1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * From	"tsol_tndb_parser.c	7.24	01/09/05 SMI; TSOL 2.x"
26  *
27  * These functions parse entries in the "tnrhtp" (remote host template) file.
28  * Each entry in this file has two fields, separated by a colon.  The first
29  * field is the template name.  The second is a list of "key=value" attributes,
30  * separated by semicolons.
31  *
32  * In order to help preserve sanity, we do not allow more than one unescaped
33  * colon in a line, nor any unescaped '=' or ';' characters in the template
34  * name.  Such things are indicative of typing errors, not intentional
35  * configuration.
36  */
37 
38 #include <stdio.h>
39 #include <ctype.h>
40 #include <stdlib.h>
41 #include <stddef.h>
42 #include <string.h>
43 #include <strings.h>
44 #include <libtsnet.h>
45 #include <tsol/label.h>
46 #include <sys/tsol/label_macro.h>
47 #include <sys/types.h>
48 #include <nss.h>
49 #include <secdb.h>
50 #include <errno.h>
51 
52 static int
get_tn_doi(tsol_tpent_t * tpentp,kva_t * kv)53 get_tn_doi(tsol_tpent_t *tpentp, kva_t *kv)
54 {
55 	char	*cp;
56 	char	*val = NULL;
57 
58 	val = kva_match(kv, TP_DOI);
59 	if (val == NULL)
60 		return (LTSNET_NO_DOI);
61 
62 	errno = 0;
63 	tpentp->tp_doi = strtol(val, &cp, 0);
64 	if (errno != 0)
65 		return (LTSNET_SYSERR);
66 	if (*cp != '\0')
67 		return (LTSNET_ILL_DOI);
68 
69 	return (0);
70 }
71 
72 static int
get_tn_sl_range(brange_t * range,char * min,char * max)73 get_tn_sl_range(brange_t *range, char *min, char *max)
74 {
75 	m_label_t	*slp;
76 
77 	if (min == NULL && max == NULL)
78 		return (LTSNET_NO_RANGE);
79 	if (min == NULL)
80 		return (LTSNET_NO_LOWERBOUND);
81 	if (max == NULL)
82 		return (LTSNET_NO_UPPERBOUND);
83 
84 	slp = &range->lower_bound;
85 	if (str_to_label(min, &slp, MAC_LABEL, L_NO_CORRECTION, NULL) != 0)
86 		return (LTSNET_ILL_LOWERBOUND);
87 	slp = &range->upper_bound;
88 	if (str_to_label(max, &slp, MAC_LABEL, L_NO_CORRECTION, NULL) != 0)
89 		return (LTSNET_ILL_UPPERBOUND);
90 	if (!bldominates(&range->upper_bound, &range->lower_bound))
91 		return (LTSNET_ILL_RANGE);
92 
93 	return (0);
94 }
95 
96 static int
get_tn_sl_set(blset_t * labelset,char * setstr)97 get_tn_sl_set(blset_t *labelset, char *setstr)
98 {
99 	int		sc;
100 	char		*tokp, *finally;
101 	m_label_t	*labels, *slp;
102 
103 	(void) memset(labelset, 0, sizeof (blset_t));
104 	labels = (m_label_t *)labelset;
105 	tokp = strtok_r(setstr, TNDB_COMMA, &finally);
106 	for (sc = 0; tokp != NULL && sc < NSLS_MAX; sc++) {
107 		slp = &labels[sc];
108 		if (str_to_label(tokp, &slp, MAC_LABEL, L_NO_CORRECTION,
109 		    NULL) != 0)
110 			return (LTSNET_ILL_LABEL);
111 		tokp = strtok_r(NULL, TNDB_COMMA, &finally);
112 	}
113 	if (tokp != NULL && sc >= NSLS_MAX)
114 		return (LTSNET_SET_TOO_BIG);
115 
116 	return (0);
117 }
118 
119 static int
parse_remainder(tsol_tpent_t * tpentp,kva_t * kv)120 parse_remainder(tsol_tpent_t *tpentp, kva_t *kv)
121 {
122 	int	err = 0;
123 	char	*val = NULL;
124 	char	*val2 = NULL;
125 
126 	val = kva_match(kv, TP_HOSTTYPE);
127 
128 	if (val == NULL)
129 		return (LTSNET_NO_HOSTTYPE);
130 	if (strcasecmp(val, TP_UNLABELED) == 0)
131 		tpentp->host_type = UNLABELED;
132 	else if (strcasecmp(val, TP_CIPSO) == 0)
133 		tpentp->host_type = SUN_CIPSO;
134 	else
135 		return (LTSNET_ILL_HOSTTYPE);
136 
137 	/*
138 	 * parse fields by host type -
139 	 * add on to the following if statement for each new host type.
