7b011d21db
The reports and fixes are straightforward but it's nice to be able to confirm against NetBSD. CID: 271080, 272306, 272307 Obtained from: NetBSD (CVS ref. 1.21 - 1.23) MFC after: 2 weeks.
1045 lines
27 KiB
C
1045 lines
27 KiB
C
/*
|
|
* Copyright (c) 1983, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#include "defs.h"
|
|
#include "pathnames.h"
|
|
#include <sys/stat.h>
|
|
|
|
#ifdef __NetBSD__
|
|
__RCSID("$NetBSD$");
|
|
#elif defined(__FreeBSD__)
|
|
__RCSID("$FreeBSD$");
|
|
#else
|
|
__RCSID("$Revision: 2.26 $");
|
|
#ident "$Revision: 2.26 $"
|
|
#endif
|
|
|
|
|
|
static struct parm *parms;
|
|
struct intnet *intnets;
|
|
struct r1net *r1nets;
|
|
struct tgate *tgates;
|
|
|
|
|
|
/* use configured parameters
|
|
*/
|
|
void
|
|
get_parms(struct interface *ifp)
|
|
{
|
|
static int warned_auth_in, warned_auth_out;
|
|
struct parm *parmp;
|
|
int i, num_passwds = 0;
|
|
|
|
/* get all relevant parameters
|
|
*/
|
|
for (parmp = parms; parmp != NULL; parmp = parmp->parm_next) {
|
|
if (parmp->parm_name[0] == '\0'
|
|
|| !strcmp(ifp->int_name, parmp->parm_name)
|
|
|| (parmp->parm_name[0] == '\n'
|
|
&& on_net(ifp->int_addr,
|
|
parmp->parm_net, parmp->parm_mask))) {
|
|
|
|
/* This group of parameters is relevant,
|
|
* so get its settings
|
|
*/
|
|
ifp->int_state |= parmp->parm_int_state;
|
|
for (i = 0; i < MAX_AUTH_KEYS; i++) {
|
|
if (parmp->parm_auth[0].type == RIP_AUTH_NONE
|
|
|| num_passwds >= MAX_AUTH_KEYS)
|
|
break;
|
|
memcpy(&ifp->int_auth[num_passwds++],
|
|
&parmp->parm_auth[i],
|
|
sizeof(ifp->int_auth[0]));
|
|
}
|
|
if (parmp->parm_rdisc_pref != 0)
|
|
ifp->int_rdisc_pref = parmp->parm_rdisc_pref;
|
|
if (parmp->parm_rdisc_int != 0)
|
|
ifp->int_rdisc_int = parmp->parm_rdisc_int;
|
|
if (parmp->parm_adj_inmetric != 0)
|
|
ifp->int_adj_inmetric = parmp->parm_adj_inmetric;
|
|
if (parmp->parm_adj_outmetric != 0)
|
|
ifp->int_adj_outmetric = parmp->parm_adj_outmetric;
|
|
}
|
|
}
|
|
|
|
/* Set general defaults.
|
|
*
|
|
* Default poor-man's router discovery to a metric that will
|
|
* be heard by old versions of `routed`. They ignored received
|
|
* routes with metric 15.
|
|
*/
|
|
if ((ifp->int_state & IS_PM_RDISC)
|
|
&& ifp->int_d_metric == 0)
|
|
ifp->int_d_metric = FAKE_METRIC;
|
|
|
|
if (ifp->int_rdisc_int == 0)
|
|
ifp->int_rdisc_int = DefMaxAdvertiseInterval;
|
|
|
|
if (!(ifp->int_if_flags & IFF_MULTICAST)
|
|
&& !(ifp->int_state & IS_REMOTE))
|
|
ifp->int_state |= IS_BCAST_RDISC;
|
|
|
|
if (ifp->int_if_flags & IFF_POINTOPOINT) {
|
|
ifp->int_state |= IS_BCAST_RDISC;
|
|
/* By default, point-to-point links should be passive
|
|
* about router-discovery for the sake of demand-dialing.
|
|
*/
|
|
if (0 == (ifp->int_state & GROUP_IS_SOL_OUT))
|
|
ifp->int_state |= IS_NO_SOL_OUT;
|
|
if (0 == (ifp->int_state & GROUP_IS_ADV_OUT))
|
|
ifp->int_state |= IS_NO_ADV_OUT;
|
|
}
|
|
|
|
if (0 != (ifp->int_state & (IS_PASSIVE | IS_REMOTE)))
|
|
ifp->int_state |= IS_NO_RDISC;
|
|
if (ifp->int_state & IS_PASSIVE)
|
|
ifp->int_state |= IS_NO_RIP;
|
|
|
|
if (!IS_RIP_IN_OFF(ifp->int_state)
|
|
&& ifp->int_auth[0].type != RIP_AUTH_NONE
|
|
&& !(ifp->int_state & IS_NO_RIPV1_IN)
|
|
&& !warned_auth_in) {
|
|
msglog("Warning: RIPv1 input via %s"
|
|
" will be accepted without authentication",
|
|
ifp->int_name);
|
|
warned_auth_in = 1;
|
|
}
|
|
if (!IS_RIP_OUT_OFF(ifp->int_state)
|
|
&& ifp->int_auth[0].type != RIP_AUTH_NONE
|
|
&& !(ifp->int_state & IS_NO_RIPV1_OUT)) {
|
|
if (!warned_auth_out) {
|
|
msglog("Warning: RIPv1 output via %s"
|
|
" will be sent without authentication",
|
|
ifp->int_name);
|
|
warned_auth_out = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/* Read a list of gateways from /etc/gateways and add them to our tables.
