2 * Copyright (c) 2012-2018, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <tr_config.h>
39 #include <tr_cfgwatch.h>
44 * If the key does not exist in the src object, returns success but does fill in *dest.
46 * @param src JSON object to pull a value from
47 * @param key key to pull
48 * @param dest (output) pointer to an allocated integer
49 * @return TR_CFG_SUCCESS or an error code
51 static TR_CFG_RC tr_cfg_parse_boolean(json_t *src, const char *key, int *dest)
55 /* Validate parameters */
56 if ((src == NULL) || (key == NULL) || (dest == NULL))
57 return TR_CFG_BAD_PARAMS;
59 /* See if we have a value for this key; do nothing if not */
60 jtmp = json_object_get(src, key);
62 if (json_is_boolean(jtmp)) {
63 *dest = json_boolean_value(jtmp);
65 tr_debug("tr_cfg_parse_unsigned: Parsing error, %s is not a boolean.", key);
66 return TR_CFG_NOPARSE;
70 return TR_CFG_SUCCESS;
74 * Parse a signed integer
76 * If the key does not exist in the src object, returns success but does fill in *dest.
78 * @param src JSON object to pull a value from
79 * @param key key to pull
80 * @param dest (output) pointer to an allocated integer
81 * @return TR_CFG_SUCCESS or an error code
83 static TR_CFG_RC tr_cfg_parse_integer(json_t *src, const char *key, int *dest)
87 /* Validate parameters */
88 if ((src == NULL) || (key == NULL) || (dest == NULL))
89 return TR_CFG_BAD_PARAMS;
91 /* See if we have a value for this key; do nothing if not */
92 jtmp = json_object_get(src, key);
94 if (json_is_number(jtmp)) {
95 *dest = (int) json_integer_value(jtmp);
97 tr_debug("tr_cfg_parse_unsigned: Parsing error, %s is not a number.", key);
98 return TR_CFG_NOPARSE;
102 return TR_CFG_SUCCESS;
106 * Parse an unsigned integer
108 * If the key does not exist in the src object, returns success but does fill in *dest.
110 * @param src JSON object to pull a value from
111 * @param key key to pull
112 * @param dest (output) pointer to an allocated unsigned integer
113 * @return TR_CFG_SUCCESS or an error code
115 static TR_CFG_RC tr_cfg_parse_unsigned(json_t *src, const char *key, unsigned int *dest)
119 /* Validate parameters */
120 if ((src == NULL) || (key == NULL) || (dest == NULL))
121 return TR_CFG_BAD_PARAMS;
123 /* See if we have a value for this key; do nothing if not */
124 jtmp = json_object_get(src, key);
126 if (! json_is_number(jtmp)) {
127 tr_debug("tr_cfg_parse_unsigned: Parsing error, %s is not a number.", key);
128 return TR_CFG_NOPARSE;
129 } else if (json_integer_value(jtmp) < 0) {
130 tr_debug("tr_cfg_parse_unsigned: Value %d < 0.", json_integer_value(jtmp));
131 return TR_CFG_NOPARSE;
133 *dest = (unsigned int) json_integer_value(jtmp);
137 return TR_CFG_SUCCESS;
143 * If the key does not exist in the src object, returns success but does not allocate
144 * a return value in dest. Nulls the destination pointer if there is no return value.
