2 * userv service (or standalone program) for per-user IP subranges.
4 * When invoked appropriately, it creates a point-to-point network
5 * interface with specified parameters. It arranges for packets sent out
6 * via that interface by the kernel to appear on its own stdout in SLIP or
7 * CSLIP encoding, and packets injected into its own stdin to be given to
8 * the kernel as if received on that interface. Optionally, additional
9 * routes can be set up to arrange for traffic for other address ranges to
10 * be routed through the new interface.
12 * This is the service program, which is invoked as root from userv (or may
13 * be invoked firectly).
15 * Its arguments are supposed to be, in order, as follows:
17 * The first two arguments are usually supplied by the userv
18 * configuration. See the file `ipif/ipif' in the source tree, which
19 * is installed in /etc/userv/services.d/ipif by `make install':
23 * Specifies address ranges and gids which own them. The default
24 * configuration supplies /etc/userv/ipif-networks, which is then read
25 * for a list of entries, one per line.
28 * Serves to separate the user-supplied and therefore untrusted
29 * arguments from the trusted first argument.
31 * The remaining arguments are supplied by the (untrusted) caller:
33 * <local-addr>,<peer-addr>,<mtu>,<proto>
35 * As for slattach. Supported protocols are slip, cslip, and
36 * adaptive. Alternatively, set to `debug' to print debugging info
37 * and exit. <local-addr> is address of the interface to be created
38 * on the local system; <peer-addr> is the address of the
39 * point-to-point peer. They must be actual addresses (not
42 * <prefix>/<mask>,<prefix>/<mask>,...
44 * List of additional routes to add for this interface. routes will
45 * be set up on the local system arranging for packets for those
46 * networks to be sent via the created interface. <prefix> must be an
47 * IPv4 address, and mask must be an integer (dotted-quad masks are
48 * not supported). If no additional routes are to be set up, use `-'
49 * or supply an empty argument.
51 * Each <config> item - whether a line file such as
52 * /etc/userv/ipif-networks, or supplied on the service program
53 * command line - is one of:
56 * ./<config-file-name>
57 * ../<config-file-name>
59 * Reads a file which contains lines which are each <config>
62 * <gid>,[=][-|+]<prefix>/<len>(-|+<prefix>/<len>...)[,<junk>]
64 * Indicates that <gid> may allocate addresses in the relevant address
65 * range (<junk> is ignored). <gid> must be numeric. To specify a
66 * single host address, you must specify a mask of /32. If `=' is
67 * specified then the specific subrange is only allowed for the local
68 * endpoint address, but not for remote addresses.
70 * More than one range may be given, with each range prefixed
71 * by + or -. In this case each address range in the rule will
72 * scanned in order, and the first range in the rule that matches
73 * any desired rule will count: if that first matching range is
74 * prefixed by `+' (or nothing) then the rule applies, if it
75 * is prefixed by `-' (or nothing matches), the rule does not.
78 * Means that anything is to be permitted. This should not appear in
79 * /etc/userv/ipif-networks, as that would permit any user on the
80 * system to create any interfaces with any addresses and routes
81 * attached. It is provided so that root can usefully invoke the ipif
82 * service program directly (not via userv), without needing to set up
83 * permissions in /etc/userv/ipif-networks.
87 * Comment. Blank lines are also ignored.
89 * NB: Permission is granted if _any_ config entry matches the request.
91 * The service program should be run from userv with no-disconnect-hup.
94 * Copyright (C) 1999-2000 Ian Jackson
96 * This is free software; you can redistribute it and/or modify it
97 * under the terms of the GNU General Public License as published by
98 * the Free Software Foundation; either version 2 of the License, or
99 * (at your option) any later version.
101 * This program is distributed in the hope that it will be useful, but
102 * WITHOUT ANY WARRANTY; without even the implied warranty of
103 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
104 * General Public License for more details.
