[yaid] / policy.c

/* -*-c-*-
 *
 * Policy parsing and implementation
 *
 * (c) 2012 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Yet Another Ident Daemon (YAID).
 *
 * YAID is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * YAID is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with YAID; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include "yaid.h"

/*----- Memory management -------------------------------------------------*/

/* Initialize a policy structure.  In this state, it doesn't actually have
 * any resources allocated (so can be simply discarded) but it's safe to free
 * (using `free_policy').
 */
void init_policy(struct policy *p) { p->act.act = A_LIMIT; }

/* Free an action structure, resetting it to a safe state.  This function is
 * idempotent.
 */
static void free_action(struct action *a)
{
  switch (a->act) {
    case A_LIE:
      xfree(a->u.lie);
      break;
  }
  a->act = A_LIMIT;
}

/* Free a policy structure, resetting it to its freshly-initialized state.
 * This function is idempotent.
 */
void free_policy(struct policy *p)
  { free_action(&p->act); }

/*----- Diagnostics -------------------------------------------------------*/

static void print_addrpat(const struct addrops *ao, const struct addrpat *ap)
{
  char buf[ADDRLEN];

  if (ap->len == 0)
    putchar('*');
  else {
    printf("%s/%u",
	   inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)),
	   ap->len);
  }
}

static void print_portpat(const struct portpat *pp)
{
  if (pp->lo == 0 && pp->hi == 65535) putchar('*');
  else if (pp->lo == pp->hi) printf("%u", pp->lo);
  else printf("%u-%u", pp->lo, pp->hi);
}

static void print_sockpat(const struct addrops *ao, const struct sockpat *sp)
  { print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); }

static void print_userpat(const struct userpat *up)
{
  if (up->lo == up->hi) printf("%d", up->lo);
  else printf("%u-%u", up->lo, up->hi);
}

static const char *const acttab[] = {
#define DEFACT(tag, name) name,
  ACTIONS(DEFACT)
#undef DEFACT
  0
};

static void print_action(const struct action *act)
{
  assert(act->act < A_LIMIT);
  printf("%s", acttab[act->act]);
  switch (act->act) {
    case A_USER: {
      int i;
      unsigned m;
      for (i = 0, m = 1; i < A_LIMIT; i++, m <<= 1)
	if (act->u.user & m) printf(" %s", acttab[i]);
    } break;
    case A_LIE:
      printf(" %s", act->u.lie);
      break;
  }
}

/* Print a policy rule to standard output. */
void print_policy(const struct policy *p)
{
  print_sockpat(p->ao, &p->sp[L]); putchar(' ');
  print_sockpat(p->ao, &p->sp[R]); putchar(' ');
  print_userpat(&p->up); putchar(' ');
  print_action(&p->act); putchar('\n');
}

/*----- Matching ----------------------------------------------------------*/

/* Return true if the port matches the pattern. */
static int match_portpat(const struct portpat *pp, unsigned port)
  { return (pp->lo <= port && port <= pp->hi); }

/* Return true if the socket matches the pattern. */
static int match_sockpat(const struct addrops *ao,
			 const struct sockpat *sp, const struct socket *s)
{
  return (ao->match_addrpat(&sp->addr, &s->addr) &&
	  match_portpat(&sp->port, s->port));
}

/* Return true if the uid matches the pattern. */
static int match_userpat(const struct userpat *up, uid_t u)
  { unsigned uu = u; return (up->lo <= uu && uu <= up->hi); }

/* Return true if the query matches the patterns in the policy rule. */
int match_policy(const struct policy *p, const struct query *q)
{
  return ((!p->ao || p->ao == q->ao) &&
	  match_sockpat(q->ao, &p->sp[L], &q->s[L]) &&
	  match_sockpat(q->ao, &p->sp[R], &q->s[R]) &&
	  match_userpat(&p->up, q->u.uid));
}

/*----- Parsing -----------------------------------------------------------*/

/* Advance FP to the next line. */
static void nextline(FILE *fp)
{
  for (;;) {
    int ch = getc(fp);
    if (ch == '\n' || ch == EOF) break;
  }
}

