diff --git a/client.c b/client.c index cc179c6..4180ac5 100644 --- a/client.c +++ b/client.c @@ -779,182 +779,25 @@ process_cmd_manual(CMD_Request *msg, const char *line) /* ================================================== */ static int -parse_allow_deny(CMD_Request *msg, char *line) +process_cmd_allowdeny(CMD_Request *msg, char *line, int cmd, int allcmd) { - unsigned long a, b, c, d; - int n, specified_subnet_bits; + int all, subnet_bits; IPAddr ip; - char *p; - p = line; - if (!*p) { - /* blank line - applies to all addresses */ - ip.family = IPADDR_UNSPEC; - UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); - msg->data.allow_deny.subnet_bits = htonl(0); - } else { - char *slashpos; - slashpos = strchr(p, '/'); - if (slashpos) *slashpos = 0; - - n = 0; - if (!UTI_StringToIP(p, &ip) && - (n = sscanf(p, "%lu.%lu.%lu.%lu", &a, &b, &c, &d)) <= 0) { - - /* Try to parse as the name of a machine */ - if (slashpos || DNS_Name2IPAddress(p, &ip, 1) != DNS_Success) { - LOG(LOGS_ERR, "Could not read address"); - return 0; - } else { - UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); - if (ip.family == IPADDR_INET6) - msg->data.allow_deny.subnet_bits = htonl(128); - else - msg->data.allow_deny.subnet_bits = htonl(32); - } - } else { - - if (n == 0) { - if (ip.family == IPADDR_INET6) - msg->data.allow_deny.subnet_bits = htonl(128); - else - msg->data.allow_deny.subnet_bits = htonl(32); - } else { - ip.family = IPADDR_INET4; - - a &= 0xff; - b &= 0xff; - c &= 0xff; - d &= 0xff; - - switch (n) { - case 1: - ip.addr.in4 = htonl((a<<24)); - msg->data.allow_deny.subnet_bits = htonl(8); - break; - case 2: - ip.addr.in4 = htonl((a<<24) | (b<<16)); - msg->data.allow_deny.subnet_bits = htonl(16); - break; - case 3: - ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8)); - msg->data.allow_deny.subnet_bits = htonl(24); - break; - case 4: - ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8) | d); - msg->data.allow_deny.subnet_bits = htonl(32); - break; - default: - assert(0); - } - } - - UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); - - if (slashpos) { - n = sscanf(slashpos+1, "%d", &specified_subnet_bits); - if (n == 1) { - msg->data.allow_deny.subnet_bits = htonl(specified_subnet_bits); - } else { - LOG(LOGS_WARN, "Warning: badly formatted subnet size, using %d", - (int)ntohl(msg->data.allow_deny.subnet_bits)); - } - } - } + if (!CPS_ParseAllowDeny(line, &all, &ip, &subnet_bits)) { + LOG(LOGS_ERR, "Could not read address"); + return 0; } + + msg->command = htons(all ? allcmd : cmd); + UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); + msg->data.allow_deny.subnet_bits = htonl(subnet_bits); + return 1; } /* ================================================== */ -static int -process_cmd_allow(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_ALLOW); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_allowall(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_ALLOWALL); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_deny(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_DENY); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_denyall(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_DENYALL); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_cmdallow(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_CMDALLOW); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_cmdallowall(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_CMDALLOWALL); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_cmddeny(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_CMDDENY); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - -static int -process_cmd_cmddenyall(CMD_Request *msg, char *line) -{ - int status; - msg->command = htons(REQ_CMDDENYALL); - status = parse_allow_deny(msg, line); - return status; -} - -/* ================================================== */ - static int process_cmd_accheck(CMD_Request *msg, char *line) { @@ -3232,11 +3075,7 @@ process_line(char *line) } else if (!strcmp(command, "add")) { do_normal_submit = process_cmd_add_source(&tx_message, line); } else if (!strcmp(command, "allow")) { - if (!strncmp(line, "all", 3)) { - do_normal_submit = process_cmd_allowall(&tx_message, CPS_SplitWord(line)); - } else { - do_normal_submit = process_cmd_allow(&tx_message, line); - } + do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_ALLOW, REQ_ALLOWALL); } else if (!strcmp(command, "authdata")) { do_normal_submit = 0; ret = process_cmd_authdata(line); @@ -3248,28 +3087,15 @@ process_line(char *line) } else if (!strcmp(command, "cmdaccheck")) { do_normal_submit = process_cmd_cmdaccheck(&tx_message, line); } else if (!strcmp(command, "cmdallow")) { - if (!strncmp(line, "all", 3)) { - do_normal_submit = process_cmd_cmdallowall(&tx_message, CPS_SplitWord(line)); - } else { - do_normal_submit = process_cmd_cmdallow(&tx_message, line); - } + do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_CMDALLOW, REQ_CMDALLOWALL); } else if (!strcmp(command, "cmddeny")) { - if (!strncmp(line, "all", 3)) { - line = CPS_SplitWord(line); - do_normal_submit = process_cmd_cmddenyall(&tx_message, line); - } else { - do_normal_submit = process_cmd_cmddeny(&tx_message, line); - } + do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_CMDDENY, REQ_CMDDENYALL); } else if (!strcmp(command, "cyclelogs")) { process_cmd_cyclelogs(&tx_message, line); } else if (!strcmp(command, "delete")) { do_normal_submit = process_cmd_delete(&tx_message, line); } else if (!strcmp(command, "deny")) { - if (!strncmp(line, "all", 3)) { - do_normal_submit = process_cmd_denyall(&tx_message, CPS_SplitWord(line)); - } else { - do_normal_submit = process_cmd_deny(&tx_message, line); - } + do_normal_submit = process_cmd_allowdeny(&tx_message, line, REQ_DENY, REQ_DENYALL); } else if (!strcmp(command, "dfreq")) { do_normal_submit = process_cmd_dfreq(&tx_message, line); } else if (!strcmp(command, "dns")) { diff --git a/test/simulation/110-chronyc b/test/simulation/110-chronyc index d2f8cfd..e95dfa0 100755 --- a/test/simulation/110-chronyc +++ b/test/simulation/110-chronyc @@ -399,6 +399,10 @@ noclientlog" commands=( "add server nosuchnode.net1.clk" "^Invalid host/IP address$" "allow nosuchnode.net1.clk" "^Could not read address$" + "allow 192.168.123.0/2 4" "^Could not read address$" + "allow 192.168.123.0/2e" "^Could not read address$" + "allow 192.168.12e" "^Could not read address$" + "allow 192.168123" "^Could not read address$" "allow 192.168.123.2/33" "^507 Bad subnet$" "clients" "Hostname.*519 Client logging is not active in the daemon$" "delete 192.168.123.2" "^503 No such source$"