/**
* Return the per-transaction data for use with the dfa operator.
*
* @param[in] m PCRE module.
* @param[in,out] tx Transaction to store the value in.
* @param[in] id The operator identifier used to get it's workspace.
* @param[out] workspace Retrieved.
*
* @returns
* - IB_OK on success.
* - IB_ENOENT if the structure does not exist. Call alloc_dfa_tx_data then.
* - IB_EALLOC on an allocation error.
*/
static
ib_status_t get_dfa_tx_data(
const ib_module_t *m,
ib_tx_t *tx,
const char *id,
dfa_workspace_t **workspace
)
{
assert(tx);
assert(tx->mp);
assert(id);
assert(workspace);
ib_hash_t *hash;
ib_status_t rc;
rc = get_or_create_operator_data_hash(m, tx, &hash);
if (rc != IB_OK) {
return rc;
}
rc = ib_hash_get(hash, workspace, id);
if (rc != IB_OK) {
*workspace = NULL;
}
return rc;
}
ib_status_t ib_cfgmap_set(ib_cfgmap_t *cm,
const char *name,
void *pval)
{
IB_FTRACE_INIT(ib_cfgmap_set);
ib_field_t *f;
ib_status_t rc;
rc = ib_hash_get(cm->hash, name, (void *)&f);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
rc = ib_field_setv(f, pval);
/// @todo Remove this extra debugging
switch (f->type) {
case IB_FTYPE_BYTESTR:
ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=\"%" IB_BYTESTR_FMT "\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), IB_BYTESTR_FMT_PARAM(*(ib_bytestr_t **)pval), *(void **)pval);
break;
case IB_FTYPE_NULSTR:
ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=\"%s\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(char **)pval, *(void **)pval);
break;
case IB_FTYPE_NUM:
ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(int *)pval, *(void **)pval);
break;
case IB_FTYPE_UNUM:
ib_util_log_debug(4, "SET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(unsigned int *)pval, *(void **)pval);
break;
}
IB_FTRACE_RET_STATUS(rc);
}
ib_status_t ib_config_block_process(ib_cfgparser_t *cp,
const char *name)
{
IB_FTRACE_INIT(ib_config_block_process);
ib_engine_t *ib = cp->ib;
ib_dirmap_init_t *rec;
ib_status_t rc;
/* Finished with this block. */
rc = ib_cfgparser_block_pop(cp, NULL);
if (rc != IB_OK) {
return rc;
}
rc = ib_hash_get(ib->dirmap, name, (void *)&rec);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
rc = IB_OK;
switch (rec->type) {
case IB_DIRTYPE_SBLK1:
if (rec->fn_blkend != NULL) {
rc = rec->fn_blkend(cp, name, rec->cbdata);
}
break;
default:
rc = IB_EINVAL;
}
IB_FTRACE_RET_STATUS(rc);
}
/**
* Return the per-transaction data for use with the dfa operator.
*
* @param[in,out] tx Transaction to store the value in.
* @param[in] id The operator identifier used to get it's workspace.
* @param[out] workspace Retrieved.
*
* @returns
* - IB_OK on success.
* - IB_ENOENT if the structure does not exist. Call alloc_dfa_tx_data then.
* - IB_EALLOC on an allocation error.
*/
static ib_status_t get_dfa_tx_data(ib_tx_t *tx,
const char *id,
dfa_workspace_t **workspace)
{
IB_FTRACE_INIT();
assert(tx);
assert(tx->mp);
assert(id);
assert(workspace);
ib_hash_t *rule_data;
ib_status_t rc;
rc = get_or_create_rule_data_hash(tx, &rule_data);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
rc = ib_hash_get(rule_data, workspace, id);
if (rc != IB_OK) {
*workspace = NULL;
}
IB_FTRACE_RET_STATUS(rc);
}
/**
* Perf Stats Stop Event txdata Callback.
*
* Called at the end of an event.
*
* @param[in] ib IronBee object.
* @param[in] tx Transaction object.
* @param[in] event Event type.
* @param[in] param Callback data which differs based on hook type.
* @param[in] cbdata Callback data: actually an perf_info_t describing the
* event.
