2 * Copyright (c) 2012-2014, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <tr_filter.h>
41 #include <trust_router/tr_constraint.h>
43 /* Returns TRUE (1) if the the string (str) matchs the wildcard string (wc_str), FALSE (0) if not.
45 int tr_prefix_wildcard_match (const char *str, const char *wc_str) {
46 const char *wc_post = wc_str;
50 if ((!str) || (!wc_str))
54 if (0 == (wc_len = strlen(wc_str)))
57 /* TBD -- skip leading white space? */
58 if ('*' == wc_str[0]) {
59 wc_post = &(wc_str[1]);
61 }else if (len != wc_len)
68 if (0 == strcmp(&(str[len-wc_len]), wc_post)) {
75 TR_CONSTRAINT_SET *tr_constraint_set_from_fline (TR_FLINE *fline)
82 if (fline->realm_cons)
83 tr_constraint_add_to_set((TR_CONSTRAINT_SET **)&cset, fline->realm_cons);
84 if (fline->domain_cons)
85 tr_constraint_add_to_set((TR_CONSTRAINT_SET **)&cset, fline->domain_cons);
87 return (TR_CONSTRAINT_SET *) cset;
90 /* A constraint set is represented in json as an array of constraint
91 * objects. So, a constraint set (cset) that consists of one realm
92 * constraint and one domain constraint might look like:
94 * {cset: [{domain: [a.com, b.co.uk]},
95 * {realm: [c.net, d.org]}]}
98 void tr_constraint_add_to_set (TR_CONSTRAINT_SET **cset, TR_CONSTRAINT *cons)
100 json_t *jcons = NULL;
101 json_t *jmatches = NULL;
104 if ((!cset) || (!cons))
107 /* If we don't already have a json object, create one */
109 *cset = (TR_CONSTRAINT_SET *) json_array();
111 /* Create a json object representing cons */
112 jmatches = json_array();
113 jcons = json_object();
115 for (i = 0; ((i < TR_MAX_CONST_MATCHES) && (NULL != cons->matches[i])); i++) {
116 json_array_append_new(jmatches, json_string(cons->matches[i]->buf));
119 json_object_set_new(jcons, cons->type->buf, jmatches);
121 /* Add the created object to the cset object */
122 json_array_append_new((json_t *) *cset, jcons);
125 int tr_constraint_set_validate(TR_CONSTRAINT_SET *cset)
127 json_t *json = (json_t *) cset;
130 if (!json_is_array(json)){
131 tr_debug("Constraint_set is not an array");
134 json_array_foreach(json, i, set_member) {
137 if (!json_is_object(set_member)) {
138 tr_debug("Constraint member at %zu is not an object\n", i);
141 json_object_foreach( set_member, key, value) {
144 if (!json_is_array(value)) {
145 tr_debug("Constraint type %s at index %zu in constraint set is not an array\n", key,
149 json_array_foreach(value, inner_index, inner_value) {
150 if (!json_is_string(inner_value)) {
151 tr_debug("Constraint type %s at index %zu in constraint set has non-string element %zu\n",
152 key, i, inner_index);
162 TR_CONSTRAINT_SET *tr_constraint_set_filter( TID_REQ *request,
163 TR_CONSTRAINT_SET *orig,
164 const char *constraint_type)
166 json_t *orig_cset = (json_t*) orig;
167 json_t *new_cs = NULL;
170 if (!tr_constraint_set_validate( (TR_CONSTRAINT_SET *) orig_cset)) {
171 tr_debug ("tr_constraint_set_filter: not a valid constraint set\n");
174 assert (new_cs = json_array());
175 json_array_foreach(orig_cset, index, set_member) {
176 if (json_object_get( set_member, constraint_type))
177 json_array_append(new_cs, set_member);
179 return (TR_CONSTRAINT_SET *) new_cs;
183 * Within a given constraint object merge any overlapping domain or
184 * realm constraints. For example ['*','*.net'] can be simplified to
187 static void merge_constraints(json_t *constraint, const char *key)
189 json_t *value_1, *value_2, *constraint_array;
190 size_t index_1, index_2;
192 * Go through the loop pairwise linear, removing elements where one
193 * element is a subset of the other. Always shrik the array from
194 * the end so that index_1 never becomes invalid (swapping if
197 constraint_array = json_object_get(constraint, key);
198 if (NULL == constraint_array)
200 json_array_foreach( constraint_array, index_1, value_1)
201 json_array_foreach( constraint_array, index_2, value_2) {
202 if (index_2 <= index_1)
204 if ( tr_prefix_wildcard_match( json_string_value(value_2),
205 json_string_value(value_1))) {
206 json_array_remove(constraint_array, index_2);
208 }else if (tr_prefix_wildcard_match( json_string_value(value_1),
209 json_string_value(value_2))) {
210 json_array_set(constraint_array, index_1, value_2);
211 json_array_remove(constraint_array, index_2);
218 * Returns an array of constraint strings that is the intersection of
219 * all constraints in the constraint_set of type #type
221 static json_t *constraint_intersect_internal( TR_CONSTRAINT_SET *constraints,
222 const char *constraint_type)
224 json_t *constraint, *result = NULL;
226 json_array_foreach( (json_t *) constraints, i, constraint) {
227 merge_constraints( constraint, constraint_type);
228 if (NULL == result) {
229 result = json_object_get(constraint, constraint_type);
231 result = json_copy(result);
233 json_t *intersect, *value_1, *value_2;
234 size_t index_1, index_2;
235 intersect = json_object_get(constraint, constraint_type);
237 json_array_foreach(result, index_1, value_1) {
238 json_array_foreach(intersect, index_2, value_2) {
239 if (tr_prefix_wildcard_match( json_string_value(value_1),
240 json_string_value(value_2)))
241 goto result_acceptable;
242 else if (tr_prefix_wildcard_match(json_string_value( value_2),
243 json_string_value(value_1))) {
244 json_array_set(result, index_1, value_2);
245 goto result_acceptable;
248 json_array_remove(result, index_1);
252 result_acceptable: continue;
260 * Return the intersection of domain and realm constraints.
261 * Return is live until #request is freed.
263 TR_CONSTRAINT_SET *tr_constraint_set_intersect( TID_REQ *request,
264 TR_CONSTRAINT_SET *input)
266 json_t *domain=NULL, *realm=NULL;
267 json_t *result = NULL, *result_array = NULL;
268 if (tr_constraint_set_validate(input)) {
269 domain = constraint_intersect_internal(input, "domain");
270 realm = constraint_intersect_internal(input, "realm");
272 assert(result = json_object());
274 json_object_set_new(result, "domain", domain);
276 json_object_set_new(result, "realm", realm);
277 assert(result_array = json_array());
278 json_array_append_new(result_array, result);
279 tid_req_cleanup_json( request, result_array);
280 return (TR_CONSTRAINT_SET *) result_array;
284 int tr_constraint_set_get_match_strings(
286 TR_CONSTRAINT_SET *constraints,
287 const char *constraint_type,
288 tr_const_string **output,
291 json_t *cset = (json_t *) constraints;
292 json_t *member, *matches, *value;;
293 size_t index, array_size;
294 assert (output && output_len);
297 if (json_array_size(cset) != 1) {
298 tr_debug("Constraint set for get_match_strings has more than one member\n");
301 member = json_array_get(cset, 0);
302 matches = json_object_get(member, constraint_type);
305 array_size = json_array_size(matches);
308 *output = talloc_array_ptrtype(request, *output, array_size);
309 json_array_foreach( matches, index, value)
310 (*output)[index] = json_string_value(value);
311 *output_len = array_size;