3 * $Id: class.c,v 1.10 2004/04/08 01:36:20 mdw Exp $
5 * Handling classes of things nicely
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of `become'
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
31 /* --- ANSI headers --- */
37 /* --- Unix headers --- */
39 #include <sys/types.h>
40 #include <sys/socket.h>
42 #include <netinet/in.h>
44 #include <arpa/inet.h>
48 /* --- mLib headers --- */
50 #include <mLib/alloc.h>
51 #include <mLib/report.h>
54 /* --- Local headers --- */
59 /*----- Global variables --------------------------------------------------*/
61 static class_node class__all = { clType_all | clNode_any, -1, { 0 }};
62 class_node *class_all = &class__all;
64 static class_node class__none = { clType_all | clNode_any, -1, { 0 }};
65 class_node *class_none = &class__none;
67 /*----- Wildcard matching -------------------------------------------------*/
69 /* --- @class__wildMatch@ --- *
71 * Arguments: @const char *pat@ = pointer to pattern string
72 * @const char *p@ = pointer to target string
74 * Returns: Zero if no match, nonzero if match.
76 * Use: Wildcard-matches the pattern against the target string.
79 static int class__wildMatch(const char *pat, const char *p)
82 if (*pat == 0 && *p == 0)
83 return (42); /* For sadism's sake */
84 else if (*pat == '*') {
90 if (class__wildMatch(pat, p))
91 return (27); /* Nyahaha */
95 } else if (*pat == '?' || *pat == *p)
102 /*----- Creating new class nodes ------------------------------------------*/
104 /* --- @class_fromString@ --- *
106 * Arguments: @unsigned type@ = a type field
107 * @const char *s@ = pointer to string to copy
109 * Returns: A pointer to a class node containing that string, typed to
110 * be the right thing.
112 * Use: Given a string, wrap a class node around it. The node has
113 * one reference (the one you get returned). The string is
114 * copied, so you can get rid of your original one if you like.
117 class_node *class_fromString(unsigned type, const char *s)
119 class_node *c = xmalloc(sizeof(*c));
120 c->type = type | clNode_immed;
121 if (s[strcspn(s, "*?")] == 0)
122 c->type |= clFlag_friendly;
128 /* --- @class_fromUser@ --- *
130 * Arguments: @unsigned type@ = a type field
131 * @uid_t u@ = a user-id number
133 * Returns: A pointer to a class node containing the uid, typed to be
134 * the thing you asked for. Hopefully this will be
137 * Use: Given a uid, wrap a class node around it.
140 class_node *class_fromUser(unsigned type, uid_t u)
142 class_node *c = xmalloc(sizeof(*c));
143 c->type = type | clNode_immed | clFlag_friendly;
149 /*----- Reference counter tricks ------------------------------------------*/
151 /* --- @class_inc@ --- *
153 * Arguments: @class_node *c@ = pointer to a class block
157 * Use: Adds a reference to the class definition.
160 void class_inc(class_node *c)
162 if (c != class_all && c != class_none)
166 /* --- @class_dec@ --- *
168 * Arguments: @class_node *c@ = pointer to a class block
172 * Use: Removes a reference to a class block.
175 void class_dec(class_node *c)
179 for (cc = 0; c; c = cc, cc = 0) {
180 if (c == class_all || c == class_none || --c->ref)
182 switch (c->type & clNode_mask) {
187 if (c->type & (clType_host | clType_command))
191 sym_destroy(&c->v.t);
204 /* --- @class_mod@ --- *
206 * Arguments: @class_node *c@ = pointer to a class node
208 * Returns: A pointer to a class node, maybe the same one, maybe not,
209 * with a reference count of 1, containing the same data.
211 * Use: Gives you a node which you can modify. Don't call this
212 * for @class_all@ or @class_none@.