146 * Return value is allocated in talloc's NULL context and must be freed with talloc_free()
147 * or put into a non-NULL context with talloc_steal()
149 * @param src JSON object to pull a value from
150 * @param key key to pull
151 * @param dest (output) pointer to a pointer that will hold the newly allocated return value
152 * @return TR_CFG_SUCCESS or an error code
154 static TR_CFG_RC tr_cfg_parse_string(json_t *src, const char *key, const char **dest)
158 /* Validate parameters */
159 if ((src == NULL) || (key == NULL) || (dest == NULL))
160 return TR_CFG_BAD_PARAMS;
162 /* See if we have a value for this key; do nothing if not */
163 jtmp = json_object_get(src, key);
165 *dest = NULL; /* No return value, null this out */
167 if (json_is_string(jtmp)) {
168 *dest = talloc_strdup(NULL, json_string_value(jtmp));
170 tr_debug("tr_cfg_parse_string: Parsing error, %s is not a string.", key);
171 return TR_CFG_NOPARSE;
175 return TR_CFG_SUCCESS;
179 * Set default values for settings that have them
181 * @param cfg configuration structure to fill in, not null
183 static void set_defaults(TR_CFG_INTERNAL *cfg)
185 cfg->max_tree_depth = TR_DEFAULT_MAX_TREE_DEPTH;
186 cfg->tids_port = TR_DEFAULT_TIDS_PORT;
187 cfg->trps_port = TR_DEFAULT_TRPS_PORT;
188 cfg->mons_port = TR_DEFAULT_MONITORING_PORT;
189 cfg->cfg_poll_interval = TR_CFGWATCH_DEFAULT_POLL;
190 cfg->cfg_settling_time = TR_CFGWATCH_DEFAULT_SETTLE;
191 cfg->trp_connect_interval = TR_DEFAULT_TRP_CONNECT_INTERVAL;
192 cfg->trp_sweep_interval = TR_DEFAULT_TRP_SWEEP_INTERVAL;
193 cfg->trp_update_interval = TR_DEFAULT_TRP_UPDATE_INTERVAL;
194 cfg->tid_req_timeout = TR_DEFAULT_TID_REQ_TIMEOUT;
195 cfg->tid_resp_numer = TR_DEFAULT_TID_RESP_NUMER;
196 cfg->tid_resp_denom = TR_DEFAULT_TID_RESP_DENOM;
197 cfg->log_threshold = TR_DEFAULT_LOG_THRESHOLD;
198 cfg->console_threshold = TR_DEFAULT_CONSOLE_THRESHOLD;
199 cfg->monitoring_credentials = NULL;
202 /* Helper that checks return value of a parse fn and returns if it failed */
203 #define NOPARSE_UNLESS(x) \
205 if ((x) != TR_CFG_SUCCESS) \
206 return TR_CFG_NOPARSE; \
209 static TR_CFG_RC tr_cfg_parse_monitoring(TR_CFG *trc, json_t *jmon)
211 int enabled = 1; /* assume we are enabled unless we are told not to be */
213 NOPARSE_UNLESS(tr_cfg_parse_boolean(jmon, "enabled", &enabled));
215 NOPARSE_UNLESS(tr_cfg_parse_integer(jmon, "port", &(trc->internal->mons_port)));
216 NOPARSE_UNLESS(tr_cfg_parse_gss_names(trc->internal,
217 json_object_get(jmon, "authorized_credentials"),
218 &(trc->internal->monitoring_credentials)));
221 return TR_CFG_SUCCESS;
225 * Parse internal configuration JSON
227 * @param trc configuration structure to fill in
228 * @param jint internal configuration JSON object
229 * @return TR_CFG_SUCCESS or an error code
231 TR_CFG_RC tr_cfg_parse_internal(TR_CFG *trc, json_t *jint)
234 const char *s = NULL;
236 if ((!trc) || (!jint))
237 return TR_CFG_BAD_PARAMS;
239 /* If we don't yet have an internal config, allocate one and set defaults. If it
240 * already exists, do not disturb existing settings. */
241 if (NULL == trc->internal) {
242 if (NULL == (trc->internal = talloc_zero(trc, TR_CFG_INTERNAL)))
244 set_defaults(trc->internal); /* Install defaults for any unspecified settings */
247 NOPARSE_UNLESS(tr_cfg_parse_string(jint, "hostname", &(trc->internal->hostname)));
248 talloc_steal(trc->internal, trc->internal->hostname);
250 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "max_tree_depth", &(trc->internal->max_tree_depth)));
251 NOPARSE_UNLESS(tr_cfg_parse_integer(jint, "tids_port", &(trc->internal->tids_port)));
252 NOPARSE_UNLESS(tr_cfg_parse_integer(jint, "trps_port", &(trc->internal->trps_port)));
253 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "cfg_poll_interval", &(trc->internal->cfg_poll_interval)));
254 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "cfg_settling_time", &(trc->internal->cfg_settling_time)));
255 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "trp_connect_interval", &(trc->internal->trp_connect_interval)));
256 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "trp_sweep_interval", &(trc->internal->trp_sweep_interval)));
257 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "trp_update_interval", &(trc->internal->trp_update_interval)));
258 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "tid_request_timeout", &(trc->internal->tid_req_timeout)));
259 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "tid_response_numerator", &(trc->internal->tid_resp_numer)));
260 NOPARSE_UNLESS(tr_cfg_parse_unsigned(jint, "tid_response_denominator", &(trc->internal->tid_resp_denom)));
262 /* Parse the logging section */
263 if (NULL != (jtmp = json_object_get(jint, "logging"))) {
264 NOPARSE_UNLESS(tr_cfg_parse_string(jtmp, "log_threshold", &s));
266 trc->internal->log_threshold = str2sev(s);
267 talloc_free((void *) s);
270 NOPARSE_UNLESS(tr_cfg_parse_string(jtmp, "console_threshold", &s));
272 trc->internal->console_threshold = str2sev(s);
273 talloc_free((void *) s);
277 /* Parse the monitoring section */
278 if (NULL != (jtmp = json_object_get(jint, "monitoring"))) {
279 NOPARSE_UNLESS(tr_cfg_parse_monitoring(trc, jtmp));
282 tr_debug("tr_cfg_parse_internal: Internal config parsed.");
283 return TR_CFG_SUCCESS;
286 static int invalid_port(int port)
288 return ((port <= 0) || (port > 65536));
292 * Validate the internal configuration of the trust router
294 * Validates fields, emitting errors if there are any. Safe to call with
295 * a null int_cfg, but this results in an error being returned.
