usr.sbin/faithd/prefix.c

80708Sjake/*	$KAME: prefix.c,v 1.8 2000/11/24 06:16:56 itojun Exp $	*/
82895Sjake/*	$FreeBSD: head/usr.sbin/faithd/prefix.c 78064 2001-06-11 12:39:29Z ume $	*/
80708Sjake
80708Sjake/*
80708Sjake * Copyright (C) 2000 WIDE Project.
80708Sjake * All rights reserved.
80708Sjake *
80708Sjake * Redistribution and use in source and binary forms, with or without
80708Sjake * modification, are permitted provided that the following conditions
80708Sjake * are met:
80708Sjake * 1. Redistributions of source code must retain the above copyright
80708Sjake *    notice, this list of conditions and the following disclaimer.
80708Sjake * 2. Redistributions in binary form must reproduce the above copyright
80708Sjake *    notice, this list of conditions and the following disclaimer in the
81334Sobrien *    documentation and/or other materials provided with the distribution.
80708Sjake * 3. Neither the name of the project nor the names of its contributors
80708Sjake *    may be used to endorse or promote products derived from this software
81334Sobrien *    without specific prior written permission.
80708Sjake *
80708Sjake * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
80708Sjake * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80708Sjake * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
80708Sjake * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
80708Sjake * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
80708Sjake * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
80708Sjake * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
82895Sjake * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
80708Sjake * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
80708Sjake * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
80708Sjake * SUCH DAMAGE.
80709Sjake */
80709Sjake
80709Sjake#include <sys/types.h>
80709Sjake#include <sys/socket.h>
80709Sjake#include <netinet/in.h>
225890Smarius#include <stdio.h>
225890Smarius#include <netdb.h>
225890Smarius#include <string.h>
225890Smarius#include <stddef.h>
88617Sjake#include <stdlib.h>
88617Sjake#include <limits.h>
88617Sjake
88617Sjake#ifndef offsetof
88617Sjake#define	offsetof(type, member)	((size_t)(u_long)(&((type *)0)->member))
88617Sjake#endif
88617Sjake
80708Sjake#include "faithd.h"
80709Sjake#include "prefix.h"
80709Sjake
80709Sjakestatic int prefix_set __P((const char *, struct prefix *, int));
80709Sjakestatic struct config *config_load1 __P((const char *));
80709Sjake#if 0
80709Sjakestatic void config_show1 __P((const struct config *));
80709Sjakestatic void config_show __P((void));
80709Sjake#endif
80709Sjake
80709Sjakestruct config *config_list = NULL;
80709Sjake#ifdef NI_WITHSCOPEID
80709Sjakeconst int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
80709Sjake#else
80709Sjakeconst int niflags = NI_NUMERICHOST;
80709Sjake#endif
80709Sjake
80709Sjakestatic int
80709Sjakeprefix_set(s, prefix, slash)
80709Sjake	const char *s;
80709Sjake	struct prefix *prefix;
80709Sjake	int slash;
80709Sjake{
80709Sjake	char *p, *q, *r;
80709Sjake	struct addrinfo hints, *res = NULL;
80709Sjake	int max;
80709Sjake	char *a;
80709Sjake
108153Sjake	p = strdup(s);
80709Sjake	q = strchr(p, '/');
225889Smarius	if (q) {
225889Smarius		if (!slash)
225889Smarius			goto fail;
225889Smarius		*q++ = '\0';
228222Smarius	}
225889Smarius
225889Smarius	memset(&hints, 0, sizeof(hints));
225889Smarius	hints.ai_family = PF_UNSPEC;
80709Sjake	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
225889Smarius	hints.ai_flags = AI_NUMERICHOST;
80708Sjake	if (getaddrinfo(p, "0", &hints, &res))
80708Sjake		goto fail;
129568Smarius	if (res->ai_next || res->ai_addrlen > sizeof(prefix->a))
80708Sjake		goto fail;
