static const char *am_set_opt(cmd_parms *c, void *cfg, const char *arg) {
amagent_config_t *conf = (amagent_config_t *)
ap_get_module_config(c->server->module_config, &amagent_module);
if (conf) {
const char *name = c->cmd->name;
if (name) {
if (strcmp(name, "AmAgentConf") == 0) {
am_config_t *ac = NULL;
conf->config = apr_psprintf(c->pool, "%s", arg);
conf->config_id = am_instance_id(conf->config);
/* read and parse agent bootstrap configuration */
ac = am_get_config_file(conf->config_id, conf->config);
if (ac != NULL) {
conf->debug_file = ac->debug_file != NULL ? apr_pstrdup(c->pool, ac->debug_file) : NULL;
conf->audit_file = ac->audit_file != NULL ? apr_pstrdup(c->pool, ac->audit_file) : NULL;
conf->debug_level = ac->debug_level;
conf->audit_level = ac->audit_level;
conf->error = AM_SUCCESS;
am_config_free(&ac);
} else {
conf->error = AM_FILE_ERROR;
}
} else if (strcmp(name, "AmAgent") == 0) {
if (!strcasecmp(arg, "on")) {
conf->enabled = 1;
} else {
conf->enabled = 0;
}
}
}
}
return NULL;
}
void test_config_url_maps(void **state) {
int i;
am_config_t * conf;
char *value;
char buffer [] = "config-tests-XXXXXXX";
char *path = mktemp(buffer);
char *configs =
"com.sun.identity.agents.config.repository.location = local\n"
"com.sun.identity.agents.config.notenforced.regex.enable = false\n"
"com.sun.identity.agents.config.notenforced.url[0] = http://a.b.c/path\n"
"com.sun.identity.agents.config.notenforced.url[1] = https://a.b.c:1234/path\n"
"org.forgerock.agents.config.notenforced.ext.regex.enable = false\n"
"org.forgerock.agents.config.notenforced.ipurl[0] = http://a.b.c/path\n"
"org.forgerock.agents.config.notenforced.ipurl[1] = https://a.b.c/path\n"
"org.forgerock.agents.config.logout.regex.enable = false\n"
"com.sun.identity.agents.config.agent.logout.url[0]= http://a.b.c/path\n"
"com.sun.identity.agents.config.agent.logout.url[1]= https://a.b.c/path\n"
"org.forgerock.agents.config.json.url[0] = http://a.b.c/path\n"
"org.forgerock.agents.config.json.url[1] = https://a.b.c/path\n"
"";
write_file(path, configs, strlen(configs));
conf = am_get_config_file(1, path);
assert_int_equal(!conf->not_enforced_regex_enable, AM_TRUE);
assert_int_equal(conf->not_enforced_map_sz, 2);
assert_string_equal(conf->not_enforced_map[0].value, "http://a.b.c:80/path");
assert_string_equal(conf->not_enforced_map[1].value, "https://a.b.c:1234/path");
assert_int_equal(!conf->not_enforced_ext_regex_enable, AM_TRUE);
assert_int_equal(conf->not_enforced_ext_map_sz, 2);
assert_string_equal(conf->not_enforced_ext_map[0].value, "http://a.b.c:80/path");
assert_string_equal(conf->not_enforced_ext_map[1].value, "https://a.b.c:443/path");
assert_int_equal(!conf->logout_regex_enable, AM_TRUE);
assert_int_equal(conf->logout_map_sz, 2);
assert_string_equal(conf->logout_map[0].value, "http://a.b.c:80/path");
assert_string_equal(conf->logout_map[1].value, "https://a.b.c:443/path");
assert_int_equal(conf->json_url_map_sz, 2);
assert_string_equal(conf->json_url_map[0].value, "http://a.b.c:80/path");
assert_string_equal(conf->json_url_map[1].value, "https://a.b.c:443/path");
unlink(path);
}
void url_validator_worker(void *arg) {
static const char *thisfunc = "url_validator_worker():";
struct url_validator_worker_data *w = (struct url_validator_worker_data *) arg;
am_net_options_t *net_options;
int i, validate_status;
am_config_t *conf = NULL;
time_t current_ts;
struct url_valid_table *e, *t;
int current_index, current_ok, current_fail, default_ok, next_ok;
char **url_list;
int url_list_sz = 0;
int ping_diff;
set_valid_url_instance_running(w->instance_id, AM_TRUE);
conf = am_get_config_file(w->instance_id, w->config_path);
if (conf == NULL) {
AM_LOG_WARNING(w->instance_id, "%s failed to get agent configuration (%s)",
thisfunc, LOGEMPTY(w->config_path));
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(w->config_path, w);
return;
}
ping_diff = MAX(MIN_URL_VALIDATOR_TICK, conf->valid_ping);
current_ts = time(NULL);
/* this index corresponds to the naming.url multi-value index */
current_index = w->url_index;
if (conf->valid_level > 1 || conf->naming_url_sz < 2 || conf->naming_url_sz != conf->valid_default_url_sz ||
(current_ts - w->last) < ping_diff) {
/* a) validation is disabled; b) there is nothing to validate;
* c) naming.url list and default.url list sizes do not match or
* d) its not time yet to do any validation
*/
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(w->config_path, w);
return;
}
if (current_index < 0 || current_index >= conf->naming_url_sz) {
AM_LOG_WARNING(w->instance_id,
"%s invalid current index value, defaulting to %s", thisfunc, conf->naming_url[0]);
