Exemple #1
0
/**
 * Return the per-transaction data for use with the dfa operator.
 *
 * @param[in] m PCRE module.
 * @param[in,out] tx Transaction to store the value in.
 * @param[in] id The operator identifier used to get it's workspace.
 * @param[out] workspace Retrieved.
 *
 * @returns
 *   - IB_OK on success.
 *   - IB_ENOENT if the structure does not exist. Call alloc_dfa_tx_data then.
 *   - IB_EALLOC on an allocation error.
 */
static
ib_status_t get_dfa_tx_data(
    const ib_module_t  *m,
    ib_tx_t            *tx,
    const char         *id,
    dfa_workspace_t   **workspace
)
{
    assert(tx);
    assert(tx->mp);
    assert(id);
    assert(workspace);

    ib_hash_t *hash;
    ib_status_t rc;

    rc = get_or_create_operator_data_hash(m, tx, &hash);
    if (rc != IB_OK) {
        return rc;
    }

    rc = ib_hash_get(hash, workspace, id);
    if (rc != IB_OK) {
        *workspace = NULL;
    }

    return rc;
}
Exemple #2
0
ib_status_t ib_cfgmap_set(ib_cfgmap_t *cm,
                          const char *name,
                          void *pval)
{
    IB_FTRACE_INIT(ib_cfgmap_set);
    ib_field_t *f;
    ib_status_t rc;

    rc = ib_hash_get(cm->hash, name, (void *)&f);
    if (rc != IB_OK) {
        IB_FTRACE_RET_STATUS(rc);
    }

    rc = ib_field_setv(f, pval);

    /// @todo Remove this extra debugging
    switch (f->type) {
        case IB_FTYPE_BYTESTR:
            ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=\"%" IB_BYTESTR_FMT "\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), IB_BYTESTR_FMT_PARAM(*(ib_bytestr_t **)pval), *(void **)pval);
            break;
        case IB_FTYPE_NULSTR:
            ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=\"%s\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(char **)pval, *(void **)pval);
            break;
        case IB_FTYPE_NUM:
            ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(int *)pval, *(void **)pval);
            break;
        case IB_FTYPE_UNUM:
            ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(unsigned int *)pval, *(void **)pval);
            break;
    }

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #3
0
ib_status_t ib_config_block_process(ib_cfgparser_t *cp,
                                    const char *name)
{
    IB_FTRACE_INIT(ib_config_block_process);
    ib_engine_t *ib = cp->ib;
    ib_dirmap_init_t *rec;
    ib_status_t rc;

    /* Finished with this block. */
    rc = ib_cfgparser_block_pop(cp, NULL);
    if (rc != IB_OK) {
        return rc;
    }

    rc = ib_hash_get(ib->dirmap, name, (void *)&rec);
    if (rc != IB_OK) {
        IB_FTRACE_RET_STATUS(rc);
    }

    rc = IB_OK;
    switch (rec->type) {
        case IB_DIRTYPE_SBLK1:
            if (rec->fn_blkend != NULL) {
                rc = rec->fn_blkend(cp, name, rec->cbdata);
            }
            break;
        default:
            rc = IB_EINVAL;
    }

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #4
0
/**
 * Return the per-transaction data for use with the dfa operator.
 *
 * @param[in,out] tx Transaction to store the value in.
 * @param[in] id The operator identifier used to get it's workspace.
 * @param[out] workspace Retrieved.
 *
 * @returns
 *   - IB_OK on success.
 *   - IB_ENOENT if the structure does not exist. Call alloc_dfa_tx_data then.
 *   - IB_EALLOC on an allocation error.
 */
static ib_status_t get_dfa_tx_data(ib_tx_t *tx,
                                   const char *id,
                                   dfa_workspace_t **workspace)
{
    IB_FTRACE_INIT();

    assert(tx);
    assert(tx->mp);
    assert(id);
    assert(workspace);

    ib_hash_t *rule_data;
    ib_status_t rc;

    rc = get_or_create_rule_data_hash(tx, &rule_data);
    if (rc != IB_OK) {
        IB_FTRACE_RET_STATUS(rc);
    }

    rc = ib_hash_get(rule_data, workspace, id);
    if (rc != IB_OK) {
        *workspace = NULL;
    }

