const FieldRestriction &
FieldBaseImpl::restriction( unsigned entity_rank , const Part & part ) const
{
static const FieldRestriction empty ;
const FieldRestrictionVector & rMap = restrictions();
const FieldRestrictionVector::const_iterator ie = rMap.end() ;
FieldRestrictionVector::const_iterator i ;
const PartVector::const_iterator ipe = part.supersets().end();
PartVector::const_iterator ip = part.supersets().begin() ;
// Start with this part:
//(putting static here helps performance significantly but is NOT THREAD SAFE !!!)
static FieldRestriction restr;
restr.set_entity_rank( entity_rank );
restr.set_part_ordinal( part.mesh_meta_data_ordinal() );
while ( ie == ( i = find( rMap , restr ) ) && ipe != ip ) {
// Not found try another superset part:
restr.set_entity_rank( entity_rank );
restr.set_part_ordinal( (*ip)->mesh_meta_data_ordinal() );
++ip ;
}
return ie == i ? empty : *i ;
}
void TLS::Callbacks::tls_verify_cert_chain(
const std::vector<X509_Certificate>& cert_chain,
const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_responses,
const std::vector<Certificate_Store*>& trusted_roots,
Usage_Type usage,
const std::string& hostname,
const TLS::Policy& policy)
{
if(cert_chain.empty())
throw Invalid_Argument("Certificate chain was empty");
Path_Validation_Restrictions restrictions(policy.require_cert_revocation_info(),
policy.minimum_signature_strength());
Path_Validation_Result result =
x509_path_validate(cert_chain,
restrictions,
trusted_roots,
(usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),
usage,
std::chrono::system_clock::now(),
tls_verify_cert_chain_ocsp_timeout(),
ocsp_responses);
if(!result.successful_validation())
{
throw TLS_Exception(Alert::BAD_CERTIFICATE,
"Certificate validation failure: " + result.result_string());
}
}
void FieldBaseImpl::verify_and_clean_restrictions(
const char * arg_method ,
const Part& superset,
const Part& subset,
const PartVector & arg_all_parts )
{
TraceIfWatching("stk::mesh::impl::FieldBaseImpl::verify_and_clean_restrictions", LOG_FIELD, m_ordinal);
FieldRestrictionVector & restrs = restrictions();
//Check whether both 'superset' and 'subset' are in this field's restrictions.
//If they are, make sure they are compatible and remove the subset restriction.
FieldRestrictionVector::iterator superset_restriction = restrs.end();
FieldRestrictionVector::iterator subset_restriction = restrs.end();
for (FieldRestrictionVector::iterator i = restrs.begin() ; i != restrs.end() ; ++i ) {
if (i->part_ordinal() == superset.mesh_meta_data_ordinal()) {
superset_restriction = i;
if (subset_restriction != restrs.end() && subset_restriction->entity_rank() == superset_restriction->entity_rank()) break;
}
if (i->part_ordinal() == subset.mesh_meta_data_ordinal()) {
subset_restriction = i;
if (superset_restriction != restrs.end() && subset_restriction->entity_rank() == superset_restriction->entity_rank()) break;
}
}
if (superset_restriction != restrs.end() && subset_restriction != restrs.end() &&
superset_restriction->entity_rank() == subset_restriction->entity_rank()) {
ThrowErrorMsgIf( superset_restriction->not_equal_stride(*subset_restriction),
"Incompatible field restrictions for parts "<<superset.name()<<" and "<<subset.name());
restrs.erase(subset_restriction);
}
}
TEST(hackrestrict, ReturnsCorrectDefaultRestrictions) {
sockaddr_u sockaddr = create_sockaddr_u(54321, "63.161.169.137");
u_short retval = restrictions(&sockaddr);
TEST_ASSERT_EQUAL(0, retval);
}
TEST(hackrestrict, CantRemoveDefaultEntry) {
sockaddr_u resaddr = create_sockaddr_u(54321, "0.0.0.0");
sockaddr_u resmask = create_sockaddr_u(54321, "0.0.0.0");
hack_restrict(RESTRICT_REMOVE, &resaddr, &resmask, 0, 0, 0);
TEST_ASSERT_EQUAL(0, restrictions(&resaddr));
}
void
test_ReturnsCorrectDefaultRestrictions(void) {
sockaddr_u sockaddr = create_sockaddr_u(AF_INET,
54321, "63.161.169.137");
u_short retval = restrictions(&sockaddr);
TEST_ASSERT_EQUAL(0, retval);
}
void
test_CantRemoveDefaultEntry(void) {
sockaddr_u resaddr = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
sockaddr_u resmask = create_sockaddr_u(AF_INET, 54321, "0.0.0.0");
hack_restrict(RESTRICT_REMOVE, &resaddr, &resmask, 0, 0, 0);
TEST_ASSERT_EQUAL(0, restrictions(&resaddr));
}
TEST(hackrestrict, RestrictUnflagWorks) {
sockaddr_u resaddr = create_sockaddr_u(54321, "11.22.30.20");
sockaddr_u resmask = create_sockaddr_u(54321, "255.255.0.0");
hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, 0, 11, 0);
hack_restrict(RESTRICT_UNFLAG, &resaddr, &resmask, 0, 10, 0);
TEST_ASSERT_EQUAL(1, restrictions(&resaddr));
}
TEST(hackrestrict, AddingNewRestriction) {
sockaddr_u resaddr = create_sockaddr_u(54321, "11.22.33.44");
sockaddr_u resmask = create_sockaddr_u(54321, "128.0.0.0");
const u_short flags = 42;
hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, 0, flags, 0);
