~mdw / yaid / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
policy.h: Don't allow `user' actions in user policy files.
[yaid] / policy.c
1 /* -*-c-*-
2 *
3 * Policy parsing and implementation
4 *
5 * (c) 2012 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of Yet Another Ident Daemon (YAID).
11 *
12 * YAID is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * YAID is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with YAID; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 */
26
27 /*----- Header files ------------------------------------------------------*/
28
29 #include "yaid.h"
30
31 /*----- Memory management -------------------------------------------------*/
32
33 /* Initialize a policy structure. In this state, it doesn't actually have
34 * any resources allocated (so can be simply discarded) but it's safe to free
35 * (using `free_policy').
36 */
37 void init_policy(struct policy *p) { p->act.act = A_LIMIT; }
38
39 /* Free an action structure, resetting it to a safe state. This function is
40 * idempotent.
41 */
42 static void free_action(struct action *a)
43 {
44 switch (a->act) {
45 case A_LIE:
46 xfree(a->u.lie);
47 break;
48 }
49 a->act = A_LIMIT;
50 }
51
52 /* Free a policy structure, resetting it to its freshly-initialized state.
53 * This function is idempotent.
54 */
55 void free_policy(struct policy *p)
56 { free_action(&p->act); }
57
58 /*----- Diagnostics -------------------------------------------------------*/
59
60 static void print_addrpat(const struct addrops *ao, const struct addrpat *ap)
61 {
62 char buf[ADDRLEN];
63
64 if (ap->len == 0)
65 putchar('*');
66 else {
67 printf("%s/%u",
68 inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)),
69 ap->len);
70 }
71 }
72
73 static void print_portpat(const struct portpat *pp)
74 {
75 if (pp->lo == 0 && pp->hi == 65535) putchar('*');
76 else if (pp->lo == pp->hi) printf("%u", pp->lo);
77 else printf("%u-%u", pp->lo, pp->hi);
78 }
79
80 static void print_sockpat(const struct addrops *ao, const struct sockpat *sp)
81 { print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); }
82
83 static const char *const acttab[] = {
84 #define DEFACT(tag, name) name,
85 ACTIONS(DEFACT)
86 #undef DEFACT
87 0
88 };
89
90 static void print_action(const struct action *act)
91 {
92 assert(act->act < A_LIMIT);
93 printf("%s", acttab[act->act]);
94 switch (act->act) {
95 case A_USER: {
96 int i;
97 unsigned m;
98 for (i = 0, m = 1; i < A_LIMIT; i++, m <<= 1)
99 if (act->u.user & m) printf(" %s", acttab[i]);
100 } break;
101 case A_LIE:
102 printf(" %s", act->u.lie);
103 break;
104 }
105 }
106
107 /* Print a policy rule to standard output. */
108 void print_policy(const struct policy *p)
109 {
110 print_sockpat(p->ao, &p->sp[L]); putchar(' ');
111 print_sockpat(p->ao, &p->sp[R]); putchar(' ');
112 print_action(&p->act); putchar('\n');
113 }
114
115 /*----- Matching ----------------------------------------------------------*/
116
117 /* Return true if the port matches the pattern. */
118 static int match_portpat(const struct portpat *pp, unsigned port)
119 { return (pp->lo <= port && port <= pp->hi); }
120
121 /* Return true if the socket matches the pattern. */
122 static int match_sockpat(const struct addrops *ao,
123 const struct sockpat *sp, const struct socket *s)
124 {
125 return (ao->match_addrpat(&sp->addr, &s->addr) &&
126 match_portpat(&sp->port, s->port));
127 }
128
129 /* Return true if the query matches the patterns in the policy rule. */
130 int match_policy(const struct policy *p, const struct query *q)
131 {
132 return ((!p->ao || p->ao == q->ao) &&
133 match_sockpat(q->ao, &p->sp[L], &q->s[L]) &&
134 match_sockpat(q->ao, &p->sp[R], &q->s[R]));
135 }
136
137 /*----- Parsing -----------------------------------------------------------*/
138
139 /* Advance FP to the next line. */
140 static void nextline(FILE *fp)
141 {
142 for (;;) {
143 int ch = getc(fp);
144 if (ch == '\n' || ch == EOF) break;
145 }
146 }
147
148 /* Scan a whitespace-separated token from FP, writing it to BUF. The token
149 * must fit in a buffer of size SZ, including a terminating null. Return
150 * an appropriate T_* error code.