set_valid_url_index(w->instance_id, 0);
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(w->config_path, w);
return;
}
#define URL_LIST_FREE(l, s) do { \
int k; \
if (l == NULL) break; \
for (k = 0; k < s; k++) { \
am_free(l[k]); \
}\
free(l); \
} while (0)
net_options = calloc(1, sizeof (am_net_options_t));
if (net_options == NULL) {
AM_LOG_ERROR(w->instance_id, "%s memory allocation error", thisfunc);
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(w->config_path, w);
return;
}
url_list = (char **) calloc(1, conf->naming_url_sz * sizeof (char *));
if (url_list == NULL) {
AM_LOG_ERROR(w->instance_id, "%s memory allocation error", thisfunc);
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(net_options, w->config_path, w);
return;
}
url_list_sz = conf->naming_url_sz;
for (i = 0; i < url_list_sz; i++) {
/* default.url.set contains fail-over order;
* will keep internal value list index-ordered
**/
int j = conf->valid_default_url[i];
url_list[i] = strdup(conf->naming_url[j]);
if (url_list[i] == NULL) {
URL_LIST_FREE(url_list, url_list_sz);
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(net_options, w->config_path, w);
return;
}
}
am_net_options_create(conf, net_options, NULL);
net_options->keepalive = AM_FALSE;
net_options->local = net_options->cert_trust = AM_TRUE;
net_options->net_timeout = 2; /* fixed for url validator; in sec */
/* do the actual url validation */
for (i = 0; i < url_list_sz; i++) {
const char *url = url_list[i];
int ok = 0, fail = 0, httpcode = 0;
get_validation_table_entry(w->instance_id, i, &ok, &fail, NULL);
AM_LOG_DEBUG(w->instance_id, "%s validating %s", thisfunc, url);
if (conf->valid_level == 1) {
/* simple HEAD request */
validate_status = am_url_validate(w->instance_id, url, net_options, &httpcode);
} else {
/* full scale agent login-logout request */
char *agent_token = NULL;
validate_status = am_agent_login(w->instance_id, url, conf->user, conf->pass, conf->realm,
net_options, &agent_token, NULL, NULL, NULL);
if (agent_token != NULL) {
am_agent_logout(0, url, agent_token, net_options);
free(agent_token);
httpcode = 200;
}
}
if (validate_status == AM_SUCCESS && httpcode != 0) {
if (ok++ > conf->valid_ping_ok) {
ok = conf->valid_ping_ok;
}
fail = 0;
} else {
if (fail++ > conf->valid_ping_miss) {
fail = conf->valid_ping_miss;
}
ok = 0;
}
set_validation_table_entry(w->instance_id, i, ok, fail);
}
/* map stored index value to our ordered list index */
for (i = 0; i < conf->valid_default_url_sz; i++) {
if (current_index == conf->valid_default_url[i]) {
current_index = i;
break;
}
}
default_ok = current_ok = current_fail = 0;
/* fetch validation table entry for the current_index
* (which now corresponds to the default.url.set value/index) */
get_validation_table_entry(w->instance_id, current_index, ¤t_ok, ¤t_fail, &default_ok);
/* do the fail-over logic */
do {
if (current_ok > 0) {
if (current_index > 0 && default_ok >= conf->valid_ping_ok) {
set_valid_url_index(w->instance_id, conf->valid_default_url[0]);
AM_LOG_INFO(w->instance_id, "%s fail-back to %s", thisfunc, url_list[0]);
} else {
set_valid_url_index(w->instance_id, conf->valid_default_url[current_index]);
AM_LOG_INFO(w->instance_id, "%s continue with %s", thisfunc, url_list[current_index]);
}
break;
}
/* current index is not valid; check ping.miss.count */
if (current_ok == 0 && current_fail <= conf->valid_ping_miss) {
set_valid_url_index(w->instance_id, conf->valid_default_url[current_index]);
AM_LOG_INFO(w->instance_id, "%s still staying with %s", thisfunc, url_list[current_index]);
break;
}
/* find next valid index value to fail-over to */
next_ok = 0;
AM_MUTEX_LOCK(&table_mutex);
AM_LIST_FOR_EACH(table, e, t) {
if (e->instance_id == w->instance_id && e->index == 0) {
default_ok = e->ok;
}
if (e->instance_id == w->instance_id && e->ok > 0) {
next_ok = e->ok;
i = e->index;
break;
}
}
AM_MUTEX_UNLOCK(&table_mutex);
if (next_ok == 0) {
AM_LOG_WARNING(w->instance_id,
"%s none of the values are valid, defaulting to %s", thisfunc, url_list[0]);
set_valid_url_index(w->instance_id, conf->valid_default_url[0]);
break;
}
if (current_index > 0 && default_ok >= conf->valid_ping_ok) {
AM_LOG_INFO(w->instance_id, "%s fail-back to %s", thisfunc, url_list[0]);
set_valid_url_index(w->instance_id, conf->valid_default_url[0]);
break;
}
AM_LOG_INFO(w->instance_id, "%s fail-over to %s", thisfunc, url_list[i]);
set_valid_url_index(w->instance_id, conf->valid_default_url[i]);
} while (0);
am_net_options_delete(net_options);
free(net_options);
am_config_free(&conf);
set_valid_url_instance_running(w->instance_id, AM_FALSE);
AM_FREE(w->config_path, w);
URL_LIST_FREE(url_list, url_list_sz);
}
