#include "yaid.h"
-/*----- Data structures ---------------------------------------------------*/
+/*----- Memory management -------------------------------------------------*/
-/*----- Static variables --------------------------------------------------*/
-
-/*----- Main code ---------------------------------------------------------*/
-
-/* syntax: addrpat portpat addrpar portpat policy
- *
- * local address/port first, then remote
- * addrpat ::= addr [/ len]
- * portpat ::= num | num - num | *
- * policy ::= user policy* | token | name | deny | hide |
+/* Initialize a policy structure. In this state, it doesn't actually have
+ * any resources allocated (so can be simply discarded) but it's safe to free
+ * (using `free_policy').
*/
-
void init_policy(struct policy *p) { p->act.act = A_LIMIT; }
+/* Free an action structure, resetting it to a safe state. This function is
+ * idempotent.
+ */
static void free_action(struct action *a)
{
switch (a->act) {
a->act = A_LIMIT;
}
+/* Free a policy structure, resetting it to its freshly-initialized state.
+ * This function is idempotent.
+ */
void free_policy(struct policy *p)
{ free_action(&p->act); }
-static void print_addrpat(int af, const struct addrpat *ap)
+/*----- Diagnostics -------------------------------------------------------*/
+
+static void print_addrpat(const struct addrops *ao, const struct addrpat *ap)
{
char buf[ADDRLEN];
- if (ap->len == 0) putchar('*');
- else printf("%s/%u", inet_ntop(af, &ap->addr, buf, sizeof(buf)), ap->len);
+ if (ap->len == 0)
+ putchar('*');
+ else {
+ printf("%s/%u",
+ inet_ntop(ao->af, &ap->addr, buf, sizeof(buf)),
+ ap->len);
+ }
}
static void print_portpat(const struct portpat *pp)
else printf("%u-%u", pp->lo, pp->hi);
}
-static void print_sockpat(int af, const struct sockpat *sp)
- { print_addrpat(af, &sp->addr); putchar(' '); print_portpat(&sp->port); }
+static void print_sockpat(const struct addrops *ao, const struct sockpat *sp)
+ { print_addrpat(ao, &sp->addr); putchar(' '); print_portpat(&sp->port); }
+
+static void print_userpat(const struct userpat *up)
+{
+ if (up->lo == up->hi) printf("%d", up->lo);
+ else printf("%u-%u", up->lo, up->hi);
+}
static const char *const acttab[] = {
#define DEFACT(tag, name) name,
}
}
+/* Print a policy rule to standard output. */
void print_policy(const struct policy *p)
{
- print_sockpat(p->af, &p->sp[L]); putchar(' ');
- print_sockpat(p->af, &p->sp[R]); putchar(' ');
+ print_sockpat(p->ao, &p->sp[L]); putchar(' ');
+ print_sockpat(p->ao, &p->sp[R]); putchar(' ');
+ print_userpat(&p->up); putchar(' ');
print_action(&p->act); putchar('\n');
}
-static int match_addrpat(int af, const struct addrpat *ap,
- const union addr *a)
-{
- if (!ap->len)
- return (1);
- switch (af) {
- case AF_INET: {
- unsigned mask = htonl((MASK32 << (32 - ap->len)) & MASK32);
- return (((ap->addr.ipv4.s_addr ^ a->ipv4.s_addr) & mask) == 0);
- }
- case AF_INET6:
- abort();
- }
- return (0);
-}
+/*----- Matching ----------------------------------------------------------*/
+/* Return true if the port matches the pattern. */
static int match_portpat(const struct portpat *pp, unsigned port)
{ return (pp->lo <= port && port <= pp->hi); }
-static int match_sockpat(int af, const struct sockpat *sp,
- const struct socket *s)
+/* Return true if the socket matches the pattern. */
+static int match_sockpat(const struct addrops *ao,
+ const struct sockpat *sp, const struct socket *s)
{
- return (match_addrpat(af, &sp->addr, &s->addr) &&
+ return (ao->match_addrpat(&sp->addr, &s->addr) &&
match_portpat(&sp->port, s->port));
}
+/* Return true if the uid matches the pattern. */
+static int match_userpat(const struct userpat *up, uid_t u)
+ { unsigned uu = u; return (up->lo <= uu && uu <= up->hi); }
+
+/* Return true if the query matches the patterns in the policy rule. */
int match_policy(const struct policy *p, const struct query *q)
{
- return ((!p->af || p->af == q->af) &&
- match_sockpat(p->af, &p->sp[L], &q->s[L]) &&
- match_sockpat(p->af, &p->sp[R], &q->s[R]));
+ return ((!p->ao || p->ao == q->ao) &&
+ match_sockpat(q->ao, &p->sp[L], &q->s[L]) &&
+ match_sockpat(q->ao, &p->sp[R], &q->s[R]) &&
+ match_userpat(&p->up, q->u.uid));
}
+/*----- Parsing -----------------------------------------------------------*/
+
+/* Advance FP to the next line. */
static void nextline(FILE *fp)
{
for (;;) {
}
}
+/* Scan a whitespace-separated token from FP, writing it to BUF. The token
+ * must fit in a buffer of size SZ, including a terminating null. Return
+ * an appropriate T_* error code.