/* Scan a whitespace-separated token from FP, writing it to BUF.  The token
 * must fit in a buffer of size SZ, including a terminating null.  Return
 * an appropriate T_* error code.
 */
static int scan(FILE *fp, char *buf, size_t sz)
{
  int ch;

skip_ws:
  /* Before we start grabbing a token proper, find out what's in store. */
  ch = getc(fp);
  switch (ch) {

    case '\n':
    newline:
      /* Found a newline.  Leave it where it is and report it. */
      ungetc(ch, fp);
      return (T_EOL);

    case EOF:
    eof:
      /* Found end-of-file, or an I/O error.  Return an appropriate code. */
      return (ferror(fp) ? T_ERROR : T_EOF);

    case '#':
      /* Found a comment.  Consume it, and continue appropriately: it must
       * be terminated either by a newline or end-of-file.
       */
      for (;;) {
	ch = getc(fp);
	if (ch == '\n') goto newline;
	else if (ch == EOF) goto eof;
      }

    default:
      /* Whitespace means we just continue around.  Anything else and we
       * start snarfing.
       */
      if (isspace(ch)) goto skip_ws;
      break;
  }

  for (;;) {

    /* If there's buffer space left, store the character. */
    if (sz) { *buf++ = ch; sz--; }

    /* Get a new one, and find out what to do about it. */
    ch = getc(fp);
    switch (ch) {
      case '\n':
	ungetc(ch, fp);
	goto done;
      case EOF:
	goto done;
      default:
	if (isspace(ch)) goto done;
	break;
    }
  }

done:
  /* If there's no space for a terminating null then report an error. */
  if (!sz) return (T_ERROR);

  /* All done. */
  *buf++ = 0; sz--;
  return (T_OK);
}

/* Parse an action name, storing the code in *ACT.  Return an appropriate T_*
 * code.
 */
static int parse_actname(FILE *fp, unsigned *act)
{
  char buf[32];
  int t;
  const char *const *p;

  if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
  for (p = acttab; *p; p++)
    if (strcmp(buf, *p) == 0) { *act = p - acttab; return (0); }
  return (T_ERROR);
}

/* Parse an action, returning a T_* code. */
static int parse_action(FILE *fp, struct action *act)
{
  char buf[32];
  int t;
  unsigned a;
  unsigned long m;

  /* Collect the action name. */
  if ((t = parse_actname(fp, &a)) != 0) return (t);

  /* Parse parameters, if there are any. */
  switch (a) {

    case A_USER:
      /* `user ACTION ACTION ...': store permitted actions in a bitmask. */
      m = 0;
      for (;;) {
	if ((t = parse_actname(fp, &a)) != 0) break;
	if (a == A_USER) return (T_ERROR);
	m |= (1 << a);
      }
      if (t != T_EOL && t != T_EOF) return (t);
      act->act = A_USER;
      act->u.user = m;
      break;

    case A_TOKEN:
    case A_NAME:
    case A_DENY:
    case A_HIDE:
      /* Dull actions which don't accept parameters. */
      act->act = a;
      break;

    case A_LIE:
      /* `lie NAME': store the string we're to report. */
      if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
      act->act = a;
      act->u.lie = xstrdup(buf);
      break;
  }

  /* Make sure we've reached the end of the line. */
  t = scan(fp, buf, sizeof(buf));
  if (t != T_EOF && t != T_EOL) {
    free_action(act);
    return (T_ERROR);
  }

  /* Done. */
  return (0);
}

/* Parse an address pattern, writing it to AP.  If the pattern has an
 * identifiable address family, update *AOP to point to its operations table;
 * if *AOP is already set to something different then report an error.
 */
static int parse_addrpat(FILE *fp, const struct addrops **aop,
			 struct addrpat *ap)
{
  char buf[64];
  int t;
  const struct addrops *ao;
  long n;
  char *delim;

  /* Scan a token for the address pattern. */
  if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);

  /* If this is a wildcard, then leave everything as it is. */
  if (strcmp(buf, "*") == 0) {
    ap->len = 0;
    return (T_OK);
  }

  /* Decide what kind of address this must be.  A bit grim, sorry. */
  if (strchr(buf, ':'))
    ao = &addroptab[ADDR_IPV6];
  else
    ao = &addroptab[ADDR_IPV4];

  /* Update the caller's idea of the address family in use. */
  if (!*aop) *aop = ao;
  else if (*aop != ao) return (T_ERROR);

  /* See whether there's a prefix length.  If so, clobber it. */
  delim = strchr(buf, '/');
  if (delim) *delim++ = 0;

  /* Parse the address. */
  if (!inet_pton(ao->af, buf, &ap->addr)) return (T_ERROR);

  /* Parse the prefix length, or use the maximum one. */
  if (!delim) n = ao->len;
  else n = strtol(delim, 0, 10);
  if (n < 0 || n > ao->len) return (T_ERROR);
  ap->len = n;

