X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;ds=inline;f=lib%2Fipaccess.c;h=5dd388ccd36ee0a5a68c71c47656650458629d13;hb=5a78c3505ae7fa76a061e26676450049ec5946d5;hp=319a99ec4997bea964dfce1222f30429a637fc23;hpb=b9faa11fb24cc2d4d4b1b47f54b9c445fd070a21;p=libucw.git

diff --git a/lib/ipaccess.c b/lib/ipaccess.c
index 319a99ec..5dd388cc 100644
--- a/lib/ipaccess.c
+++ b/lib/ipaccess.c
@@ -1,115 +1,127 @@
 /*
  *	UCW Library -- IP address access lists
  *
- *	(c) 1997--2001 Martin Mares <mj@ucw.cz>
+ *	(c) 1997--2007 Martin Mares <mj@ucw.cz>
  *
  *	This software may be freely distributed and used according to the terms
  *	of the GNU Lesser General Public License.
  */
 
 #include "lib/lib.h"
-#include "lib/lists.h"
-#include "lib/conf2.h"
-#include "lib/chartype.h"
+#include "lib/clists.h"
+#include "lib/conf.h"
+#include "lib/getopt.h"
+#include "lib/fastbuf.h"
 #include "lib/ipaccess.h"
 
 #include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-
-struct ipaccess_list {
-  list l;
-};
 
 struct ipaccess_entry {
-  node n;
-  uns allow;
-  u32 addr, mask;
+  cnode n;
+  int allow;
+  struct ip_addrmask addr;
 };
 
-struct ipaccess_list *
-ipaccess_init(void)
+static char *
+addrmask_parser(char *c, void *ptr)
 {
-  /* Cannot use cfg_malloc() here as the pool can be uninitialized now */
-  struct ipaccess_list *l = xmalloc(sizeof(*l));
-
-  init_list(&l->l);
-  return l;
-}
+  /*
+   * This is tricky: addrmasks will be compared by memcmp(), so we must ensure
+   * that even the padding between structure members is zeroed out.
+   */
+  struct ip_addrmask *am = ptr;
+  bzero(am, sizeof(*am));
 
-// FIXME: replace by cf_parse_ip()
-static byte *
-parse_ip(byte **p, u32 *varp)
-{
-  while (Cspace(**p))
-    (*p)++;
-  if (!**p)
-    return "Missing IP address";
-  uns x = 0;
-  if (**p == '0' && *(*p + 1) | 32 == 'X')
+  char *p = strchr(c, '/');
+  if (p)
+    *p++ = 0;
+  char *err = cf_parse_ip(c, &am->addr);
+  if (err)
+    return err;
+  if (p)
     {
-      errno = 0;
-      x = strtoul(*p + 2, (char **)p, 16);
-      if (errno == ERANGE || x > 0xffffffff)
-        goto error;
+      uns len;
+      if (!cf_parse_int(p, &len) && len <= 32)
+	am->mask = ~(len == 32 ? 0 : ~0U >> len);
+      else if (cf_parse_ip(p, &am->mask))
+	return "Invalid prefix length or netmask";
     }
   else
-    for (uns i = 0; i < 4; i++)
-      {
-        if (i)
-          {
-            while (Cspace(**p))
-              (*p)++;
-            if (*(*p)++ != '.')
-              goto error;
-          }
-        while (Cspace(**p))
-          (*p)++;
-        errno = 0;
-        uns y = strtoul(*p, (char **)p, 10);
-        if (errno == ERANGE || y > 255)
-          goto error;
-        x = (x << 8) + y;
-      }
-  *varp = x;
+    am->mask = ~0U;
   return NULL;
-error:
-  return "Invalid IP address";
 }
 
-byte *
-ipaccess_parse(struct ipaccess_list *l, byte *c, int is_allow)
+static void
+addrmask_dumper(struct fastbuf *fb, void *ptr)
 {
-  byte *p = strchr(c, '/');
-  char *q;
-  struct ipaccess_entry *a = cf_malloc(sizeof(struct ipaccess_entry));
-  unsigned long pxlen;
+  struct ip_addrmask *am = ptr;
+  bprintf(fb, "%08x/%08x ", am->addr, am->mask);
+}
 
-  a->allow = is_allow;
-  a->mask = ~0U;
-  if (p)
-    {
-      *p++ = 0;
-      pxlen = strtoul(p, &q, 10);
-      if ((!q || !*q) && pxlen <= 32)
-	{
-	  if (pxlen != 32)
-	    a->mask = ~(~0U >> (uns) pxlen);
-	}
-      else if (q = parse_ip(&p, &a->mask))
-	return q;
-    }
-  add_tail(&l->l, &a->n);
-  return parse_ip(&c, &a->addr);
+struct cf_user_type ip_addrmask_type = {
+  .size = sizeof(struct ip_addrmask),
+  .name = "ip_addrmask",
+  .parser = addrmask_parser,
+  .dumper = addrmask_dumper
+};
+
+struct cf_section ipaccess_cf = {
+  CF_TYPE(struct ipaccess_entry),
+  CF_ITEMS {
+    CF_LOOKUP("Mode", PTR_TO(struct ipaccess_entry, allow), ((char*[]) { "deny", "allow", NULL })),
+    CF_USER("IP", PTR_TO(struct ipaccess_entry, addr), &ip_addrmask_type),
+    CF_END
+  }
+};
+
+int ip_addrmask_match(struct ip_addrmask *am, u32 ip)
+{
+  return !((ip ^ am->addr) & am->mask);
 }
 
 int
-ipaccess_check(struct ipaccess_list *l, u32 ip)
+ipaccess_check(clist *l, u32 ip)
 {
-  struct ipaccess_entry *a;
-
-  DO_FOR_ALL(a, l->l)
-    if (! ((ip ^ a->addr) & a->mask))
+  CLIST_FOR_EACH(struct ipaccess_entry *, a, *l)
+    if (ip_addrmask_match(&a->addr, ip))
       return a->allow;
   return 0;
 }
+
+#ifdef TEST
+
+#include <stdio.h>
+
+static clist t;
+
+static struct cf_section test_cf = {
+  CF_ITEMS {
+    CF_LIST("A", &t, &ipaccess_cf),
+    CF_END
+  }
+};
+
+int main(int argc, char **argv)
+{
+  cf_declare_section("T", &test_cf, 0);
+  if (cf_getopt(argc, argv, CF_SHORT_OPTS, CF_NO_LONG_OPTS, NULL) != -1)
+    die("Invalid arguments");
+
+  byte buf[256];
+  while (fgets(buf, sizeof(buf), stdin))
+    {
+      char *c = strchr(buf, '\n');
+      if (c)
+	*c = 0;
+      u32 ip;
+      if (cf_parse_ip(buf, &ip))
+	puts("Invalid IP address");
+      else if (ipaccess_check(&t, ip))
+	puts("Allowed");
+      else
+	puts("Denied");
+    }
+  return 0;
+}
+
+#endif