static TRP_REQ *tr_msg_decode_trp_req(TALLOC_CTX *mem_ctx, json_t *jreq) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TRP_REQ *req=NULL; char *s=NULL; TRP_RC rc=TRP_ERROR; /* check message type and body type for agreement */ req=trp_req_new(tmp_ctx); if (req==NULL) { rc=TRP_NOMEM; goto cleanup; } rc=tr_msg_get_json_string(jreq, "community", &s, tmp_ctx); if (rc!=TRP_SUCCESS) goto cleanup; trp_req_set_comm(req, tr_new_name(s)); talloc_free(s); s=NULL; rc=tr_msg_get_json_string(jreq, "realm", &s, tmp_ctx); if (rc!=TRP_SUCCESS) goto cleanup; trp_req_set_realm(req, tr_new_name(s)); talloc_free(s); s=NULL; rc=TRP_SUCCESS; talloc_steal(mem_ctx, req); cleanup: talloc_free(tmp_ctx); if (rc!=TRP_SUCCESS) return NULL; return req; }
static int tids_handle_request(TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp) { int rc=-1; /* Check that this is a valid TID Request. If not, send an error return. */ if ((!req) || (!(req->rp_realm)) || (!(req->realm)) || (!(req->comm))) { tr_notice("tids_handle_request(): Not a valid TID Request."); tid_resp_set_result(resp, TID_ERROR); tid_resp_set_err_msg(resp, tr_new_name("Bad request format")); return -1; } tr_debug("tids_handle_request: adding self to req path."); tid_req_add_path(req, tids->hostname, tids->tids_port); /* Call the caller's request handler */ /* TBD -- Handle different error returns/msgs */ if (0 > (rc = (*tids->req_handler)(tids, req, resp, tids->cookie))) { /* set-up an error response */ tr_debug("tids_handle_request: req_handler returned error."); tid_resp_set_result(resp, TID_ERROR); if (!tid_resp_get_err_msg(resp)) /* Use msg set by handler, if any */ tid_resp_set_err_msg(resp, tr_new_name("Internal processing error")); } else { /* set-up a success response */ tr_debug("tids_handle_request: req_handler returned success."); tid_resp_set_result(resp, TID_SUCCESS); resp->err_msg = NULL; /* No error msg on successful return */ } return rc; }
static TR_CONSTRAINT *tr_cfg_parse_one_constraint (TR_CFG *trc, char *ctype, json_t *jc, TR_CFG_RC *rc) { TR_CONSTRAINT *cons; int i; if ((!trc) || (!ctype) || (!jc) || (!rc) || (!json_is_array(jc)) || (0 >= json_array_size(jc)) || (TR_MAX_CONST_MATCHES < json_array_size(jc)) || (!json_is_string(json_array_get(jc, 0)))) { tr_debug("tr_cfg_parse_one_constraint: config error."); *rc = TR_CFG_NOPARSE; return NULL; } if (NULL == (cons = talloc(trc, TR_CONSTRAINT))) { tr_debug("tr_cfg_parse_one_constraint: Out of memory (cons)."); *rc = TR_CFG_NOMEM; return NULL; } memset(cons, 0, sizeof(TR_CONSTRAINT)); if (NULL == (cons->type = tr_new_name(ctype))) { tr_debug("tr_cfg_parse_one_constraint: Out of memory (type)."); *rc = TR_CFG_NOMEM; return NULL; } for (i = 0; i < json_array_size(jc); i++) { cons->matches[i] = tr_new_name((char *)(json_string_value(json_array_get(jc, i)))); } return cons; }
static TR_IDP_REALM *tr_cfg_parse_comm_idps (TR_CFG *trc, json_t *jidps, TR_CFG_RC *rc) { TR_IDP_REALM *idp = NULL; TR_IDP_REALM *temp_idp = NULL; int i = 0; if ((!trc) || (!jidps) || (!json_is_array(jidps))) { if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } for (i = 0; i < json_array_size(jidps); i++) { if (NULL == (temp_idp = (tr_cfg_find_idp(trc, tr_new_name((char *)json_string_value(json_array_get(jidps, i))), rc)))) { tr_debug("tr_cfg_parse_comm_idps: Unknown IDP %s.", (char *)json_string_value(json_array_get(jidps, i))); return NULL; } temp_idp->comm_next = idp; idp = temp_idp; } return idp; }
