Beispiel #1
0
/**
 * Destroy the eudoxus state when the transaction is complete.
 *
 * After the transaction is complete iterate over all of the states create
 * during the transaction and destroy them.
 *
 * @param[in] ib IronBee engine.
 * @param[in] tx Current transaction.
 * @param[in] state State (should always be @ref tx_finished_state)
 * @param[in] cbdata Callback data -- pointer to this module (@ref ib_module_t).
 *
 * @returns IB_OK on success.
 */
static
ib_status_t ee_tx_finished_handler(ib_engine_t *ib,
                                   ib_tx_t *tx,
                                   ib_state_t state,
                                   void *cbdata)
{
    ib_status_t rc;
    ib_hash_t *hash;
    ib_mpool_lite_t* mpl;
    ib_mm_t mm;
    const ib_module_t *m = (const ib_module_t *)cbdata;
    ee_tx_data_t *data;
    ib_hash_iterator_t *iterator;

    rc = ib_tx_get_module_data(tx, m, &hash);
    if (rc == IB_ENOENT) {
        /* Nothing to do. */
        return IB_OK;
    }
    if (rc != IB_OK || hash == NULL) {
        return rc;
    }

    rc = ib_mpool_lite_create(&mpl);
    if (rc != IB_OK) {
        return rc;
    }
    mm = ib_mm_mpool_lite(mpl);

    iterator = ib_hash_iterator_create(mm);
    if (iterator == NULL) {
        ib_mpool_lite_destroy(mpl);
        return IB_EALLOC;
    }
    for (
        ib_hash_iterator_first(iterator, hash);
        ! ib_hash_iterator_at_end(iterator);
        ib_hash_iterator_next(iterator)
    ) {
        ib_hash_iterator_fetch(NULL, NULL, &data, iterator);
        if (data->eudoxus_state != NULL) {
            ia_eudoxus_destroy_state(data->eudoxus_state);
            data->eudoxus_state = NULL;
        }
    }

    ib_mpool_lite_destroy(mpl);

    return IB_OK;
}
Beispiel #2
0
/**
 * Release resources when the module is unloaded.
 *
 * All eudoxus engines created by the LoadEudoxus directive are destroyed.
 *
 * @param[in] ib Ironbee engine.
 * @param[in] m Module instance.
 * @param[in] cbdata Not used.
 */
static
ib_status_t ee_module_finish(ib_engine_t *ib,
                             ib_module_t *m,
                             void        *cbdata)
{
    ib_status_t rc;
    ia_eudoxus_t *eudoxus;
    ib_mpool_lite_t *pool;
    const ee_config_t *config = ee_get_config(ib);
    ib_hash_t *eudoxus_pattern_hash;
    ib_hash_iterator_t *iterator;

    if (
        config                       == NULL ||
        config->eudoxus_pattern_hash == NULL
    ) {
        return IB_OK;
    }

    eudoxus_pattern_hash = config->eudoxus_pattern_hash;

    rc = ib_mpool_lite_create(&pool);
    if (rc != IB_OK) {
        return rc;
    }

    iterator = ib_hash_iterator_create(ib_mm_mpool_lite(pool));
    if (iterator == NULL) {
        ib_mpool_lite_destroy(pool);
        return IB_EALLOC;
    }
    for (
        ib_hash_iterator_first(iterator, eudoxus_pattern_hash);
        ! ib_hash_iterator_at_end(iterator);
        ib_hash_iterator_next(iterator)
    ) {
        ib_hash_iterator_fetch(NULL, NULL, &eudoxus, iterator);
        if (eudoxus != NULL) {
            ia_eudoxus_destroy(eudoxus);
        }
    }
    ib_hash_clear(eudoxus_pattern_hash);
    ib_mpool_lite_destroy(pool);

    return IB_OK;
}
Beispiel #3
0
/**
 * Destroy the eudoxus state when the transaction is complete.
 *
 * After the transaction is complete iterate over all of the states create
 * during the transaction and destroy them.
 *
 * @param[in] ib IronBee engine.
 * @param[in] tx Current transaction.
 * @param[in] event Event type (should always be @ref tx_finished_event)
 * @param[in] cbdata Callback data -- pointer to this module (@ref ib_module_t).
 *
 * @returns IB_OK on success.
 */
static
ib_status_t ee_tx_finished_handler(ib_engine_t *ib,
                                   ib_tx_t *tx,
                                   ib_state_event_type_t event,
                                   void *cbdata)
{
    ib_status_t rc;
    ib_hash_t *hash;
    ib_mpool_t *pool;
    const ib_module_t *m = (const ib_module_t *)cbdata;
    ia_eudoxus_state_t *state;
    ib_hash_iterator_t *iterator;

