]> git.saurik.com Git - apple/network_cmds.git/blob - ypserv.tproj/acl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-245.19.tar.gz
[apple/network_cmds.git] / ypserv.tproj / acl.c
1 /*
2 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
7 * Reserved. This file contains Original Code and/or Modifications of
8 * Original Code as defined in and that are subject to the Apple Public
9 * Source License Version 1.0 (the 'License'). You may not use this file
10 * except in compliance with the License. Please obtain a copy of the
11 * License at http://www.apple.com/publicsource and read it before using
12 * this file.
13 *
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
19 * License for the specific language governing rights and limitations
20 * under the License."
21 *
22 * @APPLE_LICENSE_HEADER_END@
23 */
24 /* $OpenBSD: acl.c,v 1.5 1997/08/05 09:26:55 maja Exp $ */
25
26 /*
27 * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
28 * All rights reserved.
29 *
30 * Redistribution and use in source and binary forms, with or without
31 * modification, are permitted provided that the following conditions
32 * are met:
33 * 1. Redistributions of source code must retain the above copyright
34 * notice, this list of conditions and the following disclaimer.
35 * 2. Redistributions in binary form must reproduce the above copyright
36 * notice, this list of conditions and the following disclaimer in the
37 * documentation and/or other materials provided with the distribution.
38 * 3. All advertising materials mentioning features or use of this software
39 * must display the following acknowledgement:
40 * This product includes software developed by Mats O Jansson
41 * 4. The name of the author may not be used to endorse or promote products
42 * derived from this software without specific prior written permission.
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
45 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
46 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
47 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
48 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * SUCH DAMAGE.
55 */
56
57 #ifndef LINT
58 static char rcsid[] = "$OpenBSD: acl.c,v 1.5 1997/08/05 09:26:55 maja Exp $";
59 #endif
60
61 #include <sys/types.h>
62 #include <sys/socket.h>
63 #include <netinet/in.h>
64 #include <arpa/inet.h>
65 #include <stdio.h>
66 #include <stdlib.h>
67 #include <ctype.h>
68 #include <netdb.h>
69 #include "acl.h"
70
71 #define TRUE 1
72 #define FALSE 0
73
74 static struct aclent *acl_root = NULL;
75
76 static int acl_read_line(fp, buf, size)
77 FILE *fp;
78 char *buf;
79 int size;
80 {
81 int len = 0;
82 char *c,*p,l;
83
84 /* Read a line, and remove any comment, trim space */
85
86 do {
87 while (fgets(buf, size, fp)) {
88 c = buf;
89 while(*c != '\0') {
90 if ((*c == '#') || (*c == '\n')) {
91 *c = '\0';
92 } else {
93 c++;
94 }
95 }
96
97 c = p = buf; l = ' ';
98 while(*c != '\0') {
99 if ((isspace(l) != 0) && (isspace(*c) != 0)) {
100 c++;
101 } else {
102 l = *c++; *p = l; p++;
103 }
104 }
105 *p = '\0';
106
107 if (p != buf) {
108 --p;
109 if (isspace(*p) != 0) {
110 *p = '\0';
111 }
112 }
113
114 len = strlen(buf);
115 return len + 1;
116 }
117 } while (size > 0 && !feof(fp));
118
119 return len;
120 }
121
122 int
123 yp_acl_check_host(addr)
124 struct in_addr *addr;
125 {
126 struct aclent *p;
127
128 p = acl_root;
129 while (p != NULL) {
130 if ((addr->s_addr & p->s_mask) == p->s_addr) {
131 return(p->allow);
132 }
133 p = p->next;
134 }
135 return(TRUE);
136 }
