From 1e9634732a90ffe9bf3aeff4be92b5baa402599f Mon Sep 17 00:00:00 2001
From: ian <ian>
Date: Sun, 19 Sep 1999 14:21:25 +0000
Subject: [PATCH] Argument parsing and configureation done and seems to work.

---
 ipif/service.c | 419 +++++++++++++++++++++++++++++++++----------------
 ipif/x.gdb     |   2 +-
 2 files changed, 288 insertions(+), 133 deletions(-)

diff --git a/ipif/service.c b/ipif/service.c
index c1c1f71..b770623 100644
--- a/ipif/service.c
+++ b/ipif/service.c
@@ -4,17 +4,8 @@
  *
  * This is invoked as root, directly from userv.
  * Its arguments are supposed to be, in order:
- *  <base-prefix>/<base-prefix-len>
- *      Specifies the base address and prefix to restrict the
- *      addresses used to.
- *  <gid-min>-<gid-max>:<gid-add>/<gid-mask>[,...]
- *      The ranges specified by <gid-min> are checked <gid-max> until
- *      one is found which matches at least one gid in USERV_GID.
- *      Then the gid will have <gid-add> added to it and will then be
- *      masked so that it is <gid-mask> long (higher set bits are
- *      discarded).  The result is added to the base prefix.  It is an
- *      error for no gid to match.  Alternatively, if this argument
- *      is `*' then USERV_GID is not checked.
+ *  <config>
+ *      Specifies address ranges and gids which own them.
  *  --  Indicates that the remaining arguments are user-supplied
  *      and therefore untrusted.
  *  <local-addr>,<peer-addr>,<mtu>,<proto>
@@ -26,6 +17,18 @@
  *      List of additional routes to add for this interface.
  *      May be the empty argument.
  *
+ * <config> is either
+ *    <gid>,<prefix>/<len>[,<junk>]
+ *      indicating that that gid may allocate addresses in
+ *      the relevant subspace (<junk> is ignored)
+ * or #...
+ *      which is a comment
+ * or /<config-file-name> or ./<config-file-name> or ../<config-file-name>
+ *      which refers to a file which contains lines which
+ *      are each <config>
+ * or *
+ *      which means that anything is permitted
+ * 
  * Should be run from userv with no-disconnect-hup.
  */
 
@@ -34,36 +37,88 @@
 #include <stdlib.h>
 #include <assert.h>
 #include <errno.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <limits.h>
 
-#define NARGS 5
+#define NARGS 4
 #define MAXEXROUTES 5
 #define ATXTLEN 12
 
-static const char *proto;
-static unsigned long baseprefix, basemask;
+static const unsigned long gidmaxval= (unsigned long)((gid_t)-2);
+static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };
+
+static const char *configstr, *proto;
 static unsigned long localaddr, peeraddr, mtu;
+static int localallow, peerallow, allallow;
 static int nexroutes;
 static struct exroute {
   unsigned long prefix, mask;
+  int allow;
   char prefixtxt[ATXTLEN], masktxt[ATXTLEN];
 } exroutes[MAXEXROUTES];
 
-char localtxt[ATXTLEN];
-char peertxt[ATXTLEN];
+static char localtxt[ATXTLEN];
+static char peertxt[ATXTLEN];
+
+static struct pplace {
+  struct pplace *parent;
+  const char *filename;
+  int lineno;
+} *cpplace;
+
+static void fatal(const char *fmt, ...)
+     __attribute__((format(printf,1,2)));
+static void fatal(const char *fmt, ...) {
+  va_list al;
+  va_start(al,fmt);
 
-static void fatal(const char *msg) {
-  fprintf(stderr,"userv-ipif: service: fatal error: %s\n",msg);
+  fputs("userv-ipif service: fatal error: ",stderr);
+  vfprintf(stderr, fmt, al);
+  putc('\n',stderr);
   exit(8);
 }
   
-static void sysfatal(const char *msg) {
-  fprintf(stderr,"userv-ipif: service: fatal system error: %s: %s\n",
-	  msg, strerror(errno));
+static void sysfatal(const char *fmt, ...)
+     __attribute__((format(printf,1,2)));
+static void sysfatal(const char *fmt, ...) {
+  va_list al;
+  int e;
+
+  e= errno;
+  va_start(al,fmt);
+
+  fputs("userv-ipif service: fatal system error",stderr);
+  vfprintf(stderr, fmt, al);
+  fprintf(stderr,"%s\n", strerror(e));
   exit(12);
 }
+
+
+static void badusage(const char *fmt, ...)
+     __attribute__((format(printf,1,2)));
+static void badusage(const char *fmt, ...) {
+  va_list al;
+  struct pplace *cpp;
   
