(const char *msg) {
	55	fprintf(stderr,"userv-ipif: service: fatal error: %s\n",msg);
	56	exit(8);
	57	}
	58
	59	static void sysfatal(const char *msg) {
	60	fprintf(stderr,"userv-ipif: service: fatal system error: %s: %s\n",
	61	msg, strerror(errno));
	62	exit(12);
	63	}
	64
65	static void badusage(void) {
66	fputs("userv-ipif: service: bad usage or permission denied\n",stderr);
67	exit(16);
68	}
69
70	static char ip2txt(unsigned long addr, char buf) {
71	sprintf(buf, "%lu.%lu.%lu.%lu",
72	(addr>>24) & 0x0ff,
73	(addr>>16) & 0x0ff,
74	(addr>>8) & 0x0ff,
75	(addr) & 0x0ff);
76	return buf;
77	}
78
79	static unsigned long eat_number(const char *argp, const char what,
80	unsigned long min, unsigned long max,
81	const char endchars, int endchar_r) {
82	/* If !endchars then the endchar must be a nul, otherwise it may be
83	* a nul (resulting in argp set to 0) or something else (argp set
84	* to point to after delim, *endchar_r set to delim).
85	* *endchar_r may be 0.
86	*/
87	unsigned long rv;
88	char *ep;
89	int endchar;
90
91	if (!*argp) { fprintf(stderr,"missing number %s\n",what); badusage(); }
92	rv= strtoul(*argp,&ep,0);
93	if ((endchar= *ep)) {
94	if (!endchars) { fprintf(stderr,"junk after number %s\n",what); badusage(); }
95	if (!strchr(endchars,endchar)) {
96	fprintf(stderr,"invalid delimiter %c after number %s: expected %s (or none?)\n",
97	endchar,what,endchars);
98	badusage();
99	}
100	*argp= ep+1;
101	} else {
102	*argp= 0;
103	}
104	if (endchar_r) *endchar_r= endchar;
105	if (rv < min \|\| rv > max) {
106	fprintf(stderr,"number %s value %lu out of range %lu..%lu",
107	what, rv, min, max);
108	badusage();
109	}
110	return rv;
111	}
112
113	static void addrnet_mustbein(const char *what,
114	unsigned long prefix, unsigned long mask,
115	unsigned long mprefix, unsigned long mmask) {
116	if (!(~mask & mmask) && (prefix & mmask) == mprefix) return;
117	fprintf(stderr, "%s %08lx/%08lx not in required subspace %08lx/%08lx\n",
118	what, prefix, mask, mprefix, mmask);
119	badusage();
120	}
121
122	static void addrnet_mustdiffer(const char *w1, unsigned long p1, unsigned long m1,
123	const char *w2, unsigned long p2, unsigned long m2) {
124	unsigned long mask;
125
126	mask= m1&m2;
127	if ((p1 & mask) != (p2 & mask)) return;
128	fprintf(stderr, "%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
129	w1,p1,m1, w2,p2,m2);
130	badusage();
131	}
132
133	static unsigned long eat_addr(const char *argp, const char what,
134	unsigned long mprefix, unsigned long mmask,
135	const char endchars, int endchar_r) {
136	char whatbuf[100];
137	unsigned long rv;
138	int i;
139
140	assert(!(~mmask & mprefix));
141
142	for (rv=0, i=0;
143	i<4;
144	i++) {
145	rv <<= 8;
146	sprintf(whatbuf,"%s byte #%d",what,i);
147	rv \|= eat_number(argp,whatbuf, 0,255, i<3 ? "." : endchars, endchar_r);
148	}
149
150	addrnet_mustbein(what,rv,~0UL, mprefix,mmask);
151	return rv;
152	}
153
154	static void eat_prefixmask(const char *argp, const char what,
155	unsigned long mprefix, unsigned long mmask,
156	const char endchars, int endchar_r,
157	unsigned long prefix_r, unsigned long mask_r, int *len_r) {
158	/* mask_r and len_r may be 0 */
159	char whatbuf[100];
160	int len;
161	unsigned long prefix, mask;
162
163	prefix= eat_addr(argp,what, 0,0, "/",0);
164	sprintf(whatbuf,"%s length",what);
165	len= eat_number(argp,whatbuf, 0,32, endchars,endchar_r);
166
167	mask= (~0UL << (32-len));
168	if (prefix & ~mask) {
169	fprintf(stderr,"%s prefix %08lx not fully contained in mask %08lx\n",
170	what,prefix,mask);
171	badusage();
172	}
173	addrnet_mustbein(what,prefix,mask, mprefix,mmask);
174	*prefix_r= prefix;
175	if (mask_r) *mask_r= mask;