215 class_node *class_mod(class_node *c)
222 cc = xmalloc(sizeof(*cc));
225 switch (c->type & clNode_mask) {
227 die(1, "internal: class_mod called on non-modifiable class node");
231 if (c->type & clType_user)
234 cc->v.s = xstrdup(c->v.s);
241 sym_create(&cc->v.t);
242 for (sym_mkiter(&i, &c->v.t); (b = sym_next(&i)) != 0; )
243 sym_find(&cc->v.t, b->name, b->len, sizeof(sym_base), 0);
249 cc->v.c.l = c->v.c.l;
250 cc->v.c.r = c->v.c.r;
251 class_inc(cc->v.c.l);
252 class_inc(cc->v.c.r);
260 /*----- Some weirder operations on classes --------------------------------*/
262 /* --- @class__hashify@ --- *
264 * Arguments: @class_node *c@ = pointer to a node
266 * Returns: A pointer to a hash node containing the node's value.
268 * Use: The original node must have type `immediate', and it must
269 * be friendly. The old reference is discarded -- you get this
273 static class_node *class__hashify(class_node *c)
275 /* --- Some sanity checking --- */
277 if (~c->type & clFlag_friendly)
278 die(1, "internal: class__hashify can't hashify unfriendly nodes");
279 if ((c->type & clNode_mask) != clNode_immed)
280 die(1, "internal: class__hashify can't hashify non-immediate nodes");
282 /* --- Split off a private copy of the node --- */
286 c->type = (c->type & clType_mask) | clNode_hash | clFlag_friendly;
288 if (c->type & clType_user) {
291 sym_find(&c->v.t, (char *)&u, sizeof(u), sizeof(sym_base), 0);
295 sym_find(&c->v.t, s, -1, sizeof(sym_base), 0);
302 /*----- Arithmetic on classes ---------------------------------------------*/
304 /* --- @class__binop@ --- *
306 * Arguments: @class_node *l@ = left argument
307 * @class_node *r@ = right argument
308 * @unsigned op@ = the binop code
310 * Returns: A class node representing the result of a binary operation
313 * Use: Performs a binary operation on classes. If the types don't
314 * match, then a null pointer is returned. Both @l@ and @r@
315 * may be modified, and will be decremented before they get
316 * returned to you. If you don't want that to happen, ensure
317 * that you've claimed a reference to the original versions.
319 * If both nodes are `friendly' (see below), then an attempt is
320 * made to combine them sensibly using a hashtable.
322 * If one or both nodes is/are unfriendly, a binop node is
323 * created with type @op@ to allow the matcher to decide on
324 * membership appropriately at match time.
326 * A friendly node is one which can be placed in a hash table to
327 * speed up searching. It's friendly, because it doesn't mind
328 * living with other nodes. Uid numbers are friendly.
329 * Wildcarded strings aren't. Hashtables are trivially
333 class_node *class__binop(class_node *l, class_node *r, int op)
335 unsigned type = l->type & r->type & clType_mask;
336 unsigned lnode = l->type & clNode_mask, rnode = r->type & clNode_mask;
338 /* --- Check for compatible types --- */
346 /* --- Handle `friendly' nodes --- */
348 if ((l->type & r->type & clFlag_friendly)) {
350 /* --- Consider promoting an item to a hash --- *
352 * If both are immediate nodes, and they're both `friendly', we can
353 * profitably hash them together.
355 * Life gets complicated when we do subtraction, because it's not
356 * commutative. In this case, I have to promote the left operand anyway.
359 if (lnode == clNode_immed &&
360 (rnode == clNode_immed || op == clNode_diff)) {
362 /* --- Quick check for triviality --- *
364 * There are some more short-cuts I can employ if the values are
368 if (rnode == clNode_immed) {
370 /* --- See whether the two items are equal --- */
372 int eq = (type & clType_user ?
373 l->v.u == r->v.u : strcmp(l->v.s, r->v.s) == 0);
375 /* --- Now do something appropriate --- */
404 /* --- Turn @l@ into a hash containing itself --- */
406 l = class__hashify(l);
410 /* --- Otherwise, make @l@ the hash --- *
412 * Both @l@ and @r@ are friendly. Since they're not both immediates,
413 * one must be a hash.