106 * You should have received a copy of the GNU General Public License
107 * along with userv-utils; if not, write to the Free Software
108 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
124 #include <sys/types.h>
125 #include <sys/wait.h>
126 #include <sys/stat.h>
129 #define MAXEXROUTES 50
132 static const unsigned long gidmaxval= (unsigned long)((gid_t)-2);
133 static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };
134 static const int signals[]= { SIGHUP, SIGINT, SIGTERM, 0 };
136 static const char *configstr, *proto;
137 static unsigned long localaddr, peeraddr, mtu;
138 static int localpming, peerpming;
139 static int localallow, peerallow, allallow;
140 static int nexroutes;
141 static struct exroute {
142 unsigned long prefix, mask;
144 char prefixtxt[ATXTLEN], masktxt[ATXTLEN];
145 } exroutes[MAXEXROUTES];
147 static char localtxt[ATXTLEN];
148 static char peertxt[ATXTLEN];
150 static struct pplace {
151 struct pplace *parent;
152 const char *filename;
157 static int slpipe[2], ptmaster, undoslattach;
158 static const char *ifname;
159 static const char *ptyname;
164 struct { pid_t sl, cout, cin, task; } byname;
165 pid_t bynumber[NPIDS];
167 sigset_t emptyset, fullset;
170 static int cleantask(void) {
175 if (pid == (pid_t)-1)
176 perror("userv-ipif: fork for undo slattach failed - cannot clean up properly");
180 static void terminate(int estatus) {
184 for (i=0; i<NPIDS; i++)
185 if (pids.bynumber[i]) kill(pids.bynumber[i], SIGTERM);
189 execlp("slattach", "slattach", "-p", "tty", ptyname, (char*)0);
190 perror("userv-ipif: exec slattach for undo slattach failed");
193 if (ifname && cleantask()) {
194 execlp("ifconfig", "ifconfig", ifname, "down", (char*)0);
195 perror("userv-ipif: exec ifconfig for undo ifconfig failed");
201 pid= waitpid(-1,&status,0);
202 if (pid == (pid_t)-1) break;
208 static void fatal(const char *fmt, ...)
209 __attribute__((format(printf,1,2)));
210 static void fatal(const char *fmt, ...) {
214 fputs("userv-ipif service: fatal error: ",stderr);
215 vfprintf(stderr, fmt, al);
220 static void sysfatal(const char *fmt, ...)
221 __attribute__((format(printf,1,2)));
222 static void sysfatal(const char *fmt, ...) {
229 fputs("userv-ipif service: fatal system error: ",stderr);
230 vfprintf(stderr, fmt, al);
231 fprintf(stderr,": %s\n", strerror(e));
236 static void badusage(const char *fmt, ...)
237 __attribute__((format(printf,1,2)));
238 static void badusage(const char *fmt, ...) {
244 "userv-ipif service: %s:%d: ",
245 cpplace->filename, cpplace->lineno);
247 fputs("userv-ipif service: invalid usage: ",stderr);
250 vfprintf(stderr, fmt, al);
254 for (cpp=cpplace->parent; cpp; cpp=cpp->parent) {
256 "userv-ipif service: %s:%d: ... in file included from here\n",
257 cpp->filename, cpp->lineno);
263 static char *ip2txt(unsigned long addr, char *buf) {
264 sprintf(buf, "%lu.%lu.%lu.%lu",
272 static unsigned long eat_number(const char **argp, const char *what,
273 unsigned long min, unsigned long max,
274 const char *endchars, int *endchar_r) {
275 /* If !endchars then the endchar must be a nul, otherwise it may be
276 * a nul (resulting in *argp set to 0) or something else (*argp set
277 * to point to after delim, *endchar_r set to delim).
278 * *endchar_r may be 0.
