X-Git-Url: https://git.distorted.org.uk/~mdw/yaid/blobdiff_plain/c039c9363c583e347cd269f6c741d302d416d1a6..HEAD:/yaid.h diff --git a/yaid.h b/yaid.h index 387f76e..eb874cb 100644 --- a/yaid.h +++ b/yaid.h @@ -43,29 +43,37 @@ #include #include #include +#include #include +#include #include #include +#include #include #include #include #include +#include #include #include #include +#include #include #include #include #include +#include +#include #include #include #include #include +#include /*----- Address family handling -------------------------------------------*/ @@ -188,12 +196,12 @@ extern void dputsock(dstr */*d*/, const struct addrops */*ao*/, enum { L, R, NDIR }; /* Response types, and the data needed to represent any associated data. A - * U(MEMB, TYPE) constructs a union member; an N means no associated data. + * U_(MEMB, TYPE) constructs a union member; an N_ means no associated data. */ #define RESPONSE(_) \ - _(ERROR, U(error, unsigned)) \ - _(UID, U(uid, uid_t)) \ - _(NAT, U(nat, struct socket)) + _(ERROR, U_(error, unsigned)) \ + _(UID, U_(uid, uid_t)) \ + _(NAT, U_(nat, struct socket)) enum { #define DEFENUM(what, branch) R_##what, @@ -227,11 +235,11 @@ struct query { unsigned resp; /* Our response type */ union { /* A union of response data */ #define DEFBRANCH(WHAT, branch) branch -#define U(memb, ty) ty memb; -#define N +#define U_(memb, ty) ty memb; +#define N_ RESPONSE(DEFBRANCH) -#undef U -#undef N +#undef U_ +#undef N_ #undef DEFBRANCH } u; } query; @@ -241,8 +249,11 @@ struct query { /* Format and log MSG somewhere sensible, at the syslog(3) priority PRIO. * Prefix it with a description of the query Q, if non-null. */ -extern void logmsg(const struct query */*q*/, - int /*prio*/, const char */*msg*/, ...); +extern void PRINTF_LIKE(3, 4) + logmsg(const struct query */*q*/, int /*prio*/, const char */*msg*/, ...); + +/* Format and report MSG as a fatal error, and exit. */ +extern void PRINTF_LIKE(1, 2) fatal(const char */*msg*/, ...); /*----- System-specific connection identification code --------------------*/ @@ -252,6 +263,12 @@ extern void logmsg(const struct query */*q*/, */ extern void identify(struct query */*q*/); +/* Fill the buffer at P with SZ random bytes. The buffer will be moderately + * large: this is intended to be a low-level interface, not a general-purpose + * utility. + */ +extern void fill_random(void */*p*/, size_t /*sz*/); + /* Initialize the system-specific code. */ extern void init_sys(void); @@ -323,8 +340,8 @@ extern int match_policy(const struct policy */*p*/, enum { T_OK, /* Successful: results returned */ T_EOL, /* End-of-line found immediately */ - T_EOF, /* End-of-file found immediately */ - T_ERROR /* Some kind of error occurred */ + T_ERROR, /* Some kind of error occurred */ + T_EOF /* End-of-file found immediately */ }; /* A context for parsing a policy file. */ @@ -340,9 +357,16 @@ struct policy_file { /* Open a policy file by NAME. The description WHAT and query Q are used for * formatting error messages for the log. + * + * This function is somewhat careful only to read from actual regular files, + * though (if the filesystem object identified by NAME is a symlink, say) it + * might open a device node or other exotic thing without reading it. This + * is likely harmless, since we're running as an unprivileged user anyway. */ extern int open_policy_file(struct policy_file */*pf*/, const char */*name*/, - const char */*what*/, const struct query */*q*/); + const char */*what*/, const struct query */*q*/, + unsigned /*f*/); +#define OPF_NOENTOK 1u /* Don't complain if file missing */ /* Read a policy rule from the file, storing it in PF->p. Return one of the * T_* codes.