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #5
0
/**
 * Perf Stats Stop Event txdata Callback.
 *
 * Called at the end of an event.
 *
 * @param[in] ib IronBee object.
 * @param[in] tx Transaction object.
 * @param[in] event Event type.
 * @param[in] param Callback data which differs based on hook type.
 * @param[in] cbdata Callback data: actually an perf_info_t describing the
 *            event.
 */
static ib_status_t mod_perf_stats_event_stop_txdata_callback(
    ib_engine_t *ib,
    ib_tx_t *tx,
    ib_state_event_type_t event,
    ib_txdata_t* txdata,
    void *cbdata
)
{

    IB_FTRACE_INIT();

    event_info_t *eventp = (event_info_t *)cbdata;
    perf_info_t *perf_info;

    ib_status_t rc = ib_hash_get(
        tx->conn->data,
        &perf_info,
        "MOD_PERF_STATS"
    );
    if (rc != IB_OK) {
        perf_info = NULL;
    }

    mod_perf_stats_event_stop(ib, eventp, perf_info);

    IB_FTRACE_RET_STATUS(IB_OK);
}
Exemple #6
0
/**
 * Create an instance of the @c ee_match_any operator.
 *
 * Looks up the automata name and adds the automata to the operator instance.
 *
 * @param[in] ctx Current context.
 * @param[in] parameters Automata name.
 * @param[out] instance_data Instance data.
 * @param[in] cbdata Callback data.
 */
static
ib_status_t ee_match_any_operator_create(
    ib_context_t *ctx,
    const char   *parameters,
    void         *instance_data,
    void         *cbdata
)
{
    assert(ctx != NULL);
    assert(parameters != NULL);
    assert(instance_data != NULL);

    ib_status_t rc;
    ia_eudoxus_t* eudoxus;
    ee_operator_data_t *operator_data;
    ib_module_t *module;
    ib_engine_t *ib = ib_context_get_engine(ctx);
    ib_mpool_t *pool = ib_context_get_mpool(ctx);
    const ee_config_t *config = ee_get_config(ib);
    const ib_hash_t *eudoxus_pattern_hash;

    assert(config != NULL);
    assert(config->eudoxus_pattern_hash != NULL);

    /* Get my module object */
    rc = ib_engine_module_get(ib, MODULE_NAME_STR, &module);
    if (rc != IB_OK) {
        ib_log_error(ib, "Failed to get eudoxus operator module object: %s",
                     ib_status_to_string(rc));
        return rc;
    }
    /* Allocate a rule data object, populate it */
    operator_data = ib_mpool_alloc(pool, sizeof(*operator_data));
    if (operator_data == NULL) {
        return IB_EALLOC;
    }

    eudoxus_pattern_hash = config->eudoxus_pattern_hash;

    rc = ib_hash_get(eudoxus_pattern_hash, &eudoxus, parameters);
    if (rc == IB_ENOENT ) {
        ib_log_error(ib,
                     MODULE_NAME_STR ": No eudoxus automata named %s found.",
                     parameters);
        return rc;
    }
    else if (rc != IB_OK) {
        ib_log_error(ib,
                     MODULE_NAME_STR ": Error setting up eudoxus automata operator.");
        return rc;
    }

    operator_data->eudoxus = eudoxus;
    *(ee_operator_data_t **)instance_data = operator_data;
    ib_log_debug(ib, "Found compiled eudoxus pattern \"%s\"", parameters);

    return IB_OK;
}
Exemple #7
0
ib_status_t ib_action_inst_create_ex(
    ib_engine_t *ib,
    const char *name,
    const char *parameters,
    ib_action_inst_t **act_inst)
{
    assert(ib != NULL);
    assert(name != NULL);

    ib_hash_t *action_hash = ib->actions;
    ib_action_t *action;
    ib_status_t rc;
    ib_mpool_t *mpool = ib_engine_pool_main_get(ib);

    assert(mpool != NULL);

    rc = ib_hash_get(action_hash, &action, name);
    if (rc != IB_OK) {
        /* name is not registered */
        return rc;
    }

    *act_inst = (ib_action_inst_t *)ib_mpool_alloc(mpool,
                                                   sizeof(ib_action_inst_t));
    if (*act_inst == NULL) {
        return IB_EALLOC;
    }
    (*act_inst)->action = action;
    (*act_inst)->params = ib_mpool_strdup(mpool, parameters);
    (*act_inst)->fparam = NULL;

    if (action->fn_create != NULL) {
        rc = action->fn_create(
            ib,
            parameters,
            *act_inst,
            action->cbdata_create
        );
        if (rc != IB_OK) {
            return rc;
        }
    }
    else {
        rc = IB_OK;
    }

