archie/prospero/lib/ardp/restrict.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
#if !defined(AIX) && !defined(SOLARIS)
#include <vfork.h>
#endif
#include <malloc.h>
#include <search.h>
#include <memory.h>
#include <string.h>
#include <limits.h>
#include <sys/stat.h>
#include "typedef.h"
#include "db_files.h"
#include "host_db.h"
#include "header.h"
#include "error.h"
#include "archie_strings.h"
#include "files.h"
#include "master.h"
#include "protos.h"
#include "db_ops.h"

/* This performs a simple ACL based on ip addresses */

typedef struct {
  int ip[4];  /* Composes the ip address a.b.c.d */
} ip_t;


#define DIRSRV_ACL_FILE "dirsrv.acl"
#define DIRSRV_ACL_MESSAGE_FILE "dirsrv.acl.mesg"

#define DIRSRV_ACL_MESSAGE_DEFAULT "Access to this server is restricted"

static ip_t *acl_list = NULL;
static int acl_list_num = 0;
static int acl_list_max = 0;
static int acl_not_present = 0;

static char acl_err_mesg[100];


#define IP_STAR 257

extern int errno;


static int qcompare_ip(a,b)
  ip_t *a, *b;
{
  if ( a->ip[0] != b->ip[0] )
    return a->ip[0]- b->ip[0];
  
  if ( a->ip[1] != b->ip[1] )
    return a->ip[1]- b->ip[1];
  
  if ( a->ip[2] != b->ip[2] )
    return a->ip[2]- b->ip[2];
  
  return a->ip[3]- b->ip[3];

}


static int compare_ip(a,b) /* Assuming that can contain * */
  ip_t *a, *b;
{
  if ( b->ip[0] == IP_STAR )
   return 0;
  
  if ( a->ip[0] != b->ip[0] )
    return a->ip[0]- b->ip[0];

  if ( b->ip[1] == IP_STAR )
   return 0;
  
  if ( a->ip[1] != b->ip[1] )
    return a->ip[1]- b->ip[1];
  
  if ( b->ip[2] == IP_STAR )
   return 0;
  
  if ( a->ip[2] != b->ip[2] )
    return a->ip[2]- b->ip[2];

  if ( b->ip[3] == IP_STAR )
   return 0;
  
  return  a->ip[3]- b->ip[3];

}

static int file_proc(ft,name,present)
  file_info_t *ft;
  char *name;
  int *present;
{
  struct stat st;
  *present = 1;
  if ( ft == NULL ) {
    error(A_ERR,"file_proc", "Unable to create ft file pointer");
    return 0;
  }
  
  sprintf(ft->filename,"%s/%s/%s",get_archie_home(),DEFAULT_ETC_DIR,name);
  if ( stat(ft->filename,&st) == -1 ) {
    if ( errno == ENOENT ) {
     *present = 0;
      return 0;
    }
    error(A_ERR,"file_proc","Error finding ft: %s, errno = %d",ft->filename,errno);
    return 0;
  }
  
  if ( open_file(ft, O_RDONLY) == ERROR ) {
    error(A_ERR,"file_proc", "Error opening acl file: %s",ft->filename);
    return 0;
  }
  
  return 1;
}


static void  read_acl_message()
{
  char buff[100];
  int i;
  
  file_info_t *acl_mesg = create_finfo();

  strcpy(acl_err_mesg, DIRSRV_ACL_MESSAGE_DEFAULT);
  
  if ( file_proc(acl_mesg,DIRSRV_ACL_MESSAGE_FILE,&i) ) {
    if ( fgets(buff,99,acl_mesg->fp_or_dbm.fp) != NULL ) {
      *(strrchr(buff,'\n')) = '\0';
      strcpy(acl_err_mesg,buff);
    }
    close_file(acl_mesg);
    destroy_finfo(acl_mesg);
  }
}


int read_acl_file()
{
  char buff[100];
  int i,j;
  char **av;
  file_info_t *acl_file = create_finfo();
  
  if (! file_proc(acl_file,DIRSRV_ACL_FILE,&j) ) {
    if ( j == 0 ) {
      acl_not_present = 1;
      destroy_finfo(acl_file);
      return 1;
    }
    destroy_finfo(acl_file);
    return 0;
  }
      
