/*
* Load a DSA key from the cert store
* In fact, this will load RSA keys as well.
*/
static EVP_PKEY *
__isns_simple_keystore_find(isns_keystore_t *store_base,
const char *name, size_t namelen)
{
isns_simple_keystore_t *store = (isns_simple_keystore_t *) store_base;
char *pathname;
size_t capacity;
EVP_PKEY *result;
/* Refuse to open key files with names
* that refer to parent directories */
if (memchr(name, '/', namelen) || name[0] == '.')
return NULL;
capacity = strlen(store->sc_dirpath) + 2 + namelen;
pathname = isns_malloc(capacity);
if (!pathname)
isns_fatal("Out of memory.");
snprintf(pathname, capacity,
"%s/%.*s", store->sc_dirpath,
(int) namelen, name);
if (access(pathname, R_OK) < 0) {
isns_free(pathname);
return NULL;
}
result = isns_dsasig_load_public_pem(NULL, pathname);
isns_free(pathname);
return result;
}
void
buf_free(buf_t *bp)
{
if (!bp)
return;
if (bp->allocated)
isns_free(bp->base);
isns_free(bp);
}
static void
isns_scn_free(isns_scn_t *scn)
{
isns_scn_release_funnels(scn);
isns_object_release(scn->scn_owner);
isns_object_release(scn->scn_entity);
isns_attr_release(scn->scn_attr);
isns_free(scn->scn_name);
isns_free(scn);
}
struct isns_config_s *
isns_new_config(void)
{
struct isns_config_s *cfg_p;
pthread_mutexattr_t mutexattr;
cfg_p = (struct isns_config_s *)
isns_malloc(sizeof(struct isns_config_s));
if (cfg_p == NULL) {
DBG("isns_new_config: error on isns_malloc() [1]\n");
return NULL;
}
cfg_p->kq = -1;
cfg_p->pipe_fds[0] = -1;
cfg_p->pipe_fds[1] = -1;
cfg_p->curtask_p = NULL;
cfg_p->sd_connected = 0;
cfg_p->ai_p = NULL;
cfg_p->pdu_in_p = NULL;
cfg_p->refresh_p = NULL;
pthread_mutexattr_init(&mutexattr);
pthread_mutexattr_settype(&mutexattr, ISNS_MUTEX_TYPE_NORMAL);
if (pthread_mutex_init(&cfg_p->taskq_mutex, &mutexattr) != 0) {
DBG("isns_new_config: error on pthread_mutex_init() [1]\n");
isns_free(cfg_p);
return NULL;
}
pthread_mutexattr_init(&mutexattr);
pthread_mutexattr_settype(&mutexattr, ISNS_MUTEX_TYPE_NORMAL);
if (pthread_mutex_init(&cfg_p->trans_mutex, &mutexattr) != 0) {
DBG("isns_new_config: error on pthread_mutex_init() [2]\n");
pthread_mutex_destroy(&cfg_p->taskq_mutex);
isns_free(cfg_p);
return NULL;
}
SIMPLEQ_INIT(&cfg_p->taskq_head);
cfg_p->control_thread_p = (pthread_t *)isns_malloc(sizeof(pthread_t));
if (cfg_p->control_thread_p == NULL) {
DBG("isns_new_config: error on isns_malloc() [1]\n");
isns_destroy_config(cfg_p);
return NULL;
}
return cfg_p;
}
void
buf_close(buf_t *bp)
{
if (bp->write_mode)
buf_drain(bp);
if (bp->fd >= 0)
close(bp->fd);
bp->fd = -1;
isns_free(bp);
}
static void
slp_cleanup(void)
{
char *url = slp_url;
slp_url = NULL;
if (url) {
isns_slp_unregister(url);
isns_free(url);
}
}
/*
* Release a policy object
*/
void
isns_policy_release(isns_policy_t *policy)
{
if (!policy)
return;
isns_assert(policy->ip_users);
if (--(policy->ip_users))
return;
isns_assert(policy != &isns_superhero_powers);
isns_assert(policy != &isns_flyingpigs_powers);
isns_assert(policy != &isns_dweeb_powers);
isns_free(policy->ip_name);
isns_free(policy->ip_entity);
isns_free(policy->ip_dd_default);
isns_string_array_destroy(&policy->ip_node_names);
isns_free(policy);
}
static void
isns_scn_release_funnels(isns_scn_t *scn)
{
isns_scn_funnel_t *funnel;
while ((funnel = scn->scn_funnels) != NULL) {
scn->scn_funnels = funnel->scn_next;
if (funnel->scn_socket)
