3 * Policy parsing and implementation
5 * (c) 2012 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Yet Another Ident Daemon (YAID).
12 * YAID is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * YAID is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with YAID; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
31 /*----- Main code ---------------------------------------------------------*/
33 /* syntax: addrpat portpat addrpar portpat policy
35 * local address/port first, then remote
36 * addrpat ::= addr [/ len]
37 * portpat ::= num | num - num | *
38 * policy ::= user policy* | token | name | deny | hide |
41 void init_policy(struct policy *p) { p->act.act = A_LIMIT; }
43 static void free_action(struct action *a)
53 void free_policy(struct policy *p)
54 { free_action(&p->act); }
56 static void print_addrpat(const struct addrops *ao, const struct addrpat *ap)
64 inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)),
69 static void print_portpat(const struct portpat *pp)
71 if (pp->lo == 0 && pp->hi == 65535) putchar('*');
72 else if (pp->lo == pp->hi) printf("%u", pp->lo);
73 else printf("%u-%u", pp->lo, pp->hi);
76 static void print_sockpat(const struct addrops *ao, const struct sockpat *sp)
77 { print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); }
79 static const char *const acttab[] = {
80 #define DEFACT(tag, name) name,
86 static void print_action(const struct action *act)
88 assert(act->act < A_LIMIT);
89 printf("%s", acttab[act->act]);
94 for (i = 0, m = 1; i < A_LIMIT; i++, m <<= 1)
95 if (act->u.user & m) printf(" %s", acttab[i]);
98 printf(" %s", act->u.lie);
103 void print_policy(const struct policy *p)
105 print_sockpat(p->ao, &p->sp[L]); putchar(' ');
106 print_sockpat(p->ao, &p->sp[R]); putchar(' ');
107 print_action(&p->act); putchar('\n');
110 static int match_portpat(const struct portpat *pp, unsigned port)
111 { return (pp->lo <= port && port <= pp->hi); }
113 static int match_sockpat(const struct addrops *ao,
114 const struct sockpat *sp, const struct socket *s)
116 return (ao->match_addrpat(&sp->addr, &s->addr) &&
117 match_portpat(&sp->port, s->port));
120 int match_policy(const struct policy *p, const struct query *q)
122 return ((!p->ao || p->ao == q->ao) &&
123 match_sockpat(q->ao, &p->sp[L], &q->s[L]) &&
124 match_sockpat(q->ao, &p->sp[R], &q->s[R]));
127 static void nextline(FILE *fp)
131 if (ch == '\n' || ch == EOF) break;
135 static int scan(FILE *fp, char *buf, size_t sz)
148 return (ferror(fp) ? T_ERROR : T_EOF);
152 if (ch == '\n') goto newline;
153 else if (ch == EOF) goto eof;
156 if (isspace(ch)) goto skip_ws;
161 if (sz) { *buf++ = ch; sz--; }
170 if (isspace(ch)) goto done;
184 static int parse_actname(FILE *fp, unsigned *act)
188 const char *const *p;
190 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
191 for (p = acttab; *p; p++)
192 if (strcmp(buf, *p) == 0) { *act = p - acttab; return (0); }
196 static int parse_action(FILE *fp, struct action *act)
203 if ((t = parse_actname(fp, &a)) != 0) return (t);
208 if ((t = parse_actname(fp, &a)) != 0) break;
211 if (t != T_EOL && t != T_EOF) return (t);
222 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
224 act->u.lie = xstrdup(buf);
227 t = scan(fp, buf, sizeof(buf));
228 if (t != T_EOF && t != T_EOL) {
235 static int parse_sockpat(FILE *fp, const struct addrops **aop,
240 const struct addrops *ao;
244 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
245 if (strcmp(buf, "*") == 0)
248 if (strchr(buf, ':'))
249 ao = &addroptab[ADDR_IPV6];
251 ao = &addroptab[ADDR_IPV4];
252 if (!*aop) *aop = ao;
253 else if (*aop != ao) return (T_ERROR);
254 delim = strchr(buf, '/');
255 if (delim) *delim++ = 0;
256 if (!inet_pton(ao->af, buf, &sp->addr.addr)) return (T_ERROR);
257 if (!delim) n = ao->len;
258 else n = strtol(delim, 0, 10);
259 if (n < 0 || n > ao->len) return (T_ERROR);
263 if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR);
264 if (strcmp(buf, "*") == 0) {
268 delim = strchr(buf, '-');
269 if (delim) *delim++ = 0;
270 n = strtol(buf, 0, 0);
271 if (n < 0 || n > 65535) return (T_ERROR);
276 n = strtol(delim, 0, 0);
277 if (n < 0 || n > 65535) return (T_ERROR);
284 int parse_policy(FILE *fp, struct policy *p)
291 if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail;
292 if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err;
293 if ((t = parse_action(fp, &p->act)) != 0) goto err;
303 int open_policy_file(struct policy_file *pf, const char *name,
304 const char *what, const struct query *q)
306 if ((pf->fp = fopen(name, "r")) == 0) {
307 logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
308 what, name, strerror(errno));
321 int read_policy_file(struct policy_file *pf)
327 t = parse_policy(pf->fp, &pf->p);
333 logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s",
334 pf->name, pf->lno, pf->what);
338 if (ferror(pf->fp)) {
339 logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s",
340 pf->what, pf->name, strerror(errno));
352 void close_policy_file(struct policy_file *pf)
358 int load_policy_file(const char *file, policy_v *pv)
360 struct policy_file pf;
361 policy_v v = DA_INIT;
363 if (open_policy_file(&pf, file, "policy file", 0))
365 while (!read_policy_file(&pf)) {
369 close_policy_file(&pf);
380 /*----- That's all, folks -------------------------------------------------*/
~mdw / yaid / blob