|
|
*
|
|
* This file contains a list of "remote" gateways. That is usually
|
|
* a gateway which we cannot immediately determine if it is present or
|
|
* not as we can do for those provided by directly connected hardware.
|
|
*
|
|
* If a gateway is marked "passive" in the file, then we assume it
|
|
* does not understand RIP and assume it is always present. Those
|
|
* not marked passive are treated as if they were directly connected
|
|
* and assumed to be broken if they do not send us advertisements.
|
|
* All remote interfaces are added to our list, and those not marked
|
|
* passive are sent routing updates.
|
|
*
|
|
* A passive interface can also be local, hardware interface exempt
|
|
* from RIP.
|
|
*/
|
|
void
|
|
gwkludge(void)
|
|
{
|
|
FILE *fp;
|
|
char *p, *lptr;
|
|
const char *cp;
|
|
char lbuf[200], net_host[5], dname[64+1+64+1];
|
|
char gname[GNAME_LEN+1], qual[9];
|
|
struct interface *ifp;
|
|
naddr dst, netmask, gate;
|
|
int metric, n, lnum;
|
|
struct stat sb;
|
|
u_int state;
|
|
const char *type;
|
|
|
|
|
|
fp = fopen(_PATH_GATEWAYS, "r");
|
|
if (fp == NULL)
|
|
return;
|
|
|
|
if (0 > fstat(fileno(fp), &sb)) {
|
|
msglog("could not stat() "_PATH_GATEWAYS);
|
|
(void)fclose(fp);
|
|
return;
|
|
}
|
|
|
|
for (lnum = 1; ; lnum++) {
|
|
if (fgets(lbuf, sizeof(lbuf), fp) == NULL)
|
|
break;
|
|
lptr = lbuf;
|
|
while (*lptr == ' ')
|
|
lptr++;
|
|
p = lptr+strlen(lptr)-1;
|
|
while (*p == '\n'
|
|
|| (*p == ' ' && (p == lptr+1 || *(p-1) != '\\')))
|
|
*p-- = '\0';
|
|
if (*lptr == '\0' /* ignore null and comment lines */
|
|
|| *lptr == '#')
|
|
continue;
|
|
|
|
/* notice newfangled parameter lines
|
|
*/
|
|
if (strncasecmp("net", lptr, 3)
|
|
&& strncasecmp("host", lptr, 4)) {
|
|
cp = parse_parms(lptr,
|
|
(sb.st_uid == 0
|
|
&& !(sb.st_mode&(S_IRWXG|S_IRWXO))));
|
|
if (cp != NULL)
|
|
msglog("%s in line %d of "_PATH_GATEWAYS,
|
|
cp, lnum);
|
|
continue;
|
|
}
|
|
|
|
/* {net | host} XX[/M] XX gateway XX metric DD [passive | external]\n */
|
|
qual[0] = '\0';
|
|
/* the '64' here must be GNAME_LEN */
|
|
n = sscanf(lptr, "%4s %129[^ \t] gateway"
|
|
" %64[^ / \t] metric %u %8s\n",
|
|
net_host, dname, gname, &metric, qual);
|
|
if (n != 4 && n != 5) {
|
|
msglog("bad "_PATH_GATEWAYS" entry \"%s\"; %d values",
|
|
lptr, n);
|
|
continue;
|
|
}
|
|
if (metric >= HOPCNT_INFINITY) {
|
|
msglog("bad metric in "_PATH_GATEWAYS" entry \"%s\"",
|
|
lptr);
|
|
continue;
|
|
}
|
|
if (!strcasecmp(net_host, "host")) {
|
|
if (!gethost(dname, &dst)) {
|
|
msglog("bad host \"%s\" in "_PATH_GATEWAYS
|
|
" entry \"%s\"", dname, lptr);
|
|
continue;
|
|
}
|
|
netmask = HOST_MASK;
|
|
} else if (!strcasecmp(net_host, "net")) {
|
|
if (!getnet(dname, &dst, &netmask)) {
|
|
msglog("bad net \"%s\" in "_PATH_GATEWAYS
|
|
" entry \"%s\"", dname, lptr);
|
|
continue;
|
|
}
|
|
if (dst == RIP_DEFAULT) {
|
|
msglog("bad net \"%s\" in "_PATH_GATEWAYS
|
|
" entry \"%s\"--cannot be default",
|
|
dname, lptr);
|
|
continue;
|
|
}
|
|
/* Turn network # into IP address. */
|
|
dst = htonl(dst);
|
|
} else {
|
|
msglog("bad \"%s\" in "_PATH_GATEWAYS
|
|
" entry \"%s\"", net_host, lptr);
|
|
continue;
|
|
}
|
|
|
|
if (!gethost(gname, &gate)) {
|
|
msglog("bad gateway \"%s\" in "_PATH_GATEWAYS
|
|
" entry \"%s\"", gname, lptr);
|
|
continue;
|
|
}
|
|
|
|
if (!strcasecmp(qual, type = "passive")) {
|
|
/* Passive entries are not placed in our tables,
|
|
* only the kernel's, so we don't copy all of the
|
|
* external routing information within a net.