284 if (!*argp) { badusage("missing number %s",what); }
285 rv= strtoul(*argp,&ep,0);
286 if ((endchar= *ep)) {
287 if (!endchars) badusage("junk after number %s",what);
288 if (!strchr(endchars,endchar))
289 badusage("invalid character or delimiter `%c' in or after number, %s:"
290 " expected %s (or none?)", endchar,what,endchars);
295 if (endchar_r) *endchar_r= endchar;
296 if (rv < min || rv > max) badusage("number %s value %lu out of range %lu..%lu",
301 static int addrnet_overlap(unsigned long p1, unsigned long m1,
302 unsigned long p2, unsigned long m2) {
306 return (p1 & mask) == (p2 & mask);
309 static void addrnet_mustdiffer(const char *w1, unsigned long p1, unsigned long m1,
310 const char *w2, unsigned long p2, unsigned long m2) {
311 if (!addrnet_overlap(p1,m1,p2,m2)) return;
312 badusage("%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
316 static unsigned long eat_addr(const char **argp, const char *what,
317 const char *endchars, int *endchar_r) {
326 sprintf(whatbuf,"%s byte #%d",what,i);
327 rv |= eat_number(argp,whatbuf, 0,255, i<3 ? "." : endchars, endchar_r);
333 static void eat_prefixmask(const char **argp, const char *what,
334 const char *endchars, int *endchar_r,
335 unsigned long *prefix_r, unsigned long *mask_r, int *len_r) {
336 /* mask_r and len_r may be 0 */
339 unsigned long prefix, mask;
341 prefix= eat_addr(argp,what, "/",0);
342 sprintf(whatbuf,"%s length",what);
343 len= eat_number(argp,whatbuf, 0,32, endchars,endchar_r);
345 mask= len ? (~0UL << (32-len)) : 0UL;
346 if (prefix & ~mask) badusage("%s prefix %08lx not fully contained in mask %08lx",
349 if (mask_r) *mask_r= mask;
350 if (len_r) *len_r= len;
353 static int addrnet_isin(unsigned long prefix, unsigned long mask,
354 unsigned long mprefix, unsigned long mmask) {
355 return !(~mask & mmask) && (prefix & mmask) == mprefix;
358 /* Totally hideous algorithm for parsing the config file lines.
359 * For each config file line, we first see if its gid applies. If not
360 * we skip it. Otherwise, we do
362 * which sets <foo>pming to 1
363 * for each range. <foo>pming may be 0 if we've determined that
364 * this line does not apply to <foo>.
366 * which calls permit_range_thing for each <foo>
367 * which checks to see if <foo> is inside the relevant
368 * range (for +) or overlaps it (for -) and updates
369 * <foo>allow and <foo>pming.
372 static void permit_begin(void) {
375 localpming= peerpming= 1;
376 for (i=0; i<nexroutes; i++) exroutes[i].pming= 1;
379 static void permit_range_thing(unsigned long tprefix, unsigned long tmask,
380 const char *what, int *tallow, int *tpming,
381 unsigned long pprefix, unsigned long pmask,
382 int plus, int *any) {
384 if (!addrnet_isin(tprefix,tmask, pprefix,pmask)) return;
385 if (*tpming) *tallow= 1;
387 if (!addrnet_overlap(tprefix,tmask, pprefix,pmask)) return;
390 if (!proto) printf(" %c%s", plus?'+':'-', what);
394 static void permit_range(unsigned long prefix, unsigned long mask,
395 int plus, int localonly) {
399 assert(!(prefix & ~mask));
402 permit_range_thing(localaddr,~0UL,"local", &localallow,&localpming,
403 prefix,mask, plus,&any);
406 permit_range_thing(peeraddr,~0UL, "peer-addr", &peerallow,&peerpming,
407 prefix,mask, plus,&any);