225890Smarius	memcpy(&prefix->a, res->ai_addr, res->ai_addrlen);
225890Smarius
80708Sjake	switch (prefix->a.ss_family) {
80709Sjake	case AF_INET:
225890Smarius		max = 32;
80709Sjake		a = (char *)&((struct sockaddr_in *)&prefix->a)->sin_addr;
80709Sjake		break;
80709Sjake	case AF_INET6:
225890Smarius		max = 128;
241374Sattilio		a = (char *)&((struct sockaddr_in6 *)&prefix->a)->sin6_addr;
80709Sjake		break;
80708Sjake	default:
80708Sjake		a = NULL;
80709Sjake		max = -1;
80709Sjake		break;
80709Sjake	}
225890Smarius
80709Sjake	if (q) {
80708Sjake		r = NULL;
80708Sjake		prefix->l = (int)strtoul(q, &r, 10);
108153Sjake		if (!*q || *r)
80709Sjake			goto fail;
225890Smarius		if (prefix->l < 0 || prefix->l > max)
225890Smarius			goto fail;
225890Smarius	} else
80709Sjake		prefix->l = max;
80709Sjake
80708Sjake	if (p)
108153Sjake		free(p);
108153Sjake	if (res)
80708Sjake		freeaddrinfo(res);
108153Sjake	return 0;
108153Sjake
225890Smariusfail:
241374Sattilio	if (p)
108153Sjake		free(p);
108153Sjake	if (res)
80708Sjake		freeaddrinfo(res);
108153Sjake	return -1;
108153Sjake}
80709Sjake
225890Smariusconst char *
108153Sjakeprefix_string(prefix)
108153Sjake	const struct prefix *prefix;
80708Sjake{
253994Smarius	static char buf[NI_MAXHOST + 20];
80709Sjake	char hbuf[NI_MAXHOST];
251783Sed
241374Sattilio	if (getnameinfo((struct sockaddr *)&prefix->a, prefix->a.ss_len, hbuf,
80709Sjake	    sizeof(hbuf), NULL, 0, niflags))
80709Sjake		return NULL;
80708Sjake	snprintf(buf, sizeof(buf), "%s/%d", hbuf, prefix->l);
253994Smarius	return buf;
80709Sjake}
225890Smarius
225890Smariusint
80709Sjakeprefix_match(prefix, sa)
80709Sjake	const struct prefix *prefix;
80709Sjake	const struct sockaddr *sa;
80709Sjake{
80709Sjake	struct sockaddr_storage a, b;
80708Sjake	char *pa, *pb;
253994Smarius	int off, l;
80709Sjake
225890Smarius	if (prefix->a.ss_family != sa->sa_family ||
225890Smarius	    prefix->a.ss_len != sa->sa_len)
80709Sjake		return 0;
80709Sjake
80709Sjake	if (prefix->a.ss_len > sizeof(a) || sa->sa_len > sizeof(b))
80709Sjake		return 0;
80708Sjake
253994Smarius	switch (prefix->a.ss_family) {
253994Smarius	case AF_INET:
253994Smarius		off = offsetof(struct sockaddr_in, sin_addr);
253994Smarius		break;
253994Smarius	case AF_INET6:
253994Smarius		off = offsetof(struct sockaddr_in6, sin6_addr);
253994Smarius		break;
253994Smarius	default:
253994Smarius		if (memcmp(&prefix->a, sa, prefix->a.ss_len) != 0)
253994Smarius			return 0;
80709Sjake		else
80709Sjake			return 1;
108153Sjake	}
80709Sjake
80709Sjake	memcpy(&a, &prefix->a, prefix->a.ss_len);
225890Smarius	memcpy(&b, sa, sa->sa_len);
80709Sjake	l = prefix->l / 8 + (prefix->l % 8 ? 1 : 0);
108153Sjake
80709Sjake	/* overrun check */
80709Sjake	if (off + l > a.ss_len)
225890Smarius		return 0;
80709Sjake
108153Sjake	pa = ((char *)&a) + off;
80709Sjake	pb = ((char *)&b) + off;
80709Sjake	if (prefix->l % 8) {
225890Smarius		pa[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
80709Sjake		pb[prefix->l / 8] &= 0xff00 >> (prefix->l % 8);
80709Sjake	}
108153Sjake	if (memcmp(pa, pb, l) != 0)
80709Sjake		return 0;
80709Sjake	else
225890Smarius		return 1;
80709Sjake}
108153Sjake
80709Sjake/*
80709Sjake * prefix/prefixlen permit/deny prefix/prefixlen [srcaddr]
225890Smarius * 3ffe::/16 permit 10.0.0.0/8 10.1.1.1
80709Sjake */
108153Sjakestatic struct config *
80709Sjakeconfig_load1(line)
80709Sjake	const char *line;
225890Smarius{
80709Sjake	struct config *conf;
80709Sjake	char buf[BUFSIZ];
80709Sjake	char *p;
80709Sjake	char *token[4];
80709Sjake	int i;
225890Smarius
80709Sjake	if (strlen(line) + 1 > sizeof(buf))
80709Sjake		return NULL;
80709Sjake	strlcpy(buf, line, sizeof(buf));
80709Sjake
225890Smarius	p = strchr(buf, '\n');
80709Sjake	if (!p)
80709Sjake		return NULL;
