static void
onConfig(const ConfigSection& configSection,
         bool isDryRun,
         const std::string& filename)
{
  // general
  // {
  //    ; user "ndn-user"
  //    ; group "ndn-user"
  // }

  std::string user;
  std::string group;

  for (ConfigSection::const_iterator i = configSection.begin();
       i != configSection.end();
       ++i)
    {
      if (i->first == "user")
        {
          try
            {
              user = i->second.get_value<std::string>("user");

              if (user.empty())
                {
                  throw ConfigFile::Error("Invalid value for \"user\""
                                          " in \"general\" section");
                }
            }
          catch (const boost::property_tree::ptree_error& error)
            {
              throw ConfigFile::Error("Invalid value for \"user\""
                                      " in \"general\" section");
            }
        }
      else if (i->first == "group")
        {
          try
            {
              group = i->second.get_value<std::string>("group");

              if (group.empty())
                {
                  throw ConfigFile::Error("Invalid value for \"group\""
                                          " in \"general\" section");
                }
            }
          catch (const boost::property_tree::ptree_error& error)
            {
              throw ConfigFile::Error("Invalid value for \"group\""
                                      " in \"general\" section");
            }
        }
    }
  NFD_LOG_TRACE("using user \"" << user << "\" group \"" << group << "\"");

  PrivilegeHelper::initialize(user, group);
}
Пример #2
0
  static shared_ptr<Filter>
  create(const ConfigSection& configSection)
  {
    ConfigSection::const_iterator propertyIt = configSection.begin();

    if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
      throw Error("Expect <filter.type>!");

    std::string type = propertyIt->second.data();

    if (boost::iequals(type, "name"))
      return createNameFilter(configSection);
    else
      throw Error("Unsupported filter.type: " + type);
  }
Пример #3
0
  static shared_ptr<KeyLocatorChecker>
  create(const ConfigSection& configSection, const std::string& filename)
  {
    ConfigSection::const_iterator propertyIt = configSection.begin();

    // Get checker.key-locator.type
    if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
      BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.type>!"));

    std::string type = propertyIt->second.data();

    if (boost::iequals(type, "name"))
      return createKeyLocatorNameChecker(configSection, filename);
    else
      BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator.type: " + type));
  }
Пример #4
0
  static shared_ptr<Filter>
  createNameFilter(const ConfigSection& configSection)
  {
    ConfigSection::const_iterator propertyIt = configSection.begin();
    propertyIt++;

    if (propertyIt == configSection.end())
      throw Error("Expect more properties for filter(name)");

    if (boost::iequals(propertyIt->first, "name"))
      {
        // Get filter.name
        Name name;
        try
          {
            name = Name(propertyIt->second.data());
          }
        catch (Name::Error& e)
          {
            throw Error("Wrong filter.name: " + propertyIt->second.data());
          }

        propertyIt++;

        // Get filter.relation
        if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "relation"))
          throw Error("Expect <filter.relation>!");

        std::string relationString = propertyIt->second.data();
        propertyIt++;

        RelationNameFilter::Relation relation;
        if (boost::iequals(relationString, "equal"))
          relation = RelationNameFilter::RELATION_EQUAL;
        else if (boost::iequals(relationString, "is-prefix-of"))
          relation = RelationNameFilter::RELATION_IS_PREFIX_OF;
        else if (boost::iequals(relationString, "is-strict-prefix-of"))
          relation = RelationNameFilter::RELATION_IS_STRICT_PREFIX_OF;
        else
          throw Error("Unsupported relation: " + relationString);


        if (propertyIt != configSection.end())
          throw Error("Expect the end of filter!");

        return make_shared<RelationNameFilter>(name, relation);
      }
    else if (boost::iequals(propertyIt->first, "regex"))
      {
        std::string regexString = propertyIt->second.data();
        propertyIt++;

        if (propertyIt != configSection.end())
          throw Error("Expect the end of filter!");