408 for (i=0; i<nexroutes; i++) {
409 sprintf(idbuf,"route#%d",i);
410 permit_range_thing(exroutes[i].prefix,exroutes[i].mask, idbuf,
411 &exroutes[i].allow,&exroutes[i].pming,
412 prefix,mask, plus,&any);
416 if (!any) fputs(" nothing",stdout);
419 static void pconfig(const char *configstr, int truncated);
421 static void pfile(const char *filename) {
425 struct pplace npp, *cpp;
427 for (cpp=cpplace; cpp; cpp=cpp->parent) {
428 if (!strcmp(cpp->filename,filename))
429 badusage("recursive configuration file `%s'",filename);
432 file= fopen(filename,"r");
434 badusage("cannot open configuration file `%s': %s", filename, strerror(errno));
436 if (!proto) printf("config file `%s':\n",filename);
439 npp.filename= filename;
443 while (fgets(buf, sizeof(buf), file)) {
448 truncated= (buf[l-1] != '\n');
449 while (l>0 && isspace((unsigned char) buf[l-1])) l--;
454 while ((c= getc(file)) != EOF && c != '\n');
458 pconfig(buf,truncated);
461 badusage("failed while reading configuration file: %s", strerror(errno));
466 static void pconfig(const char *configstr, int truncated) {
467 unsigned long fgid, tgid, pprefix, pmask;
468 int plen, localonly, plus, rangeix, delim;
473 switch (configstr[0]) {
476 permit_range(0UL,0UL,1,0);
483 if (truncated) badusage("filename too long (`%.100s...')",configstr);
488 if (!isdigit((unsigned char)configstr[0]))
489 badusage("unknown configuration directive");
491 fgid= eat_number(&configstr,"gid", 0,gidmaxval, ",",0);
493 if (!proto) printf(" %5lu", fgid);
495 gidlist= getenv("USERV_GID");
496 if (!gidlist) fatal("USERV_GID not set");
499 if (!proto) printf(" no matching gid\n");
502 tgid= eat_number(&gidlist,"userv-gid", 0,gidmaxval, " ",0);
503 if (tgid == fgid) break;
506 if (configstr[0] == '=') {
517 switch (configstr[0]) {
518 case '-': plus= 0; /* fall through */
519 case '+': configstr++;
524 sprintf(whattxt, "%s-prefix#%d",
525 plus ? "permitted" : "notpermitted",
527 eat_prefixmask(&configstr,whattxt, ",+-",&delim,
528 &pprefix,&pmask,&plen);
529 if (!configstr && truncated)
530 badusage("gid,prefix/len,... spec too long");
533 printf(" %c%s/%d:", plus?'+':'-',ip2txt(pprefix,ptxt), plen);
535 permit_range(pprefix,pmask,plus,localonly);
536 if (delim==',') break;
538 plus= delim=='-' ? 0 : 1;
547 static void checkallow(int allow, const char *what,
548 const char *prefixtxt, const char *masktxt) {
550 fprintf(stderr,"userv-ipif service: access denied for %s, %s/%s\n",
551 what, prefixtxt, masktxt);
555 static void parseargs(int argc, const char *const *argv) {
556 unsigned long routeaddr, routemask;
558 const char *const *cprotop;
560 char erwhatbuf[100], erwhatbuf2[100];
562 if (argc < NARGS+1) { badusage("too few arguments"); }
563 if (argc > NARGS+1) { badusage("too many arguments"); }
568 if (strcmp(carg,"--")) badusage("separator argument `--' not found, got `%s'",carg);
571 localaddr= eat_addr(&carg,"local-addr", ",",0);
572 peeraddr= eat_addr(&carg,"peer-addr", ",",0);
573 mtu= eat_number(&carg,"mtu", 576,65536, ",",0);
574 localallow= peerallow= 0;
576 if (!strcmp(carg,"debug")) {
579 for (cprotop= protos_ok;
580 (proto= *cprotop) && strcmp(proto,carg);
582 if (!proto) fatal("invalid protocol");
