Commit 6f08d121 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

Refactor and consolidate addr/exit policies into a new policies.c.

Fix some minor bugs and memory leaks along the way.


svn:r6246
parent 74d35c80
......@@ -8,7 +8,7 @@ tor_SOURCES = buffers.c circuitbuild.c circuitlist.c \
circuituse.c command.c config.c \
connection.c connection_edge.c connection_or.c control.c \
cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
onion.c relay.c rendcommon.c rendclient.c rendmid.c \
onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
rendservice.c rephist.c router.c routerlist.c routerparse.c \
tor_main.c
......@@ -18,7 +18,7 @@ test_SOURCES = buffers.c circuitbuild.c circuitlist.c \
circuituse.c command.c config.c \
connection.c connection_edge.c connection_or.c control.c \
cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
onion.c relay.c rendcommon.c rendclient.c rendmid.c \
onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
rendservice.c rephist.c router.c routerlist.c routerparse.c \
test.c
......
......@@ -1079,7 +1079,7 @@ router_handles_some_port(routerinfo_t *router, smartlist_t *needed_ports)
addr_policy_result_t r;
port = *(uint16_t *)smartlist_get(needed_ports, i);
tor_assert(port);
r = router_compare_addr_to_addr_policy(0, port, router->exit_policy);
r = compare_addr_to_addr_policy(0, port, router->exit_policy);
if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
return 1;
}
......
......@@ -311,7 +311,7 @@ circuit_stream_is_being_handled(connection_t *conn, uint16_t port, int min)
if (conn) {
ok = connection_ap_can_use_exit(conn, exitrouter);
} else {
addr_policy_result_t r = router_compare_addr_to_addr_policy(
addr_policy_result_t r = compare_addr_to_addr_policy(
0, port, exitrouter->exit_policy);
ok = r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED;
}
......
......@@ -367,9 +367,6 @@ static int check_nickname_list(const char *lst, const char *name, char **msg);
static void config_register_addressmaps(or_options_t *options);
static int parse_dir_server_line(const char *line, int validate_only);
static int config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b);
static int config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b);
static int config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b);
static int parse_redirect_line(smartlist_t *result,
config_line_t *line, char **msg);
static int parse_log_severity_range(const char *range, int *min_out,
......@@ -392,7 +389,6 @@ static int or_state_validate(or_state_t *old_options, or_state_t *options,
static uint64_t config_parse_memunit(const char *s, int *ok);
static int config_parse_interval(const char *s, int *ok);
static void print_cvs_version(void);
static void parse_reachable_addresses(void);
static void init_libevent(void);
static int opt_streq(const char *s1, const char *s2);
#if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
......@@ -441,12 +437,6 @@ static or_options_t *global_options = NULL;
static char *torrc_fname = NULL;
/** Persistent serialized state. */
static or_state_t *global_state = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can start
* circuits at. */
static addr_policy_t *reachable_or_addr_policy = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can connect
* to directories at. */
static addr_policy_t *reachable_dir_addr_policy = NULL;
/** Allocate an empty configuration object of a given format type. */
static void *
......@@ -507,14 +497,6 @@ config_free_all(void)
global_state = NULL;
}
tor_free(torrc_fname);
if (reachable_or_addr_policy) {
addr_policy_free(reachable_or_addr_policy);
reachable_or_addr_policy = NULL;
}
if (reachable_dir_addr_policy) {
addr_policy_free(reachable_dir_addr_policy);
reachable_dir_addr_policy = NULL;
}
}
/** If options->SafeLogging is on, return a not very useful string,
......@@ -763,10 +745,7 @@ options_act(or_options_t *old_options)
config_register_addressmaps(options);
/* Update address policies. */
parse_socks_policy();
parse_dir_policy();
parse_authdir_policy();
parse_reachable_addresses();
policies_parse_from_options(options);
init_cookie_authentication(options->CookieAuthentication);
......@@ -1976,98 +1955,6 @@ validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
return 0;
}
/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
* reachable_(or|dir)_addr_policy. */
static void
parse_reachable_addresses(void)
{
or_options_t *options = get_options();
if (options->ReachableDirAddresses &&
options->ReachableORAddresses &&
options->ReachableAddresses) {
log_warn(LD_CONFIG,
"Both ReachableDirAddresses and ReachableORAddresses are set. "
"ReachableAddresses setting will be ignored.");
}
addr_policy_free(reachable_or_addr_policy);
reachable_or_addr_policy = NULL;
if (!options->ReachableORAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableORAddresses.");
if (config_parse_addr_policy(options->ReachableORAddresses ?