137
138 void
139 acl_add_net(allow,addr,mask)
140 int allow;
141 struct in_addr *addr,*mask;
142 {
143
144 struct aclent *acl,*p;
145
146 acl = (struct aclent *) malloc((unsigned) sizeof(struct aclent));
147
148 acl->next = NULL;
149 acl->allow = allow;
150 acl->s_addr = addr->s_addr;
151 acl->s_mask = mask->s_addr;
152
153 if (acl_root == NULL) {
154 acl_root = acl;
155 } else {
156 p = acl_root;
157 while (p->next != NULL)
158 p = p->next;
159 p->next = acl;
160 }
161
162 }
163
164 void
165 acl_add_host(allow,addr)
166 int allow;
167 struct in_addr *addr;
168 {
169 struct in_addr mask;
170
171 mask.s_addr = htonl(0xffffffff);
172
173 acl_add_net(allow,addr,&mask);
174 }
175
176 int
177 yp_acl_init(file)
178 char *file;
179 {
180 char data_line[1024];
181 int line_no = 0;
182 int len,i;
183 int allow = TRUE;
184 int error_cnt = 0;
185 char *p,*k;
186 int state;
187 struct in_addr addr,mask,*host_addr;
188 struct hostent *host;
189 struct netent *net;
190 FILE *data_file = NULL;
191
192 if (file != NULL) {
193 data_file = fopen(file,"r");
194 };
195
196 while ((data_file != NULL) &&
197 (acl_read_line(data_file,data_line,sizeof(data_line)))) {
198
199 line_no++;
200
201 len = strlen(data_line);
202 if (len == 0) {
203 continue;
204 }
205
206 p = (char *) &data_line;
207
208 /* State 1: Initial State */
209
210 state = ACLS_INIT;
211 addr.s_addr = mask.s_addr = 0;
212
213 k = p; i = 0; /* save start of verb */
214 while ((*p != '\0') &&
215 (!isspace(*p = tolower(*p)))) {
216 p++; i++;
217 };
218
219 if (*p != '\0') {
220 *p++ = '\0';
221 }
222
223 if (strcmp(k,"allow") == 0) {
224 allow = TRUE;
225 state = ACLS_ALLOW;
226 }
227
228 if (strcmp(k,"deny") == 0) {
229 allow = FALSE;
230 state = ACLS_DENY;
231 }
232
233 if (state == ACLS_INIT) {
234 state = ACLE_UVERB;
235 }
236
237 /* State 2: allow row */
238 /* State 3: deny row */
239
240 if ((*p != '\0') &&
241 ((state == ACLS_ALLOW) || (state == ACLS_DENY))) {
242
243 k = p; i = 0; /* save start of verb */
244 while ((*p != '\0') &&
245 (!isspace(*p = tolower(*p)))) {
246 p++; i++;
247 };
248
249 if (*p != '\0') {
250 *p++ = '\0';
251 }
252
253 if (strcmp(k,"all") == 0) {
254 state = state + ACLD_ALL;
255 }
256
257 if (strcmp(k,"host") == 0) {
258 state = state + ACLD_HOST;
259 }
260
261 if (strcmp(k,"net") == 0) {
262 state = state + ACLD_NET;
263 }
264
265 if ((state == ACLS_ALLOW) || (state == ACLS_DENY)) {
266 state = ACLE_U2VERB;
267 }
268
269 }
270
271 if ((state == ACLS_ALLOW) || (state == ACLS_DENY)) {
272 state = ACLE_UEOL;
273 }
274
275 /* State 4 & 5: all state, remove any comment */
276
277 if ((*p == '\0') &&
278 ((state == ACLS_ALLOW_ALL) || (state == ACLS_DENY_ALL))) {
279 acl_add_net(allow,&addr,&mask);
280 state = ACLE_OK;
281 }
282
283 /* State 6 & 7: host line */
284 /* State 8 & 9: net line */
285
286 if ((*p != '\0') &&
287 (state >= ACLS_ALLOW_HOST) && (state <= ACLS_DENY_NET)) {
288
289 k = p; i = 0; /* save start of verb */
290 while ((*p != '\0') &&
291 (!isspace(*p = tolower(*p)))) {
292 p++; i++;
293 };
294
295 if (*p != '\0') {
296 *p++ = '\0';
297 }
298
299 if ((state == ACLS_ALLOW_HOST) || (state == ACLS_DENY_HOST)) {
300 if ((*k >= '0') && (*k <= '9')) {
301 (void)inet_aton(k,&addr);
302 acl_add_host(allow,&addr);
303 state = state + ACLD_HOST_DONE;
304 } else {
305 host = gethostbyname(k);
306 if (host == NULL) {
307 state = ACLE_NOHOST;
308 } else {
309 if (host->h_addrtype == AF_INET) {
310 while ((host_addr = (struct in_addr *) *host->h_addr_list++)
311 != NULL)
312 acl_add_host(allow,host_addr);
313 }
