2 * Copyright (c) 2012-2018, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
41 #include <tr_cfgwatch.h>
43 #include <tr_config.h>
44 #include <tr_gss_names.h>
46 #include <tr_filter.h>
47 #include <trust_router/tr_constraint.h>
50 #include <trust_router/trp.h>
52 #include <tr_inet_util.h>
54 #if JANSSON_VERSION_HEX < 0x020500
55 #include "jansson_iterators.h"
58 /* takes a talloc context, but currently does not use it */
59 static TR_NAME *tr_cfg_parse_org_name(TALLOC_CTX *mem_ctx, json_t *j_org, TR_CFG_RC *rc)
63 if ((j_org==NULL) || (rc==NULL) || (!json_is_string(j_org))) {
64 tr_debug("tr_cfg_parse_org_name: Bad parameters.");
66 *rc = TR_CFG_BAD_PARAMS; /* fill in return value if we can */
70 name=tr_new_name(json_string_value(j_org));
78 static TR_CFG_RC tr_cfg_parse_one_local_org(TR_CFG *trc, json_t *jlorg)
80 TALLOC_CTX *tmp_ctx=talloc_new(NULL);
81 TR_CFG_RC retval=TR_CFG_ERROR; /* our return code */
82 TR_CFG_RC rc=TR_CFG_ERROR; /* return code from functions we call */
83 TR_NAME *org_name=NULL;
85 json_t *j_realms=NULL;
86 TR_IDP_REALM *new_idp_realms=NULL;
87 TR_RP_CLIENT *new_rp_clients=NULL;
89 tr_debug("tr_cfg_parse_one_local_org: parsing local organization");
91 /* get organization_name (optional) */
92 if (NULL==(j_org=json_object_get(jlorg, "organization_name"))) {
93 tr_debug("tr_cfg_parse_one_local_org: organization_name unspecified");
95 org_name=tr_cfg_parse_org_name(tmp_ctx, j_org, &rc);
96 if (rc==TR_CFG_SUCCESS) {
97 tr_debug("tr_cfg_parse_one_local_org: organization_name=\"%.*s\"",
100 /* we don't actually do anything with this, but we could */
101 tr_free_name(org_name);
106 /* Now get realms. Allow this to be missing; even though that is a pointless organization entry,
107 * it's harmless. Report a warning because that might be unintentional. */
108 if (NULL==(j_realms=json_object_get(jlorg, "realms"))) {
109 tr_warning("tr_cfg_parse_one_local_org: warning - no realms in this local organization");
111 /* Allocate in the tmp_ctx so these will be cleaned up if we do not complete successfully. */
112 new_idp_realms=tr_cfg_parse_idp_realms(tmp_ctx, j_realms, &rc);
113 if (rc!=TR_CFG_SUCCESS)
116 new_rp_clients=tr_cfg_parse_rp_clients(tmp_ctx, j_realms, &rc);
117 if (rc!=TR_CFG_SUCCESS)
120 retval=TR_CFG_SUCCESS;
123 /* if we succeeded, link things to the configuration and move out of tmp context */
124 if (retval==TR_CFG_SUCCESS) {
125 if (new_idp_realms!=NULL) {
126 tr_idp_realm_add(trc->ctable->idp_realms, new_idp_realms); /* fixes talloc contexts except for head*/
127 talloc_steal(trc, trc->ctable->idp_realms); /* make sure the head is in the right context */
130 if (new_rp_clients!=NULL) {
131 tr_rp_client_add(trc->rp_clients, new_rp_clients); /* fixes talloc contexts */
132 talloc_steal(trc, trc->rp_clients); /* make sure head is in the right context */
136 talloc_free(tmp_ctx);
140 /* Parse local organizations if present. Returns success if there are none. On failure, the configuration is unreliable. */
141 TR_CFG_RC tr_cfg_parse_local_orgs(TR_CFG *trc, json_t *jcfg)
143 json_t *jlocorgs=NULL;