+ */
static int scan(FILE *fp, char *buf, size_t sz)
{
int ch;
skip_ws:
+ /* Before we start grabbing a token proper, find out what's in store. */
ch = getc(fp);
switch (ch) {
+
case '\n':
newline:
+ /* Found a newline. Leave it where it is and report it. */
ungetc(ch, fp);
return (T_EOL);
+
case EOF:
eof:
+ /* Found end-of-file, or an I/O error. Return an appropriate code. */
return (ferror(fp) ? T_ERROR : T_EOF);
+
case '#':
+ /* Found a comment. Consume it, and continue appropriately: it must
+ * be terminated either by a newline or end-of-file.
+ */
for (;;) {
ch = getc(fp);
if (ch == '\n') goto newline;
else if (ch == EOF) goto eof;
}
+
default:
+ /* Whitespace means we just continue around. Anything else and we
+ * start snarfing.
+ */
if (isspace(ch)) goto skip_ws;
break;
}
for (;;) {
+
+ /* If there's buffer space left, store the character. */
if (sz) { *buf++ = ch; sz--; }
+
+ /* Get a new one, and find out what to do about it. */
ch = getc(fp);
switch (ch) {
case '\n':
}
done:
- if (!sz)
- return (T_ERROR);
- else {
- *buf++ = 0; sz--;
- return (T_OK);
- }
+ /* If there's no space for a terminating null then report an error. */
+ if (!sz) return (T_ERROR);
+
+ /* All done. */
+ *buf++ = 0; sz--;
+ return (T_OK);
}
+/* Parse an action name, storing the code in *ACT. Return an appropriate T_*
+ * code.
+ */
static int parse_actname(FILE *fp, unsigned *act)
{
char buf[32];
return (T_ERROR);
}
+/* Parse an action, returning a T_* code. */
static int parse_action(FILE *fp, struct action *act)
{
char buf[32];
unsigned a;
unsigned long m;
+ /* Collect the action name. */
if ((t = parse_actname(fp, &a)) != 0) return (t);
+
+ /* Parse parameters, if there are any. */
switch (a) {
+
case A_USER:
+ /* `user ACTION ACTION ...': store permitted actions in a bitmask. */
m = 0;
for (;;) {
if ((t = parse_actname(fp, &a)) != 0) break;
+ if (a == A_USER) return (T_ERROR);
m |= (1 << a);
}
if (t != T_EOL && t != T_EOF) return (t);
act->act = A_USER;
act->u.user = m;
break;
+
case A_TOKEN:
case A_NAME:
case A_DENY:
case A_HIDE:
+ /* Dull actions which don't accept parameters. */
act->act = a;
break;
+
case A_LIE:
+ /* `lie NAME': store the string we're to report. */
if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
act->act = a;
act->u.lie = xstrdup(buf);
break;
}
+
+ /* Make sure we've reached the end of the line. */
t = scan(fp, buf, sizeof(buf));
if (t != T_EOF && t != T_EOL) {
free_action(act);
return (T_ERROR);
}
+
+ /* Done. */
return (0);
}
-static int parse_sockpat(FILE *fp, int *afp, struct sockpat *sp)
+/* Parse an address pattern, writing it to AP. If the pattern has an
+ * identifiable address family, update *AOP to point to its operations table;
+ * if *AOP is already set to something different then report an error.