  /* Done. */
  return (T_OK);
}

static int parse_portpat(FILE *fp, struct portpat *pp)
{
  char buf[64];
  int t;
  long n;
  char *delim;

  /* Parse a token for the pattern. */
  if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR);

  /* If this is a wildcard, then we're done. */
  if (strcmp(buf, "*") == 0) {
    pp->lo = 0;
    pp->hi = 65535;
    return (T_OK);
  }

  /* Find a range delimiter. */
  delim = strchr(buf, '-');
  if (delim) *delim++ = 0;

  /* Parse the only or low end of the range. */
  n = strtol(buf, 0, 0);
  if (n < 0 || n > 65535) return (T_ERROR);
  pp->lo = n;

  /* If there's no delimiter, then the high end is equal to the low end;
   * otherwise, parse the high end.
   */
  if (!delim)
    pp->hi = n;
  else {
    n = strtol(delim, 0, 0);
    if (n < pp->lo || n > 65535) return (T_ERROR);
    pp->hi = n;
  }

  /* Done. */
  return (T_OK);
}

/* Parse a socket pattern, writing it to SP. */
static int parse_sockpat(FILE *fp, const struct addrops **aop,
			 struct sockpat *sp)
{
  int t;

  if ((t = parse_addrpat(fp, aop, &sp->addr)) != 0) return (t);
  if ((t = parse_portpat(fp, &sp->port)) != 0) return (T_ERROR);
  return (T_OK);
}

/* Parse a user pattern, writing it to UP. */
static int parse_userpat(FILE *fp, struct userpat *up)
{
  struct passwd *pw;
  char buf[32];
  int t;
  char *delim;

  if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
  if (!strcmp(buf, "*")) { up->lo = 0; up->hi = UINT_MAX; }
  else if ((pw = getpwnam(buf)) != 0) up->lo = up->hi = pw->pw_uid;
  else {
    if ((delim = strchr(buf, '-')) != 0) *delim++ = 0;
    up->lo = strtoul(buf, 0, 0);
    if (!delim) up->hi = up->lo;
    else if (!*delim) up->hi = UINT_MAX;
    else up->hi = strtoul(delim, 0, 0);
  }
  return (0);
}

/* Parse a policy rule line, writing it to P. */
static int parse_policy(FILE *fp, struct policy *p)
{
  int t;

  p->ao = 0;
  free_policy(p);

  if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail;
  if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err;
  if ((t = parse_userpat(fp, &p->up)) != 0) goto err;
  if ((t = parse_action(fp, &p->act)) != 0) goto err;
  return (0);

err:
  t = T_ERROR;
fail:
  free_policy(p);
  return (t);
}

/* Open a policy file by NAME.  The description WHAT and query Q are used for
 * formatting error messages for the log.
 *
 * This function is somewhat careful only to read from actual regular files,
 * though (if the filesystem object identified by NAME is a symlink, say) it
 * might open a device node or other exotic thing without reading it.  This
 * is likely harmless, since we're running as an unprivileged user anyway.
 */
int open_policy_file(struct policy_file *pf, const char *name,
		     const char *what, const struct query *q, unsigned f)
{
  struct stat st;

  if ((pf->fp = fopen(name, "r")) == 0) {
    if (errno != ENOENT || !(f & OPF_NOENTOK)) {
      logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
	     what, name, strerror(errno));
    }
    goto err_0;
  }

  if (fstat(fileno(pf->fp), &st)) {
    logmsg(q, LOG_ERR, "failed to read information about %s `%s': %s",
	   what, name, strerror(errno));
    goto err_1;
  }
  if (!S_ISREG(st.st_mode)) {
    logmsg(q, LOG_ERR, "object `%s', used as %s, is not a regular file",
	   name, what);
    goto err_1;
  }

  pf->name = name;
  pf->what = what;
  pf->q = q;
  pf->err = 0;
  pf->lno = 0;
  init_policy(&pf->p);
  return (0);

err_1:
  fclose(pf->fp);
err_0:
  return (-1);
}

/* Read a policy rule from the file, storing it in PF->p.  Return one of the
 * T_* codes.
 */
int read_policy_file(struct policy_file *pf)
{
  int t;

  for (;;) {
    pf->lno++;
    t = parse_policy(pf->fp, &pf->p);
    switch (t) {
      case T_OK:
      case T_EOL:
	nextline(pf->fp);
	return (t);
      case T_ERROR:
	logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s",
	       pf->name, pf->lno, pf->what);
	pf->err = 1;
	return (t);
      case T_EOF:
	if (ferror(pf->fp)) {
	  logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s",
		 pf->what, pf->name, strerror(errno));
	}
	return (t);
      default:
	abort();
    }
  }
}