151 */
152 static int scan(FILE *fp, char *buf, size_t sz)
153 {
154 int ch;
155
156 skip_ws:
157 /* Before we start grabbing a token proper, find out what's in store. */
158 ch = getc(fp);
159 switch (ch) {
160
161 case '\n':
162 newline:
163 /* Found a newline. Leave it where it is and report it. */
164 ungetc(ch, fp);
165 return (T_EOL);
166
167 case EOF:
168 eof:
169 /* Found end-of-file, or an I/O error. Return an appropriate code. */
170 return (ferror(fp) ? T_ERROR : T_EOF);
171
172 case '#':
173 /* Found a comment. Consume it, and continue appropriately: it must
174 * be terminated either by a newline or end-of-file.
175 */
176 for (;;) {
177 ch = getc(fp);
178 if (ch == '\n') goto newline;
179 else if (ch == EOF) goto eof;
180 }
181
182 default:
183 /* Whitespace means we just continue around. Anything else and we
184 * start snarfing.
185 */
186 if (isspace(ch)) goto skip_ws;
187 break;
188 }
189
190 for (;;) {
191
192 /* If there's buffer space left, store the character. */
193 if (sz) { *buf++ = ch; sz--; }
194
195 /* Get a new one, and find out what to do about it. */
196 ch = getc(fp);
197 switch (ch) {
198 case '\n':
199 ungetc(ch, fp);
200 goto done;
201 case EOF:
202 goto done;
203 default:
204 if (isspace(ch)) goto done;
205 break;
206 }
207 }
208
209 done:
210 /* If there's no space for a terminating null then report an error. */
211 if (!sz) return (T_ERROR);
212
213 /* All done. */
214 *buf++ = 0; sz--;
215 return (T_OK);
216 }
217
218 /* Parse an action name, storing the code in *ACT. Return an appropriate T_*
219 * code.
220 */
221 static int parse_actname(FILE *fp, unsigned *act)
222 {
223 char buf[32];
224 int t;
225 const char *const *p;
226
227 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
228 for (p = acttab; *p; p++)
229 if (strcmp(buf, *p) == 0) { *act = p - acttab; return (0); }
230 return (T_ERROR);
231 }
232
233 /* Parse an action, returning a T_* code. */
234 static int parse_action(FILE *fp, struct action *act)
235 {
236 char buf[32];
237 int t;
238 unsigned a;
239 unsigned long m;
240
241 /* Collect the action name. */
242 if ((t = parse_actname(fp, &a)) != 0) return (t);
243
244 /* Parse parameters, if there are any. */
245 switch (a) {
246
247 case A_USER:
248 /* `user ACTION ACTION ...': store permitted actions in a bitmask. */
249 m = 0;
250 for (;;) {
251 if ((t = parse_actname(fp, &a)) != 0) break;
252 if (a == A_USER) return (T_ERROR);
253 m |= (1 << a);
254 }
255 if (t != T_EOL && t != T_EOF) return (t);
256 act->act = A_USER;
257 act->u.user = m;
258 break;
259
260 case A_TOKEN:
261 case A_NAME:
262 case A_DENY:
263 case A_HIDE:
264 /* Dull actions which don't accept parameters. */
265 act->act = a;
266 break;
267
268 case A_LIE:
269 /* `lie NAME': store the string we're to report. */
270 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
271 act->act = a;
272 act->u.lie = xstrdup(buf);
273 break;
274 }
275
276 /* Make sure we've reached the end of the line. */
277 t = scan(fp, buf, sizeof(buf));
278 if (t != T_EOF && t != T_EOL) {
279 free_action(act);
280 return (T_ERROR);
281 }
282
283 /* Done. */
284 return (0);
285 }
286
287 /* Parse an address pattern, writing it to AP. If the pattern has an
288 * identifiable address family, update *AOP to point to its operations table;
289 * if *AOP is already set to something different then report an error.
290 */
291 static int parse_addrpat(FILE *fp, const struct addrops **aop,
292 struct addrpat *ap)
293 {
294 char buf[64];
295 int t;
296 const struct addrops *ao;
297 long n;
298 char *delim;
299
300 /* Scan a token for the address pattern. */
301 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
302
303 /* If this is a wildcard, then leave everything as it is. */
304 if (strcmp(buf, "*") == 0) {
305 ap->len = 0;
306 return (T_OK);
307 }
308
309 /* Decide what kind of address this must be. A bit grim, sorry. */
310 if (strchr(buf, ':'))
311 ao = &addroptab[ADDR_IPV6];
312 else
313 ao = &addroptab[ADDR_IPV4];
314
315 /* Update the caller's idea of the address family in use. */
316 if (!*aop) *aop = ao;
317 else if (*aop != ao) return (T_ERROR);
318
319 /* See whether there's a prefix length. If so, clobber it. */
320 delim = strchr(buf, '/');
321 if (delim) *delim++ = 0;
322
323 /* Parse the address. */
324 if (!inet_pton(ao->af, buf, &ap->addr)) return (T_ERROR);
325
326 /* Parse the prefix length, or use the maximum one. */
327 if (!delim) n = ao->len;
328 else n = strtol(delim, 0, 10);
329 if (n < 0 || n > ao->len) return (T_ERROR);
330 ap->len = n;
331
332 /* Done. */
333 return (T_OK);
334 }
335
336 static int parse_portpat(FILE *fp, struct portpat *pp)
337 {
338 char buf[64];
339 int t;
340 long n;
341 char *delim;
342
343 /* Parse a token for the pattern. */
344 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR);
345
346 /* If this is a wildcard, then we're done. */
347 if (strcmp(buf, "*") == 0) {
348 pp->lo = 0;
349 pp->hi = 65535;
350 return (T_OK);
351 }
352
353 /* Find a range delimiter. */
354 delim = strchr(buf, '-');
355 if (delim) *delim++ = 0;
356
357 /* Parse the only or low end of the range. */
358 n = strtol(buf, 0, 0);
359 if (n < 0 || n > 65535) return (T_ERROR);
360 pp->lo = n;
361
362 /* If there's no delimiter, then the high end is equal to the low end;
363 * otherwise, parse the high end.