80709Sjake	*p = '\0';
80709Sjake	p = strchr(buf, '#');
225890Smarius	if (p)
80709Sjake		*p = '\0';
80709Sjake	if (strlen(buf) == 0)
80709Sjake		return NULL;
82895Sjake
82895Sjake	p = buf;
225890Smarius	memset(token, 0, sizeof(token));
82895Sjake	for (i = 0; i < sizeof(token) / sizeof(token[0]); i++) {
82895Sjake		token[i] = strtok(p, "\t ");
80709Sjake		p = NULL;
80709Sjake		if (token[i] == NULL)
225890Smarius			break;
80709Sjake	}
80709Sjake	/* extra tokens? */
80709Sjake	if (strtok(p, "\t ") != NULL)
80709Sjake		return NULL;
80709Sjake	/* insufficient tokens */
253994Smarius	switch (i) {
80709Sjake	case 3:
80709Sjake	case 4:
108153Sjake		break;
80709Sjake	default:
80709Sjake		return NULL;
225890Smarius	}
80709Sjake
108153Sjake	conf = (struct config *)malloc(sizeof(*conf));
80709Sjake	if (conf == NULL)
80709Sjake		return NULL;
225890Smarius	memset(conf, 0, sizeof(*conf));
80709Sjake
108153Sjake	if (strcasecmp(token[1], "permit") == 0)
80709Sjake		conf->permit = 1;
80709Sjake	else if (strcasecmp(token[1], "deny") == 0)
225890Smarius		conf->permit = 0;
80709Sjake	else {
80709Sjake		/* invalid keyword is considered as "deny" */
108153Sjake		conf->permit = 0;
80709Sjake	}
80709Sjake
225890Smarius	if (prefix_set(token[0], &conf->match, 1) < 0)
80709Sjake		goto fail;
108153Sjake	if (prefix_set(token[2], &conf->dest, 1) < 0)
80709Sjake		goto fail;
80709Sjake	if (token[3]) {
225890Smarius		if (prefix_set(token[3], &conf->src, 0) < 0)
80709Sjake			goto fail;
108153Sjake	}
80709Sjake
80709Sjake	return conf;
225890Smarius
80709Sjakefail:
80709Sjake	free(conf);
80709Sjake	return NULL;
253994Smarius}
253994Smarius
253994Smariusint
253994Smariusconfig_load(configfile)
253994Smarius	const char *configfile;
80709Sjake{
80709Sjake	FILE *fp;
253994Smarius	char buf[BUFSIZ];
80709Sjake	struct config *conf, *p;
80708Sjake	struct config sentinel;
285283Skib
285283Skib	config_list = NULL;
285283Skib
285283Skib	if (!configfile)
285283Skib		configfile = _PATH_PREFIX_CONF;
285283Skib	fp = fopen(configfile, "r");
285283Skib	if (fp == NULL)
285283Skib		return -1;
285283Skib
285283Skib	p = &sentinel;
285283Skib	while (fgets(buf, sizeof(buf), fp) != NULL) {
285283Skib		conf = config_load1(buf);
285283Skib		if (conf) {
285283Skib			p->next = conf;
285283Skib			p = p->next;
285283Skib		}
285283Skib	}
285283Skib	config_list = sentinel.next;
285283Skib
285283Skib	fclose(fp);
285283Skib	return 0;
285283Skib}
285283Skib
285283Skib#if 0
285283Skibstatic void
285283Skibconfig_show1(conf)
285283Skib	const struct config *conf;
285283Skib{
285283Skib	const char *p;
129569Smarius
129569Smarius	p = prefix_string(&conf->match);
80708Sjake	printf("%s", p ? p : "?");
129569Smarius
129569Smarius	if (conf->permit)
80708Sjake		printf(" permit");
148067Sjhb	else
80708Sjake		printf(" deny");
150627Sjhb
150627Sjhb	p = prefix_string(&conf->dest);
177373Spjd	printf(" %s", p ? p : "?");
294539Sjhb
150627Sjhb	printf("\n");
80709Sjake}
80709Sjake
80709Sjakestatic void
80709Sjakeconfig_show()
80709Sjake{
80709Sjake	struct config *conf;
80709Sjake
253994Smarius	for (conf = config_list; conf; conf = conf->next)
253994Smarius		config_show1(conf);
253994Smarius}
253994Smarius#endif
253994Smarius
80708Sjakeconst struct config *
80708Sjakeconfig_match(sa1, sa2)
	struct sockaddr *sa1, *sa2;
{
	static struct config conf;
	const struct config *p;

	if (sa1->sa_len > sizeof(conf.match.a) ||
	    sa2->sa_len > sizeof(conf.dest.a))
		return NULL;

	memset(&conf, 0, sizeof(conf));
	if (!config_list) {
		conf.permit = 1;
		memcpy(&conf.match.a, sa1, sa1->sa_len);
		memcpy(&conf.dest.a, sa2, sa2->sa_len);
		return &conf;
	}

	for (p = config_list; p; p = p->next)
		if (prefix_match(&p->match, sa1) && prefix_match(&p->dest, sa2))
			return p;

	return NULL;
}