/* Close a policy file.  It doesn't matter whether the file was completely
 * read.
 */
void close_policy_file(struct policy_file *pf)
{
  fclose(pf->fp);
  free_policy(&pf->p);
}

/* Load a policy file, writing a vector of records into PV.  If the policy
 * file has errors, then leave PV unchanged and return nonzero.
 */
int load_policy_file(const char *file, policy_v *pv)
{
  struct policy_file pf;
  policy_v v = DA_INIT;
  int t = 0;

  if (open_policy_file(&pf, file, "policy file", 0, 0))
    return (-1);
  while ((t = read_policy_file(&pf)) < T_EOF) {
    if (t == T_OK) {
      DA_PUSH(&v, pf.p);
      init_policy(&pf.p);
    }
  }
  close_policy_file(&pf);
  if (!pf.err) {
    DA_DESTROY(pv);
    *pv = v;
    return (0);
  } else {
    DA_DESTROY(&v);
    return (-1);
  }
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
9da480be MW	1	/* --c--
	2	*
	3	* Policy parsing and implementation
	4	*
	5	* (c) 2012 Straylight/Edgeware
	6	*/
	7
	8	/----- Licensing notice --------------------------------------------------
	9	*
	10	* This file is part of Yet Another Ident Daemon (YAID).
	11	*
	12	* YAID is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU General Public License as published by
	14	* the Free Software Foundation; either version 2 of the License, or
	15	* (at your option) any later version.
	16	*
	17	* YAID is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU General Public License for more details.
	21	*
	22	* You should have received a copy of the GNU General Public License
	23	* along with YAID; if not, write to the Free Software Foundation,
	24	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25	*/
	26
	27	/----- Header files ------------------------------------------------------/
	28
	29	#include "yaid.h"
	30
c3794524	31	/----- Memory management -------------------------------------------------/
9da480be	32
c3794524 MW	33	/* Initialize a policy structure. In this state, it doesn't actually have
	34	* any resources allocated (so can be simply discarded) but it's safe to free
	35	* (using `free_policy').
9da480be	36	*/
9da480be MW	37	void init_policy(struct policy *p) { p->act.act = A_LIMIT; }
9da480be MW	38
c3794524 MW	39	/* Free an action structure, resetting it to a safe state. This function is
	40	* idempotent.
	41	*/
9da480be MW	42	static void free_action(struct action *a)
	43	{
	44	switch (a->act) {
	45	case A_LIE:
	46	xfree(a->u.lie);
	47	break;
	48	}
	49	a->act = A_LIMIT;
	50	}
	51
c3794524 MW	52	/* Free a policy structure, resetting it to its freshly-initialized state.
	53	* This function is idempotent.
	54	*/
9da480be MW	55	void free_policy(struct policy *p)
	56	{ free_action(&p->act); }
	57
c3794524 MW	58	/----- Diagnostics -------------------------------------------------------/
c3794524 MW	59
bf4d9761	60	static void print_addrpat(const struct addrops ao, const struct addrpat ap)
9da480be MW	61	{
	62	char buf[ADDRLEN];
	63
bf4d9761 MW	64	if (ap->len == 0)
	65	putchar('*');
	66	else {
	67	printf("%s/%u",
	68	inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)),
	69	ap->len);
	70	}
9da480be MW	71	}
	72
	73	static void print_portpat(const struct portpat *pp)
	74	{
	75	if (pp->lo == 0 && pp->hi == 65535) putchar('*');
	76	else if (pp->lo == pp->hi) printf("%u", pp->lo);
	77	else printf("%u-%u", pp->lo, pp->hi);
	78	}
	79
bf4d9761 MW	80	static void print_sockpat(const struct addrops ao, const struct sockpat sp)
bf4d9761 MW	81	{ print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); }
9da480be	82
c039c936 MW	83	static void print_userpat(const struct userpat *up)
	84	{
