| 1 | /* -*-c-*- |
| 2 | * |
| 3 | * Policy parsing and implementation |
| 4 | * |
| 5 | * (c) 2012 Straylight/Edgeware |
| 6 | */ |
| 7 | |
| 8 | /*----- Licensing notice --------------------------------------------------* |
| 9 | * |
| 10 | * This file is part of Yet Another Ident Daemon (YAID). |
| 11 | * |
| 12 | * YAID is free software; you can redistribute it and/or modify |
| 13 | * it under the terms of the GNU General Public License as published by |
| 14 | * the Free Software Foundation; either version 2 of the License, or |
| 15 | * (at your option) any later version. |
| 16 | * |
| 17 | * YAID is distributed in the hope that it will be useful, |
| 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | * GNU General Public License for more details. |
| 21 | * |
| 22 | * You should have received a copy of the GNU General Public License |
| 23 | * along with YAID; if not, write to the Free Software Foundation, |
| 24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | */ |
| 26 | |
| 27 | /*----- Header files ------------------------------------------------------*/ |
| 28 | |
| 29 | #include "yaid.h" |
| 30 | |
| 31 | /*----- Memory management -------------------------------------------------*/ |
| 32 | |
| 33 | /* Initialize a policy structure. In this state, it doesn't actually have |
| 34 | * any resources allocated (so can be simply discarded) but it's safe to free |
| 35 | * (using `free_policy'). |
| 36 | */ |
| 37 | void init_policy(struct policy *p) { p->act.act = A_LIMIT; } |
| 38 | |
| 39 | /* Free an action structure, resetting it to a safe state. This function is |
| 40 | * idempotent. |
| 41 | */ |
| 42 | static void free_action(struct action *a) |
| 43 | { |
| 44 | switch (a->act) { |
| 45 | case A_LIE: |
| 46 | xfree(a->u.lie); |
| 47 | break; |
| 48 | } |
| 49 | a->act = A_LIMIT; |
| 50 | } |
| 51 | |
| 52 | /* Free a policy structure, resetting it to its freshly-initialized state. |
| 53 | * This function is idempotent. |
| 54 | */ |
| 55 | void free_policy(struct policy *p) |
| 56 | { free_action(&p->act); } |
| 57 | |
| 58 | /*----- Diagnostics -------------------------------------------------------*/ |
| 59 | |
| 60 | static void print_addrpat(const struct addrops *ao, const struct addrpat *ap) |
| 61 | { |
| 62 | char buf[ADDRLEN]; |
| 63 | |
| 64 | if (ap->len == 0) |
| 65 | putchar('*'); |
| 66 | else { |
| 67 | printf("%s/%u", |
| 68 | inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)), |
| 69 | ap->len); |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | static void print_portpat(const struct portpat *pp) |
| 74 | { |
| 75 | if (pp->lo == 0 && pp->hi == 65535) putchar('*'); |
| 76 | else if (pp->lo == pp->hi) printf("%u", pp->lo); |
| 77 | else printf("%u-%u", pp->lo, pp->hi); |
| 78 | } |
| 79 | |
| 80 | static void print_sockpat(const struct addrops *ao, const struct sockpat *sp) |
| 81 | { print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); } |
| 82 | |
| 83 | static const char *const acttab[] = { |
| 84 | #define DEFACT(tag, name) name, |
| 85 | ACTIONS(DEFACT) |
| 86 | #undef DEFACT |
| 87 | 0 |
| 88 | }; |
| 89 | |
| 90 | static void print_action(const struct action *act) |