TEST_ASSERT_EQUAL(flags, restrictions(&resaddr));
}
TEST(hackrestrict, HackingDefaultRestriction) {
/*
* We change the flag of the default restriction,
* and check if restriction() returns that flag
*/
const u_short flags = 42;
sockaddr_u resaddr = create_sockaddr_u(54321, "0.0.0.0");
sockaddr_u resmask = create_sockaddr_u(54321, "0.0.0.0");
hack_restrict(RESTRICT_FLAGS, &resaddr, &resmask, 0, flags, 0);
sockaddr_u sockaddr = create_sockaddr_u(54321, "111.123.251.124");
TEST_ASSERT_EQUAL(flags, restrictions(&sockaddr));
}
unsigned FieldBaseImpl::max_size( unsigned entity_rank ) const
{
unsigned max = 0 ;
const FieldRestrictionVector & rMap = restrictions();
const FieldRestrictionVector::const_iterator ie = rMap.end() ;
FieldRestrictionVector::const_iterator i = rMap.begin();
for ( ; i != ie ; ++i ) {
if ( i->entity_rank() == entity_rank ) {
const unsigned len = m_field_rank ? i->stride( m_field_rank - 1 ) : 1 ;
if ( max < len ) { max = len ; }
}
}
return max ;
}
TEST(hackrestrict, TheMostFittingRestrictionIsMatched) {
sockaddr_u resaddr_target = create_sockaddr_u(54321, "11.22.33.44");
sockaddr_u resaddr_not_matching = create_sockaddr_u(54321, "11.99.33.44");
sockaddr_u resmask_not_matching = create_sockaddr_u(54321, "255.255.0.0");
sockaddr_u resaddr_best_match = create_sockaddr_u(54321, "11.22.30.20");
sockaddr_u resmask_best_match = create_sockaddr_u(54321, "255.255.0.0");
/* it also matches, but we prefer the one above, as it's more specific */
sockaddr_u resaddr_second_match = create_sockaddr_u(54321, "11.99.33.44");
sockaddr_u resmask_second_match = create_sockaddr_u(54321, "255.0.0.0");
hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, 0, 11, 0);
hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, 0, 22, 0);
hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, 0, 128, 0);
TEST_ASSERT_EQUAL(22, restrictions(&resaddr_target));
}
void ChannelData::setRestrictedRights(const MTPChannelBannedRights &rights) {
if (rights.c_channelBannedRights().vflags.v == restrictions()
&& rights.c_channelBannedRights().vuntil_date.v == _restrictedUntill) {
return;
}
_restrictedUntill = rights.c_channelBannedRights().vuntil_date.v;
_restrictions.set(rights.c_channelBannedRights().vflags.v);
if (isMegagroup()) {
if (hasRestrictions()) {
if (!amCreator()) {
auto me = MegagroupInfo::Restricted { rights };
mgInfo->lastRestricted.emplace(App::self(), me);
}
mgInfo->lastAdmins.remove(App::self());
Data::ChannelAdminChanges(this).feed(Auth().userId(), false);
} else {
mgInfo->lastRestricted.remove(App::self());
}
}
Notify::peerUpdatedDelayed(this, UpdateFlag::ChannelRightsChanged | UpdateFlag::AdminsChanged | UpdateFlag::BannedUsersChanged);
}
TEST(hackrestrict, DeletedRestrictionIsNotMatched) {
sockaddr_u resaddr_target = create_sockaddr_u(54321, "11.22.33.44");
sockaddr_u resaddr_not_matching = create_sockaddr_u(54321, "11.99.33.44");
sockaddr_u resmask_not_matching = create_sockaddr_u(54321, "255.255.0.0");
sockaddr_u resaddr_best_match = create_sockaddr_u(54321, "11.22.30.20");
sockaddr_u resmask_best_match = create_sockaddr_u(54321, "255.255.0.0");
sockaddr_u resaddr_second_match = create_sockaddr_u(54321, "11.99.33.44");
sockaddr_u resmask_second_match = create_sockaddr_u(54321, "255.0.0.0");
hack_restrict(RESTRICT_FLAGS, &resaddr_not_matching, &resmask_not_matching, 0, 11, 0);
hack_restrict(RESTRICT_FLAGS, &resaddr_best_match, &resmask_best_match, 0, 22, 0);
hack_restrict(RESTRICT_FLAGS, &resaddr_second_match, &resmask_second_match, 0, 128, 0);
/* deleting the best match*/
hack_restrict(RESTRICT_REMOVE, &resaddr_best_match, &resmask_best_match, 0, 22, 0);
TEST_ASSERT_EQUAL(128, restrictions(&resaddr_target));
}
void FieldBaseImpl::insert_restriction(
const char * arg_method ,
EntityRank arg_entity_rank ,
const Part & arg_part ,
const unsigned * arg_stride,
const void* arg_init_value )
{
TraceIfWatching("stk::mesh::impl::FieldBaseImpl::insert_restriction", LOG_FIELD, m_ordinal);
FieldRestriction tmp( arg_entity_rank , arg_part.mesh_meta_data_ordinal() );
{
unsigned i = 0 ;
if ( m_field_rank ) {
for ( i = 0 ; i < m_field_rank ; ++i ) { tmp.stride(i) = arg_stride[i] ; }
}
else { // Scalar field is 0 == m_field_rank
i = 1 ;
tmp.stride(0) = 1 ;
}
// Remaining dimensions are 1, no change to stride
for ( ; i < MaximumFieldDimension ; ++i ) {
tmp.stride(i) = tmp.stride(i-1) ;
}
for ( i = 1 ; i < m_field_rank ; ++i ) {
const bool bad_stride = 0 == tmp.stride(i) ||
0 != tmp.stride(i) % tmp.stride(i-1);
ThrowErrorMsgIf( bad_stride,
arg_method << " FAILED for " << *this <<
" WITH BAD STRIDE " <<
print_restriction( tmp, arg_entity_rank, arg_part, m_field_rank ));;
}
}
if (arg_init_value != NULL) {
//insert_restriction can be called multiple times for the same field, giving
//the field different lengths on different mesh-parts.