	85	if (up->lo == up->hi) printf("%d", up->lo);
	86	else printf("%u-%u", up->lo, up->hi);
	87	}
	88
9da480be MW	89	static const char *const acttab[] = {
	90	#define DEFACT(tag, name) name,
	91	ACTIONS(DEFACT)
	92	#undef DEFACT
	93	0
	94	};
	95
	96	static void print_action(const struct action *act)
	97	{
	98	assert(act->act < A_LIMIT);
	99	printf("%s", acttab[act->act]);
	100	switch (act->act) {
	101	case A_USER: {
	102	int i;
	103	unsigned m;
	104	for (i = 0, m = 1; i < A_LIMIT; i++, m <<= 1)
	105	if (act->u.user & m) printf(" %s", acttab[i]);
	106	} break;
	107	case A_LIE:
	108	printf(" %s", act->u.lie);
	109	break;
	110	}
	111	}
	112
c3794524	113	/* Print a policy rule to standard output. */
9da480be MW	114	void print_policy(const struct policy *p)
9da480be MW	115	{
bf4d9761 MW	116	print_sockpat(p->ao, &p->sp[L]); putchar(' ');
bf4d9761 MW	117	print_sockpat(p->ao, &p->sp[R]); putchar(' ');
c039c936	118	print_userpat(&p->up); putchar(' ');
9da480be MW	119	print_action(&p->act); putchar('\n');
	120	}
	121
c3794524 MW	122	/----- Matching ----------------------------------------------------------/
	123
	124	/* Return true if the port matches the pattern. */
9da480be MW	125	static int match_portpat(const struct portpat *pp, unsigned port)
	126	{ return (pp->lo <= port && port <= pp->hi); }
	127
c3794524	128	/* Return true if the socket matches the pattern. */
bf4d9761 MW	129	static int match_sockpat(const struct addrops *ao,
bf4d9761 MW	130	const struct sockpat sp, const struct socket s)
9da480be	131	{
bf4d9761	132	return (ao->match_addrpat(&sp->addr, &s->addr) &&
9da480be MW	133	match_portpat(&sp->port, s->port));
	134	}
	135
c039c936 MW	136	/* Return true if the uid matches the pattern. */
	137	static int match_userpat(const struct userpat *up, uid_t u)
	138	{ unsigned uu = u; return (up->lo <= uu && uu <= up->hi); }
	139
c3794524	140	/* Return true if the query matches the patterns in the policy rule. */
9da480be MW	141	int match_policy(const struct policy p, const struct query q)
9da480be MW	142	{
bf4d9761 MW	143	return ((!p->ao \|\| p->ao == q->ao) &&
bf4d9761 MW	144	match_sockpat(q->ao, &p->sp[L], &q->s[L]) &&
c039c936 MW	145	match_sockpat(q->ao, &p->sp[R], &q->s[R]) &&
c039c936 MW	146	match_userpat(&p->up, q->u.uid));
9da480be MW	147	}
9da480be MW	148
c3794524 MW	149	/----- Parsing -----------------------------------------------------------/
	150
	151	/* Advance FP to the next line. */
9da480be MW	152	static void nextline(FILE *fp)
	153	{
	154	for (;;) {
	155	int ch = getc(fp);
	156	if (ch == '\n' \|\| ch == EOF) break;
	157	}
	158	}
	159
c3794524 MW	160	/* Scan a whitespace-separated token from FP, writing it to BUF. The token
	161	* must fit in a buffer of size SZ, including a terminating null. Return
	162	* an appropriate T_* error code.
	163	*/
9da480be MW	164	static int scan(FILE fp, char buf, size_t sz)
	165	{
	166	int ch;
	167
	168	skip_ws:
c3794524	169	/* Before we start grabbing a token proper, find out what's in store. */
9da480be MW	170	ch = getc(fp);
9da480be MW	171	switch (ch) {
c3794524	172
9da480be MW	173	case '\n':
9da480be MW	174	newline:
c3794524	175	/* Found a newline. Leave it where it is and report it. */
9da480be MW	176	ungetc(ch, fp);
9da480be MW	177	return (T_EOL);
c3794524	178
9da480be MW	179	case EOF:
9da480be MW	180	eof:
c3794524	181	/* Found end-of-file, or an I/O error. Return an appropriate code. */
9da480be	182	return (ferror(fp) ? T_ERROR : T_EOF);
c3794524	183
9da480be	184	case '#':
c3794524 MW	185	/* Found a comment. Consume it, and continue appropriately: it must
	186	* be terminated either by a newline or end-of-file.