| 91 | { |
| 92 | assert(act->act < A_LIMIT); |
| 93 | printf("%s", acttab[act->act]); |
| 94 | switch (act->act) { |
| 95 | case A_USER: { |
| 96 | int i; |
| 97 | unsigned m; |
| 98 | for (i = 0, m = 1; i < A_LIMIT; i++, m <<= 1) |
| 99 | if (act->u.user & m) printf(" %s", acttab[i]); |
| 100 | } break; |
| 101 | case A_LIE: |
| 102 | printf(" %s", act->u.lie); |
| 103 | break; |
| 104 | } |
| 105 | } |
| 106 | |
| 107 | /* Print a policy rule to standard output. */ |
| 108 | void print_policy(const struct policy *p) |
| 109 | { |
| 110 | print_sockpat(p->ao, &p->sp[L]); putchar(' '); |
| 111 | print_sockpat(p->ao, &p->sp[R]); putchar(' '); |
| 112 | print_action(&p->act); putchar('\n'); |
| 113 | } |
| 114 | |
| 115 | /*----- Matching ----------------------------------------------------------*/ |
| 116 | |
| 117 | /* Return true if the port matches the pattern. */ |
| 118 | static int match_portpat(const struct portpat *pp, unsigned port) |
| 119 | { return (pp->lo <= port && port <= pp->hi); } |
| 120 | |
| 121 | /* Return true if the socket matches the pattern. */ |
| 122 | static int match_sockpat(const struct addrops *ao, |
| 123 | const struct sockpat *sp, const struct socket *s) |
| 124 | { |
| 125 | return (ao->match_addrpat(&sp->addr, &s->addr) && |
| 126 | match_portpat(&sp->port, s->port)); |
| 127 | } |
| 128 | |
| 129 | /* Return true if the query matches the patterns in the policy rule. */ |
| 130 | int match_policy(const struct policy *p, const struct query *q) |
| 131 | { |
| 132 | return ((!p->ao || p->ao == q->ao) && |
| 133 | match_sockpat(q->ao, &p->sp[L], &q->s[L]) && |
| 134 | match_sockpat(q->ao, &p->sp[R], &q->s[R])); |
| 135 | } |
| 136 | |
| 137 | /*----- Parsing -----------------------------------------------------------*/ |
| 138 | |
| 139 | /* Advance FP to the next line. */ |
| 140 | static void nextline(FILE *fp) |
| 141 | { |
| 142 | for (;;) { |
| 143 | int ch = getc(fp); |
| 144 | if (ch == '\n' || ch == EOF) break; |
| 145 | } |
| 146 | } |
| 147 | |
| 148 | /* Scan a whitespace-separated token from FP, writing it to BUF. The token |
| 149 | * must fit in a buffer of size SZ, including a terminating null. Return |
| 150 | * an appropriate T_* error code. |
| 151 | */ |
| 152 | static int scan(FILE *fp, char *buf, size_t sz) |
| 153 | { |
| 154 | int ch; |
| 155 | |
| 156 | skip_ws: |
| 157 | /* Before we start grabbing a token proper, find out what's in store. */ |
| 158 | ch = getc(fp); |
| 159 | switch (ch) { |
| 160 | |
| 161 | case '\n': |
| 162 | newline: |
| 163 | /* Found a newline. Leave it where it is and report it. */ |
| 164 | ungetc(ch, fp); |
| 165 | return (T_EOL); |
| 166 | |
| 167 | case EOF: |
| 168 | eof: |
| 169 | /* Found end-of-file, or an I/O error. Return an appropriate code. */ |
| 170 | return (ferror(fp) ? T_ERROR : T_EOF); |
| 171 | |
| 172 | case '#': |
| 173 | /* Found a comment. Consume it, and continue appropriately: it must |
| 174 | * be terminated either by a newline or end-of-file. |
| 175 | */ |
| 176 | for (;;) { |
| 177 | ch = getc(fp); |
| 178 | if (ch == '\n') goto newline; |
| 179 | else if (ch == EOF) goto eof; |
| 180 | } |
| 181 | |
| 182 | default: |