*/
static ib_status_t mod_perf_stats_event_stop_txdata_callback(
ib_engine_t *ib,
ib_tx_t *tx,
ib_state_event_type_t event,
ib_txdata_t* txdata,
void *cbdata
)
{
IB_FTRACE_INIT();
event_info_t *eventp = (event_info_t *)cbdata;
perf_info_t *perf_info;
ib_status_t rc = ib_hash_get(
tx->conn->data,
&perf_info,
"MOD_PERF_STATS"
);
if (rc != IB_OK) {
perf_info = NULL;
}
mod_perf_stats_event_stop(ib, eventp, perf_info);
IB_FTRACE_RET_STATUS(IB_OK);
}
/**
* Create an instance of the @c ee_match_any operator.
*
* Looks up the automata name and adds the automata to the operator instance.
*
* @param[in] ctx Current context.
* @param[in] parameters Automata name.
* @param[out] instance_data Instance data.
* @param[in] cbdata Callback data.
*/
static
ib_status_t ee_match_any_operator_create(
ib_context_t *ctx,
const char *parameters,
void *instance_data,
void *cbdata
)
{
assert(ctx != NULL);
assert(parameters != NULL);
assert(instance_data != NULL);
ib_status_t rc;
ia_eudoxus_t* eudoxus;
ee_operator_data_t *operator_data;
ib_module_t *module;
ib_engine_t *ib = ib_context_get_engine(ctx);
ib_mpool_t *pool = ib_context_get_mpool(ctx);
const ee_config_t *config = ee_get_config(ib);
const ib_hash_t *eudoxus_pattern_hash;
assert(config != NULL);
assert(config->eudoxus_pattern_hash != NULL);
/* Get my module object */
rc = ib_engine_module_get(ib, MODULE_NAME_STR, &module);
if (rc != IB_OK) {
ib_log_error(ib, "Failed to get eudoxus operator module object: %s",
ib_status_to_string(rc));
return rc;
}
/* Allocate a rule data object, populate it */
operator_data = ib_mpool_alloc(pool, sizeof(*operator_data));
if (operator_data == NULL) {
return IB_EALLOC;
}
eudoxus_pattern_hash = config->eudoxus_pattern_hash;
rc = ib_hash_get(eudoxus_pattern_hash, &eudoxus, parameters);
if (rc == IB_ENOENT ) {
ib_log_error(ib,
MODULE_NAME_STR ": No eudoxus automata named %s found.",
parameters);
return rc;
}
else if (rc != IB_OK) {
ib_log_error(ib,
MODULE_NAME_STR ": Error setting up eudoxus automata operator.");
return rc;
}
operator_data->eudoxus = eudoxus;
*(ee_operator_data_t **)instance_data = operator_data;
ib_log_debug(ib, "Found compiled eudoxus pattern \"%s\"", parameters);
return IB_OK;
}
ib_status_t ib_action_inst_create_ex(
ib_engine_t *ib,
const char *name,
const char *parameters,
ib_action_inst_t **act_inst)
{
assert(ib != NULL);
assert(name != NULL);
ib_hash_t *action_hash = ib->actions;
ib_action_t *action;
ib_status_t rc;
ib_mpool_t *mpool = ib_engine_pool_main_get(ib);
assert(mpool != NULL);
rc = ib_hash_get(action_hash, &action, name);
if (rc != IB_OK) {
/* name is not registered */
return rc;
}
*act_inst = (ib_action_inst_t *)ib_mpool_alloc(mpool,
sizeof(ib_action_inst_t));
if (*act_inst == NULL) {
return IB_EALLOC;
}
(*act_inst)->action = action;
(*act_inst)->params = ib_mpool_strdup(mpool, parameters);
(*act_inst)->fparam = NULL;
if (action->fn_create != NULL) {
rc = action->fn_create(
ib,
parameters,
*act_inst,
action->cbdata_create
);
if (rc != IB_OK) {
return rc;
}
}
else {
rc = IB_OK;
}
if ((*act_inst)->fparam == NULL) {
rc = ib_field_create(&((*act_inst)->fparam),
mpool,
IB_FIELD_NAME("param"),