	187	*/
9da480be MW	188	for (;;) {
	189	ch = getc(fp);
	190	if (ch == '\n') goto newline;
	191	else if (ch == EOF) goto eof;
	192	}
c3794524	193
9da480be	194	default:
c3794524 MW	195	/* Whitespace means we just continue around. Anything else and we
	196	* start snarfing.
	197	*/
9da480be MW	198	if (isspace(ch)) goto skip_ws;
	199	break;
	200	}
	201
	202	for (;;) {
c3794524 MW	203
c3794524 MW	204	/* If there's buffer space left, store the character. */
9da480be	205	if (sz) { *buf++ = ch; sz--; }
c3794524 MW	206
c3794524 MW	207	/* Get a new one, and find out what to do about it. */
9da480be MW	208	ch = getc(fp);
	209	switch (ch) {
	210	case '\n':
	211	ungetc(ch, fp);
	212	goto done;
	213	case EOF:
	214	goto done;
	215	default:
	216	if (isspace(ch)) goto done;
	217	break;
	218	}
	219	}
	220
	221	done:
c3794524 MW	222	/* If there's no space for a terminating null then report an error. */
	223	if (!sz) return (T_ERROR);
	224
	225	/* All done. */
	226	*buf++ = 0; sz--;
	227	return (T_OK);
9da480be MW	228	}
9da480be MW	229
c3794524 MW	230	/* Parse an action name, storing the code in ACT. Return an appropriate T_
	231	* code.
	232	*/
9da480be MW	233	static int parse_actname(FILE fp, unsigned act)
	234	{
	235	char buf[32];
	236	int t;
	237	const char const p;
	238
	239	if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
	240	for (p = acttab; *p; p++)
	241	if (strcmp(buf, p) == 0) { act = p - acttab; return (0); }
	242	return (T_ERROR);
	243	}
	244
c3794524	245	/* Parse an action, returning a T_* code. */
9da480be MW	246	static int parse_action(FILE fp, struct action act)
	247	{
	248	char buf[32];
	249	int t;
	250	unsigned a;
	251	unsigned long m;
	252
c3794524	253	/* Collect the action name. */
9da480be	254	if ((t = parse_actname(fp, &a)) != 0) return (t);
c3794524 MW	255
c3794524 MW	256	/* Parse parameters, if there are any. */
9da480be	257	switch (a) {
c3794524	258
9da480be	259	case A_USER:
c3794524	260	/* `user ACTION ACTION ...': store permitted actions in a bitmask. */
9da480be MW	261	m = 0;
	262	for (;;) {
	263	if ((t = parse_actname(fp, &a)) != 0) break;
02591975	264	if (a == A_USER) return (T_ERROR);
9da480be MW	265	m \|= (1 << a);
	266	}
	267	if (t != T_EOL && t != T_EOF) return (t);
	268	act->act = A_USER;
	269	act->u.user = m;
	270	break;
c3794524	271
9da480be MW	272	case A_TOKEN:
	273	case A_NAME:
	274	case A_DENY:
	275	case A_HIDE:
c3794524	276	/* Dull actions which don't accept parameters. */
9da480be MW	277	act->act = a;
9da480be MW	278	break;
c3794524	279
9da480be	280	case A_LIE:
c3794524	281	/* `lie NAME': store the string we're to report. */
9da480be MW	282	if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
	283	act->act = a;
	284	act->u.lie = xstrdup(buf);
	285	break;
	286	}
c3794524 MW	287
c3794524 MW	288	/* Make sure we've reached the end of the line. */
9da480be MW	289	t = scan(fp, buf, sizeof(buf));
	290	if (t != T_EOF && t != T_EOL) {
	291	free_action(act);
	292	return (T_ERROR);
	293	}
c3794524 MW	294
c3794524 MW	295	/* Done. */
9da480be MW	296	return (0);
	297	}
	298
c3794524 MW	299	/* Parse an address pattern, writing it to AP. If the pattern has an
	300	* identifiable address family, update *AOP to point to its operations table;
	301	* if *AOP is already set to something different then report an error.
	302	*/
	303	static int parse_addrpat(FILE fp, const struct addrops *aop,
	304	struct addrpat *ap)
9da480be MW	305	{
	306	char buf[64];
	307	int t;
bf4d9761	308	const struct addrops *ao;
9da480be MW	309	long n;
	310	char *delim;
	311
c3794524	312	/* Scan a token for the address pattern. */
