| blob | c011fb171ec25f8f95ed950f304cb6787c362393 |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
3 /* See LICENSE for licensing information */
4 /* $Id$ */
8 /**
9 * \file policies.c
10 * \brief Code to parse and use address policies and exit policies.
11 **/
21 /** Parsed addr_policy_t describing which addresses we believe we can start
22 * circuits at. */
24 /** Parsed addr_policy_t describing which addresses we believe we can connect
25 * to directories at. */
28 /**
29 * Given a linked list of config lines containing "allow" and "deny"
30 * tokens, parse them and append the result to <b>dest</b>. Return -1
31 * if any tokens are malformed, else return 0.
32 */
33 static int
36 {
54 {
61 }
62 /* Advance nextp to the end of the policy. */
68 }
69 });
72 }
75 }
77 /** Helper: parse the Reachable(Dir|OR)?Addresses fields into
78 * reachable_(or|dir)_addr_policy. */
79 static void
81 {
88 "Both ReachableDirAddresses and ReachableORAddresses are set. "
90 }
103 }
117 }
118 }
120 /** Return true iff the firewall options might block any address:port
121 * combination.
122 */
123 int
125 {
127 }
129 /** Return true iff <b>policy</b> (possibly NULL) will allow a
130 * connection to <b>addr</b>:<b>port</b>.
131 */
132 static int
135 {
136 addr_policy_result_t p;
148 }
149 }
151 int
153 {
155 reachable_or_addr_policy);
156 }
158 int
160 {
162 reachable_dir_addr_policy);
163 }
165 /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
166 * based on <b>dir_policy</b>. Else return 0.
167 */
168 int
170 {
172 }
174 /** Return 1 if <b>addr</b> is permitted to connect to our socks port,
175 * based on <b>socks_policy</b>. Else return 0.
176 */
177 int
179 {
181 }
183 /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
184 * directory, based on <b>authdir_reject_policy</b>. Else return 0.
185 */
186 int
188 {
190 }
192 /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
193 * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
194 */
195 int
197 {
199 }
201 /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
202 * based on <b>authdir_badexit_policy</b>. Else return 0.
203 */
204 int
206 {
208 }
210 #define REJECT(arg) \
211 do { *msg = tor_strdup(arg); goto err; } while (0)
212 int
214 {
222 /* The rest of these calls *append* to addr_policy. So don't actually
223 * use the results for anything other than checking if they parse! */
229 ADDR_POLICY_ACCEPT))
232 ADDR_POLICY_ACCEPT))
235 ADDR_POLICY_ACCEPT))
238 ADDR_POLICY_REJECT))
241 ADDR_POLICY_REJECT))
244 err:
247 #undef REJECT
248 }
250 /* Parse <b>string</b> in the same way that the exit policy
251 * is parsed, and put the processed version in *<b>policy</b>.
252 * Ignore port specifiers.
253 */
254 static void
257 {
262 /* ports aren't used. */
266 }
267 }
269 void
271 {
281 }
283 /** Compare two provided address policy items, and return -1, 0, or 1
284 * if the first is less than, equal to, or greater than the second. */
285 static int
287 {
300 }
302 /** Like cmp_single_addr_policy() above, but looks at the
303 * whole set of policies in each case. */
304 int
306 {
313 }
318 else
320 }
322 /** Decide whether a given addr:port is definitely accepted,
323 * definitely rejected, probably accepted, or probably rejected by a
324 * given policy. If <b>addr</b> is 0, we don't know the IP of the
325 * target address. If <b>port</b> is 0, we don't know the port of the
326 * target address.
327 *
328 * For now, the algorithm is pretty simple: we look for definite and
329 * uncertain matches. The first definite match is what we guess; if
330 * it was preceded by no uncertain matches of the opposite policy,
331 * then the guess is definite; otherwise it is probable. (If we
332 * have a known addr and port, all matches are definite; if we have an
333 * unknown addr/port, any address/port ranges other than "all" are
334 * uncertain.)