+ */
+static int parse_addrpat(FILE *fp, const struct addrops **aop,
+ struct addrpat *ap)
{
char buf[64];
int t;
- int af;
- int alen;
+ const struct addrops *ao;
long n;
char *delim;
+ /* Scan a token for the address pattern. */
if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
- if (strcmp(buf, "*") == 0)
- sp->addr.len = 0;
- else {
- if (strchr(buf, ':')) {
- af = AF_INET6;
- alen = 128;
- } else {
- af = AF_INET;
- alen = 32;
- }
- if (!*afp) *afp = af;
- else if (*afp != af) return (T_ERROR);
- delim = strchr(buf, '/');
- if (delim) *delim++ = 0;
- if (!inet_pton(af, buf, &sp->addr.addr)) return (T_ERROR);
- if (!delim) n = alen;
- else n = strtol(delim, 0, 10);
- if (n < 0 || n > alen) return (T_ERROR);
- sp->addr.len = n;
+
+ /* If this is a wildcard, then leave everything as it is. */
+ if (strcmp(buf, "*") == 0) {
+ ap->len = 0;
+ return (T_OK);
}
+ /* Decide what kind of address this must be. A bit grim, sorry. */
+ if (strchr(buf, ':'))
+ ao = &addroptab[ADDR_IPV6];
+ else
+ ao = &addroptab[ADDR_IPV4];
+
+ /* Update the caller's idea of the address family in use. */
+ if (!*aop) *aop = ao;
+ else if (*aop != ao) return (T_ERROR);
+
+ /* See whether there's a prefix length. If so, clobber it. */
+ delim = strchr(buf, '/');
+ if (delim) *delim++ = 0;
+
+ /* Parse the address. */
+ if (!inet_pton(ao->af, buf, &ap->addr)) return (T_ERROR);
+
+ /* Parse the prefix length, or use the maximum one. */
+ if (!delim) n = ao->len;
+ else n = strtol(delim, 0, 10);
+ if (n < 0 || n > ao->len) return (T_ERROR);
+ ap->len = n;
+
+ /* Done. */
+ return (T_OK);
+}
+
+static int parse_portpat(FILE *fp, struct portpat *pp)
+{
+ char buf[64];
+ int t;
+ long n;
+ char *delim;
+
+ /* Parse a token for the pattern. */
if ((t = scan(fp, buf, sizeof(buf))) != 0) return (T_ERROR);
+
+ /* If this is a wildcard, then we're done. */
if (strcmp(buf, "*") == 0) {
- sp->port.lo = 0;
- sp->port.hi = 65535;
- } else {
- delim = strchr(buf, '-');
- if (delim) *delim++ = 0;
- n = strtol(buf, 0, 0);
- if (n < 0 || n > 65535) return (T_ERROR);
- sp->port.lo = n;
- if (!delim)
- sp->port.hi = n;
- else {
- n = strtol(delim, 0, 0);
- if (n < 0 || n > 65535) return (T_ERROR);
- sp->port.hi = n;
- }
+ pp->lo = 0;
+ pp->hi = 65535;
+ return (T_OK);
+ }
+
+ /* Find a range delimiter. */
+ delim = strchr(buf, '-');
+ if (delim) *delim++ = 0;
+
+ /* Parse the only or low end of the range. */
+ n = strtol(buf, 0, 0);
+ if (n < 0 || n > 65535) return (T_ERROR);
+ pp->lo = n;
+
+ /* If there's no delimiter, then the high end is equal to the low end;
+ * otherwise, parse the high end.