416 else if ((l->type & clNode_mask) == clNode_immed) {
420 tn = l, l = r, r = tn;
421 tt = lnode, lnode = rnode, rnode = tt;
424 /* --- Now merge @r@ with @l@ --- */
430 /* --- The union operation isn't hard --- */
433 if (rnode == clNode_immed) {
434 if (type & clType_user) {
435 sym_find(&l->v.t, (char *)&r->v.u,
436 sizeof(r->v.u), sizeof(sym_base), 0);
438 sym_find(&l->v.t, r->v.s, -1, sizeof(sym_base), 0);
443 for (sym_mkiter(&i, &r->v.t); (b = sym_next(&i)) != 0; )
444 sym_find(&l->v.t, b->name, b->len, sizeof(sym_base), 0);
448 /* --- Set difference is similar in spirit --- */
451 if (rnode == clNode_immed) {
454 if (type & clType_user)
455 f = sym_find(&l->v.t, (char *)&r->v.u, sizeof(r->v.u), 0, 0);
457 f = sym_find(&l->v.t, r->v.s, -1, 0, 0);
459 sym_remove(&l->v.t, f);
464 for (sym_mkiter(&i, &r->v.t); (b = sym_next(&i)) != 0; ) {
465 if ((f = sym_find(&l->v.t, b->name, b->len, 0, 0)) != 0)
466 sym_remove(&l->v.t, f);
471 /* --- Intersection is wild and wacky --- */
474 if (rnode == clNode_immed) {
477 if (type & clType_user)
478 f = sym_find(&l->v.t, (char *)&r->v.u, sizeof(r->v.u), 0, 0);
480 f = sym_find(&l->v.t, r->v.s, -1, 0, 0);
493 for (sym_mkiter(&i, &l->v.t); (b = sym_next(&i)) != 0; ) {
494 if (!sym_find(&r->v.t, b->name, b->len, 0, 0))
495 sym_remove(&l->v.t, b);
501 /* --- Now trim the @l@ table to size --- *
503 * It may have lost a load of elements. Maybe it can be represented
504 * better as an immediate or even as @class_none@.
513 sym_mkiter(&i, &l->v.t);
514 if ((b = sym_next(&i)) == 0) {
519 if (type & clType_user) {
520 uid_t u = *(uid_t *)b->name;
521 sym_destroy(&l->v.t);
522 l->type = (l->type & ~clNode_mask) | clNode_immed;
525 char *s = xstrdup(b->name);
526 sym_destroy(&l->v.t);
527 l->type = (l->type & ~clNode_mask) | clNode_immed;
538 /* --- Unfriendly nodes --- *
540 * Create a binop node and return that. If @l@ is a binop node, and @r@
541 * isn't, and the operation isn't set difference (i.e., it's commutative)
542 * then swap the two over to lessen the depth of recursion later.
546 class_node *c = xmalloc(sizeof(*c));
550 if (lnode >= clNode_binop && rnode < clNode_binop && op != clNode_diff) {
561 /* --- @class_union@ --- *
563 * Arguments: @class_node *l@ = left argument
564 * @class_node *r@ = right argument
566 * Returns: A class node representing the union of the two classes.
568 * Use: Performs the union operation on classes. If the types don't
569 * match, then a null pointer is returned. Both @l@ and @r@
570 * may be modified, and will be decremented before they get
571 * returned to you. If you don't want that to happen, ensure
572 * that you've claimed a reference to the original versions.
575 class_node *class_union(class_node *l, class_node *r)
577 /* --- Check for the really simple cases --- */
579 if (l == class_all || r == class_all) {
590 /* --- Do the job --- */
592 return (class__binop(l, r, clNode_union));
595 /* --- @class_diff@ --- *
597 * Arguments: @class_node *l@ = left argument
598 * @class_node *r@ = right argument
600 * Returns: A class node representing the difference of the two classes.