    if ((*act_inst)->fparam == NULL) {
        rc = ib_field_create(&((*act_inst)->fparam),
                             mpool,
                             IB_FIELD_NAME("param"),
                             IB_FTYPE_NULSTR,
                             ib_ftype_nulstr_in(parameters));
    }

    return rc;
}
Exemple #8
0
ib_status_t ib_tfn_lookup_ex(ib_engine_t *ib,
                             const char *name,
                             size_t nlen,
                             ib_tfn_t **ptfn)
{
    assert(ib != NULL);
    assert(name != NULL);
    assert(ptfn != NULL);

    ib_hash_t *tfn_hash = ib->tfns;
    ib_status_t rc = ib_hash_get(tfn_hash, ptfn, name);
    return rc;
}
Exemple #9
0
ib_status_t ib_cfgmap_get(ib_cfgmap_t *cm,
                          const char *name,
                          void *pval, ib_ftype_t *ptype)
{
    IB_FTRACE_INIT(ib_cfgmap_get);
    ib_field_t *f;
    ib_status_t rc;

    rc = ib_hash_get(cm->hash, name, &f);
    if (rc != IB_OK) {
        if (ptype != NULL) {
            *ptype = IB_FTYPE_GENERIC;
        }
        IB_FTRACE_RET_STATUS(rc);
    }

    switch (f->type) {
        case IB_FTYPE_BYTESTR:
            *(ib_bytestr_t **)pval = ib_field_value_bytestr(f);
            ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=\"%" IB_BYTESTR_FMT "\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), IB_BYTESTR_FMT_PARAM(*(ib_bytestr_t **)pval), *(void **)pval);
            break;
        case IB_FTYPE_LIST:
            *(ib_list_t **)pval = ib_field_value_list(f);
            break;
        case IB_FTYPE_NULSTR:
            *(char **)pval = ib_field_value_nulstr(f);
            ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=\"%s\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(char **)pval, *(void **)pval);
            break;
        case IB_FTYPE_NUM:
            *(ib_num_t *)pval = *(ib_field_value_num(f));
            ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(int *)pval, *(void **)pval);
            break;
        case IB_FTYPE_UNUM:
            *(ib_unum_t *)pval = *(ib_field_value_unum(f));
            ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(unsigned int *)pval, *(void **)pval);
            break;
        case IB_FTYPE_GENERIC:
        default:
            *(void **)pval = ib_field_value(f);
            break;
    }

    if (ptype != NULL) {
        *ptype = f->type;
    }

    IB_FTRACE_RET_STATUS(IB_OK);
}
Exemple #10
0
ib_status_t ib_cfgmap_set(ib_cfgmap_t *cm,
                          const char *name,
                          void *in_val)
{
    ib_field_t *f;
    ib_status_t rc;

    rc = ib_hash_get(cm->hash, &f, name);
    if (rc != IB_OK) {
        return rc;
    }

    rc = ib_field_setv(f, in_val);

    return rc;
}
Exemple #11
0
ib_status_t ib_action_register(
    ib_engine_t            *ib,
    const char             *name,
    ib_flags_t              flags,
    ib_action_create_fn_t   fn_create,
    void                   *cbdata_create,
    ib_action_destroy_fn_t  fn_destroy,
    void                   *cbdata_destroy,
    ib_action_execute_fn_t  fn_execute,
    void                   *cbdata_execute
)
{
    IB_FTRACE_INIT();
    ib_hash_t *action_hash = ib->actions;
    ib_mpool_t *pool = ib_engine_pool_main_get(ib);
    ib_status_t rc;
    char *name_copy;
    ib_action_t *act;

    rc = ib_hash_get(action_hash, &act, name);
    if (rc == IB_OK) {
        /* name already is registered */
        IB_FTRACE_RET_STATUS(IB_EINVAL);
    }

    name_copy = ib_mpool_strdup(pool, name);
    if (name_copy == NULL) {
        IB_FTRACE_RET_STATUS(IB_EALLOC);
    }

    act = (ib_action_t *)ib_mpool_alloc(pool, sizeof(*act));
    if (act == NULL) {
        IB_FTRACE_RET_STATUS(IB_EALLOC);
    }
    act->name           = name_copy;
    act->flags          = flags;
    act->fn_create      = fn_create;
    act->cbdata_create  = cbdata_create;
    act->fn_destroy     = fn_destroy;
    act->cbdata_destroy = cbdata_destroy;
    act->fn_execute     = fn_execute;
    act->cbdata_execute = cbdata_execute;

    rc = ib_hash_set(action_hash, name_copy, act);

