1 /* Copyright (C) 2005 Red Hat, Inc. */
2
3 struct semanage_port;
4 struct semanage_port_key;
5 typedef struct semanage_port record_t;
6 typedef struct semanage_port_key record_key_t;
7 #define DBASE_RECORD_DEFINED
8
9 struct dbase_file;
10 typedef struct dbase_file dbase_t;
11 #define DBASE_DEFINED
12
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <strings.h>
16 #include <semanage/handle.h>
17 #include "port_internal.h"
18 #include "database_file.h"
19 #include "parse_utils.h"
20 #include "debug.h"
21
port_print(semanage_handle_t * handle,semanage_port_t * port,FILE * str)22 static int port_print(semanage_handle_t * handle,
23 semanage_port_t * port, FILE * str)
24 {
25
26 char *con_str = NULL;
27
28 int low = semanage_port_get_low(port);
29 int high = semanage_port_get_high(port);
30 int proto = semanage_port_get_proto(port);
31 const char *proto_str = semanage_port_get_proto_str(proto);
32 semanage_context_t *con = semanage_port_get_con(port);
33
34 if (fprintf(str, "portcon %s ", proto_str) < 0)
35 goto err;
36
37 if (low == high) {
38 if (fprintf(str, "%d ", low) < 0)
39 goto err;
40 } else {
41 if (fprintf(str, "%d - %d ", low, high) < 0)
42 goto err;
43 }
44
45 if (semanage_context_to_string(handle, con, &con_str) < 0)
46 goto err;
47 if (fprintf(str, "%s\n", con_str) < 0)
48 goto err;
49
50 free(con_str);
51 return STATUS_SUCCESS;
52
53 err:
54 ERR(handle, "could not print port range %u - %u (%s) to stream",
55 low, high, proto_str);
56 free(con_str);
57 return STATUS_ERR;
58 }
59
port_parse(semanage_handle_t * handle,parse_info_t * info,semanage_port_t * port)60 static int port_parse(semanage_handle_t * handle,
61 parse_info_t * info, semanage_port_t * port)
62 {
63
64 int low, high;
65 char *str = NULL;
66 semanage_context_t *con = NULL;
67
68 if (parse_skip_space(handle, info) < 0)
69 goto err;
70 if (!info->ptr)
71 goto last;
72
73 /* Header */
74 if (parse_assert_str(handle, info, "portcon") < 0)
75 goto err;
76 if (parse_assert_space(handle, info) < 0)
77 goto err;
78
79 /* Protocol */
80 if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
81 goto err;
82 if (!strcasecmp(str, "tcp"))
83 semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
84 else if (!strcasecmp(str, "udp"))
85 semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
86 else if (!strcasecmp(str, "dccp"))
87 semanage_port_set_proto(port, SEMANAGE_PROTO_DCCP);
88 else if (!strcasecmp(str, "sctp"))
89 semanage_port_set_proto(port, SEMANAGE_PROTO_SCTP);
90 else {
91 ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
92 info->filename, info->lineno, info->orig_line);
93 goto err;
94 }
95 free(str);
96 str = NULL;
97
98 /* Range/Port */
99 if (parse_assert_space(handle, info) < 0)
100 goto err;
101 if (parse_fetch_int(handle, info, &low, '-') < 0)
102 goto err;
103
104 /* If range (-) does not follow immediately, require a space
105 * In other words, the space here is optional, but only
106 * in the ranged case, not in the single port case,
107 * so do a custom test */
108 if (*(info->ptr) && *(info->ptr) != '-') {
109 if (parse_assert_space(handle, info) < 0)
110 goto err;
111 }
112
113 if (parse_optional_ch(info, '-') != STATUS_NODATA) {
114
115 if (parse_skip_space(handle, info) < 0)
116 goto err;
117 if (parse_fetch_int(handle, info, &high, ' ') < 0)
118 goto err;
119 if (parse_assert_space(handle, info) < 0)
120 goto err;
121 semanage_port_set_range(port, low, high);
122 } else
123 semanage_port_set_port(port, low);
124
125 /* Port context */
126 if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
127 goto err;
128 if (semanage_context_from_string(handle, str, &con) < 0) {
129 ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
130 str, info->filename, info->lineno, info->orig_line);
131 goto err;
132 }
133 if (con == NULL) {
134 ERR(handle, "<<none>> context is not valid "
135 "for ports (%s: %u):\n%s", info->filename,
136 info->lineno, info->orig_line);
137 goto err;
138 }
139 free(str);
140 str = NULL;
141
142 if (semanage_port_set_con(handle, port, con) < 0)
143 goto err;
144
145 if (parse_assert_space(handle, info) < 0)
146 goto err;
147
148 semanage_context_free(con);
149 return STATUS_SUCCESS;
150
151 last:
152 parse_dispose_line(info);
153 return STATUS_NODATA;
154
155 err:
156 ERR(handle, "could not parse port record");
157 free(str);
158 semanage_context_free(con);
159 parse_dispose_line(info);
160 return STATUS_ERR;
161 }
162
163 /* PORT RECORD: FILE extension: method table */
164 record_file_table_t SEMANAGE_PORT_FILE_RTABLE = {
165 .parse = port_parse,
166 .print = port_print,
167 };
168
port_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)169 int port_file_dbase_init(semanage_handle_t * handle,
170 const char *path_ro,
171 const char *path_rw,
172 dbase_config_t * dconfig)
173 {
174
175 if (dbase_file_init(handle,
176 path_ro,
177 path_rw,
178 &SEMANAGE_PORT_RTABLE,
179 &SEMANAGE_PORT_FILE_RTABLE, &dconfig->dbase) < 0)
180 return STATUS_ERR;
181
182 dconfig->dtable = &SEMANAGE_FILE_DTABLE;
183 return STATUS_SUCCESS;
184 }
185
port_file_dbase_release(dbase_config_t * dconfig)186 void port_file_dbase_release(dbase_config_t * dconfig)
187 {
188
189 dbase_file_release(dconfig->dbase);
190 }
191