-static void badusage(void) {
-  fputs("userv-ipif: service: bad usage or permission denied\n",stderr);
+  if (cpplace) {
+    fprintf(stderr,
+	    "userv-ipif service: %s:%d: ",
+	    cpplace->filename, cpplace->lineno);
+  } else {
+    fputs("userv-ipif service: invalid usage: ",stderr);
+  }
+  va_start(al,fmt);
+  vfprintf(stderr, fmt, al);
+  putc('\n',stderr);
+
+  if (cpplace) {
+    for (cpp=cpplace->parent; cpp; cpp=cpp->parent) {
+      fprintf(stderr,
+	      "userv-ipif service: %s:%d: ... in file included from here\n",
+	      cpp->filename, cpp->lineno);
+    }
+  }
   exit(16);
 }
 
@@ -88,57 +143,39 @@ static unsigned long eat_number(const char **argp, const char *what,
   char *ep;
   int endchar;
 
-  if (!*argp) { fprintf(stderr,"missing number %s\n",what); badusage(); }
+  if (!*argp) { badusage("missing number %s\n",what); }
   rv= strtoul(*argp,&ep,0);
   if ((endchar= *ep)) {
-    if (!endchars) { fprintf(stderr,"junk after number %s\n",what); badusage(); }
-    if (!strchr(endchars,endchar)) {
-      fprintf(stderr,"invalid delimiter %c after number %s: expected %s (or none?)\n",
-	      endchar,what,endchars);
-      badusage();
-    }
+    if (!endchars) badusage("junk after number %s\n",what);
+    if (!strchr(endchars,endchar))
+      badusage("invalid character or delimiter `%c' in or after number, %s:"
+	       " expected %s (or none?)\n", endchar,what,endchars);
     *argp= ep+1;
   } else {
     *argp= 0;
   }
   if (endchar_r) *endchar_r= endchar;
-  if (rv < min || rv > max) {
-    fprintf(stderr,"number %s value %lu out of range %lu..%lu",
-	    what, rv, min, max);
-    badusage();
-  }
+  if (rv < min || rv > max) badusage("number %s value %lu out of range %lu..%lu",
+				     what, rv, min, max);
   return rv;
 }
 
-static void addrnet_mustbein(const char *what,
-			     unsigned long prefix, unsigned long mask,
-			     unsigned long mprefix, unsigned long mmask) {
-  if (!(~mask & mmask) && (prefix & mmask) == mprefix) return;
-  fprintf(stderr, "%s %08lx/%08lx not in required subspace %08lx/%08lx\n",
-	  what, prefix, mask, mprefix, mmask);
-  badusage();
-}
-
 static void addrnet_mustdiffer(const char *w1, unsigned long p1, unsigned long m1,
 			       const char *w2, unsigned long p2, unsigned long m2) {
   unsigned long mask;
 
   mask= m1&m2;
   if ((p1 & mask) != (p2 & mask)) return;
-  fprintf(stderr, "%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
-	  w1,p1,m1, w2,p2,m2);
-  badusage();
+  badusage("%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
+	   w1,p1,m1, w2,p2,m2);
 }
   
 static unsigned long eat_addr(const char **argp, const char *what,
-			      unsigned long mprefix, unsigned long mmask,
 			      const char *endchars, int *endchar_r) {
   char whatbuf[100];
   unsigned long rv;
   int i;
 
-  assert(!(~mmask & mprefix));
-
   for (rv=0, i=0;
        i<4;
        i++) {
@@ -147,12 +184,10 @@ static unsigned long eat_addr(const char **argp, const char *what,
     rv |= eat_number(argp,whatbuf, 0,255, i<3 ? "." : endchars, endchar_r);
   }
 
-  addrnet_mustbein(what,rv,~0UL, mprefix,mmask);
   return rv;
 }
 
 static void eat_prefixmask(const char **argp, const char *what,
-			   unsigned long mprefix, unsigned long mmask,
 			   const char *endchars, int *endchar_r,
 			   unsigned long *prefix_r, unsigned long *mask_r, int *len_r) {
   /* mask_r and len_r may be 0 */
@@ -160,71 +195,170 @@ static void eat_prefixmask(const char **argp, const char *what,
   int len;
   unsigned long prefix, mask;
 