    rc = ib_tx_get_module_data(tx, m, &hash);
    if (rc != IB_OK || hash == NULL) {
        return rc;
    }

    rc = ib_mpool_create(&pool, "temp", NULL);
    if (rc != IB_OK) {
        return rc;
    }

    iterator = ib_hash_iterator_create(pool);
    if (iterator == NULL) {
        ib_mpool_destroy(pool);
        return IB_EALLOC;
    }
    for (
        ib_hash_iterator_first(iterator, hash);
        ! ib_hash_iterator_at_end(iterator);
        ib_hash_iterator_next(iterator)
    ) {
        ib_hash_iterator_fetch(NULL, NULL, &state, iterator);
        if (state != NULL) {
            ia_eudoxus_destroy_state(state);
            state = NULL;
        }
    }

    ib_mpool_destroy(pool);

    return IB_OK;
}
Beispiel #4
0
/**
 * Main identity handler.  Called both on request_header_finished and
 * request_finished: the configured provider decides which state to
 * run on, and skips (returns immediately) on the other state.
 *
 * If configured mode is "Off", just returns.  Otherwise calls provider's
 * check_id function to check and log user ID. Optionally cycles through
 * other providers.  Finally, if client is not identified and mode is
 * "Require", calls provider's challenge function to ask client to
 * identify (e.g. HTTP 401).
 *
 * @param ib The engine
 * @param tx The transaction
 * @param state State that triggered the call
 * @param cbdata Unused
 */
static ib_status_t ident_handler(ib_engine_t *ib, ib_tx_t *tx,
                                 ib_state_t state,
                                 void *cbdata)
{
    ident_cfg_t *cfg;
    const char *userid = NULL;
    ib_ident_provider_t *provider;
    ib_status_t rc;
    ib_module_t *m;

    assert(state == request_header_finished_state || state == request_finished_state);

    rc = ib_engine_module_get(ib, MODULE_NAME_STR, &m);
    assert((rc == IB_OK) && (m != NULL));
    rc = ib_context_module_config(ib_context_main(ib), m, &cfg);
    assert((rc == IB_OK) && (cfg != NULL));

    if (cfg->mode == ident_off) {
        return IB_OK;
    }
    if (cfg->type != NULL && cfg->providers != NULL) {
        rc = ib_hash_get(cfg->providers, &provider, cfg->type);
        if (rc != IB_OK || provider == NULL) {
            ib_log_error_tx(tx, "Identifier '%s' configured but not available", cfg->type);
            provider = &ident_dummy_provider;
        }
    }
    else {
        ib_log_error_tx(tx, "Ident module loaded but not configured!");
        provider = &ident_dummy_provider;
    }

    if (provider->state != state) {
        /* This provider doesn't check now */
        return IB_OK;
    }

    /* OK, ident is on.  Verify if there is a user ID */
    userid = provider->check_id(tx);

    if (userid == NULL && cfg->accept_any && cfg->providers != NULL) {
        ib_hash_iterator_t *iterator = ib_hash_iterator_create(tx->mm);
        ib_ident_provider_t *p;
        for (ib_hash_iterator_first(iterator, cfg->providers);
             !userid && !ib_hash_iterator_at_end(iterator);
             ib_hash_iterator_next(iterator)) {
            ib_hash_iterator_fetch(NULL, NULL, &p, iterator);
            /* configured provider already checked - so skip it now */
            if (p->check_id != provider->check_id) {
                userid = p->check_id(tx);
            }
        }
    }

    if (userid != NULL) {
        ib_log_info(ib, "User identified as %s", userid);
        return IB_OK;
    }

    /* If we haven't configured an ident type, don't enforce */
    if (cfg->type == NULL) {
        return IB_OK;
    }

    /* If we're enforcing ident, send a challenge */
    return provider->challenge(tx);
}
Beispiel #5
0
 //! Increment iterator.
 void increment()
 {
     if (! m_at_end && ! ib_hash_iterator_at_end(m_iter)) {
         ib_hash_iterator_next(m_iter);
     }
 }