trp/trp_upd.c
trp/trpc.c
trp/trps.c include/tr_name_internal.h mon/mon_req.c mon/mon_req_encode.c mon/mon_req_decode.c
- mon/mon_resp.c mon/mon_common.c mon/mon_resp_encode.c mon/mon_resp_decode.c tr/tr_mon.c mon/mons.c include/tr_socket.h common/tr_gss.c include/tr_gss.h common/tr_config_internal.c mon/mons_handlers.c include/mons_handlers.h tr/tr_tid_mons.c tr/tr_tid_mons.c trp/trp_route.c include/trp_route.h trp/trp_rtable_encoders.c trp/trp_route_encoders.c trp/trp_peer.c include/trp_peer.h trp/trp_peer_encoders.c trp/trp_ptable_encoders.c common/tr_idp_encoders.c common/tr_comm_encoders.c common/tr_rp_client.c include/tr_rp_client.h common/tr_rp_client_encoders.c common/tr_filter_encoders.c common/tr_config_encoders.c common/tr_config_filters.c common/tr_config_realms.c common/tr_config_rp_clients.c common/tr_config_orgs.c common/tr_config_comms.c common/tr_list.c include/tr_list.h)
+ mon/mon_resp.c mon/mon_common.c mon/mon_resp_encode.c mon/mon_resp_decode.c tr/tr_mon.c mon/mons.c include/tr_socket.h common/tr_gss.c include/tr_gss.h common/tr_config_internal.c mon/mons_handlers.c include/mons_handlers.h tr/tr_tid_mons.c tr/tr_tid_mons.c trp/trp_route.c include/trp_route.h trp/trp_rtable_encoders.c trp/trp_route_encoders.c trp/trp_peer.c include/trp_peer.h trp/trp_peer_encoders.c trp/trp_ptable_encoders.c common/tr_idp_encoders.c common/tr_comm_encoders.c common/tr_rp_client.c include/tr_rp_client.h common/tr_rp_client_encoders.c common/tr_filter_encoders.c common/tr_config_encoders.c common/tr_config_filters.c common/tr_config_realms.c common/tr_config_rp_clients.c common/tr_config_orgs.c common/tr_config_comms.c common/tr_list.c include/tr_list.h include/tr_constraint_internal.h)
# Does not actually build!
add_executable(trust_router ${SOURCE_FILES})
#include <jansson.h>
#include <talloc.h>
+#include <tr_constraint_internal.h>
#include <tr_cfgwatch.h>
#include <tr_debug.h>
#include "jansson_iterators.h"
#endif
-static TR_CONSTRAINT *tr_cfg_parse_one_constraint(TALLOC_CTX *mem_ctx, char *ctype, json_t *jc, TR_CFG_RC *rc)
+static TR_CONSTRAINT *tr_cfg_parse_one_constraint(TALLOC_CTX *mem_ctx, const char *ctype, json_t *jc, TR_CFG_RC *rc)
{
TR_CONSTRAINT *cons=NULL;
- int i=0;
+ size_t i=0;
- if ((!ctype) || (!jc) || (!rc) ||
+ if (!rc) {
+ tr_err("tr_cfg_parse_one_constraint: rc is null, cannot process constraint.");
+ return NULL;
+ }
+
+ if ((!ctype) || (!jc) ||
(!json_is_array(jc)) ||
(0 >= json_array_size(jc)) ||
- (TR_MAX_CONST_MATCHES < json_array_size(jc)) ||
(!json_is_string(json_array_get(jc, 0)))) {
tr_err("tr_cfg_parse_one_constraint: config error.");
*rc=TR_CFG_NOPARSE;
}
for (i=0; i < json_array_size(jc); i++) {
- cons->matches[i]=tr_new_name(json_string_value(json_array_get(jc, i)));
- if (cons->matches[i]==NULL) {
- tr_err("tr_cfg_parse_one_constraint: Out of memory (match %d).", i+1);
+ if (NULL == tr_constraint_add_match(cons, tr_new_name(json_string_value(json_array_get(jc, i))))) {
+ tr_err("tr_cfg_parse_one_constraint: Out of memory (match %d).", i);
*rc=TR_CFG_NOMEM;
tr_constraint_free(cons);
return NULL;
tr_err("tr_cfg_parse_one_filter: cannot parse realm_constraints, not an array.");