585 addrnet_mustdiffer("local-addr",localaddr,~0UL, "peer-addr",peeraddr,~0UL);
588 if (strcmp(carg,"-")) {
592 if (nexroutes == MAXEXROUTES)
593 fatal("too many extra routes (only %d allowed)",MAXEXROUTES);
594 sprintf(erwhatbuf,"route#%d",nexroutes);
596 eat_prefixmask(&carg,erwhatbuf, ",",0, &routeaddr,&routemask,0);
597 if (routemask == ~0UL) {
598 addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
599 addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
601 for (i=0; i<nexroutes; i++) {
602 sprintf(erwhatbuf2,"route#%d",i);
603 addrnet_mustdiffer(erwhatbuf,routeaddr,routemask,
604 erwhatbuf2,exroutes[i].prefix,exroutes[i].mask);
606 exroutes[nexroutes].prefix= routeaddr;
607 exroutes[nexroutes].mask= routemask;
608 exroutes[nexroutes].allow= 0;
609 ip2txt(routeaddr,exroutes[nexroutes].prefixtxt);
610 ip2txt(routemask,exroutes[nexroutes].masktxt);
614 ip2txt(localaddr,localtxt);
615 ip2txt(peeraddr,peertxt);
618 static void checkpermit(void) {
623 checkallow(localallow,"local-addr", localtxt,"32");
624 checkallow(peerallow,"peer-addr", peertxt,"32");
625 for (i=0; i<nexroutes; i++) {
626 sprintf(erwhatbuf, "route#%d", i);
627 checkallow(exroutes[i].allow, erwhatbuf, exroutes[i].prefixtxt, exroutes[i].masktxt);
629 if (!allallow) fatal("access denied");
632 static void dumpdebug(void) __attribute__((noreturn));
633 static void dumpdebug(void) {
637 printf("protocol: debug\n"
638 "local: %08lx == %s\n"
639 "peer: %08lx == %s\n"
646 for (i=0; i<nexroutes; i++) {
647 sprintf(erwhatbuf, "route#%d:", i);
648 printf("%-9s %08lx/%08lx == %s/%s\n",
650 exroutes[i].prefix, exroutes[i].mask,
651 exroutes[i].prefixtxt, exroutes[i].masktxt);
653 if (ferror(stdout) || fclose(stdout)) sysfatal("flush stdout");
658 static void setsigmask(const sigset_t *ss) {
661 r= sigprocmask(SIG_SETMASK, ss, 0);
662 if (r) sysfatal("[un]block signals");
665 static void setsignals(void (*handler)(int), struct sigaction *sa, int chldflags) {
669 sa->sa_handler= handler;
671 for (signalp=signals; (sig=*signalp); signalp++) {
672 r= sigaction(sig, sa, 0); if (r) sysfatal("uncatch signal");
674 sa->sa_flags= chldflags;
675 r= sigaction(SIGCHLD, sa, 0); if (r) sysfatal("uncatch children");
678 static void infork(void) {
681 memset(&pids,0,sizeof(pids));
682 sigemptyset(&sa.sa_mask);
683 setsignals(SIG_DFL,&sa,0);
684 setsigmask(&emptyset);
688 static pid_t makesubproc(void (*entry)(void)) {
691 pid= fork(); if (pid == (pid_t)-1) sysfatal("fork for subprocess");
699 static int task(void) {
703 if (pid == (pid_t)-1) sysfatal("fork for task");
704 if (!pid) { infork(); return 1; }
706 pids.byname.task= pid;
707 while (pids.byname.task) sigsuspend(&emptyset);
711 static void mdup2(int fd1, int fd2, const char *what) {
715 r= dup2(fd1,fd2); if (r==fd2) return;
716 if (r!=-1) fatal("dup2 in %s gave wrong answer %d instead of %d",what,r,fd2);
717 if (errno != EINTR) sysfatal("dup2 failed in %s",what);
721 static void sl_entry(void) {
722 mdup2(slpipe[1],1,"slattach child");
723 execlp("slattach", "slattach", "-v", "-L", "-p",proto, ptyname, (char*)0);
724 sysfatal("cannot exec slattach");
727 static void cin_entry(void) {
728 mdup2(ptmaster,1,"cat input child");
729 execlp("cat", "cat", (char*)0);