335 *
336 * We could do better by assuming that some ranges never match typical
337 * addresses (127.0.0.1, and so on). But we'll try this for now.
338 */
339 addr_policy_result_t
342 {
352 /* Address is unknown. */
355 /* The port definitely matches. */
360 }
362 /* The port maybe matches. */
364 }
366 /* Address is known */
369 /* Exact match for the policy */
373 }
374 }
375 }
379 else
381 }
384 /* If we already hit a clause that might trigger a 'reject', than we
385 * can't be sure of this certain 'accept'.*/
387 ADDR_POLICY_ACCEPTED;
390 ADDR_POLICY_REJECTED;
391 }
392 }
393 }
394 /* accept all by default. */
396 }
398 /** Return true iff the address policy <b>a</b> covers every case that
399 * would be covered by <b>b</b>, so that a,b is redundant. */
400 static int
402 {
403 /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
404 * to "accept *:80". */
406 /* There's a wildcard bit in b->msk that's not a wildcard in a. */
408 }
410 /* There's a fixed bit in a that's set differently in b. */
412 }
414 }
416 /** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
417 * that is, there exists an address/port that is covered by <b>a</b> that
418 * is also covered by <b>b</b>.
419 */
420 static int
422 {
423 /* All the bits we care about are those that are set in both
424 * netmasks. If they are equal in a and b's networkaddresses
425 * then the networks intersect. If there is a difference,
426 * then they do not. */
432 }
434 /** Add the exit policy described by <b>more</b> to <b>policy</b>.
435 */
436 static void
438 {
439 config_line_t tmp;
445 }
447 /** Detect and excise "dead code" from the policy *<b>dest</b>. */
448 static void
450 {
453 /* Step one: find a *:* entry and cut off everything after it. */
456 /* This is a catch-all line -- later lines are unreachable. */
460 }
461 }
462 }
464 /* Step two: for every entry, see if there's a redundant entry
465 * later on, and remove it. */
478 }
479 }
480 }
482 /* Step three: for every entry A, see if there's an entry B making this one
483 * redundant later on. This is the case if A and B are of the same type
484 * (accept/reject), A is a subset of B, and there is no other entry of
485 * different type in between those two that intersects with A.
486 *
487 * Anybody want to doublecheck the logic here? XXX
488 */
497 }
511 }
516 }
517 }
521 }
522 }
523 }
525 #define DEFAULT_EXIT_POLICY \
529 "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
531 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
532 * cfg doesn't end in an absolute accept or reject, add the default exit
533 * policy afterwards. If <b>rejectprivate</b> is true, prepend
534 * "reject private:*" to the policy. Return -1 if we can't parse cfg,
535 * else return 0.
536 */
537 int
540 {
549 }
551 /** Return true iff <b>ri</b> is "useful as an exit node", meaning
552 * it allows exit to at least one /8 address space for at least
553 * two of ports 80, 443, and 6667. */
554 int
556 {
569 /* We have a match that is at least a /8. */
573 }
574 }
575 }
577 }
579 /** Return false if <b>policy</b> might permit access to some addr:port;
580 * otherwise if we are certain it rejects everything, return true. */
581 int
583 {
591 }
593 }
595 /** Write a single address policy to the buf_len byte buffer at buf. Return
596 * the number of characters written, or -1 on failure. */
597 int
599 {
607 /* write accept/reject 1.2.3.4 */
614 /* If the mask is 0xffffffff, we don't need to give it. If the mask is 0,
615 * we already wrote "*". */
622 /* Write "/255.255.0.0" */
627 }
629 }
631 /* There is no port set; write ":*" */
637 /* There is only one port; write ":80". */
643 /* There is a range of ports; write ":79-80". */
649 }
652 else
656 }
658 int
661 {
665 }
667 }
669 /** Release all storage held by <b>p</b> */
670 void
672 {
680 }
681 }
683 void
685 {
698 }