| 183 | /* Whitespace means we just continue around. Anything else and we |
| 184 | * start snarfing. |
| 185 | */ |
| 186 | if (isspace(ch)) goto skip_ws; |
| 187 | break; |
| 188 | } |
| 189 | |
| 190 | for (;;) { |
| 191 | |
| 192 | /* If there's buffer space left, store the character. */ |
| 193 | if (sz) { *buf++ = ch; sz--; } |
| 194 | |
| 195 | /* Get a new one, and find out what to do about it. */ |
| 196 | ch = getc(fp); |
| 197 | switch (ch) { |
| 198 | case '\n': |
| 199 | ungetc(ch, fp); |
| 200 | goto done; |
| 201 | case EOF: |
| 202 | goto done; |
| 203 | default: |
| 204 | if (isspace(ch)) goto done; |
| 205 | break; |
| 206 | } |
| 207 | } |
| 208 | |
| 209 | done: |
| 210 | /* If there's no space for a terminating null then report an error. */ |
| 211 | if (!sz) return (T_ERROR); |
| 212 | |
| 213 | /* All done. */ |
| 214 | *buf++ = 0; sz--; |
| 215 | return (T_OK); |
| 216 | } |
| 217 | |
| 218 | /* Parse an action name, storing the code in *ACT. Return an appropriate T_* |
| 219 | * code. |
| 220 | */ |
| 221 | static int parse_actname(FILE *fp, unsigned *act) |
| 222 | { |
| 223 | char buf[32]; |
| 224 | int t; |
| 225 | const char *const *p; |
| 226 | |
| 227 | if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t); |
| 228 | for (p = acttab; *p; p++) |
| 229 | if (strcmp(buf, *p) == 0) { *act = p - acttab; return (0); } |
| 230 | return (T_ERROR); |
| 231 | } |
| 232 | |
| 233 | /* Parse an action, returning a T_* code. */ |
| 234 | static int parse_action(FILE *fp, struct action *act) |
| 235 | { |
| 236 | char buf[32]; |
| 237 | int t; |
| 238 | unsigned a; |
| 239 | unsigned long m; |
| 240 | |
| 241 | /* Collect the action name. */ |
| 242 | if ((t = parse_actname(fp, &a)) != 0) return (t); |
| 243 | |
| 244 | /* Parse parameters, if there are any. */ |
| 245 | switch (a) { |
| 246 | |
| 247 | case A_USER: |
| 248 | /* `user ACTION ACTION ...': store permitted actions in a bitmask. */ |
| 249 | m = 0; |
| 250 | for (;;) { |
| 251 | if ((t = parse_actname(fp, &a)) != 0) break; |
| 252 | if (a == A_USER) return (T_ERROR); |
| 253 | m |= (1 << a); |
| 254 | } |
| 255 | if (t != T_EOL && t != T_EOF) return (t); |
| 256 | act->act = A_USER; |
| 257 | act->u.user = m; |
| 258 | break; |
| 259 | |
| 260 | case A_TOKEN: |
| 261 | case A_NAME: |
| 262 | case A_DENY: |
| 263 | case A_HIDE: |
| 264 | /* Dull actions which don't accept parameters. */ |
| 265 | act->act = a; |
| 266 | break; |
| 267 | |
| 268 | case A_LIE: |
| 269 | /* `lie NAME': store the string we're to report. */ |
| 270 | if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t); |
| 271 | act->act = a; |
| 272 | act->u.lie = xstrdup(buf); |
| 273 | break; |
| 274 | } |
| 275 | |
| 276 | /* Make sure we've reached the end of the line. */ |
| 277 | t = scan(fp, buf, sizeof(buf)); |
| 278 | if (t != T_EOF && t != T_EOL) { |
| 279 | free_action(act); |
| 280 | return (T_ERROR); |
| 281 | } |
| 282 | |
| 283 | /* Done. */ |
| 284 | return (0); |
| 285 | } |
| 286 | |
| 287 | /* Parse an address pattern, writing it to AP. If the pattern has an |
| 288 | * identifiable address family, update *AOP to point to its operations table; |