730 sysfatal("cannot exec cat input");
733 static void cout_entry(void) {
734 mdup2(ptmaster,0,"cat output child");
735 execlp("cat", "cat", (char*)0);
736 sysfatal("cannot exec cat output");
739 static void sighandler(int signum) {
742 const char *taskfail;
746 if (signum == SIGCHLD) {
748 pid= waitpid(-1,&status,WNOHANG);
749 if (!pid || pid == (pid_t)-1) return;
751 if (pid == pids.byname.task) {
755 } else if (pid == pids.byname.cin) {
758 taskfail= "input cat";
763 } else if (pid == pids.byname.cout) {
765 taskfail= "output cat";
766 } else if (pid == pids.byname.sl) {
768 taskfail= "slattach";
775 if (WIFEXITED(status)) {
777 "userv-ipif service: %s unexpectedly exited with exit status %d\n",
778 taskfail, WEXITSTATUS(status));
779 } else if (WIFSIGNALED(status)) {
781 "userv-ipif service: %s unexpectedly killed by signal %s%s\n",
782 taskfail, strsignal(WTERMSIG(status)),
783 WCOREDUMP(status) ? " (core dumped)" : "");
785 fprintf(stderr, "userv-ipif service: %s unexpectedly terminated"
786 " with unknown status code %d\n", taskfail, status);
791 "userv-ipif service: received signal %d, terminating\n",
798 static void startup(void) {
802 sigfillset(&fullset);
803 sigemptyset(&emptyset);
805 ptmaster= getpt(); if (ptmaster==-1) sysfatal("allocate pty master");
806 r= grantpt(ptmaster); if (r) sysfatal("grab/grant pty slave");
807 ptyname= ptsname(ptmaster); if (!ptyname) sysfatal("get pty slave name");
808 r= chmod(ptyname,0600); if (r) sysfatal("chmod pty slave");
809 r= unlockpt(ptmaster); if (r) sysfatal("unlock pty");
811 sigfillset(&sa.sa_mask);
812 setsignals(sighandler,&sa,SA_NOCLDSTOP);
813 setsigmask(&fullset);
816 static void startslattach(void) {
817 static char ifnbuf[200];
822 r= pipe(slpipe); if (r) sysfatal("create pipe");
823 piper= fdopen(slpipe[0],"r"); if (!piper) sysfatal("fdopen pipe");
826 pids.byname.sl= makesubproc(sl_entry);
829 setsigmask(&emptyset);
830 if (!fgets(ifnbuf,sizeof(ifnbuf),piper)) {
831 if (ferror(piper)) sysfatal("cannot read ifname from slattach");
832 else fatal("cannot read ifname from slattach");
834 setsigmask(&fullset);
836 if (l<=0 || ifnbuf[l-1] != '\n') fatal("slattach gave strange output `%s'",ifnbuf);
838 for (k=l; k>0 && ifnbuf[k-1]!=' '; k--);
842 static void netconfigure(void) {
847 sprintf(mtutxt,"%lu",mtu);
849 execlp("ifconfig", "ifconfig", ifname, localtxt,
850 "netmask","255.255.255.255", "-broadcast", "pointopoint",peertxt,
851 "mtu",mtutxt, "up", (char*)0);
852 sysfatal("cannot exec ifconfig");
855 for (i=0; i<nexroutes; i++) {
857 execlp("route","route", "add", "-net",exroutes[i].prefixtxt,
858 "netmask",exroutes[i].masktxt,
859 "gw",peertxt, "dev",ifname, (char*)0);
860 sysfatal("cannot exec route (for route)");
865 static void copydata(void) __attribute__((noreturn));
866 static void copydata(void) {
869 pids.byname.cin= makesubproc(cin_entry);
871 r= write(1, "\300", 1); if (r==1) break;
872 assert(r==-1); if (errno != EINTR) sysfatal("send initial delim to confirm");
874 pids.byname.cout= makesubproc(cout_entry);
876 for (;;) sigsuspend(&emptyset);
879 int main(int argc, const char *const *argv) {
880 parseargs(argc,argv);
881 pconfig(configstr,0);
883 if (!proto) dumpdebug();
~ian / userv-utils.git / blob