176	if (len_r) *len_r= len;
177	}
178
179	int main(int argc, const char const argv) {
180	static unsigned long gidmaxval= (unsigned long)((gid_t)-2);
181	static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };
182
183	unsigned long gidmin, gidmax, gidadd;
184	int baselen;
185	unsigned long routeaddr, routemask, tgid;
186	const char carg, gidlist;
187	const char const cprotop;
188	int gidlen, i;
189	char erwhatbuf[100], erwhatbuf2[100];
190
191	if (argc < NARGS+1) { fputs("too few arguments\n",stderr); badusage(); }
192	if (argc > NARGS+1) { fputs("too many arguments\n",stderr); badusage(); }
193
194	carg= *++argv;
195	eat_prefixmask(&carg,"base", 0UL,0UL, 0,0, &baseprefix, &basemask, &baselen);
196
197	carg= *++argv;
198	if (!strcmp(carg,"*")) {
199	for (;;) {
200	if (!*carg) fatal("no gid authorised");
201	gidmin= eat_number(&carg,"gid-min", 0,gidmaxval, "-",0);
202	gidmax= eat_number(&carg,"gid-max", gidmin,gidmaxval, ":",0);
203	gidadd= eat_number(&carg,"gid-add", 0,gidmaxval, "/",0);
204	gidlen= eat_number(&carg,"gid-len", 0,32-baselen, 0,0);
205
206	gidlist= getenv("USERV_GID");
207	if (!gidlist) fatal("USERV_GID not set");
208	while (gidlist) {
209	tgid= eat_number(&gidlist,"userv_gid", 0,gidmaxval, " ",0);
210	if (tgid >= gidmin && tgid <= gidmax) goto gid_found;
211	}
212	}
213	gid_found:
214	tgid += gidadd;
215	tgid &= ((1UL << gidlen) - 1);
216	baselen += gidlen;
217	baseprefix \|= (tgid << (32-baselen));
218	basemask = (~0UL << (32-baselen));
219	} else {
220	tgid= 0;
221	}
222
223	carg= *++argv;
224
225	localaddr= eat_addr(&carg,"local-addr", baseprefix,basemask, ",",0);
226	peeraddr= eat_addr(&carg,"peer-addr", baseprefix,basemask, ",",0);
227	mtu= eat_number(&carg,"mtu", 576,65536, ",",0);
228
229	if (!strcmp(carg,"debug")) {
230	proto= 0;
231	} else {
232	for (cprotop= protos_ok;
233	(proto= *cprotop) && strcmp(proto,carg);
234	cprotop++);
235	if (!proto) fatal("invalid protocol");
236	}
237
238	addrnet_mustdiffer("local-addr",localaddr,~0UL, "peer-addr",peeraddr,~0UL);
239
240	carg= *++argv;
241	for (nexroutes=0;
242	*carg;
243	carg++, nexroutes++) {
244	if (nexroutes == MAXEXROUTES) {
245	fprintf(stderr,"only %d extra routes allowed\n",MAXEXROUTES);
246	fatal("too many extra routes");
247	}
248	sprintf(erwhatbuf,"route %d",nexroutes+1);
249
250	eat_prefixmask(&carg,erwhatbuf, baseprefix,basemask, ",",0, &routeaddr,&routemask,0);
251	addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
252	addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
253	for (i=0; i<nexroutes; i++) {
254	sprintf(erwhatbuf2,"route %d",i+1);
255	addrnet_mustdiffer(erwhatbuf,routeaddr,routemask,
256	erwhatbuf2,exroutes[i].prefix,exroutes[i].mask);
257	}
258	exroutes[nexroutes].prefix= routeaddr;
259	exroutes[nexroutes].mask= routemask;
260	ip2txt(routeaddr,exroutes[nexroutes].prefixtxt);
261	ip2txt(routemask,exroutes[nexroutes].masktxt);
262	}
263	ip2txt(localaddr,localtxt);
264	ip2txt(peeraddr,peertxt);
265
266	if (!proto) {
267	char basetxt[ATXTLEN];
268
269	printf("protocol: debug\n"
270	"base: %08lx/%-2ld == %s/%ld\n"
271	"auth gid: %ld"
272	"local: %08lx == %s\n"
273	"peer: %08lx == %s\n"
274	"mtu: %ld"
275	"routes: %d",
276	baseprefix, basemask, ip2txt(baseprefix,basetxt), basemask,
277	tgid,
278	localaddr, localtxt,
279	peeraddr, peertxt,
280	mtu,
281	nexroutes);
282	for (i=0; i<nexroutes; i++) {
283	sprintf(erwhatbuf2, "route %d:", i+1);
284	printf("%-9s %08lx/%-2ld == %s/%s\n",
285	erwhatbuf,
286	exroutes[i].prefix, exroutes[i].mask,
287	exroutes[i].prefixtxt, exroutes[i].masktxt);
288	}
289	if (ferror(stdout) \|\| fclose(stdout)) sysfatal("flush stdout");
290	exit(0);
291	}
292	abort();
293	}