[userv-utils.git] / ipif / service.c

/*
 * userv service (or standalone program)
 * for per-user IP subranges.
 *
 * This is invoked as root, directly from userv.
 * Its arguments are supposed to be, in order:
 *  <config>
 *      Specifies address ranges and gids which own them.
 *  --  Indicates that the remaining arguments are user-supplied
 *      and therefore untrusted.
 *  <local-addr>,<peer-addr>,<mtu>,<proto>
 *      As for slattach.  Supported protocols are slip, cslip, and
 *      adaptive.  Alternatively, set to `debug' to print debugging
 *      info.  <local-addr> is address of the interface on chiark;
 *      <peer-addr> is the address of the point-to-point peer.
 *  <prefix>/<mask>,<prefix>/<mask>,...
 *      List of additional routes to add for this interface.
 *      May be the empty argument.
 *
 * <config> is either
 *    <gid>,<prefix>/<len>[,<junk>]
 *      indicating that that gid may allocate addresses in
 *      the relevant subspace (<junk> is ignored)
 * or #...
 *      which is a comment
 * or /<config-file-name> or ./<config-file-name> or ../<config-file-name>
 *      which refers to a file which contains lines which
 *      are each <config>
 * or *
 *      which means that anything is permitted
 * 
 * Should be run from userv with no-disconnect-hup.
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <errno.h>
#include <stdarg.h>
#include <ctype.h>
#include <limits.h>

#define NARGS 4
#define MAXEXROUTES 5
#define ATXTLEN 12

static const unsigned long gidmaxval= (unsigned long)((gid_t)-2);
static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };

static const char *configstr, *proto;
static unsigned long localaddr, peeraddr, mtu;
static int localallow, peerallow, allallow;
static int nexroutes;
static struct exroute {
  unsigned long prefix, mask;
  int allow;
  char prefixtxt[ATXTLEN], masktxt[ATXTLEN];
} exroutes[MAXEXROUTES];

static char localtxt[ATXTLEN];
static char peertxt[ATXTLEN];

static struct pplace {
  struct pplace *parent;
  const char *filename;
  int lineno;
} *cpplace;

static void fatal(const char *fmt, ...)
     __attribute__((format(printf,1,2)));
static void fatal(const char *fmt, ...) {
  va_list al;
  va_start(al,fmt);

  fputs("userv-ipif service: fatal error: ",stderr);
  vfprintf(stderr, fmt, al);
  putc('\n',stderr);
  exit(8);
}
  
static void sysfatal(const char *fmt, ...)
     __attribute__((format(printf,1,2)));
static void sysfatal(const char *fmt, ...) {
  va_list al;
  int e;

  e= errno;
  va_start(al,fmt);

  fputs("userv-ipif service: fatal system error",stderr);
  vfprintf(stderr, fmt, al);
  fprintf(stderr,"%s\n", strerror(e));
  exit(12);
}


static void badusage(const char *fmt, ...)
     __attribute__((format(printf,1,2)));
static void badusage(const char *fmt, ...) {
  va_list al;
  struct pplace *cpp;
  
  if (cpplace) {
    fprintf(stderr,
            "userv-ipif service: %s:%d: ",
            cpplace->filename, cpplace->lineno);
  } else {
    fputs("userv-ipif service: invalid usage: ",stderr);
  }
  va_start(al,fmt);
  vfprintf(stderr, fmt, al);
  putc('\n',stderr);

  if (cpplace) {
    for (cpp=cpplace->parent; cpp; cpp=cpp->parent) {
      fprintf(stderr,
              "userv-ipif service: %s:%d: ... in file included from here\n",
              cpp->filename, cpp->lineno);
    }
  }
  exit(16);
}

static char *ip2txt(unsigned long addr, char *buf) {
  sprintf(buf, "%lu.%lu.%lu.%lu",
          (addr>>24) & 0x0ff,
          (addr>>16) & 0x0ff,
          (addr>>8) & 0x0ff,
          (addr) & 0x0ff);
  return buf;
}

static unsigned long eat_number(const char **argp, const char *what,
                                unsigned long min, unsigned long max,
                                const char *endchars, int *endchar_r) {
  /* If !endchars then the endchar must be a nul, otherwise it may be
   * a nul (resulting in *argp set to 0) or something else (*argp set
   * to point to after delim, *endchar_r set to delim).
   * *endchar_r may be 0.
   */
  unsigned long rv;
  char *ep;
  int endchar;

  if (!*argp) { badusage("missing number %s\n",what); }
  rv= strtoul(*argp,&ep,0);
  if ((endchar= *ep)) {
    if (!endchars) badusage("junk after number %s\n",what);
    if (!strchr(endchars,endchar))
      badusage("invalid character or delimiter `%c' in or after number, %s:"
               " expected %s (or none?)\n", endchar,what,endchars);
    *argp= ep+1;
  } else {
    *argp= 0;
  }
  if (endchar_r) *endchar_r= endchar;
  if (rv < min || rv > max) badusage("number %s value %lu out of range %lu..%lu",
                                     what, rv, min, max);
  return rv;
}