*rc = TR_CFG_NOPARSE;
goto cleanup;
- } else if (json_array_size(jrc) > TR_MAX_CONST_MATCHES) {
- tr_err("tr_cfg_parse_one_filter: realm_constraints has too many entries, maximum of %d.",
- TR_MAX_CONST_MATCHES);
- *rc = TR_CFG_NOPARSE;
- goto cleanup;
} else if (json_array_size(jrc) > 0) {
/* ok we actually have entries to process */
if (NULL == (fline->realm_cons = tr_cfg_parse_one_constraint(fline, "realm", jrc, rc))) {
tr_err("tr_cfg_parse_one_filter: cannot parse domain_constraints, not an array.");
*rc = TR_CFG_NOPARSE;
goto cleanup;
- } else if (json_array_size(jdc) > TR_MAX_CONST_MATCHES) {
- tr_err("tr_cfg_parse_one_filter: domain_constraints has too many entries, maximum of %d.",
- TR_MAX_CONST_MATCHES);
- *rc = TR_CFG_NOPARSE;
- goto cleanup;
} else if (json_array_size(jdc) > 0) {
if (NULL == (fline->domain_cons = tr_cfg_parse_one_constraint(fline, "domain", jdc, rc))) {
tr_debug("tr_cfg_parse_one_filter: Error parsing domain constraint");
#include <tr_gss_names.h>
#include <tr_debug.h>
#include <tr_filter.h>
-#include <trust_router/tr_constraint.h>
+#include <tr_constraint_internal.h>
#include <tr_idp.h>
#include <tr.h>
#include <trust_router/trp.h>
*rc=TR_CFG_NOMEM;
goto cleanup;
}
- cons->matches[0]=name;
+ if (NULL == tr_constraint_add_match(cons, name)) {
+ tr_debug("tr_cfg_default_filters: could not add realm name for domain constraint.");
+ *rc=TR_CFG_NOMEM;
+ goto cleanup;
+ }
name=tr_name_cat(n_prefix, realm);
if (name==NULL) {
tr_debug("tr_cfg_default_filters: could not allocate wildcard realm name for domain constraint.");
*rc=TR_CFG_NOMEM;
goto cleanup;
}
- cons->matches[1]=name;
+ if (NULL == tr_constraint_add_match(cons, name)) {
+ tr_debug("tr_cfg_default_filters: could not add wildcard realm name for domain constraint.");
+ *rc=TR_CFG_NOMEM;
+ goto cleanup;
+ }
name=NULL;
fline->domain_cons=cons;
*rc=TR_CFG_NOMEM;
goto cleanup;
}
- cons->matches[0]=name;
+ if (NULL == tr_constraint_add_match(cons, name)) {
+ tr_debug("tr_cfg_default_filters: could not add realm name for realm constraint.");
+ *rc=TR_CFG_NOMEM;
+ goto cleanup;
+ }
name=tr_name_cat(n_prefix, realm);
if (name==NULL) {
tr_debug("tr_cfg_default_filters: could not allocate wildcard realm name for realm constraint.");
*rc=TR_CFG_NOMEM;
goto cleanup;
}
- cons->matches[1]=name;
+ if (NULL == tr_constraint_add_match(cons, name)) {
+ tr_debug("tr_cfg_default_filters: could not add wildcard realm name for realm constraint.");
+ *rc=TR_CFG_NOMEM;
+ goto cleanup;
+ }
name=NULL;
fline->realm_cons=cons;
#include <assert.h>
#include <talloc.h>
-#include <trust_router/tr_constraint.h>
#include <tr_filter.h>
#include <tid_internal.h>
#include <tr_debug.h>
+#include <tr_constraint_internal.h>
-
+/**
+ * Helper for tr_constraint_destructor - calls tr_free_name on its first argument
+ *
+ * @param item void pointer to a TR_NAME
+ * @param cookie ignored
+ */
+static void constraint_destruct_helper(void *item, void *cookie)
+{
+ TR_NAME *name = (TR_NAME *) item;
+ tr_free_name(name);
+}
static int tr_constraint_destructor(void *obj)
{
TR_CONSTRAINT *cons = talloc_get_type_abort(obj, TR_CONSTRAINT);
- int ii = 0;
- if (cons->type != NULL)