140 	 */
141 	if (tpentp->host_type == UNLABELED) {
142 		m_label_t	*slp;
143 
144 		tpentp->tp_mask_unl = 0;
145 		/*
146 		 * doi
147 		 */
148 		if ((err = get_tn_doi(tpentp, kv)) != 0)
149 			return (err);
150 		tpentp->tp_mask_unl |= TSOL_MSK_CIPSO_DOI;
151 		/*
152 		 * default label
153 		 */
154 		val = kva_match(kv, TP_DEFLABEL);
155 		if (val == NULL)
156 			return (LTSNET_NO_LABEL);
157 		slp = &tpentp->tp_def_label;
158 		if (str_to_label(val, &slp, MAC_LABEL, L_NO_CORRECTION,
159 		    NULL) != 0)
160 			return (LTSNET_ILL_LABEL);
161 		tpentp->tp_mask_unl |= TSOL_MSK_DEF_LABEL;
162 		/*
163 		 * check label range
164 		 */
165 		val = kva_match(kv, TP_MINLABEL);
166 		val2 = kva_match(kv, TP_MAXLABEL);
167 		if (val == NULL && val2 == NULL) {
168 			m_label_t	*llow = NULL;
169 			/*
170 			 * This is the old format.  Use ADMIN_LOW to SL of the
171 			 * default label as the gw_sl_range.
172 			 */
173 			if (str_to_label(ADMIN_LOW, &llow, MAC_LABEL,
174 			    L_NO_CORRECTION, NULL) == -1)
175 				return (LTSNET_ILL_LABEL);
176 			tpentp->tp_gw_sl_range.lower_bound = *llow;
177 			m_label_free(llow);
178 			tpentp->tp_gw_sl_range.upper_bound =
179 			    tpentp->tp_def_label;
180 		} else {
181 			err = get_tn_sl_range(&tpentp->tp_gw_sl_range, val,
182 			    val2);
183 			if (err != 0)
184 				return (err);
185 		}
186 		tpentp->tp_mask_unl |= TSOL_MSK_SL_RANGE_TSOL;
187 
188 		/*
189 		 * also label set, if present.  (optional)
190 		 */
191 		val = kva_match(kv, TP_SET);
192 		if (val != NULL) {
193 			err = get_tn_sl_set(&tpentp->tp_gw_sl_set, val);
194 			if (err != 0)
195 				return (err);
196 			tpentp->tp_mask_cipso |= TSOL_MSK_SL_RANGE_TSOL;
197 		}
198 	} else {
199 		tpentp->tp_mask_cipso = 0;
200 		/*
201 		 * doi
202 		 */
203 		if ((err = get_tn_doi(tpentp, kv)) != 0)
204 			return (err);
205 		tpentp->tp_mask_cipso |= TSOL_MSK_CIPSO_DOI;
206 		/*
207 		 * label range
208 		 */
209 		val = kva_match(kv, TP_MINLABEL);
210 		val2 = kva_match(kv, TP_MAXLABEL);
211 		err = get_tn_sl_range(&tpentp->tp_sl_range_cipso, val, val2);
212 		if (err != 0)
213 			return (err);
214 		tpentp->tp_mask_cipso |= TSOL_MSK_SL_RANGE_TSOL;
215 		/*
216 		 * also label set, if present.  (optional)
217 		 */
218 		val = kva_match(kv, TP_SET);
219 		if (val != NULL) {
220 			err = get_tn_sl_set(&tpentp->tp_sl_set_cipso, val);
221 			if (err != 0)
222 				return (err);
223 			tpentp->tp_mask_cipso |= TSOL_MSK_SL_RANGE_TSOL;
224 		}
225 
226 		/* CIPSO entries don't support default labels */