IB_FTYPE_NULSTR,
ib_ftype_nulstr_in(parameters));
}
return rc;
}
ib_status_t ib_tfn_lookup_ex(ib_engine_t *ib,
const char *name,
size_t nlen,
ib_tfn_t **ptfn)
{
assert(ib != NULL);
assert(name != NULL);
assert(ptfn != NULL);
ib_hash_t *tfn_hash = ib->tfns;
ib_status_t rc = ib_hash_get(tfn_hash, ptfn, name);
return rc;
}
ib_status_t ib_cfgmap_get(ib_cfgmap_t *cm,
const char *name,
void *pval, ib_ftype_t *ptype)
{
IB_FTRACE_INIT(ib_cfgmap_get);
ib_field_t *f;
ib_status_t rc;
rc = ib_hash_get(cm->hash, name, &f);
if (rc != IB_OK) {
if (ptype != NULL) {
*ptype = IB_FTYPE_GENERIC;
}
IB_FTRACE_RET_STATUS(rc);
}
switch (f->type) {
case IB_FTYPE_BYTESTR:
*(ib_bytestr_t **)pval = ib_field_value_bytestr(f);
ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=\"%" IB_BYTESTR_FMT "\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), IB_BYTESTR_FMT_PARAM(*(ib_bytestr_t **)pval), *(void **)pval);
break;
case IB_FTYPE_LIST:
*(ib_list_t **)pval = ib_field_value_list(f);
break;
case IB_FTYPE_NULSTR:
*(char **)pval = ib_field_value_nulstr(f);
ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=\"%s\" (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(char **)pval, *(void **)pval);
break;
case IB_FTYPE_NUM:
*(ib_num_t *)pval = *(ib_field_value_num(f));
ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(int *)pval, *(void **)pval);
break;
case IB_FTYPE_UNUM:
*(ib_unum_t *)pval = *(ib_field_value_unum(f));
ib_util_log_debug(4, "GET FIELD type=%d %" IB_BYTESTR_FMT "=%d (%p)", f->type, IB_BYTESTRSL_FMT_PARAM(f->name,f->nlen), *(unsigned int *)pval, *(void **)pval);
break;
case IB_FTYPE_GENERIC:
default:
*(void **)pval = ib_field_value(f);
break;
}
if (ptype != NULL) {
*ptype = f->type;
}
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_status_t ib_cfgmap_set(ib_cfgmap_t *cm,
const char *name,
void *in_val)
{
ib_field_t *f;
ib_status_t rc;
rc = ib_hash_get(cm->hash, &f, name);
if (rc != IB_OK) {
return rc;
}
rc = ib_field_setv(f, in_val);
return rc;
}
ib_status_t ib_action_register(
ib_engine_t *ib,
const char *name,
ib_flags_t flags,
ib_action_create_fn_t fn_create,
void *cbdata_create,
ib_action_destroy_fn_t fn_destroy,
void *cbdata_destroy,
ib_action_execute_fn_t fn_execute,
void *cbdata_execute
)
{
IB_FTRACE_INIT();
ib_hash_t *action_hash = ib->actions;
ib_mpool_t *pool = ib_engine_pool_main_get(ib);
ib_status_t rc;
char *name_copy;
ib_action_t *act;
rc = ib_hash_get(action_hash, &act, name);
if (rc == IB_OK) {
/* name already is registered */
IB_FTRACE_RET_STATUS(IB_EINVAL);
}
name_copy = ib_mpool_strdup(pool, name);
if (name_copy == NULL) {
IB_FTRACE_RET_STATUS(IB_EALLOC);
}
act = (ib_action_t *)ib_mpool_alloc(pool, sizeof(*act));
if (act == NULL) {
IB_FTRACE_RET_STATUS(IB_EALLOC);
}
act->name = name_copy;
act->flags = flags;
act->fn_create = fn_create;
act->cbdata_create = cbdata_create;
act->fn_destroy = fn_destroy;
act->cbdata_destroy = cbdata_destroy;
act->fn_execute = fn_execute;
act->cbdata_execute = cbdata_execute;
rc = ib_hash_set(action_hash, name_copy, act);
IB_FTRACE_RET_STATUS(rc);
}
/**
* Get or create an ib_hash_t inside of @c tx->data for storing dfa rule data.