  /* Count the number of items */
  fseek(acl_file->fp_or_dbm.fp, 0L ,0);
  i = 0;
  while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {
    i++;
  }

  if ( i == 0  ) {
    error(A_INFO,"read_acl_file","ACL file is empty");
    acl_not_present = 1;
    destroy_finfo(acl_file);
    return 1;
  }
  
  if ( acl_list_max == 0 ) {  /* New */
    acl_list_max = i+10;
    acl_list = (ip_t*)malloc(sizeof(ip_t)*acl_list_max);
    if ( acl_list == NULL ) {
      error(A_ERR,"read_acl_file","Unable to allocate memory");
      destroy_finfo(acl_file);
      return 0;
    }
  }
  else {
    ip_t *tmp;
    if ( acl_list_max <= i ) {
      acl_list_max = i+10;
      tmp  = (ip_t*)realloc(acl_list, sizeof(ip_t)*acl_list_max);
      if ( tmp == NULL ) {
        error(A_ERR,"read_acl_file", "Unable to expand allocated memory");
      }
      acl_list = tmp;
    }
  }

  acl_list_num = 0;
  
  fseek(acl_file->fp_or_dbm.fp, 0L ,0);
  while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {
    av = str_sep(buff,'.');
    if ( av == NULL ) {
      error(A_ERR,"read_acl_file", "Unable to decompose string: %s",buff);
    }
    for ( i = 0; i < 4; i++ ) {
      if ( av[i] == NULL|| av[i][0] == '*' ) {
        break;
      }
      acl_list[acl_list_num].ip[i] = atoi(av[i]);
    }
    for ( ; i < 4; i++ ) {
      acl_list[acl_list_num].ip[i] = IP_STAR;
    }
    acl_list_num++;
  }

  close_file(acl_file);

  qsort(acl_list,acl_list_num, sizeof(ip_t),qcompare_ip);

  read_acl_message();
  
  destroy_finfo(acl_file);
  return 1;
}


int verify_acl_list(from)
struct sockaddr_in *from;
{
  ip_t ip;
  int i;
  char **av;
  char *ip_addr;

  
  if ( acl_not_present )
    return 1;
  
  if ( acl_list == NULL ) {
    if (!read_acl_file() ) 
       return 0;
    if ( acl_not_present )
      return 1;
  }
  

  ip_addr = inet_ntoa(from->sin_addr);
  printf("%s\n",ip_addr);
  /* decompose address */
  av = str_sep(ip_addr,'.');
  if ( av == NULL ) {
    error(A_ERR,"verify_acl_list","Unable to decompsoe ip address: %s. Accepting",ip_addr);
    return 1;
  }

  ip.ip[0] = atoi(av[0]);
  ip.ip[1] = atoi(av[1]);
  ip.ip[2] = atoi(av[2]);
  ip.ip[3] = atoi(av[3]);
  

  if ( ip.ip[0] == 127 && ip.ip[1] == 0 && ip.ip[2] == 0 && ip.ip[3] == 1 ) {
    free_opts(av);
    return 1;
  }

  
  for ( i = 0; i < acl_list_num; i++ ) {
    int ret;

    ret = compare_ip(&ip, &acl_list[i]);
    if ( ret == 0 ){
      free_opts(av);
      return 1;
    }

    if ( ret < 0 ) {
      free_opts(av);
       return 0;
    }
  }
  free_opts(av);
  return 0;
}

char *acl_message()
{
  return acl_err_mesg;
}

#if 0
char *prog;

int main(argc,argv)
  int argc;
  char **argv;
{
  char buff[100];
  struct sockaddr_in from;
  
  prog = argv[0];
  while ( fgets(buff,99,stdin) != NULL ) {
    *(strrchr(buff,'\n')) = '\0';
    printf("Checking %s, ",buff);

    from.sin_addr.s_addr =  inet_addr(buff);
    
    if ( verify_acl_list(&from) )
      printf("Ok\n");
    else
      printf("No:%s\n",acl_message());
  }
return 0;
}
#endif
Intial commit 2024-05-27 16:13:40 +02:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <unistd.h>`
			`#include <signal.h>`
			`#include <sys/wait.h>`
			`#include <sys/types.h>`
			`#include <sys/socket.h>`
			`#if !defined(AIX) && !defined(SOLARIS)`
			`#include <vfork.h>`
			`#endif`
			`#include <malloc.h>`
			`#include <search.h>`
			`#include <memory.h>`
			`#include <string.h>`
			`#include <limits.h>`
			`#include <sys/stat.h>`
			`#include "typedef.h"`
			`#include "db_files.h"`
			`#include "host_db.h"`
			`#include "header.h"`
			`#include "error.h"`
			`#include "archie_strings.h"`
			`#include "files.h"`
			`#include "master.h"`
			`#include "protos.h"`
			`#include "db_ops.h"`