227 		val = kva_match(kv, TP_DEFLABEL);
228 		if (val != NULL)
229 			return (LTSNET_BAD_TYPE);
230 	}
231 
232 	return (0);
233 }
234 
235 tsol_tpent_t *
tpstr_to_ent(tsol_tpstr_t * tpstrp,int * errp,char ** errstrp)236 tpstr_to_ent(tsol_tpstr_t *tpstrp, int *errp, char **errstrp)
237 {
238 	int		err = 0;
239 	char		*errstr;
240 	char		*template = tpstrp->template;
241 	char		*attrs = tpstrp->attrs;
242 	kva_t		*kv;
243 	tsol_tpent_t	*tpentp = NULL;
244 
245 	/*
246 	 * The user can specify NULL pointers for these.  Make sure that we
247 	 * don't have to deal with checking for NULL everywhere by just
248 	 * pointing to our own variables if the user gives NULL.
249 	 */
250 	if (errp == NULL)
251 		errp = &err;
252 	if (errstrp == NULL)
253 		errstrp = &errstr;
254 	/* The default, unless we find a more specific error locus. */
255 	*errstrp = template;
256 
257 	if (template == NULL || *template == '#' || *template == '\n') {
258 		*errp = LTSNET_EMPTY;
259 		if (attrs && *attrs != '\0' && *attrs != '#' && *attrs != '\n')
260 			*errstrp = attrs;
261 		else if (template == NULL)
262 			*errstrp = "   ";
263 		goto err_ret;
264 	}
265 	if (*template == '\0') {
266 		*errp = LTSNET_NO_NAME;
267 		if (attrs && *attrs != '\0' && *attrs != '#' && *attrs != '\n')
268 			*errstrp = attrs;
269 		goto err_ret;
270 	}
271 	if (attrs == NULL || *attrs == '\0' || *attrs == '#' ||
272 	    *attrs == '\n') {
273 		*errp = LTSNET_NO_ATTRS;
274 		goto err_ret;
275 	}
276 	if ((tpentp = calloc(1, sizeof (*tpentp))) == NULL) {
277 		*errp = LTSNET_SYSERR;
278 		return (NULL);
279 	}
280 	if ((strlcpy(tpentp->name, template, sizeof (tpentp->name)) >=
281 	    sizeof (tpentp->name)) ||
282 	    strpbrk(tpentp->name, TN_RESERVED) != NULL) {
283 		*errp = LTSNET_ILL_NAME;
284 		goto err_ret;
285 	}
286 	kv = _str2kva(attrs, KV_ASSIGN, KV_DELIMITER);
287 	*errp = parse_remainder(tpentp, kv);
288 	_kva_free(kv);
289 	if (*errp == 0) {
290 #ifdef	DEBUG
291 		(void) fprintf(stdout, "tpstr_to_ent: %s:%s\n", tpentp->name,
292 		    attrs);
293 #endif	/* DEBUG */
294 
295 		return (tpentp);
296 	}
297 
298 err_ret:
299 	err = errno;
300 	tsol_freetpent(tpentp);
301 	errno = err;
302 #ifdef	DEBUG
303 	(void) fprintf(stderr, "\ntpstr_to_ent: %s:%s\n",
304 	    *errstrp, (char *)tsol_strerror(*errp, errno));
305 #endif	/* DEBUG */
306 
307 	return (NULL);
308 }
309 
310 void
tsol_freetpent(tsol_tpent_t * tp)311 tsol_freetpent(tsol_tpent_t *tp)
312 {
313 	if (tp != NULL)
314 		free(tp);
315 }
316