*
* The hash is stored at the key @c MODULE_DATA_STR.
*
* @param[in] tx The transaction containing @c tx->data which holds
* the @a rule_data object.
* @param[out] rule_data The fetched or created rule data hash. This is set
* to NULL on failure.
*
* @return
* - IB_OK on success.
* - IB_EALLOC on allocation failure
*/
static ib_status_t get_or_create_rule_data_hash(ib_tx_t *tx,
ib_hash_t **rule_data)
{
IB_FTRACE_INIT();
assert(tx);
assert(tx->mp);
ib_status_t rc;
/* Get or create the hash that contains the rule data. */
rc = ib_hash_get(tx->data, rule_data, MODULE_DATA_STR);
if (rc == IB_OK && *rule_data != NULL) {
ib_log_debug2_tx(tx,
"Found rule data hash in tx data named "
MODULE_DATA_STR);
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_log_debug2_tx(tx, "Rule data hash did not exist in tx data.");
ib_log_debug2_tx(tx, "Creating rule data hash " MODULE_DATA_STR);
rc = ib_hash_create(rule_data, tx->mp);
if (rc != IB_OK) {
ib_log_debug2_tx(tx,
"Failed to create hash " MODULE_DATA_STR ": %d", rc);
IB_FTRACE_RET_STATUS(rc);
}
rc = ib_hash_set(tx->data, MODULE_DATA_STR, *rule_data);
if (rc != IB_OK) {
ib_log_debug2_tx(tx,
"Failed to store hash " MODULE_DATA_STR ": %d", rc);
*rule_data = NULL;
}
ib_log_debug2_tx(tx,
"Returning rule hash " MODULE_DATA_STR " at %p.",
*rule_data);
IB_FTRACE_RET_STATUS(rc);
}
ib_status_t ib_action_register(
ib_engine_t *ib,
const char *name,
ib_action_create_fn_t fn_create,
void *cbdata_create,
ib_action_destroy_fn_t fn_destroy,
void *cbdata_destroy,
ib_action_execute_fn_t fn_execute,
void *cbdata_execute
)
{
ib_hash_t *action_hash = ib->actions;
ib_mpool_t *pool = ib_engine_pool_main_get(ib);
ib_status_t rc;
char *name_copy;
ib_action_t *act;
rc = ib_hash_get(action_hash, &act, name);
if (rc == IB_OK) {
/* name already is registered */
return IB_EINVAL;
}
name_copy = ib_mpool_strdup(pool, name);
if (name_copy == NULL) {
return IB_EALLOC;
}
act = (ib_action_t *)ib_mpool_alloc(pool, sizeof(*act));
if (act == NULL) {
return IB_EALLOC;
}
act->name = name_copy;
act->fn_create = fn_create;
act->cbdata_create = cbdata_create;
act->fn_destroy = fn_destroy;
act->cbdata_destroy = cbdata_destroy;
act->fn_execute = fn_execute;
act->cbdata_execute = cbdata_execute;
rc = ib_hash_set(action_hash, name_copy, act);
return rc;
}
ib_status_t ib_action_inst_create(ib_engine_t *ib,
ib_context_t *ctx,
const char *name,
const char *parameters,
ib_flags_t flags,
ib_action_inst_t **act_inst)
{
IB_FTRACE_INIT();
ib_hash_t *action_hash = ib->actions;
ib_mpool_t *pool = ib_engine_pool_main_get(ib);
ib_action_t *action;
ib_status_t rc;
rc = ib_hash_get(action_hash, &action, name);
if (rc != IB_OK) {
/* name is not registered */
IB_FTRACE_RET_STATUS(rc);
}
*act_inst = (ib_action_inst_t *)ib_mpool_alloc(pool,
sizeof(ib_action_inst_t));
if (*act_inst == NULL) {
IB_FTRACE_RET_STATUS(IB_EALLOC);
}
(*act_inst)->action = action;
(*act_inst)->flags = flags;
if (action->fn_create != NULL) {
rc = action->fn_create(
ib,
ctx,
pool,
parameters,
*act_inst,
action->cbdata_create
);
}
else {
rc = IB_OK;
}
IB_FTRACE_RET_STATUS(rc);
}
ib_status_t ib_action_register(
ib_engine_t *ib,
const ib_action_t *action
)
{
assert(ib != NULL);
assert(action != NULL);
ib_status_t rc;
ib_hash_t *action_hash = ib->actions;