602 * Use: Performs the set difference operation on classes. If the
603 * types don't match, then a null pointer is returned. Both
604 * @l@ and @r@ may be modified, and will be decremented before
605 * they get returned to you. If you don't want that to happen,
606 * ensure that you've claimed a reference to the original
610 class_node *class_diff(class_node *l, class_node *r)
612 /* --- Check for the really simple cases --- */
614 if (l == class_none || r == class_all) {
623 /* --- Do the job --- */
625 return (class__binop(l, r, clNode_diff));
628 /* --- @class_isect@ --- *
630 * Arguments: @class_node *l@ = left argument
631 * @class_node *r@ = right argument
633 * Returns: A class node representing the intersection of the two
636 * Use: Performs the intersecion operation on classes. If the types
637 * don't match, then a null pointer is returned. Both @l@ and
638 * @r@ may be modified, and will be decremented before they get
639 * returned to you. If you don't want that to happen, ensure
640 * that you've claimed a reference to the original versions.
643 class_node *class_isect(class_node *l, class_node *r)
645 /* --- Check for the really simple cases --- */
647 if (l == class_none || r == class_none) {
658 /* --- Do the job --- */
660 return (class__binop(l, r, clNode_isect));
663 /*----- Building the predefined classes -----------------------------------*/
665 /* --- @class_addUser@ --- *
667 * Arguments: @class_node *c@ = pointer to a class node (may be null)
668 * @uid_t u@ = user id number
670 * Returns: Pointer to the combined node.
672 * Use: Adds a user to a node, maybe hashifying it.
675 class_node *class_addUser(class_node *c, uid_t u)
678 return (class_fromUser(clType_user, u));
679 if ((c->type & clNode_mask) == clNode_immed)
680 c = class__hashify(c);
681 sym_find(&c->v.t, (char *)&u, sizeof(u), sizeof(sym_base), 0);
685 /* --- @class_addString@ --- *
687 * Arguments: @class_node *c@ = pointer to a class node (may be null)
688 * @const char *s@ = pointer to a string
690 * Returns: Pointer to the combined node.
692 * Use: Adds a user to a node, maybe hashifying it.
695 class_node *class_addString(class_node *c, const char *s)
697 class_node *n = class_fromString(clType_host, s); /* hack */
699 return (class_union(c, n));
704 /*----- Matching functions ------------------------------------------------*/
706 /* --- @class_matchUser@ --- *
708 * Arguments: @class_node *c@ = pointer to root class node
709 * @uid_t u@ = user id number
711 * Returns: Nonzero if it matches, zero if it doesn't.
713 * Use: Determines whether a user is matched by a class. Assumes
714 * that the types are correct.
717 int class_matchUser(class_node *c, uid_t u)
721 for (cc = 0; c; c = cc, cc = 0) {
726 switch (c->type & clNode_mask) {
728 return (u == c->v.u);
731 return (sym_find(&c->v.t, (char *)&u, sizeof(u), 0, 0) != 0);
734 if (class_matchUser(c->v.c.l, u))
739 if (!class_matchUser(c->v.c.l, u))
744 return (class_matchUser(c->v.c.l, u) &&
745 !class_matchUser(c->v.c.r, u));
750 die(1, "internal: can't get here in class_matchUser");
754 /* --- @class_matchCommand@ --- *
756 * Arguments: @class_node *c@ = pointer to root class node
757 * @const char *s@ = pointer to a string
759 * Returns: Nonzero if it matches, zero if it doesn't.
761 * Use: Determines whether a string is matched by a class. Assumes
762 * that the types are correct.
765 int class_matchCommand(class_node *c, const char *s)
769 for (cc = 0; c; c = cc, cc = 0) {
774 switch (c->type & clNode_mask) {
776 return (class__wildMatch(c->v.s, s));
779 return (sym_find(&c->v.t, s, -1, 0, 0) != 0);
782 if (class_matchCommand(c->v.c.l, s))
787 if (!class_matchCommand(c->v.c.l, s))
792 return (class_matchCommand(c->v.c.l, s) &&
793 !class_matchCommand(c->v.c.r, s));
798 die(1, "internal: can't get here in class_matchCommand");
802 /* --- @class_matchHost@ --- *
804 * Arguments: @class_node *c@ = pointer to root class node
805 * @struct in_addr a@ = IP address to match
807 * Returns: Nonzero if it matches, zero if it doesn't.