|
|
* Internal machines should use the default
|
|
* route to a suitable gateway (like us).
|
|
*/
|
|
state = IS_REMOTE | IS_PASSIVE;
|
|
if (metric == 0)
|
|
metric = 1;
|
|
|
|
} else if (!strcasecmp(qual, type = "external")) {
|
|
/* External entries are handled by other means
|
|
* such as EGP, and are placed only in the daemon
|
|
* tables to prevent overriding them with something
|
|
* else.
|
|
*/
|
|
strcpy(qual,"external");
|
|
state = IS_REMOTE | IS_PASSIVE | IS_EXTERNAL;
|
|
if (metric == 0)
|
|
metric = 1;
|
|
|
|
} else if (!strcasecmp(qual, "active")
|
|
|| qual[0] == '\0') {
|
|
if (metric != 0) {
|
|
/* Entries that are neither "passive" nor
|
|
* "external" are "remote" and must behave
|
|
* like physical interfaces. If they are not
|
|
* heard from regularly, they are deleted.
|
|
*/
|
|
state = IS_REMOTE;
|
|
type = "remote";
|
|
} else {
|
|
/* "remote" entries with a metric of 0
|
|
* are aliases for our own interfaces
|
|
*/
|
|
state = IS_REMOTE | IS_PASSIVE | IS_ALIAS;
|
|
type = "alias";
|
|
}
|
|
|
|
} else {
|
|
msglog("bad "_PATH_GATEWAYS" entry \"%s\";"
|
|
" unknown type %s", lptr, qual);
|
|
continue;
|
|
}
|
|
|
|
if (0 != (state & (IS_PASSIVE | IS_REMOTE)))
|
|
state |= IS_NO_RDISC;
|
|
if (state & IS_PASSIVE)
|
|
state |= IS_NO_RIP;
|
|
|
|
ifp = check_dup(gate,dst,netmask,state);
|
|
if (ifp != NULL) {
|
|
msglog("duplicate "_PATH_GATEWAYS" entry \"%s\"",lptr);
|
|
continue;
|
|
}
|
|
|
|
ifp = (struct interface *)rtmalloc(sizeof(*ifp), "gwkludge()");
|
|
memset(ifp, 0, sizeof(*ifp));
|
|
|
|
ifp->int_state = state;
|
|
if (netmask == HOST_MASK)
|
|
ifp->int_if_flags = IFF_POINTOPOINT | IFF_UP;
|
|
else
|
|
ifp->int_if_flags = IFF_UP;
|
|
ifp->int_act_time = NEVER;
|
|
ifp->int_addr = gate;
|
|
ifp->int_dstaddr = dst;
|
|
ifp->int_mask = netmask;
|
|
ifp->int_ripv1_mask = netmask;
|
|
ifp->int_std_mask = std_mask(gate);
|
|
ifp->int_net = ntohl(dst);
|
|
ifp->int_std_net = ifp->int_net & ifp->int_std_mask;
|
|
ifp->int_std_addr = htonl(ifp->int_std_net);
|
|
ifp->int_metric = metric;
|
|
if (!(state & IS_EXTERNAL)
|
|
&& ifp->int_mask != ifp->int_std_mask)
|
|
ifp->int_state |= IS_SUBNET;
|
|
(void)sprintf(ifp->int_name, "%s(%s)", type, gname);
|
|
ifp->int_index = -1;
|
|
|
|
if_link(ifp);
|
|
}
|
|
|
|
/* After all of the parameter lines have been read,
|
|
* apply them to any remote interfaces.
|
|
*/
|
|
LIST_FOREACH(ifp, &ifnet, int_list) {
|
|
get_parms(ifp);
|
|
|
|
tot_interfaces++;
|
|
if (!IS_RIP_OFF(ifp->int_state))
|
|
rip_interfaces++;
|
|
|
|
trace_if("Add", ifp);
|
|
}
|
|
|
|
(void)fclose(fp);
|
|
}
|
|
|
|
|
|
/* like strtok(), but honoring backslash and not changing the source string
|
|
*/
|
|
static int /* 0=ok, -1=bad */
|
|
parse_quote(char **linep, /* look here */
|
|
const char *delims, /* for these delimiters */
|
|
char *delimp, /* 0 or put found delimiter here */
|
|
char *buf, /* copy token to here */
|
|
int lim) /* at most this many bytes */
|
|
{
|
|
char c = '\0', *pc;
|
|
const char *p;
|
|
|
|
|
|
pc = *linep;
|
|
if (*pc == '\0')
|
|
return -1;
|
|
|
|
while (lim != 0) {
|
|
c = *pc++;
|
|
if (c == '\0')
|
|
break;
|
|
|
|
if (c == '\\' && *pc != '\0') {
|
|
if ((c = *pc++) == 'n') {
|
|
c = '\n';
|
|
} else if (c == 'r') {
|
|
c = '\r';
|
|
} else if (c == 't') {
|
|
c = '\t';
|
|
} else if (c == 'b') {
|
|
c = '\b';
|
|
} else if (c >= '0' && c <= '7') {
|
|
c -= '0';
|
|
if (*pc >= '0' && *pc <= '7') {