rc = ib_hash_get(action_hash, NULL, action->name);
if (rc == IB_OK) {
/* Already exists. */
return IB_EINVAL;
}
rc = ib_hash_set(action_hash, ib_action_name(action), (void *)action);
return rc;
}
ib_status_t ib_cfgmap_get(const ib_cfgmap_t *cm,
const char *name,
void *out_val, ib_ftype_t *ptype)
{
ib_field_t *f;
ib_status_t rc;
rc = ib_hash_get(cm->hash, &f, name);
if (rc != IB_OK) {
if (ptype != NULL) {
*ptype = IB_FTYPE_GENERIC;
}
return rc;
}
if (ptype != NULL) {
*ptype = f->type;
}
rc = ib_field_value(f, out_val);
return rc;
}
ib_status_t ib_tfn_register(
ib_engine_t *ib,
const ib_tfn_t *tfn
)
{
assert(ib != NULL);
assert(tfn != NULL);
ib_status_t rc;
rc = ib_hash_get(ib->tfns, NULL, ib_tfn_name(tfn));
if (rc != IB_ENOENT) {
/* Already exists. */
return IB_EINVAL;
}
rc = ib_hash_set(ib->tfns, ib_tfn_name(tfn), (void *)tfn);
if (rc != IB_OK) {
return rc;
}
return IB_OK;
}
ib_status_t ib_provider_lookup(ib_engine_t *ib,
const char *type,
const char *key,
ib_provider_t **ppr)
{
IB_FTRACE_INIT();
char *pr_key;
ib_status_t rc;
/// @todo Hash of hash? Hash of list?
pr_key = (char *)ib_mpool_alloc(ib->mp, strlen(type) + strlen(key) + 2);
memcpy(pr_key, type, strlen(type));
pr_key[strlen(type)] = '.';
memcpy(pr_key + strlen(type) + 1, key, strlen(key));
pr_key[strlen(type) + strlen(key) + 1] = '\0';
rc = ib_hash_get(ib->providers, ppr, pr_key);
if (rc != IB_OK) {
*ppr = NULL;
IB_FTRACE_RET_STATUS(rc);
}
IB_FTRACE_RET_STATUS(IB_OK);
}
ib_status_t ib_config_directive_process(ib_cfgparser_t *cp,
const char *name,
ib_list_t *args)
{
IB_FTRACE_INIT(ib_config_directive_process);
ib_engine_t *ib = cp->ib;
ib_dirmap_init_t *rec;
ib_list_node_t *node;
size_t nargs = ib_list_elements(args);
const char *p1;
const char *p2;
ib_flags_t flags;
ib_flags_t fmask;
ib_status_t rc;
int i;
rc = ib_hash_get(ib->dirmap, name, (void *)&rec);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
switch (rec->type) {
case IB_DIRTYPE_ONOFF:
if (nargs != 1) {
ib_log_error(ib, 1, "OnOff directive \"%s\" takes one parameter, not %d",
name, nargs);
rc = IB_EINVAL;
break;
}
ib_list_shift(args, &p1);
if ( (strcasecmp("on", p1) == 0)
|| (strcasecmp("yes", p1) == 0)
|| (strcasecmp("true", p1) == 0))
{
rc = rec->cb.fn_onoff(cp, name, 1, rec->cbdata);
}
else {
rc = rec->cb.fn_onoff(cp, name, 0, rec->cbdata);
}
break;
case IB_DIRTYPE_PARAM1:
if (nargs != 1) {
ib_log_error(ib, 1, "Param1 directive \"%s\" takes one parameter, not %d",
name, nargs);
rc = IB_EINVAL;
break;
}
ib_list_shift(args, &p1);
rc = rec->cb.fn_param1(cp, name, p1, rec->cbdata);
break;
case IB_DIRTYPE_PARAM2:
if (nargs != 2) {
ib_log_error(ib, 1, "Param2 directive \"%s\" takes two parameters, not %d",
name, nargs);
rc = IB_EINVAL;
break;
}
ib_list_shift(args, &p1);
ib_list_shift(args, &p2);
rc = rec->cb.fn_param2(cp, name, p1, p2, rec->cbdata);
break;
case IB_DIRTYPE_LIST:
rc = rec->cb.fn_list(cp, name, args, rec->cbdata);
break;
case IB_DIRTYPE_OPFLAGS:
i = 0;
flags = 0;
fmask = 0;
IB_LIST_LOOP(args, node) {
const char *opname = (const char *)ib_list_node_data(node);
int oper = (*opname == '-') ? -1 : ((*opname == '+') ? 1 : 0);
ib_num_t val;
/* If the first option does not use an operator, then
* this is setting all flags so set all the mask bits.