9da480be	313	if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
c3794524 MW	314
	315	/* If this is a wildcard, then leave everything as it is. */
	316	if (strcmp(buf, "*") == 0) {
	317	ap->len = 0;
	318	return (T_OK);
9da480be MW	319	}
9da480be MW	320
c3794524 MW	321	/* Decide what kind of address this must be. A bit grim, sorry. */
	322	if (strchr(buf, ':'))
	323	ao = &addroptab[ADDR_IPV6];
	324	else
	325	ao = &addroptab[ADDR_IPV4];
	326
	327	/* Update the caller's idea of the address family in use. */
	328	if (!aop) aop = ao;
	329	else if (*aop != ao) return (T_ERROR);
	330
	331	/* See whether there's a prefix length. If so, clobber it. */
	332	delim = strchr(buf, '/');
	333	if (delim) *delim++ = 0;
	334
	335	/* Parse the address. */
	336	if (!inet_pton(ao->af, buf, &ap->addr)) return (T_ERROR);
	337
	338	/* Parse the prefix length, or use the maximum one. */
	339	if (!delim) n = ao->len;
	340	else n = strtol(delim, 0, 10);
	341	if (n < 0 \|\| n > ao->len) return (T_ERROR);
	342	ap->len = n;
	343
	344	/* Done. */
	345	return (T_OK);
	346	}
	347
	348	static int parse_portpat(FILE fp, struct portpat pp)
	349	{
	350	char buf[64];
	351	int t;
	352	long n;
	353	char *delim;
	354
	355	/* Parse a token for the pattern. */
9da480be	356	if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR);
c3794524 MW	357
c3794524 MW	358	/* If this is a wildcard, then we're done. */
9da480be	359	if (strcmp(buf, "*") == 0) {
c3794524 MW	360	pp->lo = 0;
	361	pp->hi = 65535;
	362	return (T_OK);
9da480be	363	}
c3794524 MW	364
	365	/* Find a range delimiter. */
	366	delim = strchr(buf, '-');
	367	if (delim) *delim++ = 0;
	368
	369	/* Parse the only or low end of the range. */
	370	n = strtol(buf, 0, 0);
	371	if (n < 0 \|\| n > 65535) return (T_ERROR);
	372	pp->lo = n;
	373
	374	/* If there's no delimiter, then the high end is equal to the low end;
	375	* otherwise, parse the high end.
	376	*/
	377	if (!delim)
	378	pp->hi = n;
	379	else {
	380	n = strtol(delim, 0, 0);
	381	if (n < pp->lo \|\| n > 65535) return (T_ERROR);
	382	pp->hi = n;
	383	}
	384
	385	/* Done. */
	386	return (T_OK);
9da480be MW	387	}
9da480be MW	388
c3794524 MW	389	/* Parse a socket pattern, writing it to SP. */
	390	static int parse_sockpat(FILE fp, const struct addrops *aop,
	391	struct sockpat *sp)
	392	{
	393	int t;
	394
	395	if ((t = parse_addrpat(fp, aop, &sp->addr)) != 0) return (t);
	396	if ((t = parse_portpat(fp, &sp->port)) != 0) return (T_ERROR);
	397	return (T_OK);
	398	}
	399
c039c936 MW	400	/* Parse a user pattern, writing it to UP. */
	401	static int parse_userpat(FILE fp, struct userpat up)
	402	{
	403	struct passwd *pw;
	404	char buf[32];
	405	int t;
	406	char *delim;
	407
	408	if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
	409	if (!strcmp(buf, "*")) { up->lo = 0; up->hi = UINT_MAX; }
	410	else if ((pw = getpwnam(buf)) != 0) up->lo = up->hi = pw->pw_uid;
	411	else {
	412	if ((delim = strchr(buf, '-')) != 0) *delim++ = 0;
	413	up->lo = strtoul(buf, 0, 0);
	414	if (!delim) up->hi = up->lo;
	415	else if (!*delim) up->hi = UINT_MAX;
	416	else up->hi = strtoul(delim, 0, 0);
	417	}
	418	return (0);
	419	}
	420
c3794524 MW	421	/* Parse a policy rule line, writing it to P. */
c3794524 MW	422	static int parse_policy(FILE fp, struct policy p)
9da480be MW	423	{
	424	int t;
	425
bf4d9761	426	p->ao = 0;
9da480be MW	427	free_policy(p);
9da480be MW	428
bf4d9761 MW	429	if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail;
bf4d9761 MW	430	if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err;
c039c936	431	if ((t = parse_userpat(fp, &p->up)) != 0) goto err;