| 289 | * if *AOP is already set to something different then report an error. |
| 290 | */ |
| 291 | static int parse_addrpat(FILE *fp, const struct addrops **aop, |
| 292 | struct addrpat *ap) |
| 293 | { |
| 294 | char buf[64]; |
| 295 | int t; |
| 296 | const struct addrops *ao; |
| 297 | long n; |
| 298 | char *delim; |
| 299 | |
| 300 | /* Scan a token for the address pattern. */ |
| 301 | if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t); |
| 302 | |
| 303 | /* If this is a wildcard, then leave everything as it is. */ |
| 304 | if (strcmp(buf, "*") == 0) { |
| 305 | ap->len = 0; |
| 306 | return (T_OK); |
| 307 | } |
| 308 | |
| 309 | /* Decide what kind of address this must be. A bit grim, sorry. */ |
| 310 | if (strchr(buf, ':')) |
| 311 | ao = &addroptab[ADDR_IPV6]; |
| 312 | else |
| 313 | ao = &addroptab[ADDR_IPV4]; |
| 314 | |
| 315 | /* Update the caller's idea of the address family in use. */ |
| 316 | if (!*aop) *aop = ao; |
| 317 | else if (*aop != ao) return (T_ERROR); |
| 318 | |
| 319 | /* See whether there's a prefix length. If so, clobber it. */ |
| 320 | delim = strchr(buf, '/'); |
| 321 | if (delim) *delim++ = 0; |
| 322 | |
| 323 | /* Parse the address. */ |
| 324 | if (!inet_pton(ao->af, buf, &ap->addr)) return (T_ERROR); |
| 325 | |
| 326 | /* Parse the prefix length, or use the maximum one. */ |
| 327 | if (!delim) n = ao->len; |
| 328 | else n = strtol(delim, 0, 10); |
| 329 | if (n < 0 || n > ao->len) return (T_ERROR); |
| 330 | ap->len = n; |
| 331 | |
| 332 | /* Done. */ |
| 333 | return (T_OK); |
| 334 | } |
| 335 | |
| 336 | static int parse_portpat(FILE *fp, struct portpat *pp) |
| 337 | { |
| 338 | char buf[64]; |
| 339 | int t; |
| 340 | long n; |
| 341 | char *delim; |
| 342 | |
| 343 | /* Parse a token for the pattern. */ |
| 344 | if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR); |
| 345 | |
| 346 | /* If this is a wildcard, then we're done. */ |
| 347 | if (strcmp(buf, "*") == 0) { |
| 348 | pp->lo = 0; |
| 349 | pp->hi = 65535; |
| 350 | return (T_OK); |
| 351 | } |
| 352 | |
| 353 | /* Find a range delimiter. */ |
| 354 | delim = strchr(buf, '-'); |
| 355 | if (delim) *delim++ = 0; |
| 356 | |
| 357 | /* Parse the only or low end of the range. */ |
| 358 | n = strtol(buf, 0, 0); |
| 359 | if (n < 0 || n > 65535) return (T_ERROR); |
| 360 | pp->lo = n; |
| 361 | |
| 362 | /* If there's no delimiter, then the high end is equal to the low end; |
| 363 | * otherwise, parse the high end. |
| 364 | */ |
| 365 | if (!delim) |
| 366 | pp->hi = n; |
| 367 | else { |
| 368 | n = strtol(delim, 0, 0); |
| 369 | if (n < pp->lo || n > 65535) return (T_ERROR); |
| 370 | pp->hi = n; |
| 371 | } |
| 372 | |
| 373 | /* Done. */ |
| 374 | return (T_OK); |
| 375 | } |
| 376 | |
| 377 | /* Parse a socket pattern, writing it to SP. */ |
| 378 | static int parse_sockpat(FILE *fp, const struct addrops **aop, |
| 379 | struct sockpat *sp) |
| 380 | { |
| 381 | int t; |
| 382 | |
| 383 | if ((t = parse_addrpat(fp, aop, &sp->addr)) != 0) return (t); |
| 384 | if ((t = parse_portpat(fp, &sp->port)) != 0) return (T_ERROR); |
| 385 | return (T_OK); |
| 386 | } |
| 387 | |
| 388 | /* Parse a policy rule line, writing it to P. */ |