|
|
c = (c<<3)+(*pc++ - '0');
|
|
if (*pc >= '0' && *pc <= '7')
|
|
c = (c<<3)+(*pc++ - '0');
|
|
}
|
|
}
|
|
|
|
} else {
|
|
for (p = delims; *p != '\0'; ++p) {
|
|
if (*p == c)
|
|
goto exit;
|
|
}
|
|
}
|
|
|
|
*buf++ = c;
|
|
--lim;
|
|
}
|
|
exit:
|
|
if (lim == 0)
|
|
return -1;
|
|
|
|
*buf = '\0'; /* terminate copy of token */
|
|
if (delimp != NULL)
|
|
*delimp = c; /* return delimiter */
|
|
*linep = pc-1; /* say where we ended */
|
|
return 0;
|
|
}
|
|
|
|
|
|
/* Parse password timestamp
|
|
*/
|
|
static char *
|
|
parse_ts(time_t *tp,
|
|
char **valp,
|
|
char *val0,
|
|
char *delimp,
|
|
char *buf,
|
|
u_int bufsize)
|
|
{
|
|
struct tm tm;
|
|
char *ptr;
|
|
|
|
if (0 > parse_quote(valp, "| ,\n\r", delimp,
|
|
buf,bufsize)
|
|
|| buf[bufsize-1] != '\0'
|
|
|| buf[bufsize-2] != '\0') {
|
|
sprintf(buf,"bad timestamp %.25s", val0);
|
|
return buf;
|
|
}
|
|
strcat(buf,"\n");
|
|
memset(&tm, 0, sizeof(tm));
|
|
ptr = strptime(buf, "%y/%m/%d@%H:%M\n", &tm);
|
|
if (ptr == NULL || *ptr != '\0') {
|
|
sprintf(buf,"bad timestamp %.25s", val0);
|
|
return buf;
|
|
}
|
|
|
|
if ((*tp = mktime(&tm)) == -1) {
|
|
sprintf(buf,"bad timestamp %.25s", val0);
|
|
return buf;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/* Get a password, key ID, and expiration date in the format
|
|
* passwd|keyID|year/mon/day@hour:min|year/mon/day@hour:min
|
|
*/
|
|
static const char * /* 0 or error message */
|
|
get_passwd(char *tgt,
|
|
char *val,
|
|
struct parm *parmp,
|
|
u_int16_t type,
|
|
int safe) /* 1=from secure file */
|
|
{
|
|
static char buf[80];
|
|
char *val0, *p, delim;
|
|
struct auth k, *ap, *ap2;
|
|
int i;
|
|
u_long l;
|
|
|
|
assert(val != NULL);
|
|
if (!safe)
|
|
return "ignore unsafe password";
|
|
|
|
for (ap = parmp->parm_auth, i = 0;
|
|
ap->type != RIP_AUTH_NONE; i++, ap++) {
|
|
if (i >= MAX_AUTH_KEYS)
|
|
return "too many passwords";
|
|
}
|
|
|
|
memset(&k, 0, sizeof(k));
|
|
k.type = type;
|
|
k.end = -1-DAY;
|
|
|
|
val0 = val;
|
|
if (0 > parse_quote(&val, "| ,\n\r", &delim,
|
|
(char *)k.key, sizeof(k.key)))
|
|
return tgt;
|
|
|
|
if (delim != '|') {
|
|
if (type == RIP_AUTH_MD5)
|
|
return "missing Keyid";
|
|
} else {
|
|
val0 = ++val;
|
|
buf[sizeof(buf)-1] = '\0';
|
|
if (0 > parse_quote(&val, "| ,\n\r", &delim, buf,sizeof(buf))
|
|
|| buf[sizeof(buf)-1] != '\0'
|
|
|| (l = strtoul(buf,&p,0)) > 255
|
|
|| *p != '\0') {
|
|
sprintf(buf,"bad KeyID \"%.20s\"", val0);
|
|
return buf;
|
|
}
|
|
for (ap2 = parmp->parm_auth; ap2 < ap; ap2++) {
|
|
if (ap2->keyid == l) {
|
|
sprintf(buf,"duplicate KeyID \"%.20s\"", val0);
|
|
return buf;
|
|
}
|
|
}
|
|
k.keyid = (int)l;
|
|
|
|
if (delim == '|') {
|
|
val0 = ++val;
|
|
if (NULL != (p = parse_ts(&k.start,&val,val0,&delim,
|
|
buf,sizeof(buf))))
|
|
return p;
|
|
if (delim != '|')
|
|
return "missing second timestamp";
|
|
val0 = ++val;
|
|
if (NULL != (p = parse_ts(&k.end,&val,val0,&delim,
|
|
buf,sizeof(buf))))
|
|
return p;
|
|
if ((u_long)k.start > (u_long)k.end) {
|
|
sprintf(buf,"out of order timestamp %.30s",
|
|
val0);
|
|
return buf;
|
|
}
|
|
}
|
|
}
|
|
if (delim != '\0')
|
|
return tgt;
|
|
|
|
memmove(ap, &k, sizeof(*ap));
|
|
return 0;
|
|
}
|
|
|
|
|
|
static const char *
|
|
bad_str(const char *estr)
|
|
{
|
|
static char buf[100+8];
|
|
|
|
sprintf(buf, "bad \"%.100s\"", estr);
|
|
return buf;
|
|
}
|
|
|
|
|
|
/* Parse a set of parameters for an interface.