9da480be MW	432	if ((t = parse_action(fp, &p->act)) != 0) goto err;
	433	return (0);
	434
	435	err:
	436	t = T_ERROR;
	437	fail:
	438	free_policy(p);
	439	return (t);
	440	}
	441
c3794524 MW	442	/* Open a policy file by NAME. The description WHAT and query Q are used for
c3794524 MW	443	* formatting error messages for the log.
7164a50b MW	444	*
	445	* This function is somewhat careful only to read from actual regular files,
	446	* though (if the filesystem object identified by NAME is a symlink, say) it
	447	* might open a device node or other exotic thing without reading it. This
	448	* is likely harmless, since we're running as an unprivileged user anyway.
c3794524	449	*/
9da480be	450	int open_policy_file(struct policy_file pf, const char name,
17272ab8	451	const char what, const struct query q, unsigned f)
9da480be	452	{
c74afd8a MW	453	struct stat st;
c74afd8a MW	454
9da480be	455	if ((pf->fp = fopen(name, "r")) == 0) {
17272ab8 MW	456	if (errno != ENOENT \|\| !(f & OPF_NOENTOK)) {
	457	logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
	458	what, name, strerror(errno));
	459	}
c74afd8a MW	460	goto err_0;
	461	}
	462
	463	if (fstat(fileno(pf->fp), &st)) {
	464	logmsg(q, LOG_ERR, "failed to read information about %s `%s': %s",
	465	what, name, strerror(errno));
	466	goto err_1;
	467	}
	468	if (!S_ISREG(st.st_mode)) {
	469	logmsg(q, LOG_ERR, "object `%s', used as %s, is not a regular file",
	470	name, what);
	471	goto err_1;
9da480be MW	472	}
	473
	474	pf->name = name;
	475	pf->what = what;
	476	pf->q = q;
	477	pf->err = 0;
	478	pf->lno = 0;
	479	init_policy(&pf->p);
	480	return (0);
c74afd8a MW	481
	482	err_1:
	483	fclose(pf->fp);
	484	err_0:
	485	return (-1);
9da480be MW	486	}
9da480be MW	487
c3794524 MW	488	/* Read a policy rule from the file, storing it in PF->p. Return one of the
	489	* T_* codes.
	490	*/
9da480be MW	491	int read_policy_file(struct policy_file *pf)
	492	{
	493	int t;
	494
	495	for (;;) {
	496	pf->lno++;
	497	t = parse_policy(pf->fp, &pf->p);
	498	switch (t) {
	499	case T_OK:
b9eb1a36	500	case T_EOL:
9da480be	501	nextline(pf->fp);
b9eb1a36	502	return (t);
9da480be MW	503	case T_ERROR:
	504	logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s",
	505	pf->name, pf->lno, pf->what);
	506	pf->err = 1;
b9eb1a36	507	return (t);
9da480be MW	508	case T_EOF:
	509	if (ferror(pf->fp)) {
	510	logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s",
	511	pf->what, pf->name, strerror(errno));
	512	}
b9eb1a36	513	return (t);
9da480be MW	514	default:
	515	abort();
	516	}
	517	}
	518	}
	519
c3794524 MW	520	/* Close a policy file. It doesn't matter whether the file was completely
	521	* read.
	522	*/
9da480be MW	523	void close_policy_file(struct policy_file *pf)
	524	{
	525	fclose(pf->fp);
	526	free_policy(&pf->p);
	527	}
	528
c3794524 MW	529	/* Load a policy file, writing a vector of records into PV. If the policy
	530	* file has errors, then leave PV unchanged and return nonzero.
	531	*/
9da480be MW	532	int load_policy_file(const char file, policy_v pv)
	533	{
	534	struct policy_file pf;
	535	policy_v v = DA_INIT;
b9eb1a36	536	int t = 0;
9da480be	537
17272ab8	538	if (open_policy_file(&pf, file, "policy file", 0, 0))
9da480be	539	return (-1);
b9eb1a36 MW	540	while ((t = read_policy_file(&pf)) < T_EOF) {
	541	if (t == T_OK) {
	542	DA_PUSH(&v, pf.p);
	543	init_policy(&pf.p);
	544	}
9da480be MW	545	}
	546	close_policy_file(&pf);
	547	if (!pf.err) {
	548	DA_DESTROY(pv);
	549	*pv = v;
	550	return (0);
	551	} else {
	552	DA_DESTROY(&v);
	553	return (-1);
	554	}
	555	}
	556
	557	/----- That's all, folks -------------------------------------------------/