Commit | Line | Data |
---|---|---|
9da480be MW |
1 | /* -*-c-*- |
2 | * | |
3 | * Common definitions for YAID | |
4 | * | |
5 | * (c) 2012 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Yet Another Ident Daemon (YAID). | |
11 | * | |
12 | * YAID is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * YAID is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License | |
23 | * along with YAID; if not, write to the Free Software Foundation, | |
24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | #ifndef YAID_H | |
28 | #define YAID_H | |
29 | ||
30 | #ifdef __cplusplus | |
31 | extern "C" { | |
32 | #endif | |
33 | ||
34 | /*----- Header files ------------------------------------------------------*/ | |
35 | ||
36 | #include <assert.h> | |
37 | #include <ctype.h> | |
38 | #include <errno.h> | |
39 | #include <limits.h> | |
40 | #include <stdarg.h> | |
41 | #include <stdio.h> | |
42 | #include <string.h> | |
43 | #include <string.h> | |
44 | ||
45 | #include <sys/types.h> | |
46 | #include <unistd.h> | |
47 | #include <fcntl.h> | |
48 | ||
49 | #include <pwd.h> | |
50 | ||
51 | #include <sys/socket.h> | |
52 | #include <netinet/in.h> | |
53 | #include <arpa/inet.h> | |
54 | ||
55 | #include <linux/netlink.h> | |
56 | #include <linux/rtnetlink.h> | |
57 | ||
58 | #include <syslog.h> | |
59 | ||
60 | #include <mLib/bits.h> | |
61 | #include <mLib/conn.h> | |
62 | #include <mLib/darray.h> | |
63 | #include <mLib/dstr.h> | |
64 | #include <mLib/fwatch.h> | |
65 | #include <mLib/quis.h> | |
66 | #include <mLib/report.h> | |
67 | #include <mLib/sel.h> | |
68 | #include <mLib/selbuf.h> | |
69 | ||
70 | /*----- Data structures ---------------------------------------------------*/ | |
71 | ||
72 | #define ADDRLEN 64 | |
73 | ||
74 | union addr { | |
75 | struct in_addr ipv4; | |
76 | struct in6_addr ipv6; | |
77 | }; | |
78 | ||
79 | struct socket { | |
80 | union addr addr; | |
81 | unsigned port; | |
82 | }; | |
83 | ||
84 | enum { L, R, NDIR }; | |
85 | ||
86 | #define RESPONSE(_) \ | |
87 | _(ERROR, U(error, unsigned)) \ | |
88 | _(UID, U(uid, uid_t)) \ | |
89 | _(NAT, U(nat, struct socket)) | |
90 | ||
91 | #define ERROR(_) \ | |
92 | _(INVPORT, "INVALID-PORT") \ | |
93 | _(NOUSER, "NO-USER") \ | |
94 | _(HIDDEN, "HIDDEN-USER") \ | |
95 | _(UNKNOWN, "UNKNOWN-ERROR") | |
96 | extern const char *const errtok[]; | |
97 | ||
98 | enum { | |
99 | #define DEFENUM(err, tok) E_##err, | |
100 | ERROR(DEFENUM) | |
101 | #undef DEFENUM | |
102 | E_LIMIT | |
103 | }; | |
104 | ||
105 | enum { | |
106 | #define DEFENUM(what, branch) R_##what, | |
107 | RESPONSE(DEFENUM) | |
108 | #undef DEFENUM | |
109 | R_LIMIT | |
110 | }; | |
111 | ||
112 | struct query { | |
113 | int af; | |
114 | struct socket s[NDIR]; | |
115 | unsigned resp; | |
116 | union { | |
117 | #define DEFBRANCH(WHAT, branch) branch | |
118 | #define U(memb, ty) ty memb; | |
119 | #define N | |
120 | RESPONSE(DEFBRANCH) | |
121 | #undef U | |
122 | #undef N | |
123 | #undef DEFBRANCH | |
124 | } u; | |
125 | } query; | |
126 | ||
127 | enum { | |
128 | T_OK, | |
129 | T_EOL, | |
130 | T_EOF, | |
131 | T_ERROR | |
132 | }; | |
133 | ||
134 | struct addrpat { | |
135 | unsigned len; | |
136 | union addr addr; | |
137 | }; | |
138 | ||
139 | struct portpat { | |
140 | unsigned lo, hi; | |
141 | }; | |
142 | ||
143 | struct sockpat { | |
144 | struct addrpat addr; | |
145 | struct portpat port; | |
146 | }; | |
147 | ||
148 | #define ACTIONS(_) \ | |
149 | _(USER, "user") \ | |
150 | _(TOKEN, "token") \ | |
151 | _(NAME, "name") \ | |
152 | _(DENY, "deny") \ | |
153 | _(HIDE, "hide") \ | |
154 | _(LIE, "lie") | |
155 | ||
156 | enum { | |
157 | #define DEFENUM(tag, word) A_##tag, | |
158 | ACTIONS(DEFENUM) | |
159 | #undef DEFENUM | |
160 | A_LIMIT | |
161 | }; | |
162 | ||
163 | struct action { | |
164 | unsigned act; | |
165 | union { | |
166 | unsigned user; | |
167 | char *lie; | |
168 | } u; | |
169 | }; | |
170 | ||
171 | struct policy { | |
172 | int af; | |
173 | struct sockpat sp[NDIR]; | |
174 | struct action act; | |
175 | }; | |
176 | #define POLICY_INIT(a) { 0, { { { 0 } } }, { a } } | |
177 | ||
178 | struct policy_file { | |
179 | FILE *fp; | |
180 | const struct query *q; | |
181 | const char *name; | |
182 | const char *what; | |
183 | int err; | |
184 | int lno; | |
185 | struct policy p; | |
186 | }; | |
187 | ||
188 | DA_DECL(policy_v, struct policy); | |
189 | ||
190 | /*----- Functions provided ------------------------------------------------*/ | |
191 | ||
192 | void logmsg(const struct query *q, int prio, const char *msg, ...); | |
193 | ||
194 | void identify(struct query *q); | |
195 | int get_default_gw(int af, union addr *a); | |
196 | ||
197 | void init_policy(struct policy *p); | |
198 | void free_policy(struct policy *p); | |
199 | void print_policy(const struct policy *p); | |
200 | int match_policy(const struct policy *p, const struct query *q); | |
201 | int parse_policy(FILE *fp, struct policy *p); | |
202 | int open_policy_file(struct policy_file *pf, const char *name, | |
203 | const char *what, const struct query *q); | |
204 | int read_policy_file(struct policy_file *pf); | |
205 | void close_policy_file(struct policy_file *pf); | |
206 | int load_policy_file(const char *file, policy_v *pv); | |
207 | ||
208 | /*----- That's all, folks -------------------------------------------------*/ | |
209 | ||
210 | #ifdef __cplusplus | |
211 | } | |
212 | #endif | |
213 | ||
214 | #endif |