archie/prospero/lib/ardp/restrict.c
2024-05-27 16:13:40 +02:00

325 lines
6.1 KiB
C

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/socket.h>
#if !defined(AIX) && !defined(SOLARIS)
#include <vfork.h>
#endif
#include <malloc.h>
#include <search.h>
#include <memory.h>
#include <string.h>
#include <limits.h>
#include <sys/stat.h>
#include "typedef.h"
#include "db_files.h"
#include "host_db.h"
#include "header.h"
#include "error.h"
#include "archie_strings.h"
#include "files.h"
#include "master.h"
#include "protos.h"
#include "db_ops.h"
/* This performs a simple ACL based on ip addresses */
typedef struct {
int ip[4]; /* Composes the ip address a.b.c.d */
} ip_t;
#define DIRSRV_ACL_FILE "dirsrv.acl"
#define DIRSRV_ACL_MESSAGE_FILE "dirsrv.acl.mesg"
#define DIRSRV_ACL_MESSAGE_DEFAULT "Access to this server is restricted"
static ip_t *acl_list = NULL;
static int acl_list_num = 0;
static int acl_list_max = 0;
static int acl_not_present = 0;
static char acl_err_mesg[100];
#define IP_STAR 257
extern int errno;
static int qcompare_ip(a,b)
ip_t *a, *b;
{
if ( a->ip[0] != b->ip[0] )
return a->ip[0]- b->ip[0];
if ( a->ip[1] != b->ip[1] )
return a->ip[1]- b->ip[1];
if ( a->ip[2] != b->ip[2] )
return a->ip[2]- b->ip[2];
return a->ip[3]- b->ip[3];
}
static int compare_ip(a,b) /* Assuming that can contain * */
ip_t *a, *b;
{
if ( b->ip[0] == IP_STAR )
return 0;
if ( a->ip[0] != b->ip[0] )
return a->ip[0]- b->ip[0];
if ( b->ip[1] == IP_STAR )
return 0;
if ( a->ip[1] != b->ip[1] )
return a->ip[1]- b->ip[1];
if ( b->ip[2] == IP_STAR )
return 0;
if ( a->ip[2] != b->ip[2] )
return a->ip[2]- b->ip[2];
if ( b->ip[3] == IP_STAR )
return 0;
return a->ip[3]- b->ip[3];
}
static int file_proc(ft,name,present)
file_info_t *ft;
char *name;
int *present;
{
struct stat st;
*present = 1;
if ( ft == NULL ) {
error(A_ERR,"file_proc", "Unable to create ft file pointer");
return 0;
}
sprintf(ft->filename,"%s/%s/%s",get_archie_home(),DEFAULT_ETC_DIR,name);
if ( stat(ft->filename,&st) == -1 ) {
if ( errno == ENOENT ) {
*present = 0;
return 0;
}
error(A_ERR,"file_proc","Error finding ft: %s, errno = %d",ft->filename,errno);
return 0;
}
if ( open_file(ft, O_RDONLY) == ERROR ) {
error(A_ERR,"file_proc", "Error opening acl file: %s",ft->filename);
return 0;
}
return 1;
}
static void read_acl_message()
{
char buff[100];
int i;
file_info_t *acl_mesg = create_finfo();
strcpy(acl_err_mesg, DIRSRV_ACL_MESSAGE_DEFAULT);
if ( file_proc(acl_mesg,DIRSRV_ACL_MESSAGE_FILE,&i) ) {
if ( fgets(buff,99,acl_mesg->fp_or_dbm.fp) != NULL ) {
*(strrchr(buff,'\n')) = '\0';
strcpy(acl_err_mesg,buff);
}
close_file(acl_mesg);
destroy_finfo(acl_mesg);
}
}
int read_acl_file()
{
char buff[100];
int i,j;
char **av;
file_info_t *acl_file = create_finfo();
