summaryrefslogtreecommitdiff
path: root/src/libs6net/s6net_accessrules_backend_cdb.c
blob: e75f755979687463a7b90768dd07098d622b5995 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/* ISC license. */

#include <unistd.h>
#include <errno.h>
#include <skalibs/bytestr.h>
#include <skalibs/uint16.h>
#include <skalibs/cdb.h>
#include <skalibs/stralloc.h>
#include <s6-networking/accessrules.h>

s6net_accessrules_result_t s6net_accessrules_backend_cdb (char const *key, unsigned int keylen, void *data, s6net_accessrules_params_t *params)
{
  struct cdb *c = data ;
  unsigned int execbase, n ;
  uint16 envlen, execlen ;
  register int r = cdb_find(c, key, keylen) ;
  if (r < 0) return S6NET_ACCESSRULES_ERROR ;
  else if (!r) return S6NET_ACCESSRULES_NOTFOUND ;
  n = cdb_datalen(c) ;
  if ((n < 5U) || (n > 8197U)) return (errno = EINVAL, S6NET_ACCESSRULES_ERROR) ;
  if (!stralloc_readyplus(&params->exec, n)) return S6NET_ACCESSRULES_ERROR ;
  execbase = params->exec.len ;
  if (cdb_read(c, params->exec.s + execbase, n, cdb_datapos(c)) < 0) return S6NET_ACCESSRULES_ERROR ;
  if (params->exec.s[execbase] == 'D') return S6NET_ACCESSRULES_DENY ;
  else if (params->exec.s[execbase] != 'A') return S6NET_ACCESSRULES_NOTFOUND ;
  uint16_unpack_big(params->exec.s + execbase + 1U, &envlen) ;
  if ((envlen > 4096U) || (envlen+5U > n)) return (errno = EINVAL, S6NET_ACCESSRULES_ERROR) ;
  uint16_unpack_big(params->exec.s + execbase + 3 + envlen, &execlen) ;
  if ((execlen > 4096U) || (5U + envlen + execlen != n)) return (errno = EINVAL, S6NET_ACCESSRULES_ERROR) ;
  if (!stralloc_catb(&params->env, params->exec.s + execbase + 3U, envlen)) return S6NET_ACCESSRULES_ERROR ;
  byte_copy(params->exec.s + execbase, execlen, params->exec.s + execbase + 5U + envlen) ;
  if (execlen)
  {
    params->exec.len += execlen ;
    params->exec.s[params->exec.len++] = 0 ;
  }
  return S6NET_ACCESSRULES_ALLOW ;
}