|
|
*/
|
|
const char * /* 0 or error message */
|
|
parse_parms(char *line,
|
|
int safe) /* 1=from secure file */
|
|
{
|
|
#define PARS(str) (!strcasecmp(tgt, str))
|
|
#define PARSEQ(str) (!strncasecmp(tgt, str"=", sizeof(str)))
|
|
#define CKF(g,b) {if (0 != (parm.parm_int_state & ((g) & ~(b)))) break; \
|
|
parm.parm_int_state |= (b);}
|
|
struct parm parm;
|
|
struct intnet *intnetp;
|
|
struct r1net *r1netp;
|
|
struct tgate *tg;
|
|
naddr addr, mask;
|
|
char delim, *val0 = NULL, *tgt, *val, *p;
|
|
const char *msg;
|
|
char buf[BUFSIZ], buf2[BUFSIZ];
|
|
int i;
|
|
|
|
|
|
/* "subnet=x.y.z.u/mask[,metric]" must be alone on the line */
|
|
if (!strncasecmp(line, "subnet=", sizeof("subnet=")-1)
|
|
&& *(val = &line[sizeof("subnet=")-1]) != '\0') {
|
|
if (0 > parse_quote(&val, ",", &delim, buf, sizeof(buf)))
|
|
return bad_str(line);
|
|
intnetp = (struct intnet*)rtmalloc(sizeof(*intnetp),
|
|
"parse_parms subnet");
|
|
intnetp->intnet_metric = 1;
|
|
if (delim == ',') {
|
|
intnetp->intnet_metric = (int)strtol(val+1,&p,0);
|
|
if (*p != '\0'
|
|
|| intnetp->intnet_metric <= 0
|
|
|| intnetp->intnet_metric >= HOPCNT_INFINITY) {
|
|
free(intnetp);
|
|
return bad_str(line);
|
|
}
|
|
}
|
|
if (!getnet(buf, &intnetp->intnet_addr, &intnetp->intnet_mask)
|
|
|| intnetp->intnet_mask == HOST_MASK
|
|
|| intnetp->intnet_addr == RIP_DEFAULT) {
|
|
free(intnetp);
|
|
return bad_str(line);
|
|
}
|
|
intnetp->intnet_addr = htonl(intnetp->intnet_addr);
|
|
intnetp->intnet_next = intnets;
|
|
intnets = intnetp;
|
|
return 0;
|
|
}
|
|
|
|
/* "ripv1_mask=x.y.z.u/mask1,mask2" must be alone on the line.
|
|
* This requires that x.y.z.u/mask1 be considered a subnet of
|
|
* x.y.z.u/mask2, as if x.y.z.u/mask2 were a class-full network.
|
|
*/
|
|
if (!strncasecmp(line, "ripv1_mask=", sizeof("ripv1_mask=")-1)
|
|
&& *(val = &line[sizeof("ripv1_mask=")-1]) != '\0') {
|
|
if (0 > parse_quote(&val, ",", &delim, buf, sizeof(buf))
|
|
|| delim == '\0')
|
|
return bad_str(line);
|
|
if ((i = (int)strtol(val+1, &p, 0)) <= 0
|
|
|| i > 32 || *p != '\0')
|
|
return bad_str(line);
|
|
r1netp = (struct r1net *)rtmalloc(sizeof(*r1netp),
|
|
"parse_parms ripv1_mask");
|
|
r1netp->r1net_mask = HOST_MASK << (32-i);
|
|
if (!getnet(buf, &r1netp->r1net_net, &r1netp->r1net_match)
|
|
|| r1netp->r1net_net == RIP_DEFAULT
|
|
|| r1netp->r1net_mask > r1netp->r1net_match) {
|
|
free(r1netp);
|
|
return bad_str(line);
|
|
}
|
|
r1netp->r1net_next = r1nets;
|
|
r1nets = r1netp;
|
|
return 0;
|
|
}
|
|
|
|
memset(&parm, 0, sizeof(parm));
|
|
|
|
for (;;) {
|
|
tgt = line + strspn(line, " ,\n\r");
|
|
if (*tgt == '\0' || *tgt == '#')
|
|
break;
|
|
line = tgt+strcspn(tgt, "= #,\n\r");
|
|
delim = *line;
|
|
if (delim == '=') {
|
|
val0 = ++line;
|
|
if (0 > parse_quote(&line, " #,\n\r",&delim,
|
|
buf,sizeof(buf)))
|
|
return bad_str(tgt);
|
|
} else {
|
|
val0 = NULL;
|
|
}
|
|
if (delim != '\0') {
|
|
for (;;) {
|
|
*line = '\0';
|
|
if (delim == '#')
|
|
break;
|
|
++line;
|
|
if (delim != ' '
|
|
|| (delim = *line) != ' ')
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (PARSEQ("if")) {
|
|
if (parm.parm_name[0] != '\0'
|
|
|| strlen(buf) > IF_NAME_LEN)
|
|
return bad_str(tgt);
|
|
strcpy(parm.parm_name, buf);
|
|
|
|
} else if (PARSEQ("addr")) {
|
|
/* This is a bad idea, because the address based
|
|
* sets of parameters cannot be checked for
|
|
* consistency with the interface name parameters.
|
|
* The parm_net stuff is needed to allow several
|
|
* -F settings.