options->ReachableORAddresses :
options->ReachableAddresses,
&reachable_or_addr_policy,
ADDR_POLICY_ACCEPT)) {
log_warn(LD_CONFIG,
"Error parsing Reachable%sAddresses entry; ignoring.",
options->ReachableORAddresses ? "OR" : "");
}
addr_policy_free(reachable_dir_addr_policy);
reachable_dir_addr_policy = NULL;
if (!options->ReachableDirAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableDirAddresses");
if (config_parse_addr_policy(options->ReachableDirAddresses ?
options->ReachableDirAddresses :
options->ReachableAddresses,
&reachable_dir_addr_policy,
ADDR_POLICY_ACCEPT)) {
if (options->ReachableDirAddresses)
log_warn(LD_CONFIG,
"Error parsing ReachableDirAddresses entry; ignoring.");
}
}
/** Return true iff the firewall options might block any address:port
* combination.
*/
int
firewall_is_fascist_or(void)
{
return !!reachable_or_addr_policy;
}
/** Return true iff <b>policy</b> (possibly NULL) will allow a
* connection to <b>addr</b>:<b>port</b>.
*/
static int
_fascist_firewall_allows_address(uint32_t addr, uint16_t port,
addr_policy_t *policy)
{
addr_policy_result_t p;
p = router_compare_addr_to_addr_policy(addr, port, policy);
switch (p) {
case ADDR_POLICY_PROBABLY_ACCEPTED:
case ADDR_POLICY_ACCEPTED:
return 1;
case ADDR_POLICY_PROBABLY_REJECTED:
case ADDR_POLICY_REJECTED:
return 0;
default:
log_warn(LD_BUG, "Unexpected result: %d", (int)p);
return 0;
}
}
int
fascist_firewall_allows_address_or(uint32_t addr, uint16_t port)
{
return _fascist_firewall_allows_address(addr, port,
reachable_or_addr_policy);
}
int
fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port)
{
return _fascist_firewall_allows_address(addr, port,
reachable_dir_addr_policy);
}
/** Lowest allowable value for DirFetchPeriod; if this is too low, clients can
* overload the directory system. */
#define MIN_DIR_FETCH_PERIOD (10*60)
......@@ -2104,7 +1991,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
{
int i, r;
config_line_t *cl;
addr_policy_t *addr_policy=NULL;
const char *uname;
char buf[1024];
#define REJECT(arg) \
......@@ -2539,33 +2425,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
return -1;
}
if (config_parse_exit_policy(options->ExitPolicy, &addr_policy,
options->ExitPolicyRejectPrivate))
REJECT("Error in ExitPolicy entry.");
/* The rest of these calls *append* to addr_policy. So don't actually
* use the results for anything other than checking if they parse! */
if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1))
REJECT("Error in DirPolicy entry.");
if (config_parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
REJECT("Error in SocksPolicy entry.");
if (config_parse_addr_policy(options->ReachableAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableAddresses entry.");
if (config_parse_addr_policy(options->ReachableORAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableORAddresses entry.");
if (config_parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableDirAddresses entry.");
if (config_parse_addr_policy(options->AuthDirReject, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirReject entry.");
if (config_parse_addr_policy(options->AuthDirInvalid, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirInvalid entry.");
addr_policy_free(addr_policy);
if (validate_addr_policies(options, msg) < 0)
return -1;
for (cl = options->RedirectExit; cl; cl = cl->next) {
if (parse_redirect_line(NULL, cl, msg)<0)
......@@ -3261,326 +3122,6 @@ normalize_log_options(or_options_t *options)
return 0;
}
/** Add the exit policy described by <b>more</b> to <b>policy</b>.