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #12
0
/**
 * Get or create an ib_hash_t inside of @c tx->data for storing dfa rule data.
 *
 * The hash is stored at the key @c MODULE_DATA_STR.
 *
 * @param[in] tx The transaction containing @c tx->data which holds
 *            the @a rule_data object.
 * @param[out] rule_data The fetched or created rule data hash. This is set
 *             to NULL on failure.
 *
 * @return
 *   - IB_OK on success.
 *   - IB_EALLOC on allocation failure
 */
static ib_status_t get_or_create_rule_data_hash(ib_tx_t *tx,
                                                ib_hash_t **rule_data)
{
    IB_FTRACE_INIT();

    assert(tx);
    assert(tx->mp);

    ib_status_t rc;

    /* Get or create the hash that contains the rule data. */
    rc = ib_hash_get(tx->data, rule_data, MODULE_DATA_STR);

    if (rc == IB_OK && *rule_data != NULL) {
        ib_log_debug2_tx(tx,
                         "Found rule data hash in tx data named "
                         MODULE_DATA_STR);
        IB_FTRACE_RET_STATUS(IB_OK);
    }

    ib_log_debug2_tx(tx, "Rule data hash did not exist in tx data.");
    ib_log_debug2_tx(tx, "Creating rule data hash " MODULE_DATA_STR);

    rc = ib_hash_create(rule_data, tx->mp);
    if (rc != IB_OK) {
        ib_log_debug2_tx(tx,
                         "Failed to create hash " MODULE_DATA_STR ": %d", rc);
        IB_FTRACE_RET_STATUS(rc);
    }

    rc = ib_hash_set(tx->data, MODULE_DATA_STR, *rule_data);
    if (rc != IB_OK) {
        ib_log_debug2_tx(tx,
                         "Failed to store hash " MODULE_DATA_STR ": %d", rc);
        *rule_data = NULL;
    }

    ib_log_debug2_tx(tx,
                     "Returning rule hash " MODULE_DATA_STR " at %p.",
                     *rule_data);

    IB_FTRACE_RET_STATUS(rc);

}
Exemple #13
0
ib_status_t ib_action_register(
    ib_engine_t            *ib,
    const char             *name,
    ib_action_create_fn_t   fn_create,
    void                   *cbdata_create,
    ib_action_destroy_fn_t  fn_destroy,
    void                   *cbdata_destroy,
    ib_action_execute_fn_t  fn_execute,
    void                   *cbdata_execute
)
{
    ib_hash_t *action_hash = ib->actions;
    ib_mpool_t *pool = ib_engine_pool_main_get(ib);
    ib_status_t rc;
    char *name_copy;
    ib_action_t *act;

    rc = ib_hash_get(action_hash, &act, name);
    if (rc == IB_OK) {
        /* name already is registered */
        return IB_EINVAL;
    }

    name_copy = ib_mpool_strdup(pool, name);
    if (name_copy == NULL) {
        return IB_EALLOC;
    }

    act = (ib_action_t *)ib_mpool_alloc(pool, sizeof(*act));
    if (act == NULL) {
        return IB_EALLOC;
    }
    act->name           = name_copy;
    act->fn_create      = fn_create;
    act->cbdata_create  = cbdata_create;
    act->fn_destroy     = fn_destroy;
    act->cbdata_destroy = cbdata_destroy;
    act->fn_execute     = fn_execute;
    act->cbdata_execute = cbdata_execute;

    rc = ib_hash_set(action_hash, name_copy, act);

    return rc;
}
Exemple #14
0
ib_status_t ib_action_inst_create(ib_engine_t *ib,
                                  ib_context_t *ctx,
                                  const char *name,
                                  const char *parameters,
                                  ib_flags_t flags,
                                  ib_action_inst_t **act_inst)
{
    IB_FTRACE_INIT();
    ib_hash_t *action_hash = ib->actions;
    ib_mpool_t *pool = ib_engine_pool_main_get(ib);
    ib_action_t *action;
    ib_status_t rc;

    rc = ib_hash_get(action_hash, &action, name);
    if (rc != IB_OK) {
        /* name is not registered */
        IB_FTRACE_RET_STATUS(rc);
    }

    *act_inst = (ib_action_inst_t *)ib_mpool_alloc(pool,
                                                   sizeof(ib_action_inst_t));
    if (*act_inst == NULL) {
        IB_FTRACE_RET_STATUS(IB_EALLOC);
    }
    (*act_inst)->action = action;
    (*act_inst)->flags = flags;

    if (action->fn_create != NULL) {
        rc = action->fn_create(
            ib,
            ctx,
            pool,
            parameters,
            *act_inst,
            action->cbdata_create
        );
    }
    else {
        rc = IB_OK;
    }