|
|
*/
|
|
if (val0 == NULL || !getnet(val0, &addr, &mask)
|
|
|| parm.parm_name[0] != '\0')
|
|
return bad_str(tgt);
|
|
parm.parm_net = addr;
|
|
parm.parm_mask = mask;
|
|
parm.parm_name[0] = '\n';
|
|
|
|
} else if (PARSEQ("passwd")) {
|
|
/* since cleartext passwords are so weak allow
|
|
* them anywhere
|
|
*/
|
|
if (val0 == NULL)
|
|
return bad_str("no passwd");
|
|
msg = get_passwd(tgt,val0,&parm,RIP_AUTH_PW,1);
|
|
if (msg) {
|
|
*val0 = '\0';
|
|
return bad_str(msg);
|
|
}
|
|
|
|
} else if (PARSEQ("md5_passwd")) {
|
|
msg = get_passwd(tgt,val0,&parm,RIP_AUTH_MD5,safe);
|
|
if (msg) {
|
|
*val0 = '\0';
|
|
return bad_str(msg);
|
|
}
|
|
|
|
} else if (PARS("no_ag")) {
|
|
parm.parm_int_state |= (IS_NO_AG | IS_NO_SUPER_AG);
|
|
|
|
} else if (PARS("no_super_ag")) {
|
|
parm.parm_int_state |= IS_NO_SUPER_AG;
|
|
|
|
} else if (PARS("no_rip_out")) {
|
|
parm.parm_int_state |= IS_NO_RIP_OUT;
|
|
|
|
} else if (PARS("no_ripv1_in")) {
|
|
parm.parm_int_state |= IS_NO_RIPV1_IN;
|
|
|
|
} else if (PARS("no_ripv2_in")) {
|
|
parm.parm_int_state |= IS_NO_RIPV2_IN;
|
|
|
|
} else if (PARS("ripv2_out")) {
|
|
if (parm.parm_int_state & IS_NO_RIPV2_OUT)
|
|
return bad_str(tgt);
|
|
parm.parm_int_state |= IS_NO_RIPV1_OUT;
|
|
|
|
} else if (PARS("ripv2")) {
|
|
if ((parm.parm_int_state & IS_NO_RIPV2_OUT)
|
|
|| (parm.parm_int_state & IS_NO_RIPV2_IN))
|
|
return bad_str(tgt);
|
|
parm.parm_int_state |= (IS_NO_RIPV1_IN
|
|
| IS_NO_RIPV1_OUT);
|
|
|
|
} else if (PARS("no_rip")) {
|
|
CKF(IS_PM_RDISC, IS_NO_RIP);
|
|
|
|
} else if (PARS("no_rip_mcast")) {
|
|
parm.parm_int_state |= IS_NO_RIP_MCAST;
|
|
|
|
} else if (PARS("no_rdisc")) {
|
|
CKF((GROUP_IS_SOL_OUT|GROUP_IS_ADV_OUT), IS_NO_RDISC);
|
|
|
|
} else if (PARS("no_solicit")) {
|
|
CKF(GROUP_IS_SOL_OUT, IS_NO_SOL_OUT);
|
|
|
|
} else if (PARS("send_solicit")) {
|
|
CKF(GROUP_IS_SOL_OUT, IS_SOL_OUT);
|
|
|
|
} else if (PARS("no_rdisc_adv")) {
|
|
CKF(GROUP_IS_ADV_OUT, IS_NO_ADV_OUT);
|
|
|
|
} else if (PARS("rdisc_adv")) {
|
|
CKF(GROUP_IS_ADV_OUT, IS_ADV_OUT);
|
|
|
|
} else if (PARS("bcast_rdisc")) {
|
|
parm.parm_int_state |= IS_BCAST_RDISC;
|
|
|
|
} else if (PARS("passive")) {
|
|
CKF((GROUP_IS_SOL_OUT|GROUP_IS_ADV_OUT), IS_NO_RDISC);
|
|
parm.parm_int_state |= IS_NO_RIP | IS_PASSIVE;
|
|
|
|
} else if (PARSEQ("rdisc_pref")) {
|
|
if (parm.parm_rdisc_pref != 0
|
|
|| (parm.parm_rdisc_pref = (int)strtol(buf,&p,0),
|
|
*p != '\0'))
|
|
return bad_str(tgt);
|
|
|
|
} else if (PARS("pm_rdisc")) {
|
|
if (IS_RIP_OUT_OFF(parm.parm_int_state))
|
|
return bad_str(tgt);
|
|
parm.parm_int_state |= IS_PM_RDISC;
|
|
|
|
} else if (PARSEQ("rdisc_interval")) {
|
|
if (parm.parm_rdisc_int != 0
|
|
|| (parm.parm_rdisc_int = (int)strtoul(buf,&p,0),
|
|
*p != '\0')
|
|
|| parm.parm_rdisc_int < MinMaxAdvertiseInterval
|
|
|| parm.parm_rdisc_int > MaxMaxAdvertiseInterval)
|
|
return bad_str(tgt);
|
|
|
|
} else if (PARSEQ("fake_default")) {
|
|
if (parm.parm_d_metric != 0
|
|
|| IS_RIP_OUT_OFF(parm.parm_int_state)
|
|
|| (i = strtoul(buf,&p,0), *p != '\0')
|
|
|| i > HOPCNT_INFINITY-1)
|
|
return bad_str(tgt);
|
|
parm.parm_d_metric = i;
|
|
|
|
} else if (PARSEQ("adj_inmetric")) {
|
|
if (parm.parm_adj_inmetric != 0
|
|
|| (i = strtoul(buf,&p,0), *p != '\0')
|
|
|| i > HOPCNT_INFINITY-1)
|
|
return bad_str(tgt);
|
|
parm.parm_adj_inmetric = i;
|
|
|
|
} else if (PARSEQ("adj_outmetric")) {
|
|
if (parm.parm_adj_outmetric != 0
|
|
|| (i = strtoul(buf,&p,0), *p != '\0')
|
|
|| i > HOPCNT_INFINITY-1)
|
|
return bad_str(tgt);
|
|
parm.parm_adj_outmetric = i;
|
|
|
|
} else if (PARSEQ("trust_gateway")) {
|
|
/* look for trust_gateway=x.y.z|net/mask|...) */
