#include <tr_comm.h>
#include <tr_apc.h>
#include <tr_rp.h>
-#include <trust_router/tr_name.h>
+#include <tr_name_internal.h>
#include <trp_internal.h>
#include <tr_gss.h>
#include <trp_ptable.h>
n_fd=trps_listen(trps, port, fd_out, max_fd);
if (n_fd==0)
- tr_debug("trps_get_listener: Error opening port %d.");
+ tr_err("trps_get_listener: Error opening port %d.");
else {
/* opening port succeeded */
- tr_debug("trps_get_listener: Opened port %d.", port);
+ tr_info("trps_get_listener: Opened port %d.", port);
/* make the sockets non-blocking */
for (ii=0; ii<n_fd; ii++) {
if (0 != fcntl(fd_out[ii], F_SETFL, O_NONBLOCK)) {
- tr_debug("trps_get_listener: Error setting O_NONBLOCK.");
+ tr_err("trps_get_listener: Error setting O_NONBLOCK.");
for (ii=0; ii<n_fd; ii++) {
close(fd_out[ii]);
fd_out[ii]=-1;
* Apply applicable TRP_INBOUND filters to an inforec. Rejects everything if peer has no filters.
*
* @param trps Active TRPS instance
- * @param peer_name Name of peer that sent this inforec
+ * @param upd TRP_UPD that contains the inforec to filter
* @param rec Inforec to filter
* @return 1 if accepted by the filter, 0 otherwise
*/
-static int trps_filter_inbound_inforec(TRPS_INSTANCE *trps, TR_NAME *peer_name, TRP_INFOREC *rec)
+static int trps_filter_inbound_inforec(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC *rec)
{
TRP_PEER *peer=NULL;
+ TR_NAME *peer_name=NULL;
TR_FILTER_ACTION action=TR_FILTER_ACTION_REJECT;
+ TR_FILTER_TARGET *target=NULL;
+ int retval=0;
/* Look up the peer. For inbound messages, the peer is identified by its GSS name */
+ peer_name=trp_upd_get_peer(upd);
peer=trps_get_peer_by_gssname(trps, peer_name);
if (peer==NULL) {
tr_err("trps_filter_inbound_inforec: received inforec from unknown peer (%.*s), rejecting.",
}
/* tr_filter_apply() and tr_filter_set_get() handle null filter sets/filters by rejecting */
- if ((TR_FILTER_NO_MATCH==tr_filter_apply(rec,
- tr_filter_set_get(peer->filters, TR_FILTER_TYPE_TRP_INBOUND),
- NULL,
- &action))
+ target= tr_filter_target_trp_inforec(NULL, upd, rec);
+ if (target==NULL) {
+ /* TODO: signal that filtering failed. Until then, just filter everything and give an error message. */
+ tr_crit("trps_filter_inbound_inforec: Unable to allocate filter target, cannot apply filter!");
+ }
+ if ((target==NULL)
+ || (TR_FILTER_NO_MATCH==tr_filter_apply(target,
+ tr_filter_set_get(peer->filters, TR_FILTER_TYPE_TRP_INBOUND),
+ NULL,
+ &action))
|| (action!=TR_FILTER_ACTION_ACCEPT)) {
- /* either the filter did not match or it matched a reject rule */
- return 0;
- }
+ /* either the filter did not match or it matched a reject rule or allocating the target failed */
+ retval=0;
+ } else
+ retval=1;
+ if (target!=NULL)
+ tr_filter_target_free(target);
/* filter matched an accept rule */
- return 1;
+ return retval;
}
}
for (rec=trp_upd_get_inforec(upd); rec!=NULL; rec=trp_inforec_get_next(rec)) {
- if (!trps_filter_inbound_inforec(trps, trp_upd_get_peer(upd), rec)) {
+ if (!trps_filter_inbound_inforec(trps, upd, rec)) {
tr_debug("trps_handle_update: inforec rejected by filter.");
continue; /* just go on to the next record */
}
{
TRP_INFOREC *this=NULL, *next=NULL;
TR_FILTER_ACTION action=TR_FILTER_ACTION_REJECT;
+ TR_FILTER_TARGET *target=NULL;
for(this=trp_upd_get_inforec(upd); this!=NULL; this=next) {
next=this->next;
- if ((TR_FILTER_NO_MATCH==tr_filter_apply(this, filt, NULL, &action))
+ target= tr_filter_target_trp_inforec(NULL, upd, this);
+ if (target==NULL) {
+ /* TODO: signal that filtering failed. Until then, just filter everything and give an error message. */
+ tr_crit("trps_filter_one_outbound_update: Unable to allocate filter target, cannot apply filter!");
+ }
+ if ((target==NULL)
+ || (TR_FILTER_NO_MATCH==tr_filter_apply(target, filt, NULL, &action))
|| (action!=TR_FILTER_ACTION_ACCEPT)) {
- /* Either no filter matched or one matched and rejected this record */
+ /* Either no filter matched or one matched and rejected this record.
+ * Also filter out record if we were unable to allocate a target. */
trp_upd_remove_inforec(upd, this); /* "this" is now invalid */
}
+ if (target!=NULL)
+ tr_filter_target_free(target);
}
}
static void trps_filter_outbound_updates(TR_FILTER_SET *filters, GPtrArray *updates)
{
TRP_UPD *upd=NULL;
- int ii=0;
+ guint ii=0;
- /* walk backward through the array so we can remove elements */
- for (ii=updates->len-1; ii>=0; ii--) {
- upd=g_ptr_array_index(updates, ii);
+ /* Walk backward through the array so we can remove elements. Careful about loop
+ * termination - remember that ii is unsigned. */
+ for (ii=updates->len; ii>0; ii--) {
+ upd=g_ptr_array_index(updates, ii-1);
trps_filter_one_outbound_update(tr_filter_set_get(filters, TR_FILTER_TYPE_TRP_OUTBOUND), upd);
/* see if we removed all the records from this update */
if (trp_upd_num_inforecs(upd)==0)
- g_ptr_array_remove_index_fast(updates, ii); /* does not preserve order at index ii or higher */
+ g_ptr_array_remove_index_fast(updates, ii-1); /* does not preserve order at index ii or higher */
}
}
static TRP_RC trps_update_one_peer(TRPS_INSTANCE *trps,
TRP_PEER *peer,
TRP_UPDATE_TYPE update_type,
- TR_NAME *comm,
- TR_NAME *realm)
+ TR_NAME *realm,
+ TR_NAME *comm)
{
TALLOC_CTX *tmp_ctx=talloc_new(NULL);
TR_MSG msg; /* not a pointer! */
return trps_update_one_peer(trps,
trps_get_peer_by_gssname(trps, trp_req_get_peer(req)),
TRP_UPDATE_REQUESTED,
- comm,
- realm);
+ realm,
+ comm);
}
projects / trust_router.git / blobdiff