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #15
0
ib_status_t ib_action_register(
    ib_engine_t       *ib,
    const ib_action_t *action
)
{
    assert(ib != NULL);
    assert(action != NULL);

    ib_status_t rc;
    ib_hash_t *action_hash = ib->actions;

    rc = ib_hash_get(action_hash, NULL, action->name);
    if (rc == IB_OK) {
        /* Already exists. */
        return IB_EINVAL;
    }

    rc = ib_hash_set(action_hash, ib_action_name(action), (void *)action);

    return rc;
}
Exemple #16
0
ib_status_t ib_cfgmap_get(const ib_cfgmap_t *cm,
                          const char *name,
                          void *out_val, ib_ftype_t *ptype)
{
    ib_field_t *f;
    ib_status_t rc;

    rc = ib_hash_get(cm->hash, &f, name);
    if (rc != IB_OK) {
        if (ptype != NULL) {
            *ptype = IB_FTYPE_GENERIC;
        }
        return rc;
    }

    if (ptype != NULL) {
        *ptype = f->type;
    }

    rc = ib_field_value(f, out_val);
    return rc;
}
Exemple #17
0
ib_status_t ib_tfn_register(
    ib_engine_t    *ib,
    const ib_tfn_t *tfn
)
{
    assert(ib  != NULL);
    assert(tfn != NULL);

    ib_status_t rc;

    rc = ib_hash_get(ib->tfns, NULL, ib_tfn_name(tfn));
    if (rc != IB_ENOENT) {
        /* Already exists. */
        return IB_EINVAL;
    }

    rc = ib_hash_set(ib->tfns, ib_tfn_name(tfn), (void *)tfn);
    if (rc != IB_OK) {
        return rc;
    }

    return IB_OK;
}
Exemple #18
0
ib_status_t ib_provider_lookup(ib_engine_t *ib,
                               const char *type,
                               const char *key,
                               ib_provider_t **ppr)
{
    IB_FTRACE_INIT();
    char *pr_key;
    ib_status_t rc;

    /// @todo Hash of hash?  Hash of list?
    pr_key = (char *)ib_mpool_alloc(ib->mp, strlen(type) + strlen(key) + 2);
    memcpy(pr_key, type, strlen(type));
    pr_key[strlen(type)] = '.';
    memcpy(pr_key + strlen(type) + 1, key, strlen(key));
    pr_key[strlen(type) + strlen(key) + 1] = '\0';
    rc = ib_hash_get(ib->providers, ppr, pr_key);
    if (rc != IB_OK) {
        *ppr = NULL;
        IB_FTRACE_RET_STATUS(rc);
    }

    IB_FTRACE_RET_STATUS(IB_OK);
}
Exemple #19
0
ib_status_t ib_config_directive_process(ib_cfgparser_t *cp,
                                        const char *name,
                                        ib_list_t *args)
{
    IB_FTRACE_INIT(ib_config_directive_process);
    ib_engine_t *ib = cp->ib;
    ib_dirmap_init_t *rec;
    ib_list_node_t *node;
    size_t nargs = ib_list_elements(args);
    const char *p1;
    const char *p2;
    ib_flags_t flags;
    ib_flags_t fmask;
    ib_status_t rc;
    int i;

    rc = ib_hash_get(ib->dirmap, name, (void *)&rec);
    if (rc != IB_OK) {
        IB_FTRACE_RET_STATUS(rc);
    }

    switch (rec->type) {
        case IB_DIRTYPE_ONOFF:
            if (nargs != 1) {
                ib_log_error(ib, 1, "OnOff directive \"%s\" takes one parameter, not %d",
                             name, nargs);
                rc = IB_EINVAL;
                break;
            }
            ib_list_shift(args, &p1);
            if (   (strcasecmp("on", p1) == 0)
                || (strcasecmp("yes", p1) == 0)
                || (strcasecmp("true", p1) == 0))
            {
                rc = rec->cb.fn_onoff(cp, name, 1, rec->cbdata);
            }
            else {
                rc = rec->cb.fn_onoff(cp, name, 0, rec->cbdata);
            }
            break;
        case IB_DIRTYPE_PARAM1:
            if (nargs != 1) {
                ib_log_error(ib, 1, "Param1 directive \"%s\" takes one parameter, not %d",
                             name, nargs);
                rc = IB_EINVAL;
                break;
            }
            ib_list_shift(args, &p1);
            rc = rec->cb.fn_param1(cp, name, p1, rec->cbdata);
            break;
        case IB_DIRTYPE_PARAM2:
            if (nargs != 2) {
                ib_log_error(ib, 1, "Param2 directive \"%s\" takes two parameters, not %d",
                             name, nargs);
                rc = IB_EINVAL;
                break;
            }
            ib_list_shift(args, &p1);
            ib_list_shift(args, &p2);
            rc = rec->cb.fn_param2(cp, name, p1, p2, rec->cbdata);
            break;
        case IB_DIRTYPE_LIST:
            rc = rec->cb.fn_list(cp, name, args, rec->cbdata);
            break;
        case IB_DIRTYPE_OPFLAGS:
            i = 0;
            flags = 0;
            fmask = 0;

