faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

client: replace allow/deny parser

Browse source 
Use the new cmdparse function for parsing the (cmd)allow/deny commands
and refactor the code a bit to reduce the number of functions needed for
all the (cmd)allow/deny(all) combinations.
This commit is contained in:
Miroslav Lichvar 2021-09-22 17:06:38 +02:00
parent f5fe5452f6
commit 5e6f8458ff
2 changed files with 18 additions and 188 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

202
client.c
View file

@ -779,182 +779,25 @@ process_cmd_manual(CMD_Request *msg, const char *line)
/* ================================================== */
static int
parse_allow_deny(CMD_Request *msg, char *line)
process_cmd_allowdeny(CMD_Request *msg, char *line, int cmd, int allcmd)
{
unsigned long a, b, c, d;
int n, specified_subnet_bits;
int all, subnet_bits;
IPAddr ip;
char *p;
p = line;
if (!*p) {
/* blank line - applies to all addresses */
ip.family = IPADDR_UNSPEC;
UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip);
msg->data.allow_deny.subnet_bits = htonl(0);
} else {
char *slashpos;
slashpos = strchr(p, '/');
if (slashpos) *slashpos = 0;
n = 0;
if (!UTI_StringToIP(p, &ip) &&
(n = sscanf(p, "%lu.%lu.%lu.%lu", &a, &b, &c, &d)) <= 0) {
/* Try to parse as the name of a machine */
if (slashpos || DNS_Name2IPAddress(p, &ip, 1) != DNS_Success) {
LOG(LOGS_ERR, "Could not read address");
return 0;
} else {
UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip);
if (ip.family == IPADDR_INET6)
msg->data.allow_deny.subnet_bits = htonl(128);
else
msg->data.allow_deny.subnet_bits = htonl(32);
}
} else {
if (n == 0) {
if (ip.family == IPADDR_INET6)
msg->data.allow_deny.subnet_bits = htonl(128);
else
msg->data.allow_deny.subnet_bits = htonl(32);
} else {
ip.family = IPADDR_INET4;
a &= 0xff;
b &= 0xff;
c &= 0xff;
d &= 0xff;
switch (n) {
case 1:
ip.addr.in4 = htonl((a<<24));
msg->data.allow_deny.subnet_bits = htonl(8);
break;
case 2:
ip.addr.in4 = htonl((a<<24) | (b<<16));
msg->data.allow_deny.subnet_bits = htonl(16);
break;
case 3:
ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8));
msg->data.allow_deny.subnet_bits = htonl(24);
break;
case 4:
ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8) | d);
msg->data.allow_deny.subnet_bits = htonl(32);
break;
default:
assert(0);
}
}
UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip);
if (slashpos) {
n = sscanf(slashpos+1, "%d", &specified_subnet_bits);
if (n == 1) {
msg->data.allow_deny.subnet_bits = htonl(specified_subnet_bits);
} else {
LOG(LOGS_WARN, "Warning: badly formatted subnet size, using %d",
(int)ntohl(msg->data.allow_deny.subnet_bits));
}
}
}
if (!CPS_ParseAllowDeny(line, &all, &ip, &subnet_bits)) {
LOG(LOGS_ERR, "Could not read address");
return 0;
}
msg->command = htons(all ? allcmd : cmd);
UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip);
msg->data.allow_deny.subnet_bits = htonl(subnet_bits);
return 1;
}
/* ================================================== */
static int
process_cmd_allow(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_ALLOW);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_allowall(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_ALLOWALL);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_deny(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_DENY);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_denyall(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_DENYALL);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_cmdallow(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_CMDALLOW);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_cmdallowall(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_CMDALLOWALL);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_cmddeny(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_CMDDENY);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_cmddenyall(CMD_Request *msg, char *line)
{
int status;
msg->command = htons(REQ_CMDDENYALL);
status = parse_allow_deny(msg, line);
return status;
}
/* ================================================== */
static int
process_cmd_accheck(CMD_Request *msg, char *line)
{
@ -3232,11 +3075,7 @@ process_line(char *line)
} else if (!strcmp(command, "add")) {
do_normal_submit = process_cmd_add_source(&tx_message, line);
} else if (!strcmp(command, "allow")) {
if (!strncmp(line, "all", 3)) {
do_normal_submit = process_cmd_allowall(&tx_message, CPS_SplitWord(line));
} else {
do_normal_submit = process_cmd_allow(&tx_message, line);
}
do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_ALLOW, REQ_ALLOWALL);
} else if (!strcmp(command, "authdata")) {
do_normal_submit = 0;
ret = process_cmd_authdata(line);
@ -3248,28 +3087,15 @@ process_line(char *line)
} else if (!strcmp(command, "cmdaccheck")) {
do_normal_submit = process_cmd_cmdaccheck(&tx_message, line);
} else if (!strcmp(command, "cmdallow")) {
if (!strncmp(line, "all", 3)) {
do_normal_submit = process_cmd_cmdallowall(&tx_message, CPS_SplitWord(line));
} else {
do_normal_submit = process_cmd_cmdallow(&tx_message, line);
}
do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_CMDALLOW, REQ_CMDALLOWALL);
} else if (!strcmp(command, "cmddeny")) {
if (!strncmp(line, "all", 3)) {
line = CPS_SplitWord(line);
do_normal_submit = process_cmd_cmddenyall(&tx_message, line);
} else {
do_normal_submit = process_cmd_cmddeny(&tx_message, line);
}
do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_CMDDENY, REQ_CMDDENYALL);
} else if (!strcmp(command, "cyclelogs")) {
process_cmd_cyclelogs(&tx_message, line);
} else if (!strcmp(command, "delete")) {
do_normal_submit = process_cmd_delete(&tx_message, line);
} else if (!strcmp(command, "deny")) {
if (!strncmp(line, "all", 3)) {
do_normal_submit = process_cmd_denyall(&tx_message, CPS_SplitWord(line));
} else {
do_normal_submit = process_cmd_deny(&tx_message, line);
}
do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_DENY, REQ_DENYALL);
} else if (!strcmp(command, "dfreq")) {
do_normal_submit = process_cmd_dfreq(&tx_message, line);
} else if (!strcmp(command, "dns")) {

4
test/simulation/110-chronyc
View file

@ -399,6 +399,10 @@ noclientlog"
commands=(
"add server nosuchnode.net1.clk" "^Invalid host/IP address$"
"allow nosuchnode.net1.clk" "^Could not read address$"
"allow 192.168.123.0/2 4" "^Could not read address$"
"allow 192.168.123.0/2e" "^Could not read address$"
"allow 192.168.12e" "^Could not read address$"
"allow 192.168123" "^Could not read address$"
"allow 192.168.123.2/33" "^507 Bad subnet$"
"clients" "Hostname.*519 Client logging is not active in the daemon$"
"delete 192.168.123.2" "^503 No such source$"