src/rxpd_connection.c

   1 /*
   2     rxpd_connection.c - regex policy daemon
   3
   4   Copyright (C)
   5     2007,               Christian Thaeter <ct@pipapo.org>
   6
   7   This program is free software; you can redistribute it and/or
   8   modify it under the terms of the GNU General Public License as
   9   published by the Free Software Foundation; either version 2 of the
  10   License, or (at your option) any later version.
  11
  12   This program is distributed in the hope that it will be useful,
  13   but WITHOUT ANY WARRANTY; without even the implied warranty of
  14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15   GNU General Public License for more details.
  16
  17   You should have received a copy of the GNU General Public License
  18   along with this program; if not, write to the Free Software
  19   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "rxpd.h"
  23
  24 struct rxpd_connection*
  25 rxpd_connection_new (struct rxpd_socket* socket, int fd)
  26 {
  27   struct rxpd_connection* self;
  28   self = rxpd_malloc (sizeof (struct rxpd_connection));
  29
  30   self->fd = fd;
  31   self->socket = socket;
  32   self->file = NULL;
  33   self->tmp_str = NULL;
  34   llist_init (&self->tmp_list);
  35
  36   rxpd_buffer_init (&self->in, fd);
  37   rxpd_buffer_init (&self->out, fd);
  38
  39   self->connecter = NULL;
  40
  41   return self;
  42 }
  43
  44 void
  45 rxpd_connection_delete (struct rxpd_connection* self)
  46 {
  47   if (self)
  48     {
  49       close (self->fd);
  50       free (self->tmp_str);
  51       LLIST_WHILE_HEAD (&self->tmp_list, n)
  52         {
  53           struct rxpd_rule* node = (struct rxpd_rule*)n;
  54           rxpd_rule_delete (node);
  55         }
  56     }
  57   free (self);
  58 }
  59
  60 struct rxpd_connection*
  61 rxpd_connection_spawn (struct rxpd_connection* self)
  62 {
  63   if (self)
  64     {
  65       if (self->connecter)
  66         rxpd_die ("connection thread already spawned\n");
  67
  68       pth_attr_t attr = pth_attr_new ();
  69
  70       pth_attr_set (attr, PTH_ATTR_JOINABLE, FALSE);
  71
  72       self->connecter = pth_spawn (attr, rxpd_connection_parse_cmd, self);
  73
  74       if (!self->connecter)
  75         rxpd_die ("failed spawning thread\n");
  76     }
  77   return self;
  78 }
  79
  80 int
  81 rxpd_connection_check_policy (struct rxpd_connection* self, char* line)
  82 {
  83   struct rxpd_base* base = self->socket->base;
  84   if (base->policy)
  85     {
  86       char buf[256];
  87       buf[0] = '\0';
  88
  89       if (!self->socket->rxpd_socket_addr (self, buf, line, 256))
  90         {
  91           rxpd_log (base, LOG_ERR, "policy line too long\n");
  92           return 0;
  93         }
  94
  95       char* match = NULL;
  96       LLIST_FOREACH (&base->policy->rules, n)
  97       {
  98         struct rxpd_rule* rule = (struct rxpd_rule*)n;
  99         if (rule->string[0] != '#')
 100           {
 101             if (regexec (&rule->rx, buf, 0, NULL, 0) == 0)
 102               {
 103                 match = rule->string;
 104                 break;
 105               }
 106           }
 107       }
 108
 109       if (!match || !RXPD_PREFIXCMP (match, "ACCEPT:"))
 110         {
 111           rxpd_log (base, LOG_WARNING, "policy check: access denied '%s'\n", buf);
 112           return 0;
 113         }
 114       rxpd_log (base, LOG_NOTICE, "policy check: permitted '%s'\n", buf);
 115     }
 116   return 1;
 117 }
 118
 119 void*
 120 rxpd_connection_parse_cmd (void* ptr)
 121 {
 122   struct rxpd_connection* self = (struct rxpd_connection*) ptr;
 123   struct rxpd_base* base = self->socket->base;
 124
 125   char* line;
 126   line = rxpd_buffer_readline (&self->in);
 127
 128   if (!line)
 129     {
 130       rxpd_log (base, LOG_ERR, "no data\n");
 131       rxpd_buffer_printf (&self->out, "#ERROR: no data\n");
 132       close (self->fd);
 133       return NULL;
 134     }
 135
 136   rxpd_log (base, LOG_DEBUG, "parse command '%s'\n", line);
 137
 138   static const struct cmd_table
 139   {
 140     enum rxpd_cmd_e nr;
 141     const char* cmd;
 142     size_t sz;
 143   } cmds[] =
 144     {
 145 #define RXPD_CMD(cmd, _) {RXPD_CMD_##cmd, #cmd":", sizeof (#cmd)},
 146       RXPD_COMMANDS
 147 #undef RXPD_CMD
 148       {0, NULL, 0}
 149     };
 150
 151   const struct cmd_table* i;
 152   for (i = cmds; i->cmd; ++i)
 153     if (strncmp (line, i->cmd, i->sz) == 0)
 154       break;
 155
 156   if (!i->cmd)
 157     {
 158       rxpd_log (base, LOG_ERR, "no command\n");
 159       rxpd_buffer_printf (&self->out, "#ERROR: no command\n");
 160       rxpd_connection_delete (self);
 161       return NULL;
 162     }
 163
 164   if (!rxpd_connection_check_policy (self, line))
 165     {
 166       rxpd_buffer_printf (&self->out, "#ERROR: access denied\n");
 167       rxpd_connection_delete (self);
 168       return NULL;
 169     }
 170
 171   if (line[i->sz])
 172     {
 173       // rulename provided
 174       self->file = (struct rxpd_file*) psplay_find (&base->files, &line[i->sz]);
 175
 176       if (!self->file)
 177         {
 178           self->file = rxpd_file_new (base, &line[i->sz]);
 179           if (!self->file)
 180             {
 181               rxpd_log (base, LOG_ERR, "illeagal filename\n");
 182               rxpd_buffer_printf (&self->out, "#ERROR: illegal filename\n");
 183               rxpd_connection_delete (self);
 184               return NULL;
 185             }
 186         }
 187     }
 188
 189   // dispatch
 190   switch (i->nr)
 191     {
 192 #define RXPD_CMD(cmd, _)                        \
 193 case RXPD_CMD_##cmd:                            \
 194    rxpd_connection_cmd_##cmd (self);            \
 195    rxpd_connection_delete (self);               \
 196   break;
 197
 198       RXPD_COMMANDS
 199 #undef RXPD_CMD
 200     }
 201   return NULL;
 202 }
 203