usr.sbin/faithd/prefix.c

   1 /*      $KAME: prefix.c,v 1.9 2001/07/02 14:36:49 itojun Exp $  */
   2 /*      $FreeBSD: src/usr.sbin/faithd/prefix.c,v 1.1.2.2 2002/04/28 05:40:29 suz Exp $  */
   3 /*      $DragonFly: src/usr.sbin/faithd/prefix.c,v 1.4 2003/11/16 14:10:45 eirikn Exp $ */
   4
   5 /*
   6  * Copyright (C) 2000 WIDE Project.
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  * 3. Neither the name of the project nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include <sys/types.h>
  35 #include <sys/socket.h>
  36 #include <netinet/in.h>
  37 #include <stdio.h>
  38 #include <netdb.h>
  39 #include <string.h>
  40 #include <stddef.h>
  41 #include <stdlib.h>
  42 #include <limits.h>
  43
  44 #ifndef offsetof
  45 #define offsetof(type, member)  ((size_t)(u_long)(&((type *)0)->member))
  46 #endif
  47
  48 #include "faithd.h"
  49 #include "prefix.h"
  50
  51 static int prefix_set(const char *, struct prefix *, int);
  52 static struct config *config_load1(const char *);
  53 #if 0
  54 static void config_show1(const struct config *);
  55 static void config_show(void);
  56 #endif
  57
  58 struct config *config_list = NULL;
  59 #ifdef NI_WITHSCOPEID
  60 const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
  61 #else
  62 const int niflags = NI_NUMERICHOST;
  63 #endif
  64
  65 static int
  66 prefix_set(const char *s, struct prefix *prefix, int slash)
  67 {
  68         char *p, *q, *r;
  69         struct addrinfo hints, *res = NULL;
  70         int max;
  71         char *a;
  72
  73         p = strdup(s);
  74         q = strchr(p, '/');
  75         if (q) {
  76                 if (!slash)
  77                         goto fail;
  78                 *q++ = '\0';
  79         }
  80
  81         memset(&hints, 0, sizeof(hints));
  82         hints.ai_family = PF_UNSPEC;
  83         hints.ai_socktype = SOCK_DGRAM; /*dummy*/
  84         hints.ai_flags = AI_NUMERICHOST;
  85         if (getaddrinfo(p, "0", &hints, &res))
  86                 goto fail;
  87         if (res->ai_next || res->ai_addrlen > sizeof(prefix->a))
  88                 goto fail;
  89         memcpy(&prefix->a, res->ai_addr, res->ai_addrlen);
  90
  91         switch (prefix->a.ss_family) {
  92         case AF_INET:
  93                 max = 32;
  94                 a = (char *)&((struct sockaddr_in *)&prefix->a)->sin_addr;
  95                 break;
  96         case AF_INET6:
  97                 max = 128;
  98                 a = (char *)&((struct sockaddr_in6 *)&prefix->a)->sin6_addr;
  99                 break;
 100         default:
 101                 a = NULL;
 102                 max = -1;
 103                 break;
 104         }
 105
 106         if (q) {
 107                 r = NULL;
 108                 prefix->l = (int)strtoul(q, &r, 10);
 109                 if (!*q || *r)
 110                         goto fail;
 111                 if (prefix->l < 0 || prefix->l > max)
 112                         goto fail;
 113         } else
 114                 prefix->l = max;
 115
 116         if (p)
 117                 free(p);
 118         if (res)
 119                 freeaddrinfo(res);
 120         return 0;
 121
 122 fail:
 123         if (p)
 124                 free(p);
 125         if (res)
 126                 freeaddrinfo(res);
 127         return -1;
 128 }
 129
 130 const char *
 131 prefix_string(const struct prefix *prefix)
 132 {
 133         static char buf[NI_MAXHOST + 20];
 134         char hbuf[NI_MAXHOST];
 135
 136         if (getnameinfo((const struct sockaddr *)&prefix->a, prefix->a.ss_len,
 137             hbuf, sizeof(hbuf), NULL, 0, niflags))
 138                 return NULL;
 139         snprintf(buf, sizeof(buf), "%s/%d", hbuf, prefix->l);
 140         return buf;
 141 }
 142
 143 int
 144 prefix_match(const struct prefix *prefix, const struct sockaddr *sa)
 145 {
 146         struct sockaddr_storage a, b;
 147         char *pa, *pb;
 148         int off, l;
 149
 150         if (prefix->a.ss_family != sa->sa_family ||
 151             prefix->a.ss_len != sa->sa_len)
 152                 return 0;
 153
 154         if (prefix->a.ss_len > sizeof(a) || sa->sa_len > sizeof(b))
 155                 return 0;
 156
 157         switch (prefix->a.ss_family) {
 158         case AF_INET:
 159                 off = offsetof(struct sockaddr_in, sin_addr);
 160                 break;
 161         case AF_INET6:
 162                 off = offsetof(struct sockaddr_in6, sin6_addr);
 163                 break;
 164         default:
 165                 if (memcmp(&prefix->a, sa, prefix->a.ss_len) != 0)
 166                         return 0;
 167                 else
 168                         return 1;
 169         }
 170
 171         memcpy(&a, &prefix->a, prefix->a.ss_len);
 172         memcpy(&b, sa, sa->sa_len);
 173         l = prefix->l / 8 + (prefix->l % 8 ? 1 : 0);
 174
 175         /* overrun check */
 176         if (off + l > a.ss_len)
 177                 return 0;
 178
 179         pa = ((char *)&a) + off;