+ if (cons->type)
tr_free_name(cons->type);
- for (ii = 0; ii < TR_MAX_CONST_MATCHES; ii++) {
- if (cons->matches[ii] != NULL)
- tr_free_name(cons->matches[ii]);
- }
+
+ if (cons->matches)
+ tr_list_foreach(cons->matches, constraint_destruct_helper, NULL);
+
return 0;
}
TR_CONSTRAINT *tr_constraint_new(TALLOC_CTX *mem_ctx)
{
TR_CONSTRAINT *cons = talloc(mem_ctx, TR_CONSTRAINT);
- int ii = 0;
if (cons != NULL) {
cons->type = NULL;
- for (ii = 0; ii < TR_MAX_CONST_MATCHES; ii++)
- cons->matches[ii] = NULL;
+ cons->matches = tr_list_new(cons);
+ if (cons->matches == NULL) {
+ talloc_free(cons);
+ return NULL;
+ }
talloc_set_destructor((void *) cons, tr_constraint_destructor);
}
return cons;
talloc_free(cons);
}
+static void cons_dup_helper(void *item, void *cookie)
+{
+ TR_CONSTRAINT *new_cons = talloc_get_type_abort(cookie, TR_CONSTRAINT);
+ TR_NAME *new_name = tr_dup_name((TR_NAME *) item);
+ if (new_name) {
+ /* check that new_name is added, free if it fails */
+ if (tr_constraint_add_match(new_cons, new_name) == NULL)
+ tr_free_name(new_name);
+ }
+}
TR_CONSTRAINT *tr_constraint_dup(TALLOC_CTX *mem_ctx, TR_CONSTRAINT *cons)
{
- TALLOC_CTX *tmp_ctx = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_new(NULL);
TR_CONSTRAINT *new = NULL;
- int ii = 0;
if (cons == NULL)
- return NULL;
+ goto cleanup;
- tmp_ctx = talloc_new(NULL);
new = tr_constraint_new(tmp_ctx);
+ if (new == NULL)
+ goto cleanup;
- if (new != NULL) {
- new->type = tr_dup_name(cons->type);
- for (ii = 0; ii < TR_MAX_CONST_MATCHES; ii++)
- new->matches[ii] = tr_dup_name(cons->matches[ii]);
- talloc_steal(mem_ctx, new);
+ new->type = tr_dup_name(cons->type);
+ if (new->type == NULL) {
+ new = NULL;
+ goto cleanup;
}
+ tr_list_foreach(cons->matches, cons_dup_helper, new); /* copies matches to new->matches */
+ /* check that we were successful - if we were, then the lists will be the same length */
+ if (tr_list_length(new->matches) != tr_list_length(cons->matches)) {
+ new = NULL;
+ goto cleanup; /* at least one dup or add failed */
+ }
+
+ /* success */
+ talloc_steal(mem_ctx, new);
+
+cleanup:
talloc_free(tmp_ctx);
return new;
}
{
json_t *jcons = NULL;
json_t *jmatches = NULL;
- int i = 0;
+ TR_NAME *this_match = NULL;
+ TR_CONSTRAINT_ITER iter = {0};
if ((!cset) || (!cons))
return;
jmatches = json_array();
jcons = json_object();
- for (i = 0; ((i < TR_MAX_CONST_MATCHES) && (NULL != cons->matches[i])); i++) {
- json_array_append_new(jmatches, json_string(cons->matches[i]->buf));
+ for (this_match = tr_constraint_iter_first(&iter, cons);
+ this_match != NULL;
+ this_match = tr_constraint_iter_next(&iter))
+ {
+ json_array_append_new(jmatches, tr_name_to_json_string(this_match));
}
json_object_set_new(jcons, cons->type->buf, jmatches);
return 1;
}
-
/**
* Create a new constraint set containing all constraints from #orig
* with constraint_type #constraint_type and no others. This constraint set is
tr_debug ("tr_constraint_set_filter: not a valid constraint set\n");
return NULL;
}
- assert (new_cs = json_array());
+ new_cs = json_array();
+ assert(new_cs);
json_array_foreach(orig_cset, index, set_member) {
if (json_object_get(set_member, constraint_type))
