From b6e3a521812b9e3ad49fccfb5f224e83b0bf80a0 Mon Sep 17 00:00:00 2001 From: Margaret Wasserman Date: Tue, 9 Jul 2013 15:10:11 -0400 Subject: [PATCH] Update config code and config files to fully parse rp_client rp_permitted filters. --- common/tr_config.c | 61 ++++++++++++++++++++++++++++-- include/tr_rp.h | 1 + tr/portal.cfg | 109 +---------------------------------------------------- 3 files changed, 60 insertions(+), 111 deletions(-) diff --git a/common/tr_config.c b/common/tr_config.c index 9e622fe..5648028 100644 --- a/common/tr_config.c +++ b/common/tr_config.c @@ -94,6 +94,13 @@ static TR_RP_CLIENT *tr_cfg_parse_one_rp_client (TR_INSTANCE *tr, json_t *jrp, T { TR_RP_CLIENT *rp = NULL; json_t *jgns = NULL; + json_t *jfilt = NULL; + json_t *jfls = NULL; + json_t *jftype = NULL; + json_t *jfact = NULL; + json_t *jfspecs = NULL; + json_t *jffield = NULL; + json_t *jfrealm = NULL; int i = 0; if ((!jrp) || (!rc)) { @@ -110,10 +117,11 @@ static TR_RP_CLIENT *tr_cfg_parse_one_rp_client (TR_INSTANCE *tr, json_t *jrp, T } memset(rp, 0, sizeof(TR_RP_CLIENT)); - - /* TBD parse filters and constraints */ - if ((NULL == (jgns = json_object_get(jrp, "gss_names"))) || + if ((NULL == (jfilt = json_object_get(jrp, "filter"))) || + (NULL == (jfls = json_object_get(jfilt, "filter_lines"))) || + (!json_is_array(jfls)) || + (NULL == (jgns = json_object_get(jrp, "gss_names"))) || (!json_is_array(jgns))) { fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing RP client configuration.\n"); free(rp); @@ -121,6 +129,51 @@ static TR_RP_CLIENT *tr_cfg_parse_one_rp_client (TR_INSTANCE *tr, json_t *jrp, T return NULL; } + if (0 == json_array_size(jfls)) { + fprintf(stderr, "tr_cfg_parse_one_rp_client: RP Client has no filter lines.\n"); + *rc = TR_CFG_NOPARSE; + return NULL; + } + + if ((NULL == (jftype = json_object_get(jfilt, "type"))) || + (!json_is_string(jftype)) || + (strcmp(json_string_value(jftype), "rp_permitted"))) { + fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing RP client filter type.\n"); + *rc = TR_CFG_NOPARSE; + return NULL; + } + + + /* Right now, we only accept one type of filter, and we only care + * about one per rp_client. */ + if ((NULL == (jfact = json_object_get(json_array_get(jfls, 0), "action"))) || + (!json_is_string(jfact)) || + (strcmp(json_string_value(jfact), "accept"))) { + fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing RP client filter action.\n"); + *rc = TR_CFG_NOPARSE; + return NULL; + } + + if ((NULL == (jfspecs = json_object_get(json_array_get(jfls, 0), "filter_specs"))) || + (!json_is_array(jfspecs)) || + (0 == json_array_size(jfspecs))) { + fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing RP client filter specs.\n"); + *rc = TR_CFG_NOPARSE; + return NULL; + } + + if ((NULL == (jffield = json_object_get(json_array_get(jfspecs, 0), "field"))) || + (!json_is_string(jffield)) || + (strcmp(json_string_value(jffield), "rp_realm")) || + (NULL == (jfrealm = json_object_get(json_array_get(jfspecs, 0), "match"))) || + (!json_is_string(jfrealm))) { + fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing RP client filter field and match.