*/
if ((i == 0) && (oper == 0)) {
fmask = ~0;
}
ib_log_debug(ib, 9, "Processing %s option: %s", name, opname);
/* Remove the operator from the name if required.
* and determine the numeric value of the option
* by using the value map.
*/
if (oper != 0) {
opname++;
}
rc = cfgp_opval(opname, rec->valmap, &val);
if (rc != IB_OK) {
ib_log_error(ib, 3, "Invalid %s option: %s", name, opname);
IB_FTRACE_RET_STATUS(rc);
}
/* Mark which bit(s) we are setting. */
fmask |= val;
/* Set/Unset the appropriate bits. */
if (oper == -1) {
flags = flags & ~val;
}
else {
flags |= val;
}
i++;
}
rc = rec->cb.fn_opflags(cp, name, flags, fmask, rec->cbdata);
break;
case IB_DIRTYPE_SBLK1:
if (nargs != 1) {
ib_log_error(ib, 1, "SBlk1 directive \"%s\" takes one parameter, not %d",
name, nargs);
rc = IB_EINVAL;
break;
}
ib_list_shift(args, &p1);
rc = rec->cb.fn_sblk1(cp, name, p1, rec->cbdata);
break;
default:
rc = IB_EINVAL;
}
IB_FTRACE_RET_STATUS(rc);
}
ib_status_t ib_provider_register(ib_engine_t *ib,
const char *type,
const char *key,
ib_provider_t **ppr,
void *iface,
ib_provider_inst_init_fn_t fn_init)
{
IB_FTRACE_INIT();
char *pr_key;
ib_status_t rc;
ib_provider_def_t *prd;
ib_provider_t *pr;
if (ppr != NULL) {
*ppr = NULL;
}
/* Get the API, if any */
rc = ib_hash_get(ib->apis, &prd, type);
if (rc != IB_OK) {
ib_log_error(ib,
"Error registering provider \"%s\": "
"Unknown provider type \"%s\"",
key, type);
IB_FTRACE_RET_STATUS(rc);
}
/* Create the provider. */
pr = (ib_provider_t *)ib_mpool_calloc(prd->mp, 1, sizeof(*pr));
if (pr == NULL) {
IB_FTRACE_RET_STATUS(IB_EALLOC);
}
pr->ib = ib;
pr->mp = prd->mp;
pr->type = prd->type;
pr->iface = iface;
pr->api = prd->api;
pr->fn_init = fn_init;
if (ppr != NULL) {
*ppr = pr;
}
/* Register. */
/// @todo Hash of hash? Hash of list?
pr_key = (char *)ib_mpool_alloc(ib->mp, strlen(type) + strlen(key) + 2);
memcpy(pr_key, type, strlen(type));
pr_key[strlen(type)] = '.';
memcpy(pr_key + strlen(type) + 1, key, strlen(key));
pr_key[strlen(type) + strlen(key) + 1] = '\0';
rc = ib_hash_set(ib->providers, pr_key, pr);
if (rc != IB_OK) {
IB_FTRACE_RET_STATUS(rc);
}
/* If available, call the registration callback,
* de-registering on failure.