*/
static void
options_append_exit_policy_string(addr_policy_t **policy, const char *more)
{
config_line_t tmp;
tmp.key = NULL;
tmp.value = (char*) more;
tmp.next = NULL;
config_parse_addr_policy(&tmp, policy, -1);
}
static int
config_expand_exit_policy_aliases(smartlist_t *entries, int assume_action)
{
static const char *prefixes[] = {
"0.0.0.0/8", "169.254.0.0/16",
"127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
int i;
char *pre=NULL, *post=NULL;
int expanded_any = 0;
pre = smartlist_join_strings(entries,",",0,NULL);
for (i = 0; i < smartlist_len(entries); ++i) {
char *v = smartlist_get(entries, i);
const char *cp, *ports;
const char *action;
int prefix_idx;
if (!strcasecmpstart(v, "accept")) {
action = "accept ";
cp = v+strlen("accept");
} else if (!strcasecmpstart(v, "reject")) {
action = "reject ";
cp = v+strlen("reject");
} else if (assume_action >= 0) {
action = "";
cp = v;
} else {
log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v);
tor_free(pre);
return -1;
}
cp = eat_whitespace(cp);
if (strcmpstart(cp, "private"))
continue; /* No need to expand. */
cp += strlen("private");
cp = eat_whitespace(cp);
if (*cp && *cp != ':')
continue; /* It wasn't "private" after all. */
ports = cp;
/* Okay. We're going to replace entries[i] with a bunch of new entries,
* in order. */
smartlist_del_keeporder(entries, i);
for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) {
size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports);
char *replacement = tor_malloc(replacement_len);
tor_snprintf(replacement, replacement_len, "%s%s%s",
action, prefixes[prefix_idx], ports);
smartlist_insert(entries, i++, replacement);
}
tor_free(v);
expanded_any = 1;
--i;
}
post = smartlist_join_strings(entries,",",0,NULL);
if (expanded_any)
log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post);
tor_free(pre);
tor_free(post);
return expanded_any;
}
/** Detect and excise "dead code" from the policy *<b>dest</b>. */
static void
config_exit_policy_remove_redundancies(addr_policy_t **dest)
{
addr_policy_t *ap, *tmp, *victim, *previous;
/* Step one: find a *:* entry and cut off everything after it. */
for (ap=*dest; ap; ap=ap->next) {
if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
/* This is a catch-all line -- later lines are unreachable. */
if (ap->next) {
addr_policy_free(ap->next);
ap->next = NULL;
}
}
}
/* Step two: for every entry, see if there's a redundant entry
* later on, and remove it. */
for (ap=*dest; ap; ap=ap->next) {
tmp=ap;
while (tmp) {
if (tmp->next && config_addr_policy_covers(ap, tmp->next)) {
log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
"redundant by %s.", tmp->next->string, ap->string);
victim = tmp->next;
tmp->next = victim->next;
victim->next = NULL;
addr_policy_free(victim);
} else {
tmp=tmp->next;
}
}
}
/* Step three: for every entry A, see if there's an entry B making this one
* redundant later on. This is the case if A and B are of the same type
* (accept/reject), A is a subset of B, and there is no other entry of
* different type in between those two that intersects with A.
*
* Anybody want to doublecheck the logic here? XXX
*/
ap = *dest;
previous = NULL;
while (ap) {
for (tmp=ap->next; tmp; tmp=tmp->next) {
if (ap->policy_type != tmp->policy_type &&
config_addr_policy_intersects(ap, tmp)) {
tmp = NULL; /* so that we advance previous and ap */
break;
}
if (ap->policy_type == tmp->policy_type &&
config_addr_policy_covers(tmp, ap)) {
log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
"redundant by %s.", ap->string, tmp->string);
victim = ap;
ap = ap->next;
if (previous) {
assert(previous->next == victim);
previous->next = victim->next;
} else {
assert(*dest == victim);
*dest = victim->next;
}
victim->next = NULL;
addr_policy_free(victim);
break;
}
}
if (!tmp) {
previous = ap;
ap = ap->next;
}
}
}
#define DEFAULT_EXIT_POLICY \
"reject *:25,reject *:119,reject *:135-139,reject *:445," \
"reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \
"reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
* cfg doesn't end in an absolute accept or reject, add the default exit
* policy afterwards. If <b>rejectprivate</b> is true, prepend
* "reject private:*" to the policy. Return -1 if we can't parse cfg,
* else return 0.
*
*/
int
config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
int rejectprivate)
{
if (rejectprivate)
options_append_exit_policy_string(dest, "reject private:*");
if (config_parse_addr_policy(cfg, dest, -1))
return -1;
options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
config_exit_policy_remove_redundancies(dest);
return 0;
}
/**
* Given a linked list of config lines containing "allow" and "deny" tokens,
* parse them and append the result to <b>dest</b>. Return -1 if any tokens
* are malformed, else return 0.