\n"); + *rc = TR_CFG_NOPARSE; + return NULL; + } + + rp->rp_match = tr_new_name(json_string_value(jfrealm)); + if (0 == json_array_size(jgns)) { fprintf(stderr, "tr_cfg_parse_one_rp_client: RP Client has no GSS Names.\n"); *rc = TR_CFG_NOPARSE; @@ -164,7 +217,7 @@ static TR_CFG_RC tr_cfg_parse_rp_clients (TR_INSTANCE *tr, json_t *jcfg) { &rc))) { return rc; } - fprintf(stderr, "tr_cfg_parse_rp_clients: RP client configured: %s.\n", rp->gss_names[0]->buf); + fprintf(stderr, "tr_cfg_parse_rp_clients: RP client configured -- first gss: %s, rp_realm: %s\n", rp->gss_names[0]->buf, rp->rp_match->buf); rp->next = tr->new_cfg->rp_clients; tr->new_cfg->rp_clients = rp; } diff --git a/include/tr_rp.h b/include/tr_rp.h index afb4175..3eb94c6 100644 --- a/include/tr_rp.h +++ b/include/tr_rp.h @@ -40,6 +40,7 @@ typedef struct tr_rp_client { struct tr_rp_client *next; struct tr_rp_client *comm_next; + TR_NAME *rp_match; TR_NAME *gss_names[TR_MAX_GSS_NAMES]; // TR_FILTER *filters; } TR_RP_CLIENT; diff --git a/tr/portal.cfg b/tr/portal.cfg index b096938..9044e5a 100644 --- a/tr/portal.cfg +++ b/tr/portal.cfg @@ -64,7 +64,7 @@ "filter_specs": [ { "field": "rp_realm", - "rp_realm": "*.exchange.ja.net" + "match": "*.exchange.ja.net" } ], "realm_constraints": [] @@ -85,112 +85,7 @@ "filter_specs": [ { "field": "rp_realm", - "rp_realm": "*.sr3.offcenter.org" - } - ], - "realm_constraints": [] - } - ], - "type": "rp_permitted" - }, - "gss_names": [ - "this.is.a.dandy.gss.name@creds.portal.ja.net" - ] - }, - { - "filter": { - "filter_lines": [ - { - "action": "accept", - "domain_constraints": [], - "filter_specs": [ - { - "field": "rp_realm", - "rp_realm": "*.shell.ja.net" - } - ], - "realm_constraints": [] - } - ], - "type": "rp_permitted" - }, - "gss_names": [ - "this.is.a.dandy.gss.name@creds.portal.ja.net" - ] - }, - { - "filter": { - "filter_lines": [ - { - "action": "accept", - "domain_constraints": [], - "filter_specs": [ - { - "field": "rp_realm", - "rp_realm": "*.sr2.offcenter.org" - } - ], - "realm_constraints": [] - } - ], - "type": "rp_permitted" - }, - "gss_names": [ - "this.is.a.dandy.gss.name@creds.portal.ja.net" - ] - }, - { - "filter": { - "filter_lines": [ - { - "action": "accept", - "domain_constraints": [], - "filter_specs": [ - { - "field": "rp_realm", - "rp_realm": "*.sr1.offcenter.org" - } - ], - "realm_constraints": [] - } - ], - "type": "rp_permitted" - }, - "gss_names": [ - "this.is.a.dandy.gss.name@creds.portal.ja.net" - ] - }, - { - "filter": { - "filter_lines": [ - { - "action": "accept", - "domain_constraints": [], - "filter_specs": [ - { - "field": "rp_realm", - "rp_realm": "*.sr4.offcenter.org" - } - ], - "realm_constraints": [] - } - ], - "type": "rp_permitted" - }, - "gss_names": [ - "this.is.a.dandy.gss.name@creds.portal.ja.net" - ] - }, - { - "filter": { - "filter_lines": [ - { - "action": "accept", - "domain_constraints": [], - "filter_specs": [ - { - "field": "rp_realm", - "rp_realm": "*.billing.ja.net" + "match": "*.sr3.offcenter.org" } ], "realm_constraints": [] -- 2.1.4