static void addrnet_mustdiffer(const char *w1, unsigned long p1, unsigned long m1,
                               const char *w2, unsigned long p2, unsigned long m2) {
  unsigned long mask;

  mask= m1&m2;
  if ((p1 & mask) != (p2 & mask)) return;
  badusage("%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
           w1,p1,m1, w2,p2,m2);
}
  
static unsigned long eat_addr(const char **argp, const char *what,
                              const char *endchars, int *endchar_r) {
  char whatbuf[100];
  unsigned long rv;
  int i;

  for (rv=0, i=0;
       i<4;
       i++) {
    rv <<= 8;
    sprintf(whatbuf,"%s byte #%d",what,i);
    rv |= eat_number(argp,whatbuf, 0,255, i<3 ? "." : endchars, endchar_r);
  }

  return rv;
}

static void eat_prefixmask(const char **argp, const char *what,
                           const char *endchars, int *endchar_r,
                           unsigned long *prefix_r, unsigned long *mask_r, int *len_r) {
  /* mask_r and len_r may be 0 */
  char whatbuf[100];
  int len;
  unsigned long prefix, mask;

  prefix= eat_addr(argp,what, "/",0);
  sprintf(whatbuf,"%s length",what);
  len= eat_number(argp,whatbuf, 0,32, endchars,endchar_r);

  mask= (~0UL << (32-len));
  if (prefix & ~mask) badusage("%s prefix %08lx not fully contained in mask %08lx\n",
                               what,prefix,mask);
  *prefix_r= prefix;
  if (mask_r) *mask_r= mask;
  if (len_r) *len_r= len;
}

static int addrnet_isin(unsigned long prefix, unsigned long mask,
                        unsigned long mprefix, unsigned long mmask) {
  return  !(~mask & mmask)  &&  (prefix & mmask) == mprefix;
}
  

static void permit(unsigned long pprefix, unsigned long pmask) {
  int i, any;
  
  assert(!(pprefix & ~pmask));

  if (!proto) fputs("permits",stdout);
  if (addrnet_isin(localaddr,~0UL, pprefix,pmask)) {
    if (!proto) fputs(" local-addr",stdout);
    any= localallow= 1;
  }
  if (addrnet_isin(peeraddr,~0UL, pprefix,pmask)) {
    if (!proto) fputs(" peer-addr",stdout);
    any= peerallow= 1;
  }
  for (i=0; i<nexroutes; i++) {
    if (addrnet_isin(exroutes[i].prefix,exroutes[i].mask, pprefix,pmask)) {
      if (!proto) printf(" route#%d",i);
      any= exroutes[i].allow= 1;
    }
  }
  if (!proto) {
    if (!any) fputs(" nothing!",stderr);
    putchar('\n');
  }
}

static void pconfig(const char *configstr, int truncated);

static void pfile(const char *filename) {
  FILE *file;
  char buf[PATH_MAX];
  int l, truncated, c;
  struct pplace npp, *cpp;

  for (cpp=cpplace; cpp; cpp=cpp->parent) {
    if (!strcmp(cpp->filename,filename))
      badusage("recursive configuration file `%s'",filename);
  }

  file= fopen(filename,"r");
  if (!file)
    badusage("cannot open configuration file `%s': %s", filename, strerror(errno));

  if (!proto) printf("config file `%s':\n",filename);

  npp.parent= cpplace;
  npp.filename= filename;
  npp.lineno= 0;
  cpplace= &npp;

  while (fgets(buf, sizeof(buf), file)) {
    npp.lineno++;
    l= strlen(buf);
    if (!l) continue;

    truncated= (buf[l-1] != '\n');
    while (l>0 && isspace((unsigned char) buf[l-1])) l--;
    if (!l) continue;
    buf[l]= 0;

    if (truncated) {
      while ((c= getc(file)) != EOF && c != '\n');
      if (c == EOF) break;
    }

    pconfig(buf,truncated);
  }
  if (ferror(file))
    badusage("failed while reading configuration file: %s", strerror(errno));

  cpplace= npp.parent;
}

static void pconfig(const char *configstr, int truncated) {
  unsigned long fgid, tgid, pprefix, pmask;
  int plen;
  char ptxt[ATXTLEN];
  const char *gidlist;
  
  switch (configstr[0]) {
  case '*':
    if (strcmp(configstr,"*")) badusage("`*' directive must be only thing on line");
    permit(0UL,0UL);
    return;
    
  case '#':
    return;
    
  case '/': case '.':
    if (truncated) badusage("filename too long (`%.100s...')",configstr);
    pfile(configstr);
    return;
    
  default:
    if (!isdigit((unsigned char)configstr[0]))
      badusage("unknown configuration directive");
    