*/
if (prd->fn_reg != NULL) {
rc = prd->fn_reg(ib, pr);
if (rc != IB_OK) {
ib_hash_remove(ib->providers, NULL, pr_key);
}
IB_FTRACE_RET_STATUS(rc);
}
IB_FTRACE_RET_STATUS(IB_OK);
}
static
ib_status_t sqli_dir_fingerprint_set(
ib_cfgparser_t *cp,
const char *directive_name,
const char *set_name,
const char *set_path,
void *cbdata
)
{
assert(cp != NULL);
assert(directive_name != NULL);
assert(set_name != NULL);
assert(set_path != NULL);
ib_status_t rc;
ib_context_t *ctx = NULL;
ib_module_t *m = NULL;
sqli_module_config_t *cfg = NULL;
sqli_fingerprint_set_t *ps = NULL;
ib_mm_t mm;
char *abs_set_path = NULL;
rc = ib_cfgparser_context_current(cp, &ctx);
assert(rc == IB_OK);
assert(ctx != NULL);
if (ctx != ib_context_main(cp->ib)) {
ib_cfg_log_error(cp,
"%s: Only valid at main context.", directive_name
);
return IB_EINVAL;
}
if (strcmp("default", set_name) == 0) {
ib_cfg_log_error(cp,
"%s: default is a reserved set name.", directive_name
);
return IB_EINVAL;
}
mm = ib_engine_mm_main_get(cp->ib);
rc = ib_engine_module_get(
ib_context_get_engine(ctx),
MODULE_NAME_STR,
&m
);
assert(rc == IB_OK);
rc = ib_context_module_config(ctx, m, &cfg);
assert(rc == IB_OK);
if (cfg->fingerprint_sets == NULL) {
rc = ib_hash_create(&cfg->fingerprint_sets, mm);
assert(rc == IB_OK);
}
assert(cfg->fingerprint_sets != NULL);
rc = ib_hash_get(cfg->fingerprint_sets, NULL, set_name);
if (rc == IB_OK) {
ib_cfg_log_error(cp,
"%s: Duplicate fingerprint set definition: %s",
directive_name, set_name
);
return IB_EINVAL;
}
assert(rc == IB_ENOENT);
abs_set_path = ib_util_relative_file(
ib_engine_mm_config_get(cp->ib),
ib_cfgparser_curr_file(cp),
set_path
);
if (abs_set_path == NULL) {
return IB_EALLOC;
}
rc = sqli_create_fingerprint_set_from_file(&ps, abs_set_path, mm);
if (rc != IB_OK) {
ib_cfg_log_error(cp,
"%s: Failure to load fingerprint set from file: %s",
directive_name, abs_set_path
);
return IB_EINVAL;
}
assert(ps != NULL);
rc = ib_hash_set(cfg->fingerprint_sets, ib_mm_strdup(mm, set_name), ps);
assert(rc == IB_OK);
return IB_OK;
}
/**
* Main identity handler. Called both on request_header_finished and
* request_finished: the configured provider decides which state to
* run on, and skips (returns immediately) on the other state.
*
* If configured mode is "Off", just returns. Otherwise calls provider's
* check_id function to check and log user ID. Optionally cycles through
* other providers. Finally, if client is not identified and mode is
* "Require", calls provider's challenge function to ask client to
* identify (e.g. HTTP 401).