314 state = state + ACLD_HOST_DONE;
315 }
316 }
317 }
318
319 if ((state == ACLS_ALLOW_NET) || (state == ACLS_DENY_NET)) {
320 if ((*k >= '0') && (*k <= '9')) {
321 (void)inet_aton(k,&addr);
322 state = state + ACLD_NET_DONE;
323 } else {
324 net = getnetbyname(k);
325 if (net == NULL) {
326 state = ACLE_NONET;
327 } else {
328 addr.s_addr = ntohl(net->n_net);
329 state = state + ACLD_NET_DONE;
330 }
331 }
332 }
333
334 }
335
336 if ((state >= ACLS_ALLOW_HOST) && (state <= ACLS_DENY_NET)) {
337 state = ACLE_UEOL;
338 }
339
340 /* State 10 & 11: allow/deny host line */
341
342 if ((*p == '\0') &&
343 ((state == ACLS_ALLOW_HOST_DONE) || (state == ACLS_DENY_HOST_DONE))) {
344 state = ACLE_OK;
345 }
346
347 /* State 12 & 13: allow/deny net line */
348
349 if ((*p == '\0') &&
350 ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE))) {
351 mask.s_addr = htonl(0xffffff00);
352 if (ntohl(addr.s_addr) < 0xc0000000) {
353 mask.s_addr = htonl(0xffff0000);
354 }
355 if (ntohl(addr.s_addr) < 0x80000000) {
356 mask.s_addr = htonl(0xff000000);
357 }
358 acl_add_net(allow,&addr,&mask);
359 state = ACLE_OK;
360 }
361
362 if ((*p != '\0') &&
363 ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE))) {
364
365 k = p; i = 0; /* save start of verb */
366 while ((*p != '\0') &&
367 (!isspace(*p = tolower(*p)))) {
368 p++; i++;
369 };
370
371 if (*p != '\0') {
372 *p++ = '\0';
373 }
374
375 if (strcmp(k,"netmask") == 0) {
376 state = state + ACLD_NET_MASK;
377 }
378
379 if ((state == ACLS_ALLOW_NET_DONE) || (state == ACLS_DENY_NET_DONE)) {
380 state = ACLE_NONETMASK;
381 }
382
383 }
384
385 /* State 14 & 15: allow/deny net netmask line */
386
387 if ((*p != '\0') &&
388 ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK))) {
389
390 k = p; i = 0; /* save start of verb */
391 while ((*p != '\0') &&
392 (!isspace(*p = tolower(*p)))) {
393 p++; i++;
394 };
395
396 if (*p != '\0') {
397 *p++ = '\0';
398 }
399
400 if ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK)) {
401 if ((*k >= '0') && (*k <= '9')) {
402 (void)inet_aton(k,&mask);
403 state = state + ACLD_NET_EOL;
404 } else {
405 net = getnetbyname(k);
406 if (net == NULL) {
407 state = ACLE_NONET;
408 } else {
409 mask.s_addr = ntohl(net->n_net);
410 state = state + ACLD_NET_EOL;
411 }
412 }
413 }
414
415 }
416
417 if ((state == ACLS_ALLOW_NET_MASK) || (state == ACLS_DENY_NET_MASK)) {
418 state = ACLE_UEOL;
419 }
420
421 /* State 16 & 17: allow/deny host line */
422
423 if ((*p == '\0') &&
424 ((state == ACLS_ALLOW_NET_EOL) || (state == ACLS_DENY_NET_EOL))) {
425 acl_add_net(allow,&addr,&mask);
426 state = ACLE_OK;
427 }
428
429 switch (state) {
430 case ACLE_NONETMASK:
431 fprintf(stderr,"acl: excpected \"netmask\" missing at line %d\n",line_no);
432 break;
433 case ACLE_NONET:
434 error_cnt++;
435 fprintf(stderr,"acl: unknown network at line %d\n",line_no);
436 break;
437 case ACLE_NOHOST:
438 error_cnt++;
439 fprintf(stderr,"acl: unknown host at line %d\n",line_no);
440 break;
441 case ACLE_UVERB:
442 error_cnt++;
443 fprintf(stderr,"acl: unknown verb at line %d\n",line_no);
444 break;
445 case ACLE_U2VERB:
446 error_cnt++;
447 fprintf(stderr,"acl: unknown secondary verb at line %d\n",line_no);
448 break;
449 case ACLE_UEOL:
450 error_cnt++;
451 fprintf(stderr,"acl: unexpected end of line at line %d\n",line_no);
452 break;
453 case ACLE_OK:
454 break;
455 default:
456 error_cnt++;
457 fprintf(stderr,"acl: unexpected state %d %s\n",state,k);
458 }
459
460 }
461
462 if (data_file != NULL) {
463 (void)fflush(stderr);
464 (void)fclose(data_file);