+ */
+ if (!delim)
+ pp->hi = n;
+ else {
+ n = strtol(delim, 0, 0);
+ if (n < pp->lo || n > 65535) return (T_ERROR);
+ pp->hi = n;
+ }
+
+ /* Done. */
+ return (T_OK);
+}
+
+/* Parse a socket pattern, writing it to SP. */
+static int parse_sockpat(FILE *fp, const struct addrops **aop,
+ struct sockpat *sp)
+{
+ int t;
+
+ if ((t = parse_addrpat(fp, aop, &sp->addr)) != 0) return (t);
+ if ((t = parse_portpat(fp, &sp->port)) != 0) return (T_ERROR);
+ return (T_OK);
+}
+
+/* Parse a user pattern, writing it to UP. */
+static int parse_userpat(FILE *fp, struct userpat *up)
+{
+ struct passwd *pw;
+ char buf[32];
+ int t;
+ char *delim;
+
+ if ((t = scan(fp, buf, sizeof(buf))) != 0) return (t);
+ if (!strcmp(buf, "*")) { up->lo = 0; up->hi = UINT_MAX; }
+ else if ((pw = getpwnam(buf)) != 0) up->lo = up->hi = pw->pw_uid;
+ else {
+ if ((delim = strchr(buf, '-')) != 0) *delim++ = 0;
+ up->lo = strtoul(buf, 0, 0);
+ if (!delim) up->hi = up->lo;
+ else if (!*delim) up->hi = UINT_MAX;
+ else up->hi = strtoul(delim, 0, 0);
}
return (0);
}
-int parse_policy(FILE *fp, struct policy *p)
+/* Parse a policy rule line, writing it to P. */
+static int parse_policy(FILE *fp, struct policy *p)
{
int t;
- p->af = 0;
+ p->ao = 0;
free_policy(p);
- if ((t = parse_sockpat(fp, &p->af, &p->sp[L])) != 0) goto fail;
- if ((t = parse_sockpat(fp, &p->af, &p->sp[R])) != 0) goto err;
+ if ((t = parse_sockpat(fp, &p->ao, &p->sp[L])) != 0) goto fail;
+ if ((t = parse_sockpat(fp, &p->ao, &p->sp[R])) != 0) goto err;
+ if ((t = parse_userpat(fp, &p->up)) != 0) goto err;
if ((t = parse_action(fp, &p->act)) != 0) goto err;
return (0);
return (t);
}
+/* Open a policy file by NAME. The description WHAT and query Q are used for
+ * formatting error messages for the log.
+ *
+ * This function is somewhat careful only to read from actual regular files,
+ * though (if the filesystem object identified by NAME is a symlink, say) it
+ * might open a device node or other exotic thing without reading it. This
+ * is likely harmless, since we're running as an unprivileged user anyway.
+ */
int open_policy_file(struct policy_file *pf, const char *name,
- const char *what, const struct query *q)
+ const char *what, const struct query *q, unsigned f)
{
+ struct stat st;
+
if ((pf->fp = fopen(name, "r")) == 0) {
- logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
+ if (errno != ENOENT || !(f & OPF_NOENTOK)) {
+ logmsg(q, LOG_ERR, "failed to open %s `%s': %s",
+ what, name, strerror(errno));
+ }
+ goto err_0;
+ }
+
+ if (fstat(fileno(pf->fp), &st)) {
+ logmsg(q, LOG_ERR, "failed to read information about %s `%s': %s",
what, name, strerror(errno));
- return (-1);
+ goto err_1;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logmsg(q, LOG_ERR, "object `%s', used as %s, is not a regular file",
+ name, what);
+ goto err_1;
}
pf->name = name;
pf->lno = 0;
init_policy(&pf->p);
return (0);
+
+err_1:
+ fclose(pf->fp);
+err_0:
+ return (-1);
}
+/* Read a policy rule from the file, storing it in PF->p. Return one of the
+ * T_* codes.
+ */
int read_policy_file(struct policy_file *pf)
{
int t;
t = parse_policy(pf->fp, &pf->p);
switch (t) {
case T_OK:
+ case T_EOL:
nextline(pf->fp);
- return (0);
+ return (t);
case T_ERROR:
logmsg(pf->q, LOG_ERR, "%s:%d: parse error in %s",
pf->name, pf->lno, pf->what);
pf->err = 1;
- break;
+ return (t);
case T_EOF:
if (ferror(pf->fp)) {
logmsg(pf->q, LOG_ERR, "failed to read %s `%s': %s",
pf->what, pf->name, strerror(errno));
}
- return (-1);
- case T_EOL:
- nextline(pf->fp);
- break;
+ return (t);
default:
abort();
}
}
}
+/* Close a policy file. It doesn't matter whether the file was completely
+ * read.
+ */
void close_policy_file(struct policy_file *pf)
{
fclose(pf->fp);
free_policy(&pf->p);
}
+/* Load a policy file, writing a vector of records into PV. If the policy
+ * file has errors, then leave PV unchanged and return nonzero.
+ */
int load_policy_file(const char *file, policy_v *pv)
{
struct policy_file pf;
policy_v v = DA_INIT;
+ int t = 0;
- if (open_policy_file(&pf, file, "policy file", 0))
+ if (open_policy_file(&pf, file, "policy file", 0, 0))
return (-1);
- while (!read_policy_file(&pf)) {
- DA_PUSH(&v, pf.p);
- init_policy(&pf.p);
+ while ((t = read_policy_file(&pf)) < T_EOF) {
+ if (t == T_OK) {
+ DA_PUSH(&v, pf.p);
+ init_policy(&pf.p);
+ }
}
close_policy_file(&pf);
if (!pf.err) {