PageRenderTime 25ms CodeModel.GetById 20ms RepoModel.GetById 1ms app.codeStats 0ms

/user/blkfin-apps/inetutils/inetutils-1.6/talkd/acl.c

https://bitbucket.org/thelearninglabs/uclinux-distro-tll-public
C | 331 lines | 268 code | 43 blank | 20 comment | 56 complexity | a00fed714cc72f8d6d17246b24099133 MD5 | raw file
Possible License(s): LGPL-2.1, BSD-3-Clause, MPL-2.0-no-copyleft-exception, LGPL-3.0, Unlicense, GPL-2.0, GPL-3.0, CC-BY-SA-3.0, AGPL-1.0, ISC, MIT, 0BSD, LGPL-2.0 
    

  1. /* Copyright (C) 1998,2001,2007 Free Software Foundation, Inc.
    2. 

    3. 

  3.    This file is part of GNU Inetutils.
    4. 

    5. 

  5.    GNU Inetutils is free software; you can redistribute it and/or modify
    6. 

  6.    it under the terms of the GNU General Public License as published by
    7. 

  7.    the Free Software Foundation; either version 3, or (at your option)
    8. 

  8.    any later version.
    9. 

    10. 

  10.    GNU Inetutils is distributed in the hope that it will be useful,
    11. 

  11.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.    MERCHANTABILITY or FITNESS FOR PARTICULAR PURPOSE.  See the
    13. 

  13.    GNU General Public License for more details.
    14. 

    15. 

  15.    You should have received a copy of the GNU General Public License
    16. 

  16.    along with GNU Inetutils; see the file COPYING.  If not, write
    17. 

  17.    to the Free Software Foundation, Inc., 51 Franklin Street,
    18. 

  18.    Fifth Floor, Boston, MA 02110-1301 USA. */
    19. 

  19. 

  20. #include <intalkd.h>
    21. 

  21. #include <pwd.h>
    22. 

  22. #include <regex.h>
    23. 

  23. #include <ctype.h>
    24. 

  24. #include "argcv.h"
    25. 

  25. 

  26. typedef struct netdef netdef_t;
    27. 

  27. 

  28. struct netdef
    29. 

  29. {
    30. 

  30.   netdef_t *next;
    31. 

  31.   unsigned int ipaddr;
    32. 

  32.   unsigned int netmask;
    33. 

  33. };
    34. 

  34. 

  35. #define ACT_ALLOW  0
    36. 

  36. #define ACT_DENY   1
    37. 

  37. 

  38. typedef struct acl acl_t;
    39. 

  39. 

  40. struct acl
    41. 

  41. {
    42. 

  42.   acl_t *next;
    43. 

  43.   regex_t re;
    44. 

  44.   netdef_t *netlist;
    45. 

  45.   int action;
    46. 

  46. };
    47. 

  47. 

  48. 

  49. acl_t *acl_head, *acl_tail;
    50. 

  50. 

  51. #define DOTTED_QUAD_LEN 16
    52. 

  52. 

  53. static int
    54. 

  54. read_address (char **line_ptr, char *ptr)
    55. 

  55. {
    56. 

  56.   char *startp = *line_ptr;
    57. 

  57.   char *endp;
    58. 

  58.   int dotcount = 0;
    59. 

  59. 

  60.   for (endp = startp; *endp; endp++, ptr++)
    61. 

  61.     if (!(isdigit (*endp) || *endp == '.'))
    62. 

  62.       break;
    63. 

  63.     else if (endp < startp + DOTTED_QUAD_LEN)
    64. 

  64.       {
    65. 

  65. 	if (*endp == '.')
    66. 

  66. 	  dotcount++;
    67. 

  67. 	*ptr = *endp;
    68. 

  68.       }
    69. 

  69.     else
    70. 

  70.       break;
    71. 

  71.   *line_ptr = endp;
    72. 

  72.   *ptr = 0;
    73. 

  73.   return dotcount;
    74. 

  74. }
    75. 

  75. 

  76. static netdef_t *
    77. 

  77. netdef_parse (char *str)
    78. 

  78. {
    79. 

  79.   unsigned int ipaddr, netmask;
    80. 

  80.   netdef_t *netdef;
    81. 

  81.   char ipbuf[DOTTED_QUAD_LEN + 1];
    82. 

  82. 

  83.   if (strcmp (str, "any") == 0)
    84. 

  84.     {
    85. 

  85.       ipaddr = 0;
    86. 

  86.       netmask = 0;
    87. 

  87.     }
    88. 

  88.   else
    89. 

  89.     {
    90. 

  90.       read_address (&str, ipbuf);
    91. 

  91.       ipaddr = inet_addr (ipbuf);
    92. 

  92.       if (ipaddr == INADDR_NONE)
    93. 

  93. 	return NULL;
    94. 

  94.       if (*str == 0)
    95. 

  95. 	netmask = 0xfffffffful;
    96. 

  96.       else if (*str != '/')
    97. 