|
|
p = buf;
|
|
if (0 > parse_quote(&p, "|", &delim,
|
|
buf2, sizeof(buf2))
|
|
|| !gethost(buf2,&addr))
|
|
return bad_str(tgt);
|
|
tg = (struct tgate *)rtmalloc(sizeof(*tg),
|
|
"parse_parms"
|
|
"trust_gateway");
|
|
memset(tg, 0, sizeof(*tg));
|
|
tg->tgate_addr = addr;
|
|
i = 0;
|
|
/* The default is to trust all routes. */
|
|
while (delim == '|') {
|
|
p++;
|
|
if (i >= MAX_TGATE_NETS
|
|
|| 0 > parse_quote(&p, "|", &delim,
|
|
buf2, sizeof(buf2))
|
|
|| !getnet(buf2, &tg->tgate_nets[i].net,
|
|
&tg->tgate_nets[i].mask)
|
|
|| tg->tgate_nets[i].net == RIP_DEFAULT
|
|
|| tg->tgate_nets[i].mask == 0) {
|
|
free(tg);
|
|
return bad_str(tgt);
|
|
}
|
|
i++;
|
|
}
|
|
tg->tgate_next = tgates;
|
|
tgates = tg;
|
|
parm.parm_int_state |= IS_DISTRUST;
|
|
|
|
} else if (PARS("redirect_ok")) {
|
|
parm.parm_int_state |= IS_REDIRECT_OK;
|
|
|
|
} else {
|
|
return bad_str(tgt); /* error */
|
|
}
|
|
}
|
|
|
|
return check_parms(&parm);
|
|
#undef PARS
|
|
#undef PARSEQ
|
|
}
|
|
|
|
|
|
/* check for duplicate parameter specifications */
|
|
const char * /* 0 or error message */
|
|
check_parms(struct parm *new)
|
|
{
|
|
struct parm *parmp, **parmpp;
|
|
int i, num_passwds;
|
|
|
|
/* set implicit values
|
|
*/
|
|
if (new->parm_int_state & IS_NO_ADV_IN)
|
|
new->parm_int_state |= IS_NO_SOL_OUT;
|
|
if (new->parm_int_state & IS_NO_SOL_OUT)
|
|
new->parm_int_state |= IS_NO_ADV_IN;
|
|
|
|
for (i = num_passwds = 0; i < MAX_AUTH_KEYS; i++) {
|
|
if (new->parm_auth[i].type != RIP_AUTH_NONE)
|
|
num_passwds++;
|
|
}
|
|
|
|
/* compare with existing sets of parameters
|
|
*/
|
|
for (parmpp = &parms;
|
|
(parmp = *parmpp) != NULL;
|
|
parmpp = &parmp->parm_next) {
|
|
if (strcmp(new->parm_name, parmp->parm_name))
|
|
continue;
|
|
if (!on_net(htonl(parmp->parm_net),
|
|
new->parm_net, new->parm_mask)
|
|
&& !on_net(htonl(new->parm_net),
|
|
parmp->parm_net, parmp->parm_mask))
|
|
continue;
|
|
|
|
for (i = 0; i < MAX_AUTH_KEYS; i++) {
|
|
if (parmp->parm_auth[i].type != RIP_AUTH_NONE)
|
|
num_passwds++;
|
|
}
|
|
if (num_passwds > MAX_AUTH_KEYS)
|
|
return "too many conflicting passwords";
|
|
|
|
if ((0 != (new->parm_int_state & GROUP_IS_SOL_OUT)
|
|
&& 0 != (parmp->parm_int_state & GROUP_IS_SOL_OUT)
|
|
&& 0 != ((new->parm_int_state ^ parmp->parm_int_state)
|
|
& GROUP_IS_SOL_OUT))
|
|
|| (0 != (new->parm_int_state & GROUP_IS_ADV_OUT)
|
|
&& 0 != (parmp->parm_int_state & GROUP_IS_ADV_OUT)
|
|
&& 0 != ((new->parm_int_state ^ parmp->parm_int_state)
|
|
& GROUP_IS_ADV_OUT))
|
|
|| (new->parm_rdisc_pref != 0
|
|
&& parmp->parm_rdisc_pref != 0
|
|
&& new->parm_rdisc_pref != parmp->parm_rdisc_pref)
|
|
|| (new->parm_rdisc_int != 0
|
|
&& parmp->parm_rdisc_int != 0
|
|
&& new->parm_rdisc_int != parmp->parm_rdisc_int)) {
|
|
return ("conflicting, duplicate router discovery"
|
|
" parameters");
|
|
|
|
}
|
|
|
|
if (new->parm_d_metric != 0
|
|
&& parmp->parm_d_metric != 0
|
|
&& new->parm_d_metric != parmp->parm_d_metric) {
|
|
return ("conflicting, duplicate poor man's router"
|
|
" discovery or fake default metric");
|
|
}
|
|
|
|
if (new->parm_adj_inmetric != 0
|
|
&& parmp->parm_adj_inmetric != 0
|
|
&& new->parm_adj_inmetric != parmp->parm_adj_inmetric) {
|
|
return ("conflicting interface input "
|
|
"metric adjustments");
|
|
}
|
|
|
|
if (new->parm_adj_outmetric != 0
|
|
&& parmp->parm_adj_outmetric != 0
|
|
&& new->parm_adj_outmetric != parmp->parm_adj_outmetric) {
|
|
return ("conflicting interface output "
|
|
"metric adjustments");
|
|
}
|
|
}
|
|
|
|
/* link new entry on the list so that when the entries are scanned,
|
|
* they affect the result in the order the operator specified.