-  prefix= eat_addr(argp,what, 0,0, "/",0);
+  prefix= eat_addr(argp,what, "/",0);
   sprintf(whatbuf,"%s length",what);
   len= eat_number(argp,whatbuf, 0,32, endchars,endchar_r);
 
   mask= (~0UL << (32-len));
-  if (prefix & ~mask) {
-    fprintf(stderr,"%s prefix %08lx not fully contained in mask %08lx\n",
-	    what,prefix,mask);
-    badusage();
-  }
-  addrnet_mustbein(what,prefix,mask, mprefix,mmask);
+  if (prefix & ~mask) badusage("%s prefix %08lx not fully contained in mask %08lx\n",
+			       what,prefix,mask);
   *prefix_r= prefix;
   if (mask_r) *mask_r= mask;
   if (len_r) *len_r= len;
 }
+
+static int addrnet_isin(unsigned long prefix, unsigned long mask,
+			unsigned long mprefix, unsigned long mmask) {
+  return  !(~mask & mmask)  &&  (prefix & mmask) == mprefix;
+}
   
-int main(int argc, const char *const *argv) {
-  static unsigned long gidmaxval= (unsigned long)((gid_t)-2);
-  static const char *const protos_ok[]= { "slip", "cslip", "adaptive", 0 };
 
-  unsigned long gidmin, gidmax, gidadd;
-  int baselen;
-  unsigned long routeaddr, routemask, tgid;
-  const char *carg, *gidlist;
-  const char *const *cprotop;
-  int gidlen, i;
-  char erwhatbuf[100], erwhatbuf2[100];
+static void permit(unsigned long pprefix, unsigned long pmask) {
+  int i, any;
   
-  if (argc < NARGS+1) { fputs("too few arguments\n",stderr); badusage(); }
-  if (argc > NARGS+1) { fputs("too many arguments\n",stderr); badusage(); }
+  assert(!(pprefix & ~pmask));
 
-  carg= *++argv;
-  eat_prefixmask(&carg,"base", 0UL,0UL, 0,0, &baseprefix, &basemask, &baselen);
+  if (!proto) fputs("permits",stdout);
+  if (addrnet_isin(localaddr,~0UL, pprefix,pmask)) {
+    if (!proto) fputs(" local-addr",stdout);
+    any= localallow= 1;
+  }
+  if (addrnet_isin(peeraddr,~0UL, pprefix,pmask)) {
+    if (!proto) fputs(" peer-addr",stdout);
+    any= peerallow= 1;
+  }
+  for (i=0; i<nexroutes; i++) {
+    if (addrnet_isin(exroutes[i].prefix,exroutes[i].mask, pprefix,pmask)) {
+      if (!proto) printf(" route#%d",i);
+      any= exroutes[i].allow= 1;
+    }
+  }
+  if (!proto) {
+    if (!any) fputs(" nothing!",stderr);
+    putchar('\n');
+  }
+}
 