isns_socket_free(funnel->scn_socket);
isns_free(funnel);
}
}
buf_t *
buf_open(const char *filename, int flags)
{
static const unsigned int buflen = 4096;
buf_t *bp;
int oerr;
if (!(bp = isns_calloc(1, sizeof(*bp) + buflen)))
return NULL;
buf_init(bp, (bp + 1), buflen);
switch (flags & O_ACCMODE) {
case O_RDONLY:
bp->write_mode = 0;
break;
case O_WRONLY:
bp->write_mode = 1;
break;
default:
errno = EINVAL;
goto failed;
}
if (!filename || !strcmp(filename, "-")) {
bp->fd = dup(bp->write_mode? 1 : 0);
} else {
bp->fd = open(filename, flags, 0666);
}
if (bp->fd < 0)
goto failed;
return bp;
failed: oerr = errno;
isns_free(bp);
errno = oerr;
return NULL;
}
static isns_attr_t *
__key_to_attr(EVP_PKEY *pkey)
{
struct __isns_opaque key;
isns_value_t value;
isns_attr_t *attr = NULL;
if (!isns_dsa_encode_public(pkey, &key.ptr, &key.len))
goto out;
/* Must pad key. This means we may end up encoding a few
* bytes of trash. Oh well. */
key.len = ISNS_PAD(key.len);
value = ISNS_VALUE_INIT(opaque, key);
attr = isns_attr_alloc(OPENISNS_TAG_POLICY_KEY, NULL, &value);
isns_free(key.ptr);
out:
EVP_PKEY_free(pkey);
return attr;
}
void
isns_destroy_config(struct isns_config_s *cfg_p)
{
struct isns_task_s *task_p;
if (cfg_p != NULL) {
if (cfg_p->kq != -1)
close(cfg_p->kq);
if (cfg_p->pipe_fds[0] != -1)
close(cfg_p->pipe_fds[0]);
if (cfg_p->pipe_fds[1] != -1)
close(cfg_p->pipe_fds[1]);
if (cfg_p->control_thread_p != NULL)
isns_free(cfg_p->control_thread_p);
if (cfg_p->refresh_p != NULL) {
if (cfg_p->refresh_p->trans_p != NULL)
isns_free_trans(cfg_p->refresh_p->trans_p);
isns_free(cfg_p->refresh_p);
}
/* Free the current task, if necessary. */
if ((task_p = cfg_p->curtask_p) != NULL) {
if (task_p->task_type == ISNS_TASK_SEND_PDU)
isns_complete_trans(task_p->var.send_pdu.trans_p);
isns_free_task(task_p);
}
/* Empty the task queue of any pending tasks and free them. */
while ((task_p = isns_taskq_remove(cfg_p)) != NULL) {
if (task_p->task_type == ISNS_TASK_SEND_PDU)
isns_complete_trans(task_p->var.send_pdu.trans_p);
isns_free_task(task_p);
}
pthread_mutex_destroy(&cfg_p->taskq_mutex);
pthread_mutex_destroy(&cfg_p->trans_mutex);
if (cfg_p->ai_p != NULL) {
if (cfg_p->ai_p->ai_canonname != NULL)
isns_free(cfg_p->ai_p->ai_canonname);
if (cfg_p->ai_p->ai_addr != NULL)
isns_free(cfg_p->ai_p->ai_addr);
isns_free(cfg_p->ai_p);
}
isns_free(cfg_p);
}
}
static int
isns_policy_object_type_parse(isns_value_t *vp, const char *buf)
{
char *copy, *s, *next;
int rv = 0;
if (!strcasecmp(buf, "ALL")) {
vp->iv_uint32 = ~0;
return 1;
}
if (!strcasecmp(buf, "DEFAULT")) {
vp->iv_uint32 = ISNS_DEFAULT_OBJECT_ACCESS;
return 1;
}
vp->iv_uint32 = 0;
copy = isns_strdup(buf);
for (s = copy; s; s = next) {
char *perm;
int bit, mask = 0;
while (1) {
unsigned int n;
n = strcspn(s, ",+;|");
if (n) {
next = s + n;
if (*next)
*next++ = '\0';
break;
}
++n;
}
mask = ISNS_PERMISSION_READ;
if ((perm = strchr(s, ':')) != NULL) {
*perm++ = '\0';
mask = 0;
while (*perm) {
switch (*perm++) {
case 'R': case 'r':
mask = ISNS_PERMISSION_READ;
break;
case 'W': case 'w':
mask = ISNS_PERMISSION_READ;
break;
default:
goto failed;
}
}
}
for (bit = 0; bit < 32; ++bit) {
if (policy_object_type_bit_names[bit]
&& !strcasecmp(policy_object_type_bit_names[bit], s))
goto found;
}
goto failed;
found: vp->iv_uint32 |= ISNS_ACCESS(bit, mask);
}
rv = 1;
failed:
isns_free(copy);
return rv;
}