 180         pb = ((char *)&b) + off;
 181         if (prefix->l % 8) {
 182                 pa[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
 183                 pb[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
 184         }
 185         if (memcmp(pa, pb, l) != 0)
 186                 return 0;
 187         else
 188                 return 1;
 189 }
 190
 191 /*
 192  * prefix/prefixlen permit/deny prefix/prefixlen [srcaddr]
 193  * 3ffe::/16 permit 10.0.0.0/8 10.1.1.1
 194  */
 195 static struct config *
 196 config_load1(const char *line)
 197 {
 198         struct config *conf;
 199         char buf[BUFSIZ];
 200         char *p;
 201         char *token[4];
 202         int i;
 203
 204         if (strlen(line) + 1 > sizeof(buf))
 205                 return NULL;
 206         strlcpy(buf, line, sizeof(buf));
 207
 208         p = strchr(buf, '\n');
 209         if (!p)
 210                 return NULL;
 211         *p = '\0';
 212         p = strchr(buf, '#');
 213         if (p)
 214                 *p = '\0';
 215         if (strlen(buf) == 0)
 216                 return NULL;
 217
 218         p = buf;
 219         memset(token, 0, sizeof(token));
 220         for (i = 0; i < sizeof(token) / sizeof(token[0]); i++) {
 221                 token[i] = strtok(p, "\t ");
 222                 p = NULL;
 223                 if (token[i] == NULL)
 224                         break;
 225         }
 226         /* extra tokens? */
 227         if (strtok(p, "\t ") != NULL)
 228                 return NULL;
 229         /* insufficient tokens */
 230         switch (i) {
 231         case 3:
 232         case 4:
 233                 break;
 234         default:
 235                 return NULL;
 236         }
 237
 238         conf = (struct config *)malloc(sizeof(*conf));
 239         if (conf == NULL)
 240                 return NULL;
 241         memset(conf, 0, sizeof(*conf));
 242
 243         if (strcasecmp(token[1], "permit") == 0)
 244                 conf->permit = 1;
 245         else if (strcasecmp(token[1], "deny") == 0)
 246                 conf->permit = 0;
 247         else {
 248                 /* invalid keyword is considered as "deny" */
 249                 conf->permit = 0;
 250         }
 251
 252         if (prefix_set(token[0], &conf->match, 1) < 0)
 253                 goto fail;
 254         if (prefix_set(token[2], &conf->dest, 1) < 0)
 255                 goto fail;
 256         if (token[3]) {
 257                 if (prefix_set(token[3], &conf->src, 0) < 0)
 258                         goto fail;
 259         }
 260
 261         return conf;
 262
 263 fail:
 264         free(conf);
 265         return NULL;
 266 }
 267
 268 int
 269 config_load(const char *configfile)
 270 {
 271         FILE *fp;
 272         char buf[BUFSIZ];
 273         struct config *conf, *p;
 274         struct config sentinel;
 275
 276         config_list = NULL;
 277
 278         if (!configfile)
 279                 configfile = _PATH_PREFIX_CONF;
 280         fp = fopen(configfile, "r");
 281         if (fp == NULL)
 282                 return -1;
 283
 284         p = &sentinel;
 285         while (fgets(buf, sizeof(buf), fp) != NULL) {
 286                 conf = config_load1(buf);
 287                 if (conf) {
 288                         p->next = conf;
 289                         p = p->next;
 290                 }
 291         }
 292         config_list = sentinel.next;
 293
 294         fclose(fp);
 295         return 0;
 296 }
 297
 298 #if 0
 299 static void
 300 config_show1(const struct config *conf)
 301 {
 302         const char *p;
 303
 304         p = prefix_string(&conf->match);
 305         printf("%s", p ? p : "?");
 306
 307         if (conf->permit)
 308                 printf(" permit");
 309         else
 310                 printf(" deny");
 311
 312         p = prefix_string(&conf->dest);
 313         printf(" %s", p ? p : "?");
 314
 315         printf("\n");
 316 }
 317
 318 static void
 319 config_show(void)
 320 {
 321         struct config *conf;
 322
 323         for (conf = config_list; conf; conf = conf->next)
 324                 config_show1(conf);
 325 }
 326 #endif
 327
 328 const struct config *
 329 config_match(struct sockaddr *sa1, struct sockaddr *sa2)
 330 {
 331         static struct config conf;
 332         const struct config *p;
 333
 334         if (sa1->sa_len > sizeof(conf.match.a) ||
 335             sa2->sa_len > sizeof(conf.dest.a))
 336                 return NULL;
 337
 338         memset(&conf, 0, sizeof(conf));
 339         if (!config_list) {
 340                 conf.permit = 1;
 341                 memcpy(&conf.match.a, sa1, sa1->sa_len);
 342                 memcpy(&conf.dest.a, sa2, sa2->sa_len);
 343                 return &conf;
 344         }
 345
 346         for (p = config_list; p; p = p->next)
 347                 if (prefix_match(&p->match, sa1) && prefix_match(&p->dest, sa2))
 348                         return p;
 349
 350         return NULL;
 351 }