replaced several "byte *" -> "char *", mostly in the configuration system

[libucw.git] / lib / ipaccess.c

diff --git a/lib/ipaccess.c b/lib/ipaccess.c
index 319a99ec4997bea964dfce1222f30429a637fc23..5dd388ccd36ee0a5a68c71c47656650458629d13 100644 (file)
--- a/lib/ipaccess.c
+++ b/lib/ipaccess.c
@@ -1,115 +1,127 @@
 /*
  *     UCW Library -- IP address access lists
  *
 /*
  *     UCW Library -- IP address access lists
  *

- *     (c) 1997--2001 Martin Mares <mj@ucw.cz>
+ *     (c) 1997--2007 Martin Mares <mj@ucw.cz>

  *
  *     This software may be freely distributed and used according to the terms
  *     of the GNU Lesser General Public License.
  */
 
 #include "lib/lib.h"
  *
  *     This software may be freely distributed and used according to the terms
  *     of the GNU Lesser General Public License.
  */
 
 #include "lib/lib.h"

-#include "lib/lists.h"
-#include "lib/conf2.h"
-#include "lib/chartype.h"
+#include "lib/clists.h"
+#include "lib/conf.h"
+#include "lib/getopt.h"
+#include "lib/fastbuf.h"

 #include "lib/ipaccess.h"
 
 #include <string.h>
 #include "lib/ipaccess.h"
 
 #include <string.h>

-#include <stdlib.h>
-#include <errno.h>
-
-struct ipaccess_list {
-  list l;
-};

 
 struct ipaccess_entry {
 
 struct ipaccess_entry {

-  node n;
-  uns allow;
-  u32 addr, mask;
+  cnode n;
+  int allow;
+  struct ip_addrmask addr;

 };
 
 };
 

-struct ipaccess_list *
-ipaccess_init(void)
+static char *
+addrmask_parser(char *c, void *ptr)

 {
 {

-  /* Cannot use cfg_malloc() here as the pool can be uninitialized now */
-  struct ipaccess_list *l = xmalloc(sizeof(*l));
-
-  init_list(&l->l);
-  return l;
-}
+  /*
+   * This is tricky: addrmasks will be compared by memcmp(), so we must ensure
+   * that even the padding between structure members is zeroed out.
+   */
+  struct ip_addrmask *am = ptr;
+  bzero(am, sizeof(*am));

 
 

-// FIXME: replace by cf_parse_ip()
-static byte *
-parse_ip(byte **p, u32 *varp)
-{
-  while (Cspace(**p))
-    (*p)++;
-  if (!**p)
-    return "Missing IP address";
-  uns x = 0;
-  if (**p == '0' && *(*p + 1) | 32 == 'X')
+  char *p = strchr(c, '/');
+  if (p)
+    *p++ = 0;
+  char *err = cf_parse_ip(c, &am->addr);
+  if (err)
+    return err;
+  if (p)

     {
     {

-      errno = 0;
-      x = strtoul(*p + 2, (char **)p, 16);
-      if (errno == ERANGE || x > 0xffffffff)
-        goto error;
+      uns len;
+      if (!cf_parse_int(p, &len) && len <= 32)
+       am->mask = ~(len == 32 ? 0 : ~0U >> len);
+      else if (cf_parse_ip(p, &am->mask))
+       return "Invalid prefix length or netmask";

     }
   else
     }
   else

-    for (uns i = 0; i < 4; i++)
-      {
-        if (i)
-          {
-            while (Cspace(**p))
-              (*p)++;
-            if (*(*p)++ != '.')
-              goto error;
-          }
-        while (Cspace(**p))
-          (*p)++;
-        errno = 0;
-        uns y = strtoul(*p, (char **)p, 10);
-        if (errno == ERANGE || y > 255)
-          goto error;
-        x = (x << 8) + y;
-      }
-  *varp = x;
+    am->mask = ~0U;

   return NULL;
   return NULL;

-error:
-  return "Invalid IP address";

 }
 
 }
 

-byte *
-ipaccess_parse(struct ipaccess_list *l, byte *c, int is_allow)
+static void
+addrmask_dumper(struct fastbuf *fb, void *ptr)

 {
 {

-  byte *p = strchr(c, '/');
-  char *q;
-  struct ipaccess_entry *a = cf_malloc(sizeof(struct ipaccess_entry));
-  unsigned long pxlen;
+  struct ip_addrmask *am = ptr;
+  bprintf(fb, "%08x/%08x ", am->addr, am->mask);
+}

 
 

-  a->allow = is_allow;
-  a->mask = ~0U;
-  if (p)
-    {
-      *p++ = 0;
-      pxlen = strtoul(p, &q, 10);
-      if ((!q || !*q) && pxlen <= 32)
-       {
-         if (pxlen != 32)
-           a->mask = ~(~0U >> (uns) pxlen);
-       }
-      else if (q = parse_ip(&p, &a->mask))
-       return q;
-    }
-  add_tail(&l->l, &a->n);
-  return parse_ip(&c, &a->addr);
+struct cf_user_type ip_addrmask_type = {
+  .size = sizeof(struct ip_addrmask),
+  .name = "ip_addrmask",
+  .parser = addrmask_parser,
+  .dumper = addrmask_dumper
+};
+
+struct cf_section ipaccess_cf = {
+  CF_TYPE(struct ipaccess_entry),
+  CF_ITEMS {
+    CF_LOOKUP("Mode", PTR_TO(struct ipaccess_entry, allow), ((char*[]) { "deny", "allow", NULL })),
+    CF_USER("IP", PTR_TO(struct ipaccess_entry, addr), &ip_addrmask_type),
+    CF_END
+  }
+};
+
+int ip_addrmask_match(struct ip_addrmask *am, u32 ip)
+{
+  return !((ip ^ am->addr) & am->mask);

 }
 
 int
 }
 
 int

-ipaccess_check(struct ipaccess_list *l, u32 ip)
+ipaccess_check(clist *l, u32 ip)

 {
 {

-  struct ipaccess_entry *a;
-
-  DO_FOR_ALL(a, l->l)
-    if (! ((ip ^ a->addr) & a->mask))
+  CLIST_FOR_EACH(struct ipaccess_entry *, a, *l)
+    if (ip_addrmask_match(&a->addr, ip))

       return a->allow;
   return 0;
 }
       return a->allow;
   return 0;
 }

+
+#ifdef TEST
+
+#include <stdio.h>
+
+static clist t;
+
+static struct cf_section test_cf = {
+  CF_ITEMS {
+    CF_LIST("A", &t, &ipaccess_cf),
+    CF_END
+  }
+};
+
+int main(int argc, char **argv)
+{
+  cf_declare_section("T", &test_cf, 0);
+  if (cf_getopt(argc, argv, CF_SHORT_OPTS, CF_NO_LONG_OPTS, NULL) != -1)
+    die("Invalid arguments");
+
+  byte buf[256];
+  while (fgets(buf, sizeof(buf), stdin))
+    {
+      char *c = strchr(buf, '\n');
+      if (c)
+       *c = 0;
+      u32 ip;
+      if (cf_parse_ip(buf, &ip))
+       puts("Invalid IP address");
+      else if (ipaccess_check(&t, ip))
+       puts("Allowed");
+      else
+       puts("Denied");
+    }
+  return 0;
+}
+
+#endif