git: 9front

ref: c23736f35ed7a2cc1dcdbca7cd4d8418cad76d86
dir: /sys/src/cmd/ratfs/ctlfiles.c/

View raw version
#include "ratfs.h"

enum {
	ACCEPT = 0,		/* verbs in control file */
	REFUSED,
	DENIED,
	DIALUP,
	BLOCKED,
	DELAY,
	NONE,

	Subchar	=	'#',	/* character substituted for '/' in file names */
};

static	Keyword actions[] = {
	"allow",		ACCEPT,
	"accept",		ACCEPT,
	"block",		BLOCKED,
	"deny",			DENIED,
	"dial",			DIALUP,
	"relay",		DELAY,
	"delay",		DELAY,
	0,			NONE,
};

static void	acctinsert(Node*, char*);
static char*	getline(Biobuf*);
static void	ipinsert(Node*, char*);
static void	ipsort(void);

/*
 *	Input the configuration file
 *	Currently we only process the "ournets"
 *	specification.
 */
void
getconf(void)
{
	Biobuf *bp;
	char *cp;
	Node *np, *dir, **l;
	Cidraddr ip;

	if(debugfd >= 0)
		fprint(debugfd, "loading %s\n", conffile);

	bp = Bopen(conffile, OREAD);
	if(bp == 0)
		return;

	dir = finddir(Trusted);
	if(dir == 0)
		return;

	/*
	 * if this isn't the first time, purge permanent entries
	 */
	trustedqid = Qtrustedfile;
	if(lastconftime){
		l = &dir->children;
		for(np = dir->children; np; np = *l){
			if(np->d.type == Trustedperm){
				*l = np->sibs;
				free(np);
			} else {
				np->d.qid.path = trustedqid++;
				l = &np->sibs;
			}
		}
		dir->count = 0;
	}

	for(;;){
		cp = getline(bp);
		if(cp == 0)
			break;
		if (strcmp(cp, "ournets") == 0){
			for(cp += strlen(cp)+1; cp && *cp; cp += strlen(cp)+1){
				if(cidrparse(&ip, cp) == -1)
					continue;
				np = newnode(dir, cp, Trustedperm, 0111, trustedqid++);
				np->ip = ip;
				subslash(cp);
				np->d.name = atom(cp);
			}
		}
	}
	Bterm(bp);
	lastconftime = time(0);
}

/*
 *	Reload the control file, if necessary
 */
void
reload(void)
{
	int type, action;
	Biobuf *bp;
	char *cp;
	Node *np, *dir;

	if(debugfd >= 0)
		fprint(debugfd,"loading %s\n", ctlfile);

	bp = Bopen(ctlfile, OREAD);
	if(bp == 0)
		return;
	
	if(lastctltime){
		for(dir = root->children; dir; dir = dir->sibs){
			if (dir->d.type != Addrdir)
				continue;
			for(np = dir->children; np; np = np->sibs)
				np->count = 0;
		}
	}

	for(;;){
		cp = getline(bp);
		if(cp == 0)
			break;
		type = *cp;
		if(type == '*'){
			cp++;
			if(*cp == 0)		/* space before keyword */
				cp++;
		}
		action = findkey(cp, actions);
		if (action == NONE)
			continue;
		if (action == ACCEPT)
			dir = dirwalk("allow", root);
		else
		if (action == DELAY)
			dir = dirwalk("delay", root);
		else
			dir = dirwalk(cp, root);
		if(dir == 0)
			continue;
		
		for(cp += strlen(cp)+1; cp && *cp; cp += strlen(cp)+1){
			if(type == '*')
				acctinsert(dir, cp);
			else
				ipinsert(dir, cp);
		}
	}
	Bterm(bp);
	ipsort();
	dummy.d.mtime = dummy.d.atime = lastctltime = time(0);
}

/*
 * get a canonicalized line: a string of null-terminated lower-case
 * tokens with a two null bytes at the end.
 */
static char*
getline(Biobuf *bp)
{
	char c, *cp, *p, *q;
	int n;

	static char *buf;
	static int bufsize;

	for(;;){
		cp = Brdline(bp, '\n');
		if(cp == 0)
			return 0;
		n = Blinelen(bp);
		cp[n-1] = 0;
		if(buf == 0 || bufsize < n+1){
			bufsize += 512;
			if(bufsize < n+1)
				bufsize = n+1;
			buf = realloc(buf, bufsize);
			if(buf == 0)
				break;
		}
		q = buf;
		for (p = cp; *p; p++){
			c = *p;
			if(c == '\\' && p[1])	/* we don't allow \<newline> */
				c = *++p;
			else
			if(c == '#')
				break;
			else
			if(c == ' ' || c == '\t' || c == ',')
				if(q == buf || q[-1] == 0)
					continue;
				else
					c = 0;
			*q++ = tolower(c);
		}
		if(q != buf){
			if(q[-1])
				*q++ = 0;
			*q = 0;
			break;
		}
	}
	return buf;
}