809 * Use: Determines whether a host matches a host class. Assumes
810 * that the types are correct. The actual mechanism is a bit
811 * odd here, but I think this is the Right Thing. At each stage
812 * I try to match %%@/all/%% of the possible names for the host.
813 * Thus host `splat' with address 1.2.3.4 would fail to match
814 * the class "1.2.*" - "splat". This seems to be what the
815 * author intuitively expects. It's just a bit weird.
818 static int class__doMatchHost(class_node *c, const char *ip,
819 const char *name, char **aliases)
823 for (cc = 0; c; c = cc, cc = 0) {
828 switch (c->type & clNode_mask) {
830 if ((ip && class__wildMatch(c->v.s, ip)) ||
831 (name && class__wildMatch(c->v.s, name)))
833 if (aliases) for (; *aliases; aliases++) {
834 if (class__wildMatch(c->v.s, *aliases))
840 if ((ip && sym_find(&c->v.t, ip, -1, 0, 0)) ||
841 (name && sym_find(&c->v.t, name, -1, 0, 0)))
843 if (aliases) for (; *aliases; aliases++) {
844 if (sym_find(&c->v.t, *aliases, -1, 0, 0))
850 if (class__doMatchHost(c->v.c.l, ip, name, aliases))
855 if (!class__doMatchHost(c->v.c.l, ip, name, aliases))
860 return (class__doMatchHost(c->v.c.l, ip, name, aliases) &&
861 !class__doMatchHost(c->v.c.r, ip, name, aliases));
866 die(1, "internal: can't get here in class_matchUser");
870 int class_matchHost(class_node *c, struct in_addr a)
872 char *ip, *name, **aliases;
876 if ((h = gethostbyaddr((char *)&a, sizeof(a), AF_INET)) != 0) {
878 aliases = h->h_aliases;
884 return (class__doMatchHost(c, ip, name, aliases));
887 /*----- Debugging code ----------------------------------------------------*/
889 /* --- @class_dump@ --- *
891 * Argumemnts: @class_node *c@ = pointer to root node
892 * @int indent@ = indent depth
896 * Use: Dumps a class to the trace output.
899 void class_dump(class_node *c, int indent)
903 static char *types[] = {
911 static char *nodes[] = {
918 "binop: intersection"
921 /* --- Handle some magical cases --- */
923 if (c == class_all) {
924 trace(TRACE_RULE, "rule:%*s class ALL", indent * 2, "");
927 if (c == class_none) {
928 trace(TRACE_RULE, "rule:%*s class NONE", indent * 2, "");
932 /* --- Dump basic type information --- */
934 trace(TRACE_RULE, "rule:%*s type == [%s], node type == [%s]%s",
936 types[c->type & clType_mask],
937 nodes[(c->type & clNode_mask) >> 4],
938 (c->type & clFlag_friendly) ? " Friendly" : "");
940 /* --- Now trace the contents --- */
942 switch (c->type & clNode_mask) {
944 if (c->type & clType_user) {
945 trace(TRACE_RULE, "rule:%*s user %lu",
946 indent * 2, "", (unsigned long)c->v.u);
948 trace(TRACE_RULE, "rule:%*s `%s'", indent * 2, "", c->v.s);
954 for (sym_mkiter(&i, &c->v.t); (b = sym_next(&i)) != 0; ) {
955 if (c->type & clType_user) {
956 trace(TRACE_RULE, "rule:%*s user %lu",
957 indent * 2, "", (unsigned long)*(uid_t *)b->name);
959 trace(TRACE_RULE, "rule:%*s `%s'", indent * 2, "", b->name);
965 class_dump(c->v.c.l, indent + 1);
966 class_dump(c->v.c.r, indent + 1);
973 /*----- That's all, folks -------------------------------------------------*/
~mdw / become / blob