80e2bfd9f838ac64f07c4c5b5ff44bfddf28896a
3 * Policy parsing and implementation
5 * (c) 2012 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Yet Another Ident Daemon (YAID).
12 * YAID is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * YAID is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with YAID; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
31 /*----- Main code ---------------------------------------------------------*/
33 /* syntax: addrpat portpat addrpar portpat policy
35 * local address/port first, then remote
36 * addrpat ::= addr [/ len]
37 * portpat ::= num | num - num | *
38 * policy ::= user policy* | token | name | deny | hide |
41 void init_policy(struct policy
*p
) { p
->act
.act
= A_LIMIT
; }
43 static void free_action(struct action
*a
)
53 void free_policy(struct policy
*p
)
54 { free_action(&p
->act
); }
56 static void print_addrpat(const struct addrops
*ao
, const struct addrpat
*ap
)
64 inet_ntop(ao
->af
, &ap
->addr
, buf
, sizeof(buf
)),
69 static void print_portpat(const struct portpat
*pp
)
71 if (pp
->lo
== 0 && pp
->hi
== 65535) putchar('*');
72 else if (pp
->lo
== pp
->hi
) printf("%u", pp
->lo
);
73 else printf("%u-%u", pp
->lo
, pp
->hi
);
76 static void print_sockpat(const struct addrops
*ao
, const struct sockpat
*sp
)
77 { print_addrpat(ao
, &sp
->addr
); putchar(' '); print_portpat(&sp
->port
); }
79 static const char *const acttab
[] = {
80 #define DEFACT(tag, name) name,
86 static void print_action(const struct action
*act
)
88 assert(act
->act
< A_LIMIT
);
89 printf("%s", acttab
[act
->act
]);
94 for (i
= 0, m
= 1; i
< A_LIMIT
; i
++, m
<<= 1)
95 if (act
->u
.user
& m
) printf(" %s", acttab
[i
]);
98 printf(" %s", act
->u
.lie
);
103 void print_policy(const struct policy
*p
)
105 print_sockpat(p
->ao
, &p
->sp
[L
]); putchar(' ');
106 print_sockpat(p
->ao
, &p
->sp
[R
]); putchar(' ');
107 print_action(&p
->act
); putchar('\n');
110 static int match_portpat(const struct portpat
*pp
, unsigned port
)
111 { return (pp
->lo
<= port
&& port
<= pp
->hi
); }
113 static int match_sockpat(const struct addrops
*ao
,
114 const struct sockpat
*sp
, const struct socket
*s
)
116 return (ao
->match_addrpat(&sp
->addr
, &s
->addr
) &&
117 match_portpat(&sp
->port
, s
->port
));
120 int match_policy(const struct policy
*p
, const struct query
*q
)
122 return ((!p
->ao
|| p
->ao
== q
->ao
) &&
123 match_sockpat(q
->ao
, &p
->sp
[L
], &q
->s
[L
]) &&
124 match_sockpat(q
->ao
, &p
->sp
[R
], &q
->s
[R
]));
127 static void nextline(FILE *fp
)
131 if (ch
== '\n' || ch
== EOF
) break;
135 static int scan(FILE *fp
, char *buf
, size_t sz
)
148 return (ferror(fp
) ? T_ERROR
: T_EOF
);
152 if (ch
== '\n') goto newline
;
153 else if (ch
== EOF
) goto eof
;
156 if (isspace(ch
)) goto skip_ws
;
161 if (sz
) { *buf
++ = ch
; sz
--; }
170 if (isspace(ch
)) goto done
;
184 static int parse_actname(FILE *fp
, unsigned *act
)
188 const char *const *p
;
190 if ((t
= scan(fp
, buf
, sizeof(buf
))) != 0) return (t
);
191 for (p
= acttab
; *p
; p
++)
192 if (strcmp(buf
, *p
) == 0) { *act
= p
- acttab
; return (0); }
196 static int parse_action(FILE *fp
, struct action
*act
)
203 if ((t
= parse_actname(fp
, &a
)) != 0) return (t
);
208 if ((t
= parse_actname(fp
, &a
)) != 0) break;
211 if (t
!= T_EOL
&& t
!= T_EOF
) return (t
);
222 if ((t
= scan(fp
, buf
, sizeof(buf
))) != 0) return (t
);
224 act
->u
.lie
= xstrdup(buf
);
227 t
= scan(fp
, buf
, sizeof(buf
));
228 if (t
!= T_EOF
&& t
!= T_EOL
) {
235 static int parse_sockpat(FILE *fp
, const struct addrops
**aop
,
240 const struct addrops
*ao
;
244 if ((t
= scan(fp
, buf
, sizeof(buf
))) != 0) return (t
);
245 if (strcmp(buf
, "*") == 0)
248 if (strchr(buf
, ':'))
249 ao
= &addroptab
[ADDR_IPV6
];
251 ao
= &addroptab
[ADDR_IPV4
];
252 if (!*aop
) *aop
= ao
;
253 else if (*aop
!= ao
) return (T_ERROR
);
254 delim
= strchr(buf
, '/');
255 if (delim
) *delim
++ = 0;
256 if (!inet_pton(ao
->af
, buf
, &sp
->addr
.addr
)) return (T_ERROR
);
257 if (!delim
) n
= ao
->len
;
258 else n
= strtol(delim
, 0, 10);
259 if (n
< 0 || n
> ao
->len
) return (T_ERROR
);
263 if ((t
= scan(fp
, buf
, sizeof(buf
))) != 0) return (T_ERROR
);
264 if (strcmp(buf
, "*") == 0) {
268 delim
= strchr(buf
, '-');
269 if (delim
) *delim
++ = 0;
270 n
= strtol(buf
, 0, 0);
271 if (n
< 0 || n
> 65535) return (T_ERROR
);
276 n
= strtol(delim
, 0, 0);
277 if (n
< 0 || n
> 65535) return (T_ERROR
);
284 int parse_policy(FILE *fp
, struct policy
*p
)
291 if ((t
= parse_sockpat(fp
, &p
->ao
, &p
->sp
[L
])) != 0) goto fail
;
292 if ((t
= parse_sockpat(fp
, &p
->ao
, &p
->sp
[R
])) != 0) goto err
;
293 if ((t
= parse_action(fp
, &p
->act
)) != 0) goto err
;
303 int open_policy_file(struct policy_file
*pf
, const char *name
,
304 const char *what
, const struct query
*q
)
306 if ((pf
->fp
= fopen(name
, "r")) == 0) {
307 logmsg(q
, LOG_ERR
, "failed to open %s `%s': %s",
308 what
, name
, strerror(errno
));
321 int read_policy_file(struct policy_file
*pf
)
327 t
= parse_policy(pf
->fp
, &pf
->p
);
333 logmsg(pf
->q
, LOG_ERR
, "%s:%d: parse error in %s",
334 pf
->name
, pf
->lno
, pf
->what
);
338 if (ferror(pf
->fp
)) {
339 logmsg(pf
->q
, LOG_ERR
, "failed to read %s `%s': %s",
340 pf
->what
, pf
->name
, strerror(errno
));
352 void close_policy_file(struct policy_file
*pf
)
358 int load_policy_file(const char *file
, policy_v
*pv
)
360 struct policy_file pf
;
361 policy_v v
= DA_INIT
;
363 if (open_policy_file(&pf
, file
, "policy file", 0))
365 while (!read_policy_file(&pf
)) {
369 close_policy_file(&pf
);
380 /*----- That's all, folks -------------------------------------------------*/