/*
 *	Match a keyword
 */
int
findkey(char *val, Keyword *p)
{

	for(; p->name; p++)
		if(strcmp(val, p->name) == 0)
				break;
	return p->code;
}

/*
 *	parse a cidr specification in either IP/mask or IP#mask format
 */
int
cidrparse(Cidraddr *cidr, char *cp)
{
	uchar ip[IPaddrlen];
	char buf[64], *p, *slash;
	int c;

	/*
	 * find '/' or '#' character in the cidr specification
	 */
	slash = 0;
	for(p = buf; p < buf+sizeof(buf)-1 && *cp; p++) {
		c = *cp++;
		switch(c) {
		case Subchar:
			c = '/';
			slash = p;
			break;
		case '/':
			slash = p;
			break;
		default:
			break;
		}
		*p = c;
	}
	*p = 0;

	if(parseipandmask(ip, cidr->mask, buf, slash) == -1)
		return -1;
	maskip(ip, cidr->mask, cidr->ipaddr);

	return 0;
}

/*
 *	Substitute Subchar ('#') for '/'
 */
char*
subslash(char *os)
{
	char *s;

	for(s=os; *s; s++)
		if(*s == '/')
			*s = Subchar;
	return os;
}

/*
 *	Insert an account pseudo-file in a directory
 */
static void
acctinsert(Node *np, char *cp)
{
	int i;
	char *tmp;
	Address *ap;

	static char *dangerous[] = { "*", "!", "*!", "!*", "*!*", 0 };

	if(cp == 0 || *cp == 0)
		return;

	/* rule out dangerous patterns */
	for (i = 0; dangerous[i]; i++)
		if(strcmp(cp, dangerous[i])== 0)
			return;

	np = dirwalk("account", np);
	if(np == 0)
		return;

	i = np->count++;
	if(i >= np->allocated){
		np->allocated = np->count;
		np->addrs = realloc(np->addrs, np->allocated*sizeof(Address));
		if(np->addrs == 0)
			fatal("out of memory");
	}

	ap = &np->addrs[i];			/* new entry on end */
	tmp = strdup(cp);
	if(tmp == nil)
		fatal("out of memory");
	subslash(tmp);
	ap->name = atom(tmp);
	free(tmp);
}

/*
 *	Insert an IP address pseudo-file in a directory
 */
static void
ipinsert(Node *np, char *cp)
{
	char *tmp;
	int i;
	Address *ap;
	Cidraddr ip;

	if(cp == 0 || *cp == 0 || cidrparse(&ip, cp) == -1)
		return;

	np = dirwalk("ip", np);
	if(np == 0)
		return;

	i = np->count++;
	if(i >= np->allocated){
		np->allocated = np->count;
		np->addrs = realloc(np->addrs, np->allocated*sizeof(Address));
		if(np->addrs == 0)
			fatal("out of memory");
	}

	ap = &np->addrs[i];				/* new entry on end */
	ap->ip = ip;
	tmp = strdup(cp);
	if(tmp == nil)
		fatal("out of memory");
	subslash(tmp);
	ap->name = atom(tmp);
	free(tmp);
}

static int
ipaddrcomp(void *a, void *b)
{
	return ipcmp(((Address*)a)->ip.ipaddr, ((Address*)b)->ip.ipaddr);
}

/*
 *	Sort a directory of IP addresses
 */
static void
ipsort(void)
{
	int base;
	Node *dir, *np;

	base = Qaddrfile;
	for(dir = root->children; dir; dir = dir->sibs){
		if (dir->d.type != Addrdir)
			continue;
		for(np = dir->children; np; np = np->sibs){
			if(np->d.type == IPaddr && np->count && np->addrs)
				qsort(np->addrs, np->count, sizeof(Address), ipaddrcomp);
			np->baseqid = base;
			base += np->count;
		}
	}
}