    fgid= eat_number(&configstr,"gid", 0,gidmaxval, ",",0);
    eat_prefixmask(&configstr,"permitted-prefix", ",",0, &pprefix,&pmask,&plen);
    if (!configstr && truncated) badusage("gid,prefix/len,... spec too long");

    if (!proto) printf(" %5lu,%s/%d: ", fgid, ip2txt(pprefix,ptxt), plen);

    gidlist= getenv("USERV_GID");
    if (!gidlist) fatal("USERV_GID not set");
    for (;;) {
      if (!gidlist) {
        if (!proto) printf("no matching gid\n");
        return;
      }
      tgid= eat_number(&gidlist,"userv-gid", 0,gidmaxval, " ",0);
      if (tgid == fgid) break;
    }
    permit(pprefix,pmask);
    return;
  }
}

static void checkallow(int allow, const char *what,
                       const char *prefixtxt, const char *masktxt) {
  if (allow) return;
  fprintf(stderr,"userv-ipif service: access denied for %s, %s/%s\n",
          what, prefixtxt, masktxt);
  allallow= 0;
}

static void parseargs(int argc, const char *const *argv) {
  unsigned long routeaddr, routemask;
  const char *carg;
  const char *const *cprotop;
  int i;
  char erwhatbuf[100], erwhatbuf2[100];
  
  if (argc < NARGS+1) { badusage("too few arguments"); }
  if (argc > NARGS+1) { badusage("too many arguments"); }

  configstr= *++argv;
  
  carg= *++argv;
  if (strcmp(carg,"--")) badusage("separator argument `--' not found, got `%s'",carg);

  carg= *++argv;
  localaddr= eat_addr(&carg,"local-addr", ",",0);
  peeraddr= eat_addr(&carg,"peer-addr", ",",0);
  mtu= eat_number(&carg,"mtu", 576,65536, ",",0);
  localallow= peerallow= 0;
  
  if (!strcmp(carg,"debug")) {
    proto= 0;
  } else {
    for (cprotop= protos_ok;
         (proto= *cprotop) && strcmp(proto,carg);
         cprotop++);
    if (!proto) fatal("invalid protocol");
  }
  
  addrnet_mustdiffer("local-addr",localaddr,~0UL, "peer-addr",peeraddr,~0UL);
  
  carg= *++argv;
  for (nexroutes=0;
       carg;
       nexroutes++) {
    if (nexroutes == MAXEXROUTES)
      fatal("too many extra routes (only %d allowed)",MAXEXROUTES);
    sprintf(erwhatbuf,"route#%d",nexroutes);
    
    eat_prefixmask(&carg,erwhatbuf, ",",0, &routeaddr,&routemask,0);
    if (routemask == ~0UL) {
      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
    }
    for (i=0; i<nexroutes; i++) {
      sprintf(erwhatbuf2,"route#%d",i);
      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask,
                         erwhatbuf2,exroutes[i].prefix,exroutes[i].mask);
    }
    exroutes[nexroutes].prefix= routeaddr;
    exroutes[nexroutes].mask= routemask;
    exroutes[nexroutes].allow= 0;
    ip2txt(routeaddr,exroutes[nexroutes].prefixtxt);
    ip2txt(routemask,exroutes[nexroutes].masktxt);
  }
  ip2txt(localaddr,localtxt);
  ip2txt(peeraddr,peertxt);
}

static void checkpermit(void) {
  int i;
  char erwhatbuf[100];
  
  allallow= 1;
  checkallow(localallow,"local-addr", localtxt,"32");
  checkallow(peerallow,"peer-addr", peertxt,"32");
  for (i=0; i<nexroutes; i++) {
    sprintf(erwhatbuf, "route#%d", i);
    checkallow(exroutes[i].allow, erwhatbuf, exroutes[i].prefixtxt, exroutes[i].masktxt);
  }
  if (!allallow) fatal("access denied");
}

static void dumpdebug(void) __attribute__((noreturn));
static void dumpdebug(void) {
  int i;
  char erwhatbuf[100];
  
  printf("protocol: debug\n"
         "local:    %08lx == %s\n"
         "peer:     %08lx == %s\n"
         "mtu:      %ld\n"
         "routes:   %d\n",
         localaddr, localtxt,
         peeraddr, peertxt,
         mtu,
         nexroutes);
  for (i=0; i<nexroutes; i++) {
    sprintf(erwhatbuf, "route#%d:", i);
    printf("%-9s %08lx/%08lx == %s/%s\n",
           erwhatbuf,
           exroutes[i].prefix, exroutes[i].mask,
           exroutes[i].prefixtxt, exroutes[i].masktxt);
  }
  if (ferror(stdout) || fclose(stdout)) sysfatal("flush stdout");
  exit(0);
}

int main(int argc, const char *const *argv) {
  parseargs(argc,argv);
  pconfig(configstr,0);
  checkpermit();
  if (!proto) dumpdebug();

  abort();
}