			`/* This performs a simple ACL based on ip addresses */`

			`typedef struct {`
			`int ip[4]; /* Composes the ip address a.b.c.d */`
			`} ip_t;`


			`#define DIRSRV_ACL_FILE "dirsrv.acl"`
			`#define DIRSRV_ACL_MESSAGE_FILE "dirsrv.acl.mesg"`

			`#define DIRSRV_ACL_MESSAGE_DEFAULT "Access to this server is restricted"`

			`static ip_t *acl_list = NULL;`
			`static int acl_list_num = 0;`
			`static int acl_list_max = 0;`
			`static int acl_not_present = 0;`

			`static char acl_err_mesg[100];`


			`#define IP_STAR 257`

			`extern int errno;`



			`static int qcompare_ip(a,b)`
			`ip_t a, b;`
			`{`
			`if ( a->ip[0] != b->ip[0] )`
			`return a->ip[0]- b->ip[0];`

			`if ( a->ip[1] != b->ip[1] )`
			`return a->ip[1]- b->ip[1];`

			`if ( a->ip[2] != b->ip[2] )`
			`return a->ip[2]- b->ip[2];`

			`return a->ip[3]- b->ip[3];`

			`}`


			`static int compare_ip(a,b) /* Assuming that can contain * */`
			`ip_t a, b;`
			`{`
			`if ( b->ip[0] == IP_STAR )`
			`return 0;`

			`if ( a->ip[0] != b->ip[0] )`
			`return a->ip[0]- b->ip[0];`

			`if ( b->ip[1] == IP_STAR )`
			`return 0;`

			`if ( a->ip[1] != b->ip[1] )`
			`return a->ip[1]- b->ip[1];`

			`if ( b->ip[2] == IP_STAR )`
			`return 0;`

			`if ( a->ip[2] != b->ip[2] )`
			`return a->ip[2]- b->ip[2];`

			`if ( b->ip[3] == IP_STAR )`
			`return 0;`

			`return a->ip[3]- b->ip[3];`

			`}`

			`static int file_proc(ft,name,present)`
			`file_info_t *ft;`
			`char *name;`
			`int *present;`
			`{`
			`struct stat st;`
			`*present = 1;`
			`if ( ft == NULL ) {`
			`error(A_ERR,"file_proc", "Unable to create ft file pointer");`
			`return 0;`
			`}`

			`sprintf(ft->filename,"%s/%s/%s",get_archie_home(),DEFAULT_ETC_DIR,name);`
			`if ( stat(ft->filename,&st) == -1 ) {`
			`if ( errno == ENOENT ) {`
			`*present = 0;`
			`return 0;`
			`}`
			`error(A_ERR,"file_proc","Error finding ft: %s, errno = %d",ft->filename,errno);`
			`return 0;`
			`}`

			`if ( open_file(ft, O_RDONLY) == ERROR ) {`
			`error(A_ERR,"file_proc", "Error opening acl file: %s",ft->filename);`
			`return 0;`
			`}`

			`return 1;`
			`}`



			`static void read_acl_message()`
			`{`
			`char buff[100];`
			`int i;`

			`file_info_t *acl_mesg = create_finfo();`

			`strcpy(acl_err_mesg, DIRSRV_ACL_MESSAGE_DEFAULT);`

			`if ( file_proc(acl_mesg,DIRSRV_ACL_MESSAGE_FILE,&i) ) {`
			`if ( fgets(buff,99,acl_mesg->fp_or_dbm.fp) != NULL ) {`
			`*(strrchr(buff,'\n')) = '\0';`
			`strcpy(acl_err_mesg,buff);`
			`}`
			`close_file(acl_mesg);`
			`destroy_finfo(acl_mesg);`
			`}`
			`}`




			`int read_acl_file()`
			`{`
			`char buff[100];`
			`int i,j;`
			`char **av;`
			`file_info_t *acl_file = create_finfo();`

			`if (! file_proc(acl_file,DIRSRV_ACL_FILE,&j) ) {`
			`if ( j == 0 ) {`
			`acl_not_present = 1;`
			`destroy_finfo(acl_file);`
			`return 1;`
			`}`
			`destroy_finfo(acl_file);`
			`return 0;`
			`}`

			`/* Count the number of items */`
			`fseek(acl_file->fp_or_dbm.fp, 0L ,0);`
			`i = 0;`
			`while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {`
			`i++;`
			`}`

