mdw@git.distorted.org.uk Git - yaid/blob - yaid.h

   1 /* -*-c-*-
   2  *
   3  * Common definitions for YAID
   4  *
   5  * (c) 2012 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Yet Another Ident Daemon (YAID).
  11  *
  12  * YAID is free software; you can redistribute it and/or modify
  13  * it under the terms of the GNU General Public License as published by
  14  * the Free Software Foundation; either version 2 of the License, or
  15  * (at your option) any later version.
  16  *
  17  * YAID is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with YAID; if not, write to the Free Software Foundation,
  24  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  25  */
  26
  27 #ifndef YAID_H
  28 #define YAID_H
  29
  30 #ifdef __cplusplus
  31   extern "C" {
  32 #endif
  33
  34 /*----- Header files ------------------------------------------------------*/
  35
  36 #include "config.h"
  37
  38 #include <assert.h>
  39 #include <ctype.h>
  40 #include <errno.h>
  41 #include <limits.h>
  42 #include <stdarg.h>
  43 #include <stdio.h>
  44 #include <string.h>
  45 #include <string.h>
  46
  47 #include <sys/types.h>
  48 #include <unistd.h>
  49 #include <fcntl.h>
  50
  51 #include <pwd.h>
  52
  53 #include <sys/socket.h>
  54 #include <netinet/in.h>
  55 #include <arpa/inet.h>
  56
  57 #include <syslog.h>
  58
  59 #include <mLib/bits.h>
  60 #include <mLib/conn.h>
  61 #include <mLib/darray.h>
  62 #include <mLib/dstr.h>
  63 #include <mLib/fdflags.h>
  64 #include <mLib/fwatch.h>
  65 #include <mLib/quis.h>
  66 #include <mLib/report.h>
  67 #include <mLib/sel.h>
  68 #include <mLib/selbuf.h>
  69
  70 /*----- System specifics --------------------------------------------------*/
  71
  72 #define SYS_UNDEF 0
  73 #define SYS_LINUX 1
  74
  75 #if SYS == SYS_LINUX
  76 #  include <linux/netlink.h>
  77 #  include <linux/rtnetlink.h>
  78 #else
  79 #  error "Unsupported operating system: sorry.  Patches welcome!"
  80 #endif
  81
  82 /*----- Data structures ---------------------------------------------------*/
  83
  84 #define ADDRLEN 64
  85
  86 union addr {
  87   struct in_addr ipv4;
  88   struct in6_addr ipv6;
  89 };
  90
  91 struct socket {
  92   union addr addr;
  93   unsigned port;
  94 };
  95
  96 struct addrpat {
  97   unsigned len;
  98   union addr addr;
  99 };
 100
 101 struct portpat {
 102   unsigned lo, hi;
 103 };
 104
 105 struct sockpat {
 106   struct addrpat addr;
 107   struct portpat port;
 108 };
 109
 110 #define ADDRTYPES(_)                                                    \
 111   _(ipv4, IPV4, INET, "IPv4", 32)                                       \
 112   _(ipv6, IPV6, INET6, "IPv6", 128)
 113
 114 struct addrops {
 115   int af;
 116   const char *name;
 117   unsigned len;
 118   const union addr *any;
 119   const struct addrops_sys *sys;
 120   int (*addreq)(const union addr *, const union addr *);
 121   int (*match_addrpat)(const struct addrpat *, const union addr *);
 122   void (*socket_to_sockaddr)(const struct socket *s, void *, size_t *);
 123   void (*sockaddr_to_addr)(const void *, union addr *);
 124   int (*init_listen_socket)(int);
 125 };
 126
 127 enum {
 128 #define DEFADDR(ty, TY, af, name, len) ADDR_##TY,
 129   ADDRTYPES(DEFADDR)
 130 #undef DEFADDR
 131   ADDR_LIMIT
 132 };
 133
 134 extern const struct addrops addroptab[];
 135 #define OPS_SYS(ty, TY, af, name, len)                                  \
 136   extern const struct addrops_sys addrops_sys_##ty;
 137 ADDRTYPES(OPS_SYS)
 138 #undef OPS_SYS
 139
 140 enum { L, R, NDIR };
 141
