*
*/
+#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
+#include <talloc.h>
+
#include <tr_filter.h>
-/* Returns TRUE (1) if the the string (str) matchs the wildcard string (wc_str), FALSE (0) if not.
- */
-int tr_prefix_wildcard_match (char *str, char *wc_str) {
- char *wc_post = wc_str;
- size_t len = 0;
- size_t wc_len = 0;
-
- if ((!str) || (!wc_str))
- return 0;
-
- /* TBD -- skip leading white space? */
- if ('*' == wc_str[0])
- wc_post = &(wc_str[1]);
-
- len = strlen(str);
- /* Everything matches an empty string or "*" */
- if (0 == (wc_len = strlen(wc_post)))
- return 1;
- if (wc_len > len)
- return 0;
-
- if (!strcmp(&(str[len-wc_len]), wc_post)) {
- return 1;
+
+int tr_filter_process_rp_permitted (TR_NAME *rp_realm, TR_FILTER *rpp_filter, TR_CONSTRAINT_SET *in_constraints, TR_CONSTRAINT_SET **out_constraints, int *out_action)
+{
+ int i = 0, j = 0;
+
+ *out_action = TR_FILTER_ACTION_REJECT;
+ *out_constraints = NULL;
+
+ /* If this isn't a valid rp_permitted filter, return no match. */
+ if ((!rpp_filter) ||
+ (TR_FILTER_TYPE_RP_PERMITTED != rpp_filter->type)) {
+ return TR_FILTER_NO_MATCH;
}
- else
- return 0;
+
+ /* Check if there is a match for this filter. */
+ for (i = 0; i < TR_MAX_FILTER_LINES; i++) {
+ for (j = 0; j < TR_MAX_FILTER_SPECS; j++) {
+
+ if ((rpp_filter->lines[i]) &&
+ (rpp_filter->lines[i]->specs[j]) &&
+ (tr_fspec_matches(rpp_filter->lines[i]->specs[j], rp_realm))) {
+ *out_action = rpp_filter->lines[i]->action;
+ *out_constraints = in_constraints;
+ if (rpp_filter->lines[i]->realm_cons)
+ tr_constraint_add_to_set(out_constraints,
+ rpp_filter->lines[i]->realm_cons);
+ if (rpp_filter->lines[i]->domain_cons)
+ tr_constraint_add_to_set(out_constraints,
+ rpp_filter->lines[i]->domain_cons);
+
+ return TR_FILTER_MATCH;
+ }
+ }
+ }
+ /* If there is no match, indicate that. */
+ return TR_FILTER_NO_MATCH;
+}
+
+void tr_fspec_free(TR_FSPEC *fspec)
+{
+ talloc_free(fspec);
+}
+
+static int tr_fspec_destructor(void *obj)
+{
+ TR_FSPEC *fspec=talloc_get_type_abort(obj, TR_FSPEC);
+
+ if (fspec->field!=NULL)
+ tr_free_name(fspec->field);
+ if (fspec->match!=NULL)
+ tr_free_name(fspec->match);
+ return 0;
+}
+
+TR_FSPEC *tr_fspec_new(TALLOC_CTX *mem_ctx)
+{
+ TR_FSPEC *fspec=talloc(mem_ctx, TR_FSPEC);
+
+ if (fspec!=NULL) {
+ fspec->field=NULL;
+ fspec->match=NULL;
+ talloc_set_destructor((void *)fspec, tr_fspec_destructor);
}
+ return fspec;
+}
+
+void tr_fspec_set_match(TR_FSPEC *fspec, TR_NAME *match)
+{
+ if (fspec->match!=NULL)
+ tr_free_name(fspec->match);
+ fspec->match=match;
+}
+
+/* returns 1 if the spec matches */
+int tr_fspec_matches(TR_FSPEC *fspec, TR_NAME *name)
+{
+ return ((fspec->match!=NULL) &&
+ (0!=tr_prefix_wildcard_match(name->buf, fspec->match->buf)));
+}
+
+void tr_fline_free(TR_FLINE *fline)
+{
+ talloc_free(fline);
+}
+
+TR_FLINE *tr_fline_new(TALLOC_CTX *mem_ctx)
+{
+ TR_FLINE *fl=talloc(mem_ctx, TR_FLINE);
+ int ii=0;
+
+ if (fl!=NULL) {
+ fl->action=TR_FILTER_ACTION_UNKNOWN;
+ fl->realm_cons=NULL;
+ fl->domain_cons=NULL;
+ for (ii=0; ii<TR_MAX_FILTER_SPECS; ii++)
+ fl->specs[ii]=NULL;
+ }
+ return fl;
+}
+
+TR_FILTER *tr_filter_new(TALLOC_CTX *mem_ctx)
+{
+ TR_FILTER *f=talloc(mem_ctx, TR_FILTER);
+ int ii=0;
+
+ if (f!=NULL) {
+ f->type=TR_FILTER_TYPE_UNKNOWN;
+ for (ii=0; ii<TR_MAX_FILTER_LINES; ii++)
+ f->lines[ii]=NULL;
+ }
+ return f;
+}
+
+void tr_filter_free(TR_FILTER *filt)
+{
+ talloc_free(filt);
+}
+
+void tr_filter_set_type(TR_FILTER *filt, TR_FILTER_TYPE type)
+{
+ filt->type=type;
+}
+
+TR_FILTER_TYPE tr_filter_get_type(TR_FILTER *filt)
+{
+ return filt->type;
+}
projects / trust_router.git / blobdiff