-  carg= *++argv;
-  if (!strcmp(carg,"*")) {
+static void pconfig(const char *configstr, int truncated);
+
+static void pfile(const char *filename) {
+  FILE *file;
+  char buf[PATH_MAX];
+  int l, truncated, c;
+  struct pplace npp, *cpp;
+
+  for (cpp=cpplace; cpp; cpp=cpp->parent) {
+    if (!strcmp(cpp->filename,filename))
+      badusage("recursive configuration file `%s'",filename);
+  }
+
+  file= fopen(filename,"r");
+  if (!file)
+    badusage("cannot open configuration file `%s': %s", filename, strerror(errno));
+
+  if (!proto) printf("config file `%s':\n",filename);
+
+  npp.parent= cpplace;
+  npp.filename= filename;
+  npp.lineno= 0;
+  cpplace= &npp;
+
+  while (fgets(buf, sizeof(buf), file)) {
+    npp.lineno++;
+    l= strlen(buf);
+    if (!l) continue;
+
+    truncated= (buf[l-1] != '\n');
+    while (l>0 && isspace((unsigned char) buf[l-1])) l--;
+    if (!l) continue;
+    buf[l]= 0;
+
+    if (truncated) {
+      while ((c= getc(file)) != EOF && c != '\n');
+      if (c == EOF) break;
+    }
+
+    pconfig(buf,truncated);
+  }
+  if (ferror(file))
+    badusage("failed while reading configuration file: %s", strerror(errno));
+
+  cpplace= npp.parent;
+}
+
+static void pconfig(const char *configstr, int truncated) {
+  unsigned long fgid, tgid, pprefix, pmask;
+  int plen;
+  char ptxt[ATXTLEN];
+  const char *gidlist;
+  
+  switch (configstr[0]) {
+  case '*':
+    if (strcmp(configstr,"*")) badusage("`*' directive must be only thing on line");
+    permit(0UL,0UL);
+    return;
+    
+  case '#':
+    return;
+    
+  case '/': case '.':
+    if (truncated) badusage("filename too long (`%.100s...')",configstr);
+    pfile(configstr);
+    return;
+    
+  default:
+    if (!isdigit((unsigned char)configstr[0]))
+      badusage("unknown configuration directive");
+    
+    fgid= eat_number(&configstr,"gid", 0,gidmaxval, ",",0);
+    eat_prefixmask(&configstr,"permitted-prefix", ",",0, &pprefix,&pmask,&plen);
+    if (!configstr && truncated) badusage("gid,prefix/len,... spec too long");
+
+    if (!proto) printf(" %5lu,%s/%d: ", fgid, ip2txt(pprefix,ptxt), plen);
+
+    gidlist= getenv("USERV_GID");
+    if (!gidlist) fatal("USERV_GID not set");
     for (;;) {
-      if (!*carg) fatal("no gid authorised");
-      gidmin= eat_number(&carg,"gid-min", 0,gidmaxval, "-",0);
-      gidmax= eat_number(&carg,"gid-max", gidmin,gidmaxval, ":",0);
-      gidadd= eat_number(&carg,"gid-add", 0,gidmaxval, "/",0);
-      gidlen= eat_number(&carg,"gid-len", 0,32-baselen, 0,0);
-
-      gidlist= getenv("USERV_GID");
-      if (!gidlist) fatal("USERV_GID not set");
-      while (gidlist) {
-	tgid= eat_number(&gidlist,"userv_gid", 0,gidmaxval, " ",0);
-	if (tgid >= gidmin && tgid <= gidmax) goto gid_found;
+      if (!gidlist) {
+	if (!proto) printf("no matching gid\n");
+	return;
       }
+      tgid= eat_number(&gidlist,"userv-gid", 0,gidmaxval, " ",0);
+      if (tgid == fgid) break;
     }
-  gid_found:
-    tgid += gidadd;
-    tgid &= ((1UL << gidlen) - 1);
-    baselen += gidlen;
-    baseprefix |= (tgid << (32-baselen));
-    basemask = (~0UL << (32-baselen));
-  } else {
-    tgid= 0;
+    permit(pprefix,pmask);
+    return;
   }
+}
+
+static void checkallow(int allow, const char *what,
+		       const char *prefixtxt, const char *masktxt) {
+  if (allow) return;
+  fprintf(stderr,"userv-ipif service: access denied for %s, %s/%s\n",
+	  what, prefixtxt, masktxt);
+  allallow= 0;
+}
+
+static void parseargs(int argc, const char *const *argv) {
+  unsigned long routeaddr, routemask;
+  const char *carg;
+  const char *const *cprotop;
+  int i;
+  char erwhatbuf[100], erwhatbuf2[100];
+  
+  if (argc < NARGS+1) { badusage("too few arguments"); }
+  if (argc > NARGS+1) { badusage("too many arguments"); }
+
+  configstr= *++argv;
   
   carg= *++argv;
+  if (strcmp(carg,"--")) badusage("separator argument `--' not found, got `%s'",carg);
 
-  localaddr= eat_addr(&carg,"local-addr", baseprefix,basemask, ",",0);
-  peeraddr= eat_addr(&carg,"peer-addr", baseprefix,basemask, ",",0);
+  carg= *++argv;
+  localaddr= eat_addr(&carg,"local-addr", ",",0);
+  peeraddr= eat_addr(&carg,"peer-addr", ",",0);
   mtu= eat_number(&carg,"mtu", 576,65536, ",",0);
+  localallow= peerallow= 0;
   
   if (!strcmp(carg,"debug")) {
     proto= 0;
@@ -239,55 +373,76 @@ int main(int argc, const char *const *argv) {
   
   carg= *++argv;
   for (nexroutes=0;
-       *carg;
-       carg++, nexroutes++) {
-    if (nexroutes == MAXEXROUTES) {
-      fprintf(stderr,"only %d extra routes allowed\n",MAXEXROUTES);
-      fatal("too many extra routes");
-    }
-    sprintf(erwhatbuf,"route %d",nexroutes+1);
+       carg;
+       nexroutes++) {
+    if (nexroutes == MAXEXROUTES)
+      fatal("too many extra routes (only %d allowed)",MAXEXROUTES);
+    sprintf(erwhatbuf,"route#%d",nexroutes);
     