            IB_LIST_LOOP(args, node) {
                const char *opname = (const char *)ib_list_node_data(node);
                int oper = (*opname == '-') ? -1 : ((*opname == '+') ? 1 : 0);
                ib_num_t val;

                /* If the first option does not use an operator, then
                 * this is setting all flags so set all the mask bits.
                 */
                if ((i == 0) && (oper == 0)) {
                    fmask = ~0;
                }

                ib_log_debug(ib, 9, "Processing %s option: %s", name, opname);

                /* Remove the operator from the name if required.
                 * and determine the numeric value of the option
                 * by using the value map.
                 */
                if (oper != 0) {
                    opname++;
                }

                rc = cfgp_opval(opname, rec->valmap, &val);
                if (rc != IB_OK) {
                    ib_log_error(ib, 3, "Invalid %s option: %s", name, opname);
                    IB_FTRACE_RET_STATUS(rc);
                }

                /* Mark which bit(s) we are setting. */
                fmask |= val;

                /* Set/Unset the appropriate bits. */
                if (oper == -1) {
                    flags = flags & ~val;
                }
                else {
                    flags |= val;
                }

                i++;
            }

            rc = rec->cb.fn_opflags(cp, name, flags, fmask, rec->cbdata);
            break;
        case IB_DIRTYPE_SBLK1:
            if (nargs != 1) {
                ib_log_error(ib, 1, "SBlk1 directive \"%s\" takes one parameter, not %d",
                             name, nargs);
                rc = IB_EINVAL;
                break;
            }
            ib_list_shift(args, &p1);
            rc = rec->cb.fn_sblk1(cp, name, p1, rec->cbdata);
            break;
        default:
            rc = IB_EINVAL;
    }

    IB_FTRACE_RET_STATUS(rc);
}
Exemple #20
0
ib_status_t ib_provider_register(ib_engine_t *ib,
                                 const char *type,
                                 const char *key,
                                 ib_provider_t **ppr,
                                 void *iface,
                                 ib_provider_inst_init_fn_t fn_init)
{
    IB_FTRACE_INIT();
    char *pr_key;
    ib_status_t rc;
    ib_provider_def_t *prd;
    ib_provider_t *pr;

    if (ppr != NULL) {
        *ppr = NULL;
    }

    /* Get the API, if any */
    rc = ib_hash_get(ib->apis, &prd, type);
    if (rc != IB_OK) {
        ib_log_error(ib,
                     "Error registering provider \"%s\": "
                     "Unknown provider type \"%s\"",
                     key, type);
        IB_FTRACE_RET_STATUS(rc);
    }

    /* Create the provider. */
    pr = (ib_provider_t *)ib_mpool_calloc(prd->mp, 1, sizeof(*pr));
    if (pr == NULL) {
        IB_FTRACE_RET_STATUS(IB_EALLOC);
    }
    pr->ib = ib;
    pr->mp = prd->mp;
    pr->type = prd->type;
    pr->iface = iface;
    pr->api = prd->api;
    pr->fn_init = fn_init;

    if (ppr != NULL) {
        *ppr = pr;
    }

    /* Register. */
    /// @todo Hash of hash?  Hash of list?
    pr_key = (char *)ib_mpool_alloc(ib->mp, strlen(type) + strlen(key) + 2);
    memcpy(pr_key, type, strlen(type));
    pr_key[strlen(type)] = '.';
    memcpy(pr_key + strlen(type) + 1, key, strlen(key));
    pr_key[strlen(type) + strlen(key) + 1] = '\0';
    rc = ib_hash_set(ib->providers, pr_key, pr);
    if (rc != IB_OK) {
        IB_FTRACE_RET_STATUS(rc);
    }