297 * @param int_cfg pointer to an internal configuration (NULL is safe)
298 * @return success or error
300 TR_CFG_RC tr_cfg_validate_internal(TR_CFG_INTERNAL *int_cfg)
304 /* ensure we have an internal configuration and exit if not */
305 if (NULL == int_cfg) {
306 tr_debug("tr_cfg_validate_internal: No internal configuration present.");
307 return TR_CFG_BAD_PARAMS;
310 /* Assume we are going to succeed. If any errors are encountered, emit a message
311 * and set the return code to an error. Don't exit early, emit all the errors
312 * at once if we can. */
315 /*** Validate hostname ***/
316 if (NULL == int_cfg->hostname) {
317 tr_debug("tr_cfg_validate_internal: No hostname specified.");
321 /*** Validate various intervals ***/
322 if (TR_MIN_TRP_CONNECT_INTERVAL > int_cfg->trp_connect_interval) {
324 "tr_cfg_validate_internal: Error: trp_connect_interval must be at least %d (currently %d).",
325 TR_MIN_TRP_CONNECT_INTERVAL, int_cfg->trp_connect_interval);
329 if (TR_MIN_TRP_SWEEP_INTERVAL > int_cfg->trp_sweep_interval) {
331 "tr_cfg_validate_internal: Error: trp_sweep_interval must be at least %d (currently %d).",
332 TR_MIN_TRP_SWEEP_INTERVAL, int_cfg->trp_sweep_interval);
336 if (TR_MIN_TRP_UPDATE_INTERVAL > int_cfg->trp_update_interval) {
338 "tr_cfg_validate_internal: Error: trp_update_interval must be at least %d (currently %d).",
339 TR_MIN_TRP_UPDATE_INTERVAL, int_cfg->trp_update_interval);
343 if (TR_MIN_CFG_POLL_INTERVAL > int_cfg->cfg_poll_interval) {
345 "tr_cfg_validate_internal: Error: cfg_poll_interval must be at least %d (currently %d).",
346 TR_MIN_CFG_POLL_INTERVAL, int_cfg->cfg_poll_interval);
350 if (TR_MIN_CFG_SETTLING_TIME > int_cfg->cfg_settling_time) {
352 "tr_cfg_validate_internal: Error: cfg_settling_time must be at least %d (currently %d).",
353 TR_MIN_CFG_SETTLING_TIME, int_cfg->cfg_settling_time);
357 /*** Validate ports ***/
358 if (invalid_port(int_cfg->tids_port)) {
359 tr_debug("tr_cfg_validate_internal: Error: invalid tids_port (%d).", int_cfg->tids_port);
363 if (invalid_port(int_cfg->trps_port)) {
364 tr_debug("tr_cfg_validate_internal: Error: invalid trps_port (%d).", int_cfg->trps_port);
368 if (invalid_port(int_cfg->mons_port)) {
369 tr_debug("tr_cfg_validate_internal: Error: invalid monitoring port (%d).", int_cfg->mons_port);
373 /*** Validate tid request timeout ***/
374 if (TR_MIN_TID_REQ_TIMEOUT > int_cfg->tid_req_timeout) {
375 tr_debug("tr_cfg_validate_internal: Error: tid_request_timeout must be at least %d (currently %d).",
376 TR_MIN_TID_REQ_TIMEOUT, int_cfg->tid_req_timeout);
380 /*** Validate tid response parameters ***/
381 if ((int_cfg->tid_resp_numer <= 0)
382 || (int_cfg->tid_resp_denom <= 0)
383 || (int_cfg->tid_resp_numer > int_cfg->tid_resp_denom)) {
384 tr_debug("tr_cfg_validate_internal: Error: invalid tid_response_numerator / tid_response_denominator. Both must be positive and the numerator/denominator ratio must be <= 1 (currently %d/%d).",
385 int_cfg->tid_resp_numer, int_cfg->tid_resp_denom);