146 jlocorgs=json_object_get(jcfg, "local_organizations");
148 return TR_CFG_SUCCESS;
150 if (!json_is_array(jlocorgs)) {
151 tr_err("tr_cfg_parse_local_orgs: local_organizations is not an array.");
152 return TR_CFG_NOPARSE;
155 for (ii=0; ii<json_array_size(jlocorgs); ii++) {
156 if (tr_cfg_parse_one_local_org(trc, json_array_get(jlocorgs, ii))!=TR_CFG_SUCCESS) {
157 tr_err("tr_cfg_parse_local_orgs: error parsing local_organization %d.", ii+1);
158 return TR_CFG_NOPARSE;
162 return TR_CFG_SUCCESS;
165 static TR_CFG_RC tr_cfg_parse_one_peer_org(TR_CFG *trc, json_t *jporg)
167 TALLOC_CTX *tmp_ctx=talloc_new(NULL);
171 TRP_PEER *new_peer=NULL;
172 TR_GSS_NAMES *names=NULL;
173 TR_FILTER_SET *filt_set=NULL;
174 TR_CFG_RC rc=TR_CFG_ERROR;
178 jhost=json_object_get(jporg, "hostname");
179 jgss=json_object_get(jporg, "gss_names");
180 jfilt=json_object_get(jporg, "filters");
182 if ((jhost==NULL) || (!json_is_string(jhost))) {
183 tr_err("tr_cfg_parse_one_peer_org: hostname not specified or not a string.");
188 if ((jgss==NULL) || (!json_is_array(jgss))) {
189 tr_err("tr_cfg_parse_one_peer_org: gss_names not specified or not an array.");
194 if ((jfilt!=NULL) && (!json_is_object(jfilt))) {
195 tr_err("tr_cfg_parse_one_peer_org: filters is not an object.");
200 new_peer=trp_peer_new(tmp_ctx);
201 if (new_peer==NULL) {
202 tr_err("tr_cfg_parse_one_peer_org: could not allocate new peer.");
207 /* parse / validate the hostname and port */
208 hostname = tr_parse_host(tmp_ctx, json_string_value(jhost), &port);
209 if (NULL == hostname) {
210 tr_err("tr_cfg_parse_one_peer_org: error parsing hostname (%s)", json_string_value(jhost));
216 tr_err("tr_cfg_parse_one_peer_org: invalid port (%s)", json_string_value(jhost));
223 trp_peer_set_port(new_peer, port);
225 trp_peer_set_server(new_peer, hostname); /* string is strdup'ed in _set_server() */
226 if (trp_peer_get_server(new_peer) == NULL) {
227 tr_err("tr_cfg_parse_one_peer: could not set server hostname for new peer");
232 rc = tr_cfg_parse_gss_names(tmp_ctx, jgss, &names);
233 if (rc!=TR_CFG_SUCCESS) {
234 tr_err("tr_cfg_parse_one_peer_org: unable to parse gss names.");
238 trp_peer_set_gss_names(new_peer, names);
241 filt_set=tr_cfg_parse_filters(tmp_ctx, jfilt, &rc);
242 if (rc!=TR_CFG_SUCCESS) {
243 tr_err("tr_cfg_parse_one_peer_org: unable to parse filters.");
247 trp_peer_set_filters(new_peer, filt_set);
251 trp_ptable_add(trc->peers, new_peer);
255 talloc_free(tmp_ctx);
259 /* Parse peer organizations, if present. Returns success if there are none. */
260 TR_CFG_RC tr_cfg_parse_peer_orgs(TR_CFG *trc, json_t *jcfg)
262 json_t *jpeerorgs=NULL;
265 jpeerorgs=json_object_get(jcfg, "peer_organizations");
267 return TR_CFG_SUCCESS;
269 if (!json_is_array(jpeerorgs)) {
270 tr_err("tr_cfg_parse_peer_orgs: peer_organizations is not an array.");
271 return TR_CFG_NOPARSE;
274 for (ii=0; ii<json_array_size(jpeerorgs); ii++) {
275 if (tr_cfg_parse_one_peer_org(trc, json_array_get(jpeerorgs, ii))!=TR_CFG_SUCCESS) {
276 tr_err("tr_cfg_parse_peer_orgs: error parsing peer_organization %d.", ii+1);
277 return TR_CFG_NOPARSE;
281 return TR_CFG_SUCCESS;