*
* @param ib The engine
* @param tx The transaction
* @param state State that triggered the call
* @param cbdata Unused
*/
static ib_status_t ident_handler(ib_engine_t *ib, ib_tx_t *tx,
ib_state_t state,
void *cbdata)
{
ident_cfg_t *cfg;
const char *userid = NULL;
ib_ident_provider_t *provider;
ib_status_t rc;
ib_module_t *m;
assert(state == request_header_finished_state || state == request_finished_state);
rc = ib_engine_module_get(ib, MODULE_NAME_STR, &m);
assert((rc == IB_OK) && (m != NULL));
rc = ib_context_module_config(ib_context_main(ib), m, &cfg);
assert((rc == IB_OK) && (cfg != NULL));
if (cfg->mode == ident_off) {
return IB_OK;
}
if (cfg->type != NULL && cfg->providers != NULL) {
rc = ib_hash_get(cfg->providers, &provider, cfg->type);
if (rc != IB_OK || provider == NULL) {
ib_log_error_tx(tx, "Identifier '%s' configured but not available", cfg->type);
provider = &ident_dummy_provider;
}
}
else {
ib_log_error_tx(tx, "Ident module loaded but not configured!");
provider = &ident_dummy_provider;
}
if (provider->state != state) {
/* This provider doesn't check now */
return IB_OK;
}
/* OK, ident is on. Verify if there is a user ID */
userid = provider->check_id(tx);
if (userid == NULL && cfg->accept_any && cfg->providers != NULL) {
ib_hash_iterator_t *iterator = ib_hash_iterator_create(tx->mm);
ib_ident_provider_t *p;
for (ib_hash_iterator_first(iterator, cfg->providers);
!userid && !ib_hash_iterator_at_end(iterator);
ib_hash_iterator_next(iterator)) {
ib_hash_iterator_fetch(NULL, NULL, &p, iterator);
/* configured provider already checked - so skip it now */
if (p->check_id != provider->check_id) {
userid = p->check_id(tx);
}
}
}
if (userid != NULL) {
ib_log_info(ib, "User identified as %s", userid);
return IB_OK;
}
/* If we haven't configured an ident type, don't enforce */
if (cfg->type == NULL) {
return IB_OK;
}
/* If we're enforcing ident, send a challenge */
return provider->challenge(tx);
}
/**
* Load a eudoxus pattern so it can be used in rules.
*
* The filename should point to a compiled automata. If a relative path is
* given, it will be loaded relative to the current configuration file.
*
* @param[in] cp Configuration parser.
* @param[in] name Directive name.
* @param[in] pattern_name Name to associate with the pattern.
* @param[in] filename Filename to load.
* @param[in] cbdata Callback data (unused)
* @return
* - IB_OK on success.
* - IB_EEXIST if the pattern has already been defined.
* - IB_EINVAL if there was an error loading the automata.
*/
static
ib_status_t load_eudoxus_pattern_param2(ib_cfgparser_t *cp,
const char *name,
const char *pattern_name,
const char *filename,
void *cbdata)
{
ib_engine_t *ib;
ib_status_t rc;
const char *automata_file;
ia_eudoxus_result_t ia_rc;
ib_hash_t *eudoxus_pattern_hash;
ia_eudoxus_t *eudoxus;
const ee_config_t* config;
ib_mm_t mm_tmp;
void *tmp;
assert(cp != NULL);
assert(cp->ib != NULL);
assert(pattern_name != NULL);
assert(filename != NULL);
mm_tmp = ib_engine_mm_temp_get(cp->ib);
ib = cp->ib;
config = ee_get_config(ib);
assert(config != NULL);
eudoxus_pattern_hash = config->eudoxus_pattern_hash;
assert(eudoxus_pattern_hash != NULL);
/* Check if the pattern name is already in use */
rc = ib_hash_get(eudoxus_pattern_hash, &tmp, pattern_name);
if (rc == IB_OK) {
ib_log_error(cp->ib,
MODULE_NAME_STR ": Pattern named \"%s\" already defined",
pattern_name);
return IB_EEXIST;
}
automata_file = ib_util_relative_file(mm_tmp, cp->curr->file, filename);
if (access(automata_file, R_OK) != 0) {
ib_log_error(cp->ib,
MODULE_NAME_STR ": Error accessing eudoxus automata file: %s.",
automata_file);
return IB_EINVAL;
}
ia_rc = ia_eudoxus_create_from_path(&eudoxus, automata_file);
if (ia_rc != IA_EUDOXUS_OK) {
ib_log_error(cp->ib,
MODULE_NAME_STR ": Error loading eudoxus automata file[%d]: %s.",
ia_rc, automata_file);
return IB_EINVAL;
}
rc = ib_hash_set(eudoxus_pattern_hash, pattern_name, eudoxus);
if (rc != IB_OK) {
ia_eudoxus_destroy(eudoxus);
return rc;
}
return IB_OK;
}