1 /* Copyright (C) 2005 Red Hat, Inc. */
2 
3 struct semanage_port;
4 struct semanage_port_key;
5 typedef struct semanage_port record_t;
6 typedef struct semanage_port_key record_key_t;
7 #define DBASE_RECORD_DEFINED
8 
9 struct dbase_file;
10 typedef struct dbase_file dbase_t;
11 #define DBASE_DEFINED
12 
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <strings.h>
16 #include <semanage/handle.h>
17 #include "port_internal.h"
18 #include "context_internal.h"
19 #include "database_file.h"
20 #include "parse_utils.h"
21 #include "debug.h"
22 
port_print(semanage_handle_t * handle,semanage_port_t * port,FILE * str)23 static int port_print(semanage_handle_t * handle,
24 		      semanage_port_t * port, FILE * str)
25 {
26 
27 	char *con_str = NULL;
28 
29 	int low = semanage_port_get_low(port);
30 	int high = semanage_port_get_high(port);
31 	int proto = semanage_port_get_proto(port);
32 	const char *proto_str = semanage_port_get_proto_str(proto);
33 	semanage_context_t *con = semanage_port_get_con(port);
34 
35 	if (fprintf(str, "portcon %s ", proto_str) < 0)
36 		goto err;
37 
38 	if (low == high) {
39 		if (fprintf(str, "%d ", low) < 0)
40 			goto err;
41 	} else {
42 		if (fprintf(str, "%d - %d ", low, high) < 0)
43 			goto err;
44 	}
45 
46 	if (semanage_context_to_string(handle, con, &con_str) < 0)
47 		goto err;
48 	if (fprintf(str, "%s\n", con_str) < 0)
49 		goto err;
50 
51 	free(con_str);
52 	return STATUS_SUCCESS;
53 
54       err:
55 	ERR(handle, "could not print port range %u - %u (%s) to stream",
56 	    low, high, proto_str);
57 	free(con_str);
58 	return STATUS_ERR;
59 }
60 
port_parse(semanage_handle_t * handle,parse_info_t * info,semanage_port_t * port)61 static int port_parse(semanage_handle_t * handle,
62 		      parse_info_t * info, semanage_port_t * port)
63 {
64 
65 	int low, high;
66 	char *str = NULL;
67 	semanage_context_t *con = NULL;
68 
69 	if (parse_skip_space(handle, info) < 0)
70 		goto err;
71 	if (!info->ptr)
72 		goto last;
73 
74 	/* Header */
75 	if (parse_assert_str(handle, info, "portcon") < 0)
76 		goto err;
77 	if (parse_assert_space(handle, info) < 0)
78 		goto err;
79 
80 	/* Protocol */
81 	if (parse_fetch_string(handle, info, &str, ' ') < 0)
82 		goto err;
83 	if (!strcasecmp(str, "tcp"))
84 		semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
85 	else if (!strcasecmp(str, "udp"))
86 		semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
87 	else if (!strcasecmp(str, "dccp"))
88 		semanage_port_set_proto(port, SEMANAGE_PROTO_DCCP);
89 	else if (!strcasecmp(str, "sctp"))
90 		semanage_port_set_proto(port, SEMANAGE_PROTO_SCTP);
91 	else {
92 		ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
93 		    info->filename, info->lineno, info->orig_line);
94 		goto err;
95 	}
96 	free(str);
97 	str = NULL;
98 
99 	/* Range/Port */
100 	if (parse_assert_space(handle, info) < 0)
101 		goto err;
102 	if (parse_fetch_int(handle, info, &low, '-') < 0)
103 		goto err;
104 
105 	/* If range (-) does not follow immediately, require a space
106 	 * In other words, the space here is optional, but only
107 	 * in the ranged case, not in the single port case,
108 	 * so do a custom test */
109 	if (*(info->ptr) && *(info->ptr) != '-') {
110 		if (parse_assert_space(handle, info) < 0)
111 			goto err;
112 	}
113 
114 	if (parse_optional_ch(info, '-') != STATUS_NODATA) {
115 
116 		if (parse_skip_space(handle, info) < 0)
117 			goto err;
118 		if (parse_fetch_int(handle, info, &high, ' ') < 0)
119 			goto err;
120 		if (parse_assert_space(handle, info) < 0)
121 			goto err;
122 		semanage_port_set_range(port, low, high);
123 	} else
124 		semanage_port_set_port(port, low);
125 
126 	/* Port context */
127 	if (parse_fetch_string(handle, info, &str, ' ') < 0)
128 		goto err;
129 	if (semanage_context_from_string(handle, str, &con) < 0) {
130 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
131 		    str, info->filename, info->lineno, info->orig_line);
132 		goto err;
133 	}
134 	if (con == NULL) {
135 		ERR(handle, "<<none>> context is not valid "
136 		    "for ports (%s: %u):\n%s", info->filename,
137 		    info->lineno, info->orig_line);
138 		goto err;
139 	}
140 	free(str);
141 	str = NULL;
142 
143 	if (semanage_port_set_con(handle, port, con) < 0)
144 		goto err;
145 
146 	if (parse_assert_space(handle, info) < 0)
147 		goto err;
148 
149 	semanage_context_free(con);
150 	return STATUS_SUCCESS;
151 
152       last:
153 	parse_dispose_line(info);
154 	return STATUS_NODATA;
155 
156       err:
157 	ERR(handle, "could not parse port record");
158 	free(str);
159 	semanage_context_free(con);
160 	parse_dispose_line(info);
161 	return STATUS_ERR;
162 }
163 
164 /* PORT RECORD: FILE extension: method table */
165 record_file_table_t SEMANAGE_PORT_FILE_RTABLE = {
166 	.parse = port_parse,
167 	.print = port_print,
168 };
169 
port_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)170 int port_file_dbase_init(semanage_handle_t * handle,
171 			 const char *path_ro,
172 			 const char *path_rw,
173 			 dbase_config_t * dconfig)
174 {
175 
176 	if (dbase_file_init(handle,
177 			    path_ro,
178 			    path_rw,
179 			    &SEMANAGE_PORT_RTABLE,
180 			    &SEMANAGE_PORT_FILE_RTABLE, &dconfig->dbase) < 0)
181 		return STATUS_ERR;
182 
183 	dconfig->dtable = &SEMANAGE_FILE_DTABLE;
184 	return STATUS_SUCCESS;
185 }
186 
port_file_dbase_release(dbase_config_t * dconfig)187 void port_file_dbase_release(dbase_config_t * dconfig)
188 {
189 
190 	dbase_file_release(dconfig->dbase);
191 }
192