json_array_append(new_cs, set_member);
domain = constraint_intersect_internal(input, "domain");
realm = constraint_intersect_internal(input, "realm");
}
- assert(result = json_object());
+ result = json_object();
+ assert(result);
if (domain)
json_object_set_new(result, "domain", domain);
if (realm)
json_object_set_new(result, "realm", realm);
- assert(result_array = json_array());
+ result_array = json_array();
+ assert(result_array);
json_array_append_new(result_array, result);
tid_req_cleanup_json(request, result_array);
return (TR_CONSTRAINT_SET *) result_array;
#include <jansson.h>
#include <tr_filter.h>
+#include <tr_constraint_internal.h>
/* helper for below */
#define OBJECT_SET_OR_FAIL(jobj, key, val) \
typedef json_t *(ITEM_ENCODER_FUNC)(void *);
-static json_t *items_to_json_array(void *items[], ITEM_ENCODER_FUNC *item_encoder, size_t max_items)
+enum type_to_array {
+ TYPE_TO_ARRAY_FSPEC,
+ TYPE_TO_ARRAY_CONSTRAINT
+};
+static json_t *tr_names_to_json_array(void *obj, enum type_to_array type)
{
- size_t ii;
json_t *jarray = json_array();
json_t *retval = NULL;
+ TR_FSPEC_ITER fspec_iter = {0};
+ TR_CONSTRAINT_ITER cons_iter = {0};
+ TR_NAME *this_match = NULL;
if (jarray == NULL)
goto cleanup;
- for (ii=0; ii<max_items; ii++) {
- if (items[ii] != NULL)
- ARRAY_APPEND_OR_FAIL(jarray, item_encoder(items[ii]));
- }
- /* success */
- retval = jarray;
- json_incref(retval);
-
-cleanup:
- if (jarray)
- json_decref(jarray);
-
- return retval;
-}
+ switch(type) {
+ case TYPE_TO_ARRAY_FSPEC:
+ this_match = tr_fspec_iter_first(&fspec_iter, (TR_FSPEC *)obj);
+ break;
-static json_t *tr_matches_to_json_array(TR_FSPEC *fspec)
-{
- json_t *jarray = json_array();
- json_t *retval = NULL;
- TR_FSPEC_ITER *iter = tr_fspec_iter_new(NULL);
- TR_NAME *this_match = NULL;
-
- if ((jarray == NULL) || (iter == NULL))
- goto cleanup;
-
- this_match = tr_fspec_iter_first(iter, fspec);
+ case TYPE_TO_ARRAY_CONSTRAINT:
+ this_match = tr_constraint_iter_first(&cons_iter, (TR_CONSTRAINT *)obj);
+ break;
+ }
while(this_match) {
ARRAY_APPEND_OR_FAIL(jarray, tr_name_to_json_string(this_match));
- this_match = tr_fspec_iter_next(iter);
+ switch(type) {
+ case TYPE_TO_ARRAY_FSPEC:
+ this_match = tr_fspec_iter_next(&fspec_iter);
+ break;
+
+ case TYPE_TO_ARRAY_CONSTRAINT:
+ this_match = tr_constraint_iter_next(&cons_iter);
+ break;
+ }
}
/* success */
retval = jarray;
cleanup:
if (jarray)
json_decref(jarray);
- if (iter)
- tr_fspec_iter_free(iter);
return retval;
}
OBJECT_SET_OR_FAIL(fspec_json, "field",
tr_name_to_json_string(fspec->field));
OBJECT_SET_OR_FAIL(fspec_json, "matches",
- tr_matches_to_json_array(fspec));
+ tr_names_to_json_array(fspec, TYPE_TO_ARRAY_FSPEC));
/* succeeded - set the return value and increment the reference count */
retval = fspec_json;
tr_fspecs_to_json_array(fline));
if (fline->realm_cons) {
OBJECT_SET_OR_FAIL(fline_json, "realm_constraints",
- items_to_json_array((void **) fline->realm_cons->matches,
- (ITEM_ENCODER_FUNC *) tr_name_to_json_string,
- TR_MAX_CONST_MATCHES));
+ tr_names_to_json_array(fline->realm_cons, TYPE_TO_ARRAY_CONSTRAINT));
}
if (fline->domain_cons) {