        try
          {
            return shared_ptr<RegexNameFilter>(new RegexNameFilter(regexString));
          }
        catch (Regex::Error& e)
          {
            throw Error("Wrong filter.regex: " + regexString);
          }
      }
    else
      throw Error("Wrong filter(name) properties");
  }
Пример #5
0
  static shared_ptr<KeyLocatorChecker>
  createKeyLocatorNameChecker(const ConfigSection& configSection,
                              const std::string& filename)
  {
    ConfigSection::const_iterator propertyIt = configSection.begin();
    propertyIt++;

    if (propertyIt == configSection.end())
      BOOST_THROW_EXCEPTION(Error("Expect more checker.key-locator properties"));

    if (boost::iequals(propertyIt->first, "name"))
      {
        Name name;
        try
          {
            name = Name(propertyIt->second.data());
          }
        catch (Name::Error& e)
          {
            BOOST_THROW_EXCEPTION(Error("Invalid checker.key-locator.name: " +
                                        propertyIt->second.data()));
          }
        propertyIt++;

        if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "relation"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.relation>!"));

        std::string relationString = propertyIt->second.data();
        propertyIt++;

        KeyLocatorChecker::Relation relation;
        if (boost::iequals(relationString, "equal"))
          relation = KeyLocatorChecker::RELATION_EQUAL;
        else if (boost::iequals(relationString, "is-prefix-of"))
          relation = KeyLocatorChecker::RELATION_IS_PREFIX_OF;
        else if (boost::iequals(relationString, "is-strict-prefix-of"))
          relation = KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF;
        else
          BOOST_THROW_EXCEPTION(Error("Unsupported relation: " + relationString));

        if (propertyIt != configSection.end())
          BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator!"));

        return shared_ptr<RelationKeyLocatorNameChecker>
          (new RelationKeyLocatorNameChecker(name, relation));
      }
    else if (boost::iequals(propertyIt->first, "regex"))
      {
        std::string regexString = propertyIt->second.data();
        propertyIt++;

        if (propertyIt != configSection.end())
          BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator!"));

        try
          {
            return shared_ptr<RegexKeyLocatorNameChecker>
              (new RegexKeyLocatorNameChecker(regexString));
          }
        catch (Regex::Error& e)
          {
            BOOST_THROW_EXCEPTION(Error("Invalid checker.key-locator.regex: " + regexString));
          }
      }
    else if (boost::iequals(propertyIt->first, "hyper-relation"))
      {
        const ConfigSection& hSection = propertyIt->second;

        ConfigSection::const_iterator hPropertyIt = hSection.begin();

        // Get k-regex
        if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "k-regex"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.k-regex>!"));

        std::string kRegex = hPropertyIt->second.data();
        hPropertyIt++;

        // Get k-expand
        if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "k-expand"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.k-expand>!"));

        std::string kExpand = hPropertyIt->second.data();
        hPropertyIt++;

        // Get h-relation
        if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "h-relation"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.h-relation>!"));

        std::string hRelation = hPropertyIt->second.data();
        hPropertyIt++;

        // Get p-regex
        if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "p-regex"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.p-regex>!"));

        std::string pRegex = hPropertyIt->second.data();
        hPropertyIt++;

        // Get p-expand
        if (hPropertyIt == hSection.end() || !boost::iequals(hPropertyIt->first, "p-expand"))
          BOOST_THROW_EXCEPTION(Error("Expect <checker.key-locator.hyper-relation.p-expand>!"));

        std::string pExpand = hPropertyIt->second.data();
        hPropertyIt++;

        if (hPropertyIt != hSection.end())
          BOOST_THROW_EXCEPTION(Error("Expect the end of checker.key-locator.hyper-relation!"));

        KeyLocatorChecker::Relation relation;
        if (boost::iequals(hRelation, "equal"))
          relation = KeyLocatorChecker::RELATION_EQUAL;
        else if (boost::iequals(hRelation, "is-prefix-of"))
          relation = KeyLocatorChecker::RELATION_IS_PREFIX_OF;
        else if (boost::iequals(hRelation, "is-strict-prefix-of"))
          relation = KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF;
        else
          BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator.hyper-relation.h-relation: "
                                      + hRelation));

