| blob | dfe33705917ef5ad7884f69ca51ba8fb1c371805 |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
3 /* See LICENSE for licensing information */
4 /* $Id$ */
8 /**
9 * \file policies.c
10 * \brief Code to parse and use address policies and exit policies.
11 **/
15 /** Policy that addresses for incoming SOCKS connections must match. */
17 /** Policy that addresses for incoming directory connections must match. */
19 /** Policy that addresses for incoming router descriptors must match in order
20 * to be published by us. */
22 /** Policy that addresses for incoming router descriptors must match in order
23 * to be marked as valid in our networkstatus. */
25 /** Policy that addresses for incoming router descriptors must <b>not</b>
26 * match in order to not be marked as BadExit. */
29 /** Parsed addr_policy_t describing which addresses we believe we can start
30 * circuits at. */
32 /** Parsed addr_policy_t describing which addresses we believe we can connect
33 * to directories at. */
36 /**
37 * Given a linked list of config lines containing "allow" and "deny"
38 * tokens, parse them and append the result to <b>dest</b>. Return -1
39 * if any tokens are malformed, else return 0.
40 */
41 static int
44 {
62 {
69 }
70 /* Advance nextp to the end of the policy. */
76 }
77 });
80 }
83 }
85 /** Helper: parse the Reachable(Dir|OR)?Addresses fields into
86 * reachable_(or|dir)_addr_policy. */
87 static void
89 {
96 "Both ReachableDirAddresses and ReachableORAddresses are set. "
98 }
111 }
125 }
126 }
128 /** Return true iff the firewall options might block any address:port
129 * combination.
130 */
131 int
133 {
135 }
137 /** Return true iff <b>policy</b> (possibly NULL) will allow a
138 * connection to <b>addr</b>:<b>port</b>.
139 */
140 static int
143 {
144 addr_policy_result_t p;
156 }
157 }
159 /** Return true iff we think our firewall will let us make an OR connection to
160 * addr:port. */
161 int
163 {
165 reachable_or_addr_policy);
166 }
168 /** Return true iff we think our firewall will let us make a directory
169 * connection to addr:port. */
170 int
172 {
174 reachable_dir_addr_policy);
175 }
177 /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
178 * based on <b>dir_policy</b>. Else return 0.
179 */
180 int
182 {
184 }
186 /** Return 1 if <b>addr</b> is permitted to connect to our socks port,
187 * based on <b>socks_policy</b>. Else return 0.
188 */
189 int
191 {
193 }
195 /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
196 * directory, based on <b>authdir_reject_policy</b>. Else return 0.
197 */
198 int
200 {
202 }
204 /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
205 * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
206 */
207 int
209 {
211 }
213 /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
214 * based on <b>authdir_badexit_policy</b>. Else return 0.
215 */
216 int
218 {
220 }
222 #define REJECT(arg) \
223 do { *msg = tor_strdup(arg); goto err; } while (0)
225 /** Config helper: If there's any problem with the policy configuration
226 * options in <b>options</b>, return -1 and set <b>msg</b> to a newly
227 * allocated description of the error. Else return 0. */
228 int
230 {
238 /* The rest of these calls *append* to addr_policy. So don't actually
239 * use the results for anything other than checking if they parse! */
245 ADDR_POLICY_ACCEPT))
248 ADDR_POLICY_ACCEPT))
251 ADDR_POLICY_ACCEPT))
254 ADDR_POLICY_REJECT))
257 ADDR_POLICY_REJECT))
260 err:
263 #undef REJECT
264 }
266 /** Parse <b>string</b> in the same way that the exit policy
267 * is parsed, and put the processed version in *<b>policy</b>.
268 * Ignore port specifiers.
269 */
270 static void
273 {
278 /* ports aren't used. */
282 }
283 }
285 /** Set all policies based on <b>options</b>, which should have been validated
286 * first. */
287 void
289 {
299 }
301 /** Compare two provided address policy items, and return -1, 0, or 1
302 * if the first is less than, equal to, or greater than the second. */
303 static int
305 {
318 }
320 /** Like cmp_single_addr_policy() above, but looks at the
321 * whole set of policies in each case. */
322 int
324 {
331 }
336 else
338 }
340 /** Decide whether a given addr:port is definitely accepted,
341 * definitely rejected, probably accepted, or probably rejected by a
342 * given policy. If <b>addr</b> is 0, we don't know the IP of the
343 * target address. If <b>port</b> is 0, we don't know the port of the
344 * target address.