static TR_APC *tr_cfg_parse_apcs (TR_CFG *trc, json_t *japcs, TR_CFG_RC *rc) { TR_APC *apc; *rc = TR_CFG_SUCCESS; /* presume success */ if ((!trc) || (!japcs) || (!rc)) { tr_debug("tr_cfg_parse_apcs: Bad parameters."); if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } if (NULL == (apc = talloc(trc, TR_APC))) { tr_debug("tr_cfg_parse_apcs: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } memset(apc, 0, sizeof(TR_APC)); /* TBD, deal with more than one APC. In the meantime, though... */ /* Only parse the first APC, because we only know how to deal with one, anyway. */ if (0 == json_array_size(japcs)) return NULL; if (NULL == (apc->id = tr_new_name((char *)json_string_value(json_array_get(japcs, 0))))) { tr_debug("tr_cfg_parse_apcs: No memory for APC name."); *rc = TR_CFG_NOMEM; return NULL; } return apc; }
/** * Encode/send an error response * * Part of the public interface * * @param tids * @param req * @param err_msg * @return */ int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg) { TID_RESP *resp = NULL; int rc = 0; if ((!tids) || (!req) || (!err_msg)) { tr_debug("tids_send_err_response: Invalid parameters."); return -1; } /* If we already sent a response, don't send another no matter what. */ if (req->resp_sent) return 0; if (NULL == (resp = tids_create_response(req, req))) { tr_crit("tids_send_err_response: Can't create response."); return -1; } /* mark this as an error response, and include the error message */ resp->result = TID_ERROR; resp->err_msg = tr_new_name((char *)err_msg); resp->error_path = req->path; rc = tids_send_response(tids, req, resp); tid_resp_free(resp); return rc; }
static int tr_msg_decode_one_server(json_t *jsrvr, TID_SRVR_BLK *srvr) { json_t *jsrvr_addr = NULL; json_t *jsrvr_kn = NULL; json_t *jsrvr_dh = NULL; json_t *jsrvr_expire = NULL; if (jsrvr == NULL) return -1; if ((NULL == (jsrvr_addr = json_object_get(jsrvr, "server_addr"))) || (NULL == (jsrvr_kn = json_object_get(jsrvr, "key_name"))) || (NULL == (jsrvr_dh = json_object_get(jsrvr, "server_dh")))) { tr_notice("tr_msg_decode_one_server(): Error parsing required fields."); return -1; } /* TBD -- handle IPv6 Addresses */ inet_aton(json_string_value(jsrvr_addr), &(srvr->aaa_server_addr)); srvr->key_name = tr_new_name((char *)json_string_value(jsrvr_kn)); srvr->aaa_server_dh = tr_msg_decode_dh(jsrvr_dh); srvr->path = json_object_get(jsrvr, "path"); jsrvr_expire = json_object_get(jsrvr, "key_expiration"); if (jsrvr_expire && json_is_string(jsrvr_expire)) { if (!g_time_val_from_iso8601(json_string_value(jsrvr_expire), &srvr->key_expiration)) tr_notice("Key expiration %s cannot be parsed", json_string_value(jsrvr_expire)); } return 0; }
/* Get a name that identifies this peer for display to the user, etc. * Do not modify or free the label. */ TR_NAME *trp_peer_get_label(TRP_PEER *peer) { char *s=NULL; if (peer->label==NULL) { s=talloc_asprintf(NULL, "%s:%u", peer->server, peer->port); if (s!=NULL) { peer->label=tr_new_name(s); talloc_free(s); } } return peer->label; }
int tidc_send_request (TIDC_INSTANCE *tidc, int conn, gss_ctx_id_t gssctx, const char *rp_realm, const char *realm, const char *comm, TIDC_RESP_FUNC *resp_handler, void *cookie) { TID_REQ *tid_req = NULL; int rc; /* Create and populate a TID req structure */ if (!(tid_req = tid_req_new())) return -1; tid_req->conn = conn; tid_req->gssctx = gