Commit | Line | Data |
---|---|---|
9da480be MW |
1 | /* -*-c-*- |
2 | * | |
3 | * Common definitions for YAID | |
4 | * | |
5 | * (c) 2012 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Yet Another Ident Daemon (YAID). | |
11 | * | |
12 | * YAID is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * YAID is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License | |
23 | * along with YAID; if not, write to the Free Software Foundation, | |
24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | #ifndef YAID_H | |
28 | #define YAID_H | |
29 | ||
30 | #ifdef __cplusplus | |
31 | extern "C" { | |
32 | #endif | |
33 | ||
34 | /*----- Header files ------------------------------------------------------*/ | |
35 | ||
bf4d9761 MW |
36 | #include "config.h" |
37 | ||
9da480be MW |
38 | #include <assert.h> |
39 | #include <ctype.h> | |
40 | #include <errno.h> | |
41 | #include <limits.h> | |
42 | #include <stdarg.h> | |
43 | #include <stdio.h> | |
44 | #include <string.h> | |
45 | #include <string.h> | |
46 | ||
47 | #include <sys/types.h> | |
48 | #include <unistd.h> | |
49 | #include <fcntl.h> | |
50 | ||
51 | #include <pwd.h> | |
52 | ||
53 | #include <sys/socket.h> | |
54 | #include <netinet/in.h> | |
55 | #include <arpa/inet.h> | |
56 | ||
9da480be MW |
57 | #include <syslog.h> |
58 | ||
59 | #include <mLib/bits.h> | |
60 | #include <mLib/conn.h> | |
61 | #include <mLib/darray.h> | |
62 | #include <mLib/dstr.h> | |
bf4d9761 | 63 | #include <mLib/fdflags.h> |
9da480be MW |
64 | #include <mLib/fwatch.h> |
65 | #include <mLib/quis.h> | |
66 | #include <mLib/report.h> | |
67 | #include <mLib/sel.h> | |
68 | #include <mLib/selbuf.h> | |
69 | ||
bf4d9761 MW |
70 | /*----- System specifics --------------------------------------------------*/ |
71 | ||
72 | #define SYS_UNDEF 0 | |
73 | #define SYS_LINUX 1 | |
74 | ||
75 | #if SYS == SYS_LINUX | |
76 | # include <linux/netlink.h> | |
77 | # include <linux/rtnetlink.h> | |
78 | #else | |
79 | # error "Unsupported operating system: sorry. Patches welcome!" | |
80 | #endif | |
81 | ||
9da480be MW |
82 | /*----- Data structures ---------------------------------------------------*/ |
83 | ||
84 | #define ADDRLEN 64 | |
85 | ||
86 | union addr { | |
87 | struct in_addr ipv4; | |
88 | struct in6_addr ipv6; | |
89 | }; | |
90 | ||
91 | struct socket { | |
92 | union addr addr; | |
93 | unsigned port; | |
94 | }; | |
95 | ||
bf4d9761 MW |
96 | struct addrpat { |
97 | unsigned len; | |
98 | union addr addr; | |
99 | }; | |
100 | ||
101 | struct portpat { | |
102 | unsigned lo, hi; | |
103 | }; | |
104 | ||
105 | struct sockpat { | |
106 | struct addrpat addr; | |
107 | struct portpat port; | |
108 | }; | |
109 | ||
110 | #define ADDRTYPES(_) \ | |
111 | _(ipv4, IPV4, INET, "IPv4", 32) \ | |
112 | _(ipv6, IPV6, INET6, "IPv6", 128) | |
113 | ||
114 | struct addrops { | |
115 | int af; | |
116 | const char *name; | |
117 | unsigned len; | |
118 | const union addr *any; | |
119 | const struct addrops_sys *sys; | |
120 | int (*addreq)(const union addr *, const union addr *); | |
121 | int (*match_addrpat)(const struct addrpat *, const union addr *); | |
122 | void (*socket_to_sockaddr)(const struct socket *s, void *, size_t *); | |
123 | void (*sockaddr_to_addr)(const void *, union addr *); | |
124 | int (*init_listen_socket)(int); | |
125 | }; | |
126 | ||
127 | enum { | |
128 | #define DEFADDR(ty, TY, af, name, len) ADDR_##TY, | |
129 | ADDRTYPES(DEFADDR) | |
130 | #undef DEFADDR | |
131 | ADDR_LIMIT | |
132 | }; | |
133 | ||
134 | extern const struct addrops addroptab[]; | |
135 | #define OPS_SYS(ty, TY, af, name, len) \ | |
136 | extern const struct addrops_sys addrops_sys_##ty; | |
137 | ADDRTYPES(OPS_SYS) | |
138 | #undef OPS_SYS | |
139 | ||
9da480be MW |
140 | enum { L, R, NDIR }; |
141 | ||
142 | #define RESPONSE(_) \ | |
143 | _(ERROR, U(error, unsigned)) \ | |
144 | _(UID, U(uid, uid_t)) \ | |
145 | _(NAT, U(nat, struct socket)) | |
146 | ||
147 | #define ERROR(_) \ | |
148 | _(INVPORT, "INVALID-PORT") \ | |
149 | _(NOUSER, "NO-USER") \ | |
150 | _(HIDDEN, "HIDDEN-USER") \ | |
151 | _(UNKNOWN, "UNKNOWN-ERROR") | |
152 | extern const char *const errtok[]; | |
153 | ||
154 | enum { | |
155 | #define DEFENUM(err, tok) E_##err, | |
156 | ERROR(DEFENUM) | |
157 | #undef DEFENUM | |
158 | E_LIMIT | |
159 | }; | |
160 | ||
161 | enum { | |
162 | #define DEFENUM(what, branch) R_##what, | |
163 | RESPONSE(DEFENUM) | |
164 | #undef DEFENUM | |
165 | R_LIMIT | |
166 | }; | |
167 | ||
168 | struct query { | |
bf4d9761 | 169 | const struct addrops *ao; |
9da480be MW |
170 | struct socket s[NDIR]; |
171 | unsigned resp; | |
172 | union { | |
173 | #define DEFBRANCH(WHAT, branch) branch | |
174 | #define U(memb, ty) ty memb; | |
175 | #define N | |
176 | RESPONSE(DEFBRANCH) | |
177 | #undef U | |
178 | #undef N | |
179 | #undef DEFBRANCH | |
180 | } u; | |
181 | } query; | |
182 | ||
183 | enum { | |
184 | T_OK, | |
185 | T_EOL, | |
186 | T_EOF, | |
187 | T_ERROR | |
188 | }; | |
189 | ||
9da480be MW |
190 | #define ACTIONS(_) \ |
191 | _(USER, "user") \ | |
192 | _(TOKEN, "token") \ | |
193 | _(NAME, "name") \ | |
194 | _(DENY, "deny") \ | |
195 | _(HIDE, "hide") \ | |
196 | _(LIE, "lie") | |
197 | ||
198 | enum { | |
199 | #define DEFENUM(tag, word) A_##tag, | |
200 | ACTIONS(DEFENUM) | |
201 | #undef DEFENUM | |
202 | A_LIMIT | |
203 | }; | |
204 | ||
205 | struct action { | |
206 | unsigned act; | |
207 | union { | |
208 | unsigned user; | |
209 | char *lie; | |
210 | } u; | |
211 | }; | |
212 | ||
213 | struct policy { | |
bf4d9761 | 214 | const struct addrops *ao; |
9da480be MW |
215 | struct sockpat sp[NDIR]; |
216 | struct action act; | |
217 | }; | |
218 | #define POLICY_INIT(a) { 0, { { { 0 } } }, { a } } | |
219 | ||
220 | struct policy_file { | |
221 | FILE *fp; | |
222 | const struct query *q; | |
223 | const char *name; | |
224 | const char *what; | |
225 | int err; | |
226 | int lno; | |
227 | struct policy p; | |
228 | }; | |
229 | ||
230 | DA_DECL(policy_v, struct policy); | |
231 | ||
232 | /*----- Functions provided ------------------------------------------------*/ | |
233 | ||
bf4d9761 MW |
234 | int sockeq(const struct addrops *ao, |
235 | const struct socket *sa, const struct socket *sb); | |
236 | void dputsock(dstr *d, const struct addrops *ao, const struct socket *s); | |
237 | ||
9da480be MW |
238 | void logmsg(const struct query *q, int prio, const char *msg, ...); |
239 | ||
240 | void identify(struct query *q); | |
9da480be MW |
241 | |
242 | void init_policy(struct policy *p); | |
243 | void free_policy(struct policy *p); | |
244 | void print_policy(const struct policy *p); | |
245 | int match_policy(const struct policy *p, const struct query *q); | |
246 | int parse_policy(FILE *fp, struct policy *p); | |
247 | int open_policy_file(struct policy_file *pf, const char *name, | |
248 | const char *what, const struct query *q); | |
249 | int read_policy_file(struct policy_file *pf); | |
250 | void close_policy_file(struct policy_file *pf); | |
251 | int load_policy_file(const char *file, policy_v *pv); | |
252 | ||
253 | /*----- That's all, folks -------------------------------------------------*/ | |
254 | ||
255 | #ifdef __cplusplus | |
256 | } | |
257 | #endif | |
258 | ||
259 | #endif |