-    eat_prefixmask(&carg,erwhatbuf, baseprefix,basemask, ",",0, &routeaddr,&routemask,0);
-    addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
-    addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
+    eat_prefixmask(&carg,erwhatbuf, ",",0, &routeaddr,&routemask,0);
+    if (routemask == ~0UL) {
+      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "local-addr",localaddr,~0UL);
+      addrnet_mustdiffer(erwhatbuf,routeaddr,routemask, "peer-addr",peeraddr,~0UL);
+    }
     for (i=0; i<nexroutes; i++) {
-      sprintf(erwhatbuf2,"route %d",i+1);
+      sprintf(erwhatbuf2,"route#%d",i);
       addrnet_mustdiffer(erwhatbuf,routeaddr,routemask,
 			 erwhatbuf2,exroutes[i].prefix,exroutes[i].mask);
     }
     exroutes[nexroutes].prefix= routeaddr;
     exroutes[nexroutes].mask= routemask;
+    exroutes[nexroutes].allow= 0;
     ip2txt(routeaddr,exroutes[nexroutes].prefixtxt);
     ip2txt(routemask,exroutes[nexroutes].masktxt);
   }
   ip2txt(localaddr,localtxt);
   ip2txt(peeraddr,peertxt);
+}
+
+static void checkpermit(void) {
+  int i;
+  char erwhatbuf[100];
   
-  if (!proto) {
-    char basetxt[ATXTLEN];
-    
-    printf("protocol: debug\n"
-	   "base:     %08lx/%-2ld == %s/%ld\n"
-	   "auth gid: %ld"
-	   "local:    %08lx    == %s\n"
-	   "peer:     %08lx    == %s\n"
-	   "mtu:      %ld"
-	   "routes:   %d",
-	   baseprefix, basemask, ip2txt(baseprefix,basetxt), basemask,
-	   tgid,
-	   localaddr, localtxt,
-	   peeraddr, peertxt,
-	   mtu,
-	   nexroutes);
-    for (i=0; i<nexroutes; i++) {
-      sprintf(erwhatbuf2, "route %d:", i+1);
-      printf("%-9s %08lx/%-2ld == %s/%s\n",
-	     erwhatbuf,
-	     exroutes[i].prefix, exroutes[i].mask,
-	     exroutes[i].prefixtxt, exroutes[i].masktxt);
-    }
-    if (ferror(stdout) || fclose(stdout)) sysfatal("flush stdout");
-    exit(0);
+  allallow= 1;
+  checkallow(localallow,"local-addr", localtxt,"32");
+  checkallow(peerallow,"peer-addr", peertxt,"32");
+  for (i=0; i<nexroutes; i++) {
+    sprintf(erwhatbuf, "route#%d", i);
+    checkallow(exroutes[i].allow, erwhatbuf, exroutes[i].prefixtxt, exroutes[i].masktxt);
+  }
+  if (!allallow) fatal("access denied");
+}
+
+static void dumpdebug(void) __attribute__((noreturn));
+static void dumpdebug(void) {
+  int i;
+  char erwhatbuf[100];
+  
+  printf("protocol: debug\n"
+	 "local:    %08lx == %s\n"
+	 "peer:     %08lx == %s\n"
+	 "mtu:      %ld\n"
+	 "routes:   %d\n",
+	 localaddr, localtxt,
+	 peeraddr, peertxt,
+	 mtu,
+	 nexroutes);
+  for (i=0; i<nexroutes; i++) {
+    sprintf(erwhatbuf, "route#%d:", i);
+    printf("%-9s %08lx/%08lx == %s/%s\n",
+	   erwhatbuf,
+	   exroutes[i].prefix, exroutes[i].mask,
+	   exroutes[i].prefixtxt, exroutes[i].masktxt);
   }
+  if (ferror(stdout) || fclose(stdout)) sysfatal("flush stdout");
+  exit(0);
+}
+
+int main(int argc, const char *const *argv) {
+  parseargs(argc,argv);
+  pconfig(configstr,0);
+  checkpermit();
+  if (!proto) dumpdebug();
+
   abort();
 }
diff --git a/ipif/x.gdb b/ipif/x.gdb
index 596272f..1f705ed 100644
--- a/ipif/x.gdb
+++ b/ipif/x.gdb
@@ -1,2 +1,2 @@
 set environment USERV_GID="5000 5001"
-set args 10.232.0.0/15 5000-8999:0/5 -- 10.232.40.0,10.232.40.1,1500,debug ""
+set args "*" -- 10.232.40.0,10.232.40.1,1500,debug 10.232.40.0/28
-- 
2.30.2