if (! file_proc(acl_file,DIRSRV_ACL_FILE,&j) ) {
if ( j == 0 ) {
acl_not_present = 1;
destroy_finfo(acl_file);
return 1;
}
destroy_finfo(acl_file);
return 0;
}
/* Count the number of items */
fseek(acl_file->fp_or_dbm.fp, 0L ,0);
i = 0;
while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {
i++;
}
if ( i == 0 ) {
error(A_INFO,"read_acl_file","ACL file is empty");
acl_not_present = 1;
destroy_finfo(acl_file);
return 1;
}
if ( acl_list_max == 0 ) { /* New */
acl_list_max = i+10;
acl_list = (ip_t*)malloc(sizeof(ip_t)*acl_list_max);
if ( acl_list == NULL ) {
error(A_ERR,"read_acl_file","Unable to allocate memory");
destroy_finfo(acl_file);
return 0;
}
}
else {
ip_t *tmp;
if ( acl_list_max <= i ) {
acl_list_max = i+10;
tmp = (ip_t*)realloc(acl_list, sizeof(ip_t)*acl_list_max);
if ( tmp == NULL ) {
error(A_ERR,"read_acl_file", "Unable to expand allocated memory");
}
acl_list = tmp;
}
}
acl_list_num = 0;
fseek(acl_file->fp_or_dbm.fp, 0L ,0);
while (fgets(buff,99,acl_file->fp_or_dbm.fp) != NULL ) {
av = str_sep(buff,'.');
if ( av == NULL ) {
error(A_ERR,"read_acl_file", "Unable to decompose string: %s",buff);
}
for ( i = 0; i < 4; i++ ) {
if ( av[i] == NULL|| av[i][0] == '*' ) {
break;
}
acl_list[acl_list_num].ip[i] = atoi(av[i]);
}
for ( ; i < 4; i++ ) {
acl_list[acl_list_num].ip[i] = IP_STAR;
}
acl_list_num++;
}
close_file(acl_file);
qsort(acl_list,acl_list_num, sizeof(ip_t),qcompare_ip);
read_acl_message();
destroy_finfo(acl_file);
return 1;
}
int verify_acl_list(from)
struct sockaddr_in *from;
{
ip_t ip;
int i;
char **av;
char *ip_addr;
if ( acl_not_present )
return 1;
if ( acl_list == NULL ) {
if (!read_acl_file() )
return 0;
if ( acl_not_present )
return 1;
}
ip_addr = inet_ntoa(from->sin_addr);
printf("%s\n",ip_addr);
/* decompose address */
av = str_sep(ip_addr,'.');
if ( av == NULL ) {
error(A_ERR,"verify_acl_list","Unable to decompsoe ip address: %s. Accepting",ip_addr);
return 1;
}
ip.ip[0] = atoi(av[0]);
ip.ip[1] = atoi(av[1]);
ip.ip[2] = atoi(av[2]);
ip.ip[3] = atoi(av[3]);
if ( ip.ip[0] == 127 && ip.ip[1] == 0 && ip.ip[2] == 0 && ip.ip[3] == 1 ) {
free_opts(av);
return 1;
}
for ( i = 0; i < acl_list_num; i++ ) {
int ret;
ret = compare_ip(&ip, &acl_list[i]);
if ( ret == 0 ){
free_opts(av);
return 1;
}
if ( ret < 0 ) {
free_opts(av);
return 0;
}
}
free_opts(av);
return 0;
}
char *acl_message()
{
return acl_err_mesg;
}
#if 0
char *prog;
int main(argc,argv)
int argc;
char **argv;
{
char buff[100];
struct sockaddr_in from;
prog = argv[0];
while ( fgets(buff,99,stdin) != NULL ) {
*(strrchr(buff,'\n')) = '\0';
printf("Checking %s, ",buff);
from.sin_addr.s_addr = inet_addr(buff);
if ( verify_acl_list(&from) )
printf("Ok\n");
else
printf("No:%s\n",acl_message());
}
return 0;
}
#endif