			`if ( i == 0 ) {`
			`error(A_INFO,"read_acl_file","ACL file is empty");`
			`acl_not_present = 1;`
			`destroy_finfo(acl_file);`
			`return 1;`
			`}`

			`if ( acl_list_max == 0 ) { /* New */`
			`acl_list_max = i+10;`
			`acl_list = (ip_t)malloc(sizeof(ip_t)acl_list_max);`
			`if ( acl_list == NULL ) {`
			`error(A_ERR,"read_acl_file","Unable to allocate memory");`
			`destroy_finfo(acl_file);`
			`return 0;`
			`}`
			`}`
			`else {`
			`ip_t *tmp;`
			`if ( acl_list_max <= i ) {`
			`acl_list_max = i+10;`
			`tmp = (ip_t)realloc(acl_list, sizeof(ip_t)acl_list_max);`
			`if ( tmp == NULL ) {`
			`error(A_ERR,"read_acl_file", "Unable to expand allocated memory");`
			`}`
			`acl_list = tmp;`
			`}`
			`}`

			`acl_list_num = 0;`

			`fseek(acl_file->fp_or_dbm.fp, 0L ,0);`
			`while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {`
			`av = str_sep(buff,'.');`
			`if ( av == NULL ) {`
			`error(A_ERR,"read_acl_file", "Unable to decompose string: %s",buff);`
			`}`
			`for ( i = 0; i < 4; i++ ) {`
			`if ( av[i] == NULL\|\| av[i][0] == '*' ) {`
			`break;`
			`}`
			`acl_list[acl_list_num].ip[i] = atoi(av[i]);`
			`}`
			`for ( ; i < 4; i++ ) {`
			`acl_list[acl_list_num].ip[i] = IP_STAR;`
			`}`
			`acl_list_num++;`
			`}`

			`close_file(acl_file);`

			`qsort(acl_list,acl_list_num, sizeof(ip_t),qcompare_ip);`

			`read_acl_message();`

			`destroy_finfo(acl_file);`
			`return 1;`
			`}`


			`int verify_acl_list(from)`
			`struct sockaddr_in *from;`
			`{`
			`ip_t ip;`
			`int i;`
			`char **av;`
			`char *ip_addr;`


			`if ( acl_not_present )`
			`return 1;`

			`if ( acl_list == NULL ) {`
			`if (!read_acl_file() )`
			`return 0;`
			`if ( acl_not_present )`
			`return 1;`
			`}`


			`ip_addr = inet_ntoa(from->sin_addr);`
			`printf("%s\n",ip_addr);`
			`/* decompose address */`
			`av = str_sep(ip_addr,'.');`
			`if ( av == NULL ) {`
			`error(A_ERR,"verify_acl_list","Unable to decompsoe ip address: %s. Accepting",ip_addr);`
			`return 1;`
			`}`

			`ip.ip[0] = atoi(av[0]);`
			`ip.ip[1] = atoi(av[1]);`
			`ip.ip[2] = atoi(av[2]);`
			`ip.ip[3] = atoi(av[3]);`


			`if ( ip.ip[0] == 127 && ip.ip[1] == 0 && ip.ip[2] == 0 && ip.ip[3] == 1 ) {`
			`free_opts(av);`
			`return 1;`
			`}`


			`for ( i = 0; i < acl_list_num; i++ ) {`
			`int ret;`

			`ret = compare_ip(&ip, &acl_list[i]);`
			`if ( ret == 0 ){`
			`free_opts(av);`
			`return 1;`
			`}`

			`if ( ret < 0 ) {`
			`free_opts(av);`
			`return 0;`
			`}`
			`}`
			`free_opts(av);`
			`return 0;`
			`}`

			`char *acl_message()`
			`{`
			`return acl_err_mesg;`
			`}`

			`#if 0`
			`char *prog;`

			`int main(argc,argv)`
			`int argc;`
			`char **argv;`
			`{`
			`char buff[100];`
			`struct sockaddr_in from;`

			`prog = argv[0];`
			`while ( fgets(buff,99,stdin) != NULL ) {`
			`*(strrchr(buff,'\n')) = '\0';`
			`printf("Checking %s, ",buff);`

			`from.sin_addr.s_addr = inet_addr(buff);`

			`if ( verify_acl_list(&from) )`
			`printf("Ok\n");`
			`else`
			`printf("No:%s\n",acl_message());`
			`}`
			`return 0;`
			`}`
			`#endif`