//We will only store one initial-value array, we need to store the one with
//maximum length for this field so that it can be used to initialize data
//for all field-restrictions. For the parts on which the field is shorter,
//a subset of the initial-value array will be used.
//
//We want to end up storing the longest arg_init_value array for this field.
//
//Thus, we call set_initial_value only if the current length is longer
//than what's already been stored.
//length in bytes is num-scalars X sizeof-scalar:
size_t num_scalars = 1;
//if rank > 0, then field is not a scalar field, so num-scalars is
//obtained from the stride array:
if (m_field_rank > 0) num_scalars = tmp.stride(m_field_rank-1);
size_t sizeof_scalar = m_data_traits.size_of;
size_t nbytes = sizeof_scalar * num_scalars;
size_t old_nbytes = 0;
if (get_initial_value() != NULL) {
old_nbytes = get_initial_value_num_bytes();
}
if (nbytes > old_nbytes) {
set_initial_value(arg_init_value, num_scalars, nbytes);
}
}
{
FieldRestrictionVector & restrs = restrictions();
FieldRestrictionVector::iterator restr = restrs.begin();
FieldRestrictionVector::iterator last_restriction = restrs.end();
restr = std::lower_bound(restr,last_restriction,tmp);
const bool new_restriction = ( ( restr == last_restriction ) || !(*restr == tmp) );
if ( new_restriction ) {
// New field restriction, verify we are not committed:
ThrowRequireMsg(!m_meta_data->is_commit(), "mesh MetaData has been committed.");
unsigned num_subsets = 0;
for(FieldRestrictionVector::iterator i=restrs.begin(), iend=restrs.end(); i!=iend; ++i) {
if (i->entity_rank() != arg_entity_rank) continue;
const Part& partI = *m_meta_data->get_parts()[i->part_ordinal()];
bool found_subset = contain(arg_part.subsets(), partI);
if (found_subset) {
ThrowErrorMsgIf( i->not_equal_stride(tmp),
arg_method << " FAILED for " << *this << " " <<
print_restriction( *i, arg_entity_rank, arg_part, m_field_rank ) <<
" WITH INCOMPATIBLE REDECLARATION " <<
print_restriction( tmp, arg_entity_rank, arg_part, m_field_rank ));
*i = tmp;
++num_subsets;
}
bool found_superset = contain(arg_part.supersets(), partI);
if (found_superset) {
ThrowErrorMsgIf( i->not_equal_stride(tmp),
arg_method << " FAILED for " << *this << " " <<
print_restriction( *i, arg_entity_rank, arg_part, m_field_rank ) <<
" WITH INCOMPATIBLE REDECLARATION " <<
print_restriction( tmp, arg_entity_rank, arg_part, m_field_rank ));
//if there's already a restriction for a superset of this part, then
//there's nothing to do and we're out of here..
return;
}
}
if (num_subsets == 0) {
restrs.insert( restr , tmp );
}
else {
//if subsets were found, we replaced them with the new restriction. so now we need
//to sort and unique the vector, and trim it to remove any duplicates:
std::sort(restrs.begin(), restrs.end());
FieldRestrictionVector::iterator it = std::unique(restrs.begin(), restrs.end());
restrs.resize(it - restrs.begin());
}
}
else {
ThrowErrorMsgIf( restr->not_equal_stride(tmp),
arg_method << " FAILED for " << *this << " " <<
print_restriction( *restr, arg_entity_rank, arg_part, m_field_rank ) <<
" WITH INCOMPATIBLE REDECLARATION " <<
print_restriction( tmp, arg_entity_rank, arg_part, m_field_rank ));
}
}
}