*/
int
config_parse_addr_policy(config_line_t *cfg,
addr_policy_t **dest,
int assume_action)
{
addr_policy_t **nextp;
smartlist_t *entries;
int r = 0;
if (!cfg)
return 0;
nextp = dest;
while (*nextp)
nextp = &((*nextp)->next);
entries = smartlist_create();
for (; cfg; cfg = cfg->next) {
smartlist_split_string(entries, cfg->value, ",",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
if (config_expand_exit_policy_aliases(entries,assume_action)<0) {
r = -1;
continue;
}
SMARTLIST_FOREACH(entries, const char *, ent,
{
log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
*nextp = router_parse_addr_policy_from_string(ent, assume_action);
if (*nextp) {
if (addr_mask_get_bits((*nextp)->msk)<0) {
log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed "
"as a bit prefix.", ent);
}
/* Advance nextp to the end of the policy. */
while (*nextp)
nextp = &((*nextp)->next);
} else {
log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
r = -1;
}
});
SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
smartlist_clear(entries);
}
smartlist_free(entries);
return r;
}
/** Compare two provided address policy items, and return -1, 0, or 1
* if the first is less than, equal to, or greater than the second. */
static int
config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
{
int r;
if ((r=((int)a->policy_type - (int)b->policy_type)))
return r;
if ((r=((int)a->addr - (int)b->addr)))
return r;
if ((r=((int)a->msk - (int)b->msk)))
return r;
if ((r=((int)a->prt_min - (int)b->prt_min)))
return r;
if ((r=((int)a->prt_max - (int)b->prt_max)))
return r;
return 0;
}
/** Return true iff the address policy <b>a</b> covers every case that would be
* covered by <b>b</b>, so that a,b is redundant. */
static int
config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
{
/* We can ignore accept/reject, since "accept *:80, reject *:80" reduces to
* "accept *:80". */
if (a->msk & ~b->msk) {
/* There's a wildcard bit in b->msk that's not a wildcard in a. */
return 0;
}
if ((a->addr & a->msk) != (b->addr & a->msk)) {
/* There's a fixed bit in a that's set differently in b. */
return 0;
}
return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
}
/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, that
* is, there exists an address/port that is covered by <b>a</b> that is also
* covered by <b>b</b>.
*/
static int
config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
{
/* All the bits we care about are those that are set in both
* netmasks. If they are equal in a and b's networkaddresses
* then the networks intersect. If there is a difference,
* then they do not. */
if (((a->addr ^ b->addr) & a->msk & b->msk) != 0)
return 0;
if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
return 0;
return 1;
}
/** Like config_cmp_single_addr_policy() above, but looks at the
* whole set of policies in each case. */
int
config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b)
{
int r;
while (a && b) {
if ((r=config_cmp_single_addr_policy(a,b)))
return r;
a = a->next;
b = b->next;
}
if (!a && !b)
return 0;
if (a)
return -1;
else
return 1;
}
/** Release all storage held by <b>p</b> */
void
addr_policy_free(addr_policy_t *p)
{
addr_policy_t *e;
while (p) {
e = p;
p = p->next;
tor_free(e->string);
tor_free(e);
}
}
/** Parse a single RedirectExit line's contents from <b>line</b>. If
* they are valid, and <b>result</b> is not NULL, add an element to
* <b>result</b> and return 0. Else if they are valid, return 0.
......@@ -4333,6 +3874,7 @@ print_cvs_version(void)
extern const char hibernate_c_id[];
extern const char main_c_id[];
extern const char onion_c_id[];
extern const char policies_c_id[];
extern const char relay_c_id[];
extern const char rendclient_c_id[];
extern const char rendcommon_c_id[];
......@@ -4381,6 +3923,7 @@ print_cvs_version(void)
puts(hibernate_c_id);
puts(main_c_id);
puts(onion_c_id);
puts(policies_c_id);
puts(relay_c_id);
puts(rendclient_c_id);
puts(rendcommon_c_id);
......
......@@ -13,7 +13,6 @@ const char connection_edge_c_id[] =
#include "or.h"
static addr_policy_t *socks_policy = NULL;
/* List of exit_redirect_t */
static smartlist_t *redirect_exit_list = NULL;
......@@ -1809,64 +1808,14 @@ connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit)
addr_policy_result_t r;
if (tor_inet_aton(conn->socks_request->address, &in))
addr = ntohl(in.s_addr);
r = router_compare_addr_to_addr_policy(addr, conn->socks_request->port,
exit->exit_policy);
r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
exit->exit_policy);
if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
return 0;
}
return 1;
}
/** A helper function for socks_policy_permits_address() below.
*
* Parse options->SocksPolicy in the same way that the exit policy
* is parsed, and put the processed version in socks_policy.
* Ignore port specifiers.
*/
void
parse_socks_policy(void)
{
addr_policy_t *n;
if (socks_policy) {
addr_policy_free(socks_policy);
socks_policy = NULL;
}
config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy, -1);
/* ports aren't used. */
for (n=socks_policy; n; n = n->next) {
n->prt_min = 1;
n->prt_max = 65535;
}
}
/** Free all storage held by our SOCKS allow policy
*/