  97. 	return NULL;
    98. 

  98.       else
    99. 

  99. 	{
    100. 

  100. 	  str++;
    101. 

  101. 	  if (read_address (&str, ipbuf) == 0)
    102. 

  102. 	    {
    103. 

  103. 	      /* netmask length */
    104. 

  104. 	      unsigned int len = strtoul (ipbuf, NULL, 0);
    105. 

  105. 	      if (len > 32)
    106. 

  106. 		return NULL;
    107. 

  107. 	      netmask = 0xfffffffful >> (32 - len);
    108. 

  108. 	      netmask <<= (32 - len);
    109. 

  109. 	      /*FIXME: hostorder? */
    110. 

  110. 	    }
    111. 

  111. 	  else
    112. 

  112. 	    netmask = inet_network (ipbuf);
    113. 

  113. 	  netmask = htonl (netmask);
    114. 

  114. 	}
    115. 

  115.     }
    116. 

  116. 

  117.   netdef = malloc (sizeof *netdef);
    118. 

  118.   if (!netdef)
    119. 

  119.     {
    120. 

  120.       syslog (LOG_ERR, "out of memory");
    121. 

  121.       exit (1);
    122. 

  122.     }
    123. 

  123. 

  124.   netdef->next = NULL;
    125. 

  125.   netdef->ipaddr = ipaddr;
    126. 

  126.   netdef->netmask = netmask;
    127. 

  127. 

  128.   return netdef;
    129. 

  129. }
    130. 

  130. 

  131. void
    132. 

  132. read_acl (char *config_file)
    133. 

  133. {
    134. 

  134.   FILE *fp;
    135. 

  135.   int line;
    136. 

  136.   char buf[128];
    137. 

  137.   char *ptr;
    138. 

  138. 

  139.   if (!config_file)
    140. 

  140.     return;
    141. 

  141. 

  142.   fp = fopen (config_file, "r");
    143. 

  143.   if (!fp)
    144. 

  144.     {
    145. 

  145.       syslog (LOG_ERR, "can't open config file %s: %m", config_file);
    146. 

  146.       return;
    147. 

  147.     }
    148. 

  148. 

  149.   line = 0;
    150. 

  150.   while ((ptr = fgets (buf, sizeof buf, fp)))
    151. 

  151.     {
    152. 

  152.       int len, i;
    153. 

  153.       int argc;
    154. 

  154.       char **argv;
    155. 

  155.       int action;
    156. 

  156.       regex_t re;
    157. 

  157.       netdef_t *head, *tail;
    158. 

  158.       acl_t *acl;
    159. 

  159. 

  160.       line++;
    161. 

  161.       len = strlen (ptr);
    162. 

  162.       if (len > 0 && ptr[len - 1] == '\n')
    163. 

  163. 	ptr[--len] = 0;
    164. 

  164. 

  165.       while (*ptr && isspace (*ptr))
    166. 

  166. 	ptr++;
    167. 

  167.       if (!*ptr || *ptr == '#')
    168. 

  168. 	continue;
    169. 

  169. 

  170.       argcv_get (ptr, "", &argc, &argv);
    171. 

  171.       if (argc < 2)
    172. 

  172. 	{
    173. 

  173. 	  syslog (LOG_ERR, "%s:%d: too few fields", config_file, line);
    174. 

  174. 	  argcv_free (argc, argv);
    175. 

  175. 	  continue;
    176. 

  176. 	}
    177. 

  177. 

  178.       if (strcmp (argv[0], "allow") == 0)
    179. 

  179. 	action = ACT_ALLOW;
    180. 

  180.       else if (strcmp (argv[0], "deny") == 0)
    181. 

  181. 	action = ACT_DENY;
    182. 

  182.       else
    183. 

  183. 	{
    184. 

  184. 	  syslog (LOG_ERR, "%s:%d: unknown keyword", config_file, line);
    185. 

  185. 	  argcv_free (argc, argv);
    186. 

  186. 	  continue;
    187. 

  187. 	}
    188. 

  188. 

  189.       if (regcomp (&re, argv[1], 0) != 0)
    190. 

  190. 	{
    191. 

  191. 	  syslog (LOG_ERR, "%s:%d: bad regexp", config_file, line);
    192. 

  192. 	  argcv_free (argc, argv);
    193. 

  193. 	  continue;
    194. 

  194. 	}
    195. 

  195. 

  196.       head = tail = NULL;
    197. 

  197.       for (i = 2; i < argc; i++)
    198. 

  198. 	{
    199. 

  199. 	  netdef_t *cur = netdef_parse (argv[i]);
    200. 

  200. 	  if (!cur)
    201. 

  201. 	    {
    202. 

  202. 	      syslog (LOG_ERR, "%s:%d: can't parse netdef: %s",
    203. 

  203. 		      config_file, line, argv[i]);
    204. 

  204. 	      continue;
    205. 

  205. 	    }
    206. 

  206. 	  if (!tail)
    207. 