        try
          {
            return shared_ptr<HyperKeyLocatorNameChecker>
              (new HyperKeyLocatorNameChecker(pRegex, pExpand,
                                              kRegex, kExpand,
                                              relation));
          }
        catch (Regex::Error& e)
          {
            BOOST_THROW_EXCEPTION(Error("Invalid regex for key-locator.hyper-relation"));
          }
      }
    else
      BOOST_THROW_EXCEPTION(Error("Unsupported checker.key-locator"));
  }
void
CommandValidator::onConfig(const ConfigSection& section,
                           bool isDryRun,
                           const std::string& filename)
{
  using namespace boost::filesystem;

  const ConfigSection EMPTY_SECTION;

  m_validator.reset();

  if (section.begin() == section.end())
    {
      throw ConfigFile::Error("No authorize sections found");
    }

  std::stringstream dryRunErrors;
  ConfigSection::const_iterator authIt;
  for (authIt = section.begin(); authIt != section.end(); authIt++)
    {
      std::string certfile;
      try
        {
          certfile = authIt->second.get<std::string>("certfile");
        }
      catch (const std::runtime_error& e)
        {
          std::string msg = "No certfile specified";
          if (!isDryRun)
            {
              throw ConfigFile::Error(msg);
            }
          aggregateErrors(dryRunErrors, msg);
          continue;
        }

      shared_ptr<ndn::IdentityCertificate> id;

      if (certfile != "any")
        {
          path certfilePath = absolute(certfile, path(filename).parent_path());
          NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());

          std::ifstream in;
          in.open(certfilePath.c_str());
          if (!in.is_open())
            {
              std::string msg = "Unable to open certificate file " + certfilePath.native();
              if (!isDryRun)
                {
                  throw ConfigFile::Error(msg);
                }
              aggregateErrors(dryRunErrors, msg);
              continue;
            }

          try
            {
              id = ndn::io::load<ndn::IdentityCertificate>(in);
            }
          catch (const std::runtime_error& error)
            {
              // do nothing
            }

          if (!static_cast<bool>(id)) {
            std::string msg = "Malformed certificate file " + certfilePath.native();
            if (!isDryRun)
              {
                throw ConfigFile::Error(msg);
              }
            aggregateErrors(dryRunErrors, msg);
            continue;
          }

          in.close();
        }

      std::string keyNameForLogging;
      if (static_cast<bool>(id))
        keyNameForLogging = id->getPublicKeyName().toUri();
      else
        {
          keyNameForLogging = "wildcard";
          NFD_LOG_WARN("Wildcard identity is intended for demo purpose only and " <<
                       "SHOULD NOT be used in production environment");
        }
      const ConfigSection* privileges = 0;
      try
        {
          privileges = &authIt->second.get_child("privileges");
        }
      catch (const std::runtime_error& error)
        {
          std::string msg = "No privileges section found for certificate file " +
            certfile + " (" + keyNameForLogging + ")";
          if (!isDryRun)
            {
              throw ConfigFile::Error(msg);
            }
          aggregateErrors(dryRunErrors, msg);
          continue;
        }

      if (privileges->begin() == privileges->end())
        {
          NFD_LOG_WARN("No privileges specified for certificate file " << certfile
                       << " (" << keyNameForLogging << ")");
        }

      ConfigSection::const_iterator privIt;
      for (privIt = privileges->begin(); privIt != privileges->end(); privIt++)
        {
          const std::string& privilegeName = privIt->first;
          if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
            {
              NFD_LOG_INFO("Giving privilege \"" << privilegeName
                           << "\" to identity " << keyNameForLogging);
              if (!isDryRun)
                {
                  const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
                  if (static_cast<bool>(id))
                    m_validator.addInterestRule(regex, *id);
                  else
                    m_validator.addInterestBypassRule(regex);
                }
            }
          else
            {
              // Invalid configuration
              std::string msg = "Invalid privilege \"" + privilegeName +
                "\" for certificate file " + certfile + " (" + keyNameForLogging + ")";
              if (!isDryRun)
                {
                  throw ConfigFile::Error(msg);
                }
              aggregateErrors(dryRunErrors, msg);
            }
        }
    }

  if (!dryRunErrors.str().empty())
    {
      throw ConfigFile::Error(dryRunErrors.str());
    }
}