|
|
*/
|
|
parmp = (struct parm*)rtmalloc(sizeof(*parmp), "check_parms");
|
|
memcpy(parmp, new, sizeof(*parmp));
|
|
*parmpp = parmp;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/* get a network number as a name or a number, with an optional "/xx"
|
|
* netmask.
|
|
*/
|
|
int /* 0=bad */
|
|
getnet(char *name,
|
|
naddr *netp, /* network in host byte order */
|
|
naddr *maskp) /* masks are always in host order */
|
|
{
|
|
int i;
|
|
struct netent *np;
|
|
naddr mask; /* in host byte order */
|
|
struct in_addr in; /* a network and so host byte order */
|
|
char hname[MAXHOSTNAMELEN+1];
|
|
char *mname, *p;
|
|
|
|
|
|
/* Detect and separate "1.2.3.4/24"
|
|
*/
|
|
if (NULL != (mname = strrchr(name,'/'))) {
|
|
i = (int)(mname - name);
|
|
if (i > (int)sizeof(hname)-1) /* name too long */
|
|
return 0;
|
|
memmove(hname, name, i);
|
|
hname[i] = '\0';
|
|
mname++;
|
|
name = hname;
|
|
}
|
|
|
|
np = getnetbyname(name);
|
|
if (np != NULL) {
|
|
in.s_addr = (naddr)np->n_net;
|
|
if (0 == (in.s_addr & 0xff000000))
|
|
in.s_addr <<= 8;
|
|
if (0 == (in.s_addr & 0xff000000))
|
|
in.s_addr <<= 8;
|
|
if (0 == (in.s_addr & 0xff000000))
|
|
in.s_addr <<= 8;
|
|
} else if (inet_aton(name, &in) == 1) {
|
|
in.s_addr = ntohl(in.s_addr);
|
|
} else if (!mname && !strcasecmp(name,"default")) {
|
|
in.s_addr = RIP_DEFAULT;
|
|
} else {
|
|
return 0;
|
|
}
|
|
|
|
if (!mname) {
|
|
/* we cannot use the interfaces here because we have not
|
|
* looked at them yet.
|
|
*/
|
|
mask = std_mask(htonl(in.s_addr));
|
|
if ((~mask & in.s_addr) != 0)
|
|
mask = HOST_MASK;
|
|
} else {
|
|
mask = (naddr)strtoul(mname, &p, 0);
|
|
if (*p != '\0' || mask > 32)
|
|
return 0;
|
|
if (mask != 0)
|
|
mask = HOST_MASK << (32-mask);
|
|
}
|
|
|
|
/* must have mask of 0 with default */
|
|
if (mask != 0 && in.s_addr == RIP_DEFAULT)
|
|
return 0;
|
|
/* no host bits allowed in a network number */
|
|
if ((~mask & in.s_addr) != 0)
|
|
return 0;
|
|
/* require non-zero network number */
|
|
if ((mask & in.s_addr) == 0 && in.s_addr != RIP_DEFAULT)
|
|
return 0;
|
|
if (in.s_addr>>24 == 0 && in.s_addr != RIP_DEFAULT)
|
|
return 0;
|
|
if (in.s_addr>>24 == 0xff)
|
|
return 0;
|
|
|
|
*netp = in.s_addr;
|
|
*maskp = mask;
|
|
return 1;
|
|
}
|
|
|
|
|
|
int /* 0=bad */
|
|
gethost(char *name,
|
|
naddr *addrp)
|
|
{
|
|
struct hostent *hp;
|
|
struct in_addr in;
|
|
|
|
|
|
/* Try for a number first, even in IRIX where gethostbyname()
|
|
* is smart. This avoids hitting the name server which
|
|
* might be sick because routing is.
|
|
*/
|
|
if (inet_aton(name, &in) == 1) {
|
|
/* get a good number, but check that it it makes some
|
|
* sense.
|
|
*/
|
|
if (ntohl(in.s_addr)>>24 == 0
|
|
|| ntohl(in.s_addr)>>24 == 0xff)
|
|
return 0;
|
|
*addrp = in.s_addr;
|
|
return 1;
|
|
}
|
|
|
|
hp = gethostbyname(name);
|
|
if (hp) {
|
|
memcpy(addrp, hp->h_addr, sizeof(*addrp));
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|