465 }
466
467 /* Always add a last allow all if file don't exists or */
468 /* the file doesn't cover all cases. */
469
470 addr.s_addr = mask.s_addr = 0;
471 allow = TRUE;
472 acl_add_net(allow,&addr,&mask);
473
474 return(error_cnt);
475
476 }
477
478 int
479 yp_acl_securenet(file)
480 char *file;
481 {
482 char data_line[1024];
483 int line_no = 0;
484 int len,i;
485 int allow = TRUE;
486 int error_cnt = 0;
487 char *p,*k;
488 int state;
489 struct in_addr addr,mask;
490 struct netent *net;
491 FILE *data_file = NULL;
492
493 if (file != NULL) {
494 data_file = fopen(file,"r");
495 };
496
497 /* Always add a localhost allow first, to be compatable with sun */
498
499 addr.s_addr = htonl(0x7f000001);
500 mask.s_addr = htonl(0xffffffff);
501 allow = TRUE;
502 acl_add_net(allow,&addr,&mask);
503
504 while ((data_file != NULL) &&
505 (acl_read_line(data_file,data_line,sizeof(data_line)))) {
506
507 line_no++;
508
509 len = strlen(data_line);
510 if (len == 0) {
511 continue;
512 }
513
514 p = (char *) &data_line;
515
516 /* State 1: Initial State */
517
518 state = ACLS_INIT;
519 addr.s_addr = mask.s_addr = 0;
520
521 k = p; i = 0; /* save start of verb */
522 while ((*p != '\0') &&
523 (!isspace(*p = tolower(*p)))) {
524 p++; i++;
525 };
526
527 if (*p != '\0') {
528 *p++ = '\0';
529 state = ACLS_ALLOW_NET_MASK;
530 }
531
532 if (state == ACLS_INIT) {
533 state = ACLE_UEOL;
534 }
535
536 if (state == ACLS_ALLOW_NET_MASK) {
537
538 if ((*k >= '0') && (*k <= '9')) {
539 (void)inet_aton(k,&mask);
540 state = ACLS_ALLOW_NET;
541 } else {
542 net = getnetbyname(k);
543 if (net == NULL) {
544 state = ACLE_NONET;
545 } else {
546 mask.s_addr = ntohl(net->n_net);
547 state = ACLS_ALLOW_NET;
548 }
549 }
550
551 k = p; i = 0; /* save start of verb */
552 while ((*p != '\0') &&
553 (!isspace(*p = tolower(*p)))) {
554 p++; i++;
555 };
556
557 if (*p != '\0') {
558 *p++ = '\0';
559 }
560 }
561
562 if ((state == ACLS_ALLOW_NET_MASK)) {
563 state = ACLE_UEOL;
564 }
565
566 if (state == ACLS_ALLOW_NET) {
567
568 if ((*k >= '0') && (*k <= '9')) {
569 (void)inet_aton(k,&addr);
570 state = ACLS_ALLOW_NET_EOL;
571 } else {
572 net = getnetbyname(k);
573 if (net == NULL) {
574 state = ACLE_NONET;
575 } else {
576 addr.s_addr = ntohl(net->n_net);
577 state = ACLS_ALLOW_NET_EOL;
578 }
579 }
580 }
581
582 if ((state == ACLS_ALLOW_NET)) {
583 state = ACLE_UEOL;
584 }
585
586 if ((*p == '\0') && (state == ACLS_ALLOW_NET_EOL)) {
587 acl_add_net(allow,&addr,&mask);
588 state = ACLE_OK;
589 }
590
591 switch (state) {
592 case ACLE_NONET:
593 error_cnt++;
594 fprintf(stderr,"securenet: unknown network at line %d\n",line_no);
595 break;
596 case ACLE_UEOL:
597 error_cnt++;
598 fprintf(stderr,"securenet: unexpected end of line at line %d\n",line_no);
599 break;
600 case ACLE_OK:
601 break;
602 default:
603 error_cnt++;
604 fprintf(stderr,"securenet: unexpected state %d %s\n",state,k);
605 }
606
607 }
608
609 if (data_file != NULL) {
610 (void)fflush(stderr);
611 (void)fclose(data_file);
612
613 /* Always add a last deny all if file exists */
614
615 addr.s_addr = mask.s_addr = 0;
616 allow = FALSE;
617 acl_add_net(allow,&addr,&mask);
618
619 }
620
621 /* Always add a last allow all if file don't exists */
622
623 addr.s_addr = mask.s_addr = 0;
624 allow = TRUE;
625 acl_add_net(allow,&addr,&mask);
626
627 return(error_cnt);
628
629 }
630
631 void
632 yp_acl_reset()
633 {
634 struct aclent *p;
635
636 while (acl_root != NULL) {
637 p = acl_root->next;
638 free(acl_root);
639 acl_root = p;
640 }
641 }
mirror of network_cmds