    /* If available, call the registration callback,
     * de-registering on failure.
     */
    if (prd->fn_reg != NULL) {
        rc = prd->fn_reg(ib, pr);
        if (rc != IB_OK) {
            ib_hash_remove(ib->providers, NULL, pr_key);
        }
        IB_FTRACE_RET_STATUS(rc);
    }

    IB_FTRACE_RET_STATUS(IB_OK);
}
Exemple #21
0
static
ib_status_t sqli_dir_fingerprint_set(
    ib_cfgparser_t *cp,
    const char     *directive_name,
    const char     *set_name,
    const char     *set_path,
    void           *cbdata
)
{
    assert(cp             != NULL);
    assert(directive_name != NULL);
    assert(set_name       != NULL);
    assert(set_path       != NULL);

    ib_status_t             rc;
    ib_context_t           *ctx = NULL;
    ib_module_t            *m   = NULL;
    sqli_module_config_t   *cfg = NULL;
    sqli_fingerprint_set_t *ps  = NULL;
    ib_mm_t                 mm;
    char                   *abs_set_path = NULL;

    rc = ib_cfgparser_context_current(cp, &ctx);
    assert(rc  == IB_OK);
    assert(ctx != NULL);

    if (ctx != ib_context_main(cp->ib)) {
        ib_cfg_log_error(cp,
            "%s: Only valid at main context.", directive_name
        );
        return IB_EINVAL;
    }

    if (strcmp("default", set_name) == 0) {
        ib_cfg_log_error(cp,
            "%s: default is a reserved set name.", directive_name
        );
        return IB_EINVAL;
    }

    mm = ib_engine_mm_main_get(cp->ib);

    rc = ib_engine_module_get(
        ib_context_get_engine(ctx),
        MODULE_NAME_STR,
        &m
    );
    assert(rc == IB_OK);

    rc = ib_context_module_config(ctx, m, &cfg);
    assert(rc == IB_OK);

    if (cfg->fingerprint_sets == NULL) {
        rc = ib_hash_create(&cfg->fingerprint_sets, mm);
        assert(rc == IB_OK);
    }
    assert(cfg->fingerprint_sets != NULL);

    rc = ib_hash_get(cfg->fingerprint_sets, NULL, set_name);
    if (rc == IB_OK) {
        ib_cfg_log_error(cp,
            "%s: Duplicate fingerprint set definition: %s",
            directive_name, set_name
        );
        return IB_EINVAL;
    }
    assert(rc == IB_ENOENT);

    abs_set_path = ib_util_relative_file(
        ib_engine_mm_config_get(cp->ib),
        ib_cfgparser_curr_file(cp),
        set_path
    );
    if (abs_set_path == NULL) {
        return IB_EALLOC;
    }

    rc = sqli_create_fingerprint_set_from_file(&ps, abs_set_path, mm);
    if (rc != IB_OK) {
        ib_cfg_log_error(cp,
            "%s: Failure to load fingerprint set from file: %s",
            directive_name, abs_set_path
        );
        return IB_EINVAL;
    }
    assert(ps != NULL);

    rc = ib_hash_set(cfg->fingerprint_sets, ib_mm_strdup(mm, set_name), ps);
    assert(rc == IB_OK);

    return IB_OK;
}
Exemple #22
0
/**
 * Main identity handler.  Called both on request_header_finished and
 * request_finished: the configured provider decides which state to
 * run on, and skips (returns immediately) on the other state.
 *
 * If configured mode is "Off", just returns.  Otherwise calls provider's
 * check_id function to check and log user ID. Optionally cycles through
 * other providers.  Finally, if client is not identified and mode is
 * "Require", calls provider's challenge function to ask client to
 * identify (e.g. HTTP 401).
 *
 * @param ib The engine
 * @param tx The transaction
 * @param state State that triggered the call
 * @param cbdata Unused
 */
static ib_status_t ident_handler(ib_engine_t *ib, ib_tx_t *tx,
                                 ib_state_t state,
                                 void *cbdata)
{
    ident_cfg_t *cfg;
    const char *userid = NULL;
    ib_ident_provider_t *provider;
    ib_status_t rc;
    ib_module_t *m;

    assert(state == request_header_finished_state || state == request_finished_state);

    rc = ib_engine_module_get(ib, MODULE_NAME_STR, &m);
    assert((rc == IB_OK) && (m != NULL));
    rc = ib_context_module_config(ib_context_main(ib), m, &cfg);
    assert((rc == IB_OK) && (cfg != NULL));

    if (cfg->mode == ident_off) {
        return IB_OK;
    }
    if (cfg->type != NULL && cfg->providers != NULL) {
        rc = ib_hash_get(cfg->providers, &provider, cfg->type);
        if (rc != IB_OK || provider == NULL) {
            ib_log_error_tx(tx, "Identifier '%s' configured but not available", cfg->type);
            provider = &ident_dummy_provider;
        }
    }
    else {
        ib_log_error_tx(tx, "Ident module loaded but not configured!");
        provider = &ident_dummy_provider;
    }

    if (provider->state != state) {
        /* This provider doesn't check now */
        return IB_OK;
    }