345 *
346 * For now, the algorithm is pretty simple: we look for definite and
347 * uncertain matches. The first definite match is what we guess; if
348 * it was preceded by no uncertain matches of the opposite policy,
349 * then the guess is definite; otherwise it is probable. (If we
350 * have a known addr and port, all matches are definite; if we have an
351 * unknown addr/port, any address/port ranges other than "all" are
352 * uncertain.)
353 *
354 * We could do better by assuming that some ranges never match typical
355 * addresses (127.0.0.1, and so on). But we'll try this for now.
356 */
357 addr_policy_result_t
360 {
370 /* Address is unknown. */
373 /* The port definitely matches. */
378 }
380 /* The port maybe matches. */
382 }
384 /* Address is known */
387 /* Exact match for the policy */
391 }
392 }
393 }
397 else
399 }
402 /* If we already hit a clause that might trigger a 'reject', than we
403 * can't be sure of this certain 'accept'.*/
405 ADDR_POLICY_ACCEPTED;
408 ADDR_POLICY_REJECTED;
409 }
410 }
411 }
412 /* accept all by default. */
414 }
416 /** Return true iff the address policy <b>a</b> covers every case that
417 * would be covered by <b>b</b>, so that a,b is redundant. */
418 static int
420 {
421 /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
422 * to "accept *:80". */
424 /* There's a wildcard bit in b->msk that's not a wildcard in a. */
426 }
428 /* There's a fixed bit in a that's set differently in b. */
430 }
432 }
434 /** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
435 * that is, there exists an address/port that is covered by <b>a</b> that
436 * is also covered by <b>b</b>.
437 */
438 static int
440 {
441 /* All the bits we care about are those that are set in both
442 * netmasks. If they are equal in a and b's networkaddresses
443 * then the networks intersect. If there is a difference,
444 * then they do not. */
450 }
452 /** Add the exit policy described by <b>more</b> to <b>policy</b>.
453 */
454 static void
456 {
457 config_line_t tmp;
463 }
465 /** Detect and excise "dead code" from the policy *<b>dest</b>. */
466 static void
468 {
471 /* Step one: find a *:* entry and cut off everything after it. */
474 /* This is a catch-all line -- later lines are unreachable. */
478 }
479 }
480 }
482 /* Step two: for every entry, see if there's a redundant entry
483 * later on, and remove it. */
496 }
497 }
498 }
500 /* Step three: for every entry A, see if there's an entry B making this one
501 * redundant later on. This is the case if A and B are of the same type
502 * (accept/reject), A is a subset of B, and there is no other entry of
503 * different type in between those two that intersects with A.
504 *
505 * Anybody want to doublecheck the logic here? XXX
506 */
515 }
529 }
534 }
535 }
536 }
540 }
541 }
542 }
544 #define DEFAULT_EXIT_POLICY \
548 "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
550 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
551 * cfg doesn't end in an absolute accept or reject, add the default exit
552 * policy afterwards. If <b>rejectprivate</b> is true, prepend
553 * "reject private:*" to the policy. Return -1 if we can't parse cfg,
554 * else return 0.
555 */
556 int
559 {
568 }
570 /** Return true iff <b>ri</b> is "useful as an exit node", meaning
571 * it allows exit to at least one /8 address space for at least
572 * two of ports 80, 443, and 6667. */
573 int
575 {
588 /* We have a match that is at least a /8. */
592 }
593 }
594 }
596 }
598 /** Return false if <b>policy</b> might permit access to some addr:port;
599 * otherwise if we are certain it rejects everything, return true. */
600 int
602 {
610 }
612 }
614 /** Write a single address policy to the buf_len byte buffer at buf. Return
615 * the number of characters written, or -1 on failure. */
616 int
618 {
626 /* write accept/reject 1.2.3.4 */
633 /* If the mask is 0xffffffff, we don't need to give it. If the mask is 0,
634 * we already wrote "*". */
641 /* Write "/255.255.0.0" */
646 }
648 }
650 /* There is no port set; write ":*" */
656 /* There is only one port; write ":80". */
662 /* There is a range of ports; write ":79-80". */
668 }
671 else
675 }
677 /** Implementation for GETINFO control command: knows the answer for questions
678 * about "exit-policy/..." */
679 int
682 {
686 }
688 }
690 /** Release all storage held by <b>p</b>. */
691 void
693 {
701 }
702 }
704 /** Release all storage held by policy variables. */
705 void
707 {
720 }