OBJECT_SET_OR_FAIL(fline_json, "domain_constraints",
- items_to_json_array((void **) fline->domain_cons->matches,
- (ITEM_ENCODER_FUNC *) tr_name_to_json_string,
- TR_MAX_CONST_MATCHES));
+ tr_names_to_json_array(fline->domain_cons, TYPE_TO_ARRAY_CONSTRAINT));
}
/* succeeded - set the return value and increment the reference count */
--- /dev/null
+/*
+ * Copyright (c) 2018, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef TRUST_ROUTER_TR_CONSTRAINT_INTERNAL_H
+#define TRUST_ROUTER_TR_CONSTRAINT_INTERNAL_H
+
+#include <talloc.h>
+
+#include <tr_list.h>
+#include <tr_name_internal.h>
+#include <trust_router/tr_constraint.h>
+
+
+struct tr_constraint {
+ TR_NAME *type;
+ TR_LIST *matches;
+};
+
+TR_CONSTRAINT *tr_constraint_new(TALLOC_CTX *mem_ctx);
+void tr_constraint_free(TR_CONSTRAINT *cons);
+TR_CONSTRAINT *tr_constraint_dup(TALLOC_CTX *mem_ctx, TR_CONSTRAINT *cons);
+
+/* Iterator for TR_CONS matches */
+typedef TR_LIST_ITER TR_CONSTRAINT_ITER;
+#define tr_constraint_iter_new(CTX) (tr_list_iter_new(CTX))
+#define tr_constraint_iter_free(ITER) (tr_list_iter_free(ITER))
+#define tr_constraint_iter_first(ITER, CONS) ((TR_NAME *) tr_list_iter_first((ITER), (CONS)->matches))
+#define tr_constraint_iter_next(ITER) ((TR_NAME *) tr_list_iter_next(ITER))
+#define tr_constraint_add_match(CONS, MATCH) ((TR_NAME *) tr_list_add((CONS)->matches, (MATCH), 0))
+
+#endif //TRUST_ROUTER_TR_CONSTRAINT_INTERNAL_H
int tr_fspec_matches(TR_FSPEC *fspec, TR_FILTER_TYPE ftype, TR_FILTER_TARGET *target);
-/* Iterator for TR_FILTER.lines */
+/* Iterator for TR_FILTER lines */
typedef TR_LIST_ITER TR_FILTER_ITER;
#define tr_filter_iter_new(CTX) (tr_list_iter_new(CTX))
#define tr_filter_iter_free(ITER) (tr_list_iter_free(ITER))
#define tr_fspec_iter_next(ITER) (tr_list_iter_next(ITER))
#define tr_fspec_add_match(SPEC, MATCH) ((TR_NAME *) tr_list_add((SPEC)->match, (MATCH), 0))
-/* Iterator for TR_FLINE matches */
+/* Iterator for TR_FLINE specs */
typedef TR_LIST_ITER TR_FLINE_ITER;
#define tr_fline_iter_new(CTX) (tr_list_iter_new(CTX))
#define tr_fline_iter_free(ITER) (tr_list_iter_free(ITER))
*/
#ifndef TR_NAME_INTERNAL_H
+#define TR_NAME_INTERNAL_H
#include<trust_router/tr_name.h>
#include <jansson.h>
int tr_name_cmp_str(const TR_NAME *one, const char *two_str);
int tr_name_prefix_wildcard_match(const TR_NAME *str, const TR_NAME *wc_str);
-#define TR_NAME_INTERNAL_H
-
#endif //TRUST_ROUTER_TR_NAME_INTERNAL_H
#ifndef TR_CONSTRAINT_H
#define TR_CONSTRAINT_H
-#include <talloc.h>
-
#include <trust_router/tr_name.h>
#include <trust_router/tid.h>
-
-#define TR_MAX_CONST_MATCHES 24
-
-
-typedef struct tr_constraint {
- TR_NAME *type;
- TR_NAME *matches[TR_MAX_CONST_MATCHES];
-} TR_CONSTRAINT;
-
-TR_CONSTRAINT *tr_constraint_new(TALLOC_CTX *mem_ctx);
-void tr_constraint_free(TR_CONSTRAINT *cons);
-TR_CONSTRAINT *tr_constraint_dup(TALLOC_CTX *mem_ctx, TR_CONSTRAINT *cons);
+typedef struct tr_constraint TR_CONSTRAINT;
void TR_EXPORT tr_constraint_add_to_set (TR_CONSTRAINT_SET **cs, TR_CONSTRAINT *c);
int TR_EXPORT tr_constraint_set_validate( TR_CONSTRAINT_SET *);
const char * constraint_type,
tr_const_string **output,
size_t *output_len);
-
-
#endif