  207. 	    head = cur;
    208. 

  208. 	  else
    209. 

  209. 	    tail->next = cur;
    210. 

  210. 	  tail = cur;
    211. 

  211. 	}
    212. 

  212. 

  213.       argcv_free (argc, argv);
    214. 

  214. 

  215.       acl = malloc (sizeof *acl);
    216. 

  216.       if (!acl)
    217. 

  217. 	{
    218. 

  218. 	  syslog (LOG_CRIT, "out of memory");
    219. 

  219. 	  exit (1);
    220. 

  220. 	}
    221. 

  221.       acl->next = NULL;
    222. 

  222.       acl->action = action;
    223. 

  223.       acl->netlist = head;
    224. 

  224.       acl->re = re;
    225. 

  225. 

  226.       if (!acl_tail)
    227. 

  227. 	acl_head = acl;
    228. 

  228.       else
    229. 

  229. 	acl_tail->next = acl;
    230. 

  230.       acl_tail = acl;
    231. 

  231.     }
    232. 

  232. 

  233.   fclose (fp);
    234. 

  234. }
    235. 

  235. 

  236. static acl_t *
    237. 

  237. open_users_acl (char *name)
    238. 

  238. {
    239. 

  239.   char *filename;
    240. 

  240.   struct passwd *pw;
    241. 

  241.   acl_t *mark;
    242. 

  242. 

  243.   pw = getpwnam (name);
    244. 

  244.   if (!pw)
    245. 

  245.     return NULL;
    246. 

  246. 

  247.   filename =
    248. 

  248.     malloc (strlen (pw->pw_dir) + sizeof (USER_ACL_NAME) +
    249. 

  249. 	    2 /* Null and separator.  */ );
    250. 

  250.   if (!filename)
    251. 

  251.     {
    252. 

  252.       syslog (LOG_ERR, "out of memory");
    253. 

  253.       return NULL;
    254. 

  254.     }
    255. 

  255. 

  256.   sprintf (filename, "%s/%s", pw->pw_dir, USER_ACL_NAME);
    257. 

  257. 

  258.   mark = acl_tail;
    259. 

  259.   read_acl (filename);
    260. 

  260.   free (filename);
    261. 

  261.   return mark;
    262. 

  262. }
    263. 

  263. 

  264. static void
    265. 

  265. netdef_free (netdef_t * netdef)
    266. 

  266. {
    267. 

  267.   netdef_t *next;
    268. 

  268. 

  269.   while (netdef)
    270. 

  270.     {
    271. 

  271.       next = netdef->next;
    272. 

  272.       free (netdef);
    273. 

  273.       netdef = next;
    274. 

  274.     }
    275. 

  275. }
    276. 

  276. 

  277. static void
    278. 

  278. acl_free (acl_t * acl)
    279. 

  279. {
    280. 

  280.   acl_t *next;
    281. 

  281. 

  282.   while (acl)
    283. 

  283.     {
    284. 

  284.       next = acl->next;
    285. 

  285.       regfree (&acl->re);
    286. 

  286.       netdef_free (acl->netlist);
    287. 

  287.       free (acl);
    288. 

  288.       acl = next;
    289. 

  289.     }
    290. 

  290. }
    291. 

  291. 

  292. static void
    293. 

  293. discard_acl (acl_t * mark)
    294. 

  294. {
    295. 

  295.   if (mark)
    296. 

  296.     {
    297. 

  297.       acl_free (mark->next);
    298. 

  298.       acl_tail = mark;
    299. 

  299.       acl_tail->next = NULL;
    300. 

  300.     }
    301. 

  301.   else
    302. 

  302.     acl_head = acl_tail = NULL;
    303. 

  303. }
    304. 

  304. 

  305. int
    306. 

  306. acl_match (CTL_MSG * msg, struct sockaddr_in *sa_in)
    307. 

  307. {
    308. 

  308.   acl_t *acl, *mark;
    309. 

  309.   unsigned int ip;
    310. 

  310. 

  311.   mark = open_users_acl (msg->r_name);
    312. 

  312.   ip = sa_in->sin_addr.s_addr;
    313. 

  313.   for (acl = acl_head; acl; acl = acl->next)
    314. 

  314.     {
    315. 

  315.       netdef_t *net;
    316. 

  316. 

  317.       for (net = acl->netlist; net; net = net->next)
    318. 

  318. 	{
    319. 

  319. 	  if (net->ipaddr == (ip & net->netmask))
    320. 

  320. 	    {
    321. 

  321. 	      if (regexec (&acl->re, msg->l_name, 0, NULL, 0) == 0)
    322. 

  322. 		{
    323. 

  323. 		  discard_acl (mark);
    324. 

  324. 		  return acl->action;
    325. 

  325. 		}
    326. 

  326. 	    }
    327. 

  327. 	}
    328. 

  328.     }
    329. 

  329.   discard_acl (mark);
    330. 

  330.   return ACT_ALLOW;
    331. 

  331. }
    332. 

  332.