 142 #define RESPONSE(_)                                                     \
 143   _(ERROR, U(error, unsigned))                                          \
 144   _(UID, U(uid, uid_t))                                                 \
 145   _(NAT, U(nat, struct socket))
 146
 147 #define ERROR(_)                                                        \
 148   _(INVPORT, "INVALID-PORT")                                            \
 149   _(NOUSER, "NO-USER")                                                  \
 150   _(HIDDEN, "HIDDEN-USER")                                              \
 151   _(UNKNOWN, "UNKNOWN-ERROR")
 152 extern const char *const errtok[];
 153
 154 enum {
 155 #define DEFENUM(err, tok) E_##err,
 156   ERROR(DEFENUM)
 157 #undef DEFENUM
 158   E_LIMIT
 159 };
 160
 161 enum {
 162 #define DEFENUM(what, branch) R_##what,
 163   RESPONSE(DEFENUM)
 164 #undef DEFENUM
 165   R_LIMIT
 166 };
 167
 168 struct query {
 169   const struct addrops *ao;
 170   struct socket s[NDIR];
 171   unsigned resp;
 172   union {
 173 #define DEFBRANCH(WHAT, branch) branch
 174 #define U(memb, ty) ty memb;
 175 #define N
 176     RESPONSE(DEFBRANCH)
 177 #undef U
 178 #undef N
 179 #undef DEFBRANCH
 180   } u;
 181 } query;
 182
 183 enum {
 184   T_OK,
 185   T_EOL,
 186   T_EOF,
 187   T_ERROR
 188 };
 189
 190 #define ACTIONS(_)                                                      \
 191   _(USER, "user")                                                       \
 192   _(TOKEN, "token")                                                     \
 193   _(NAME, "name")                                                       \
 194   _(DENY, "deny")                                                       \
 195   _(HIDE, "hide")                                                       \
 196   _(LIE, "lie")
 197
 198 enum {
 199 #define DEFENUM(tag, word) A_##tag,
 200   ACTIONS(DEFENUM)
 201 #undef DEFENUM
 202   A_LIMIT
 203 };
 204
 205 struct action {
 206   unsigned act;
 207   union {
 208     unsigned user;
 209     char *lie;
 210   } u;
 211 };
 212
 213 struct policy {
 214   const struct addrops *ao;
 215   struct sockpat sp[NDIR];
 216   struct action act;
 217 };
 218 #define POLICY_INIT(a) { 0, { { { 0 } } }, { a } }
 219
 220 struct policy_file {
 221   FILE *fp;
 222   const struct query *q;
 223   const char *name;
 224   const char *what;
 225   int err;
 226   int lno;
 227   struct policy p;
 228 };
 229
 230 DA_DECL(policy_v, struct policy);
 231
 232 /*----- Functions provided ------------------------------------------------*/
 233
 234 int sockeq(const struct addrops *ao,
 235            const struct socket *sa, const struct socket *sb);
 236 void dputsock(dstr *d, const struct addrops *ao, const struct socket *s);
 237
 238 void logmsg(const struct query *q, int prio, const char *msg, ...);
 239
 240 void identify(struct query *q);
 241
 242 void init_policy(struct policy *p);
 243 void free_policy(struct policy *p);
 244 void print_policy(const struct policy *p);
 245 int match_policy(const struct policy *p, const struct query *q);
 246 int parse_policy(FILE *fp, struct policy *p);
 247 int open_policy_file(struct policy_file *pf, const char *name,
 248                      const char *what, const struct query *q);
 249 int read_policy_file(struct policy_file *pf);
 250 void close_policy_file(struct policy_file *pf);
 251 int load_policy_file(const char *file, policy_v *pv);
 252
 253 /*----- That's all, folks -------------------------------------------------*/
 254
 255 #ifdef __cplusplus
 256   }
 257 #endif
 258
 259 #endif