    /* OK, ident is on.  Verify if there is a user ID */
    userid = provider->check_id(tx);

    if (userid == NULL && cfg->accept_any && cfg->providers != NULL) {
        ib_hash_iterator_t *iterator = ib_hash_iterator_create(tx->mm);
        ib_ident_provider_t *p;
        for (ib_hash_iterator_first(iterator, cfg->providers);
             !userid && !ib_hash_iterator_at_end(iterator);
             ib_hash_iterator_next(iterator)) {
            ib_hash_iterator_fetch(NULL, NULL, &p, iterator);
            /* configured provider already checked - so skip it now */
            if (p->check_id != provider->check_id) {
                userid = p->check_id(tx);
            }
        }
    }

    if (userid != NULL) {
        ib_log_info(ib, "User identified as %s", userid);
        return IB_OK;
    }

    /* If we haven't configured an ident type, don't enforce */
    if (cfg->type == NULL) {
        return IB_OK;
    }

    /* If we're enforcing ident, send a challenge */
    return provider->challenge(tx);
}
Exemple #23
0
/**
 * Load a eudoxus pattern so it can be used in rules.
 *
 * The filename should point to a compiled automata. If a relative path is
 * given, it will be loaded relative to the current configuration file.
 *
 * @param[in] cp Configuration parser.
 * @param[in] name Directive name.
 * @param[in] pattern_name Name to associate with the pattern.
 * @param[in] filename Filename to load.
 * @param[in] cbdata Callback data (unused)
 * @return
 * - IB_OK on success.
 * - IB_EEXIST if the pattern has already been defined.
 * - IB_EINVAL if there was an error loading the automata.
 */
static
ib_status_t load_eudoxus_pattern_param2(ib_cfgparser_t *cp,
                                        const char *name,
                                        const char *pattern_name,
                                        const char *filename,
                                        void *cbdata)
{
    ib_engine_t *ib;
    ib_status_t rc;
    const char *automata_file;
    ia_eudoxus_result_t ia_rc;
    ib_hash_t *eudoxus_pattern_hash;
    ia_eudoxus_t *eudoxus;
    const ee_config_t* config;
    ib_mm_t mm_tmp;
    void *tmp;

    assert(cp != NULL);
    assert(cp->ib != NULL);
    assert(pattern_name != NULL);
    assert(filename != NULL);

    mm_tmp = ib_engine_mm_temp_get(cp->ib);
    ib = cp->ib;
    config = ee_get_config(ib);
    assert(config != NULL);

    eudoxus_pattern_hash = config->eudoxus_pattern_hash;
    assert(eudoxus_pattern_hash != NULL);

    /* Check if the pattern name is already in use */
    rc = ib_hash_get(eudoxus_pattern_hash, &tmp, pattern_name);
    if (rc == IB_OK) {
        ib_log_error(cp->ib,
                     MODULE_NAME_STR ": Pattern named \"%s\" already defined",
                     pattern_name);
        return IB_EEXIST;
    }

    automata_file = ib_util_relative_file(mm_tmp, cp->curr->file, filename);

    if (access(automata_file, R_OK) != 0) {
        ib_log_error(cp->ib,
                     MODULE_NAME_STR ": Error accessing eudoxus automata file: %s.",
                     automata_file);

        return IB_EINVAL;
    }

    ia_rc = ia_eudoxus_create_from_path(&eudoxus, automata_file);
    if (ia_rc != IA_EUDOXUS_OK) {
        ib_log_error(cp->ib,
                     MODULE_NAME_STR ": Error loading eudoxus automata file[%d]: %s.",
                     ia_rc, automata_file);
        return IB_EINVAL;
    }

    rc = ib_hash_set(eudoxus_pattern_hash, pattern_name, eudoxus);
    if (rc != IB_OK) {
        ia_eudoxus_destroy(eudoxus);
        return rc;
    }

    return IB_OK;
}