364 */
365 if (!delim)
366 pp->hi = n;
367 else {
368 n = strtol(delim, 0, 0);
369 if (n < pp->lo || n > 65535) return (T_ERROR);
370 pp->hi = n;
371 }
372
373 /* Done. */
374 return (T_OK);
375 }
376
377 /* Parse a socket pattern, writing it to SP. */
378 static int parse_sockpat(FILE *fp, const struct addrops **aop,
379 struct sockpat *sp)
380 {
381 int t;
382
383 if ((t = parse_addrpat(fp, aop, &sp->addr)) != 0) return (t);
384 if ((t = parse_portpat(fp, &sp->port)) != 0) return (T_ERROR);
385 return (T_OK);
386 }
387
388 /* Parse a policy rule line, writing it to P. */
389 static int parse_policy(FILE *fp, struct policy *p)
390 {
391 int t;
392
393 p->ao = 0;
394 free_policy(p);
395
396 if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail;
397 if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err;
398 if ((t = parse_action(fp, &p->act)) != 0) goto err;
399 return (0);
400
401 err:
402 t = T_ERROR;
403 fail:
404 free_policy(p);
405 return (t);
406 }
407
408 /* Open a policy file by NAME. The description WHAT and query Q are used for
409 * formatting error messages for the log.
410 */
411 int open_policy_file(struct policy_file *pf, const char *name,
412 const char *what, const struct query *q)
413 {
414 if ((pf->fp = fopen(name, "r")) == 0) {
415 logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
416 what, name, strerror(errno));
417 return (-1);
418 }
419
420 pf->name = name;
421 pf->what = what;
422 pf->q = q;
423 pf->err = 0;
424 pf->lno = 0;
425 init_policy(&pf->p);
426 return (0);
427 }
428
429 /* Read a policy rule from the file, storing it in PF->p. Return one of the
430 * T_* codes.
431 */
432 int read_policy_file(struct policy_file *pf)
433 {
434 int t;
435
436 for (;;) {
437 pf->lno++;
438 t = parse_policy(pf->fp, &pf->p);
439 switch (t) {
440 case T_OK:
441 nextline(pf->fp);
442 return (0);
443 case T_ERROR:
444 logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s",
445 pf->name, pf->lno, pf->what);
446 pf->err = 1;
447 break;
448 case T_EOF:
449 if (ferror(pf->fp)) {
450 logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s",
451 pf->what, pf->name, strerror(errno));
452 }
453 return (-1);
454 case T_EOL:
455 nextline(pf->fp);
456 break;
457 default:
458 abort();
459 }
460 }
461 }
462
463 /* Close a policy file. It doesn't matter whether the file was completely
464 * read.
465 */
466 void close_policy_file(struct policy_file *pf)
467 {
468 fclose(pf->fp);
469 free_policy(&pf->p);
470 }
471
472 /* Load a policy file, writing a vector of records into PV. If the policy
473 * file has errors, then leave PV unchanged and return nonzero.
474 */
475 int load_policy_file(const char *file, policy_v *pv)
476 {
477 struct policy_file pf;
478 policy_v v = DA_INIT;
479
480 if (open_policy_file(&pf, file, "policy file", 0))
481 return (-1);
482 while (!read_policy_file(&pf)) {
483 DA_PUSH(&v, pf.p);
484 init_policy(&pf.p);
485 }
486 close_policy_file(&pf);
487 if (!pf.err) {
488 DA_DESTROY(pv);
489 *pv = v;
490 return (0);
491 } else {
492 DA_DESTROY(&v);
493 return (-1);
494 }
495 }
496
497 /*----- That's all, folks -------------------------------------------------*/
Yet Another Ident Daemon.