| 389 | static int parse_policy(FILE *fp, struct policy *p) |
| 390 | { |
| 391 | int t; |
| 392 | |
| 393 | p->ao = 0; |
| 394 | free_policy(p); |
| 395 | |
| 396 | if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail; |
| 397 | if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err; |
| 398 | if ((t = parse_action(fp, &p->act)) != 0) goto err; |
| 399 | return (0); |
| 400 | |
| 401 | err: |
| 402 | t = T_ERROR; |
| 403 | fail: |
| 404 | free_policy(p); |
| 405 | return (t); |
| 406 | } |
| 407 | |
| 408 | /* Open a policy file by NAME. The description WHAT and query Q are used for |
| 409 | * formatting error messages for the log. |
| 410 | */ |
| 411 | int open_policy_file(struct policy_file *pf, const char *name, |
| 412 | const char *what, const struct query *q) |
| 413 | { |
| 414 | if ((pf->fp = fopen(name, "r")) == 0) { |
| 415 | logmsg(q, LOG_ERR, "failed to open %s `%s': %s", |
| 416 | what, name, strerror(errno)); |
| 417 | return (-1); |
| 418 | } |
| 419 | |
| 420 | pf->name = name; |
| 421 | pf->what = what; |
| 422 | pf->q = q; |
| 423 | pf->err = 0; |
| 424 | pf->lno = 0; |
| 425 | init_policy(&pf->p); |
| 426 | return (0); |
| 427 | } |
| 428 | |
| 429 | /* Read a policy rule from the file, storing it in PF->p. Return one of the |
| 430 | * T_* codes. |
| 431 | */ |
| 432 | int read_policy_file(struct policy_file *pf) |
| 433 | { |
| 434 | int t; |
| 435 | |
| 436 | for (;;) { |
| 437 | pf->lno++; |
| 438 | t = parse_policy(pf->fp, &pf->p); |
| 439 | switch (t) { |
| 440 | case T_OK: |
| 441 | nextline(pf->fp); |
| 442 | return (0); |
| 443 | case T_ERROR: |
| 444 | logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s", |
| 445 | pf->name, pf->lno, pf->what); |
| 446 | pf->err = 1; |
| 447 | break; |
| 448 | case T_EOF: |
| 449 | if (ferror(pf->fp)) { |
| 450 | logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s", |
| 451 | pf->what, pf->name, strerror(errno)); |
| 452 | } |
| 453 | return (-1); |
| 454 | case T_EOL: |
| 455 | nextline(pf->fp); |
| 456 | break; |
| 457 | default: |
| 458 | abort(); |
| 459 | } |
| 460 | } |
| 461 | } |
| 462 | |
| 463 | /* Close a policy file. It doesn't matter whether the file was completely |
| 464 | * read. |
| 465 | */ |
| 466 | void close_policy_file(struct policy_file *pf) |
| 467 | { |
| 468 | fclose(pf->fp); |
| 469 | free_policy(&pf->p); |
| 470 | } |
| 471 | |
| 472 | /* Load a policy file, writing a vector of records into PV. If the policy |
| 473 | * file has errors, then leave PV unchanged and return nonzero. |
| 474 | */ |
| 475 | int load_policy_file(const char *file, policy_v *pv) |
| 476 | { |
| 477 | struct policy_file pf; |
| 478 | policy_v v = DA_INIT; |
| 479 | |
| 480 | if (open_policy_file(&pf, file, "policy file", 0)) |
| 481 | return (-1); |
| 482 | while (!read_policy_file(&pf)) { |
| 483 | DA_PUSH(&v, pf.p); |
| 484 | init_policy(&pf.p); |
| 485 | } |
| 486 | close_policy_file(&pf); |
| 487 | if (!pf.err) { |
| 488 | DA_DESTROY(pv); |
| 489 | *pv = v; |
| 490 | return (0); |
| 491 | } else { |
| 492 | DA_DESTROY(&v); |
| 493 | return (-1); |
| 494 | } |
| 495 | } |
| 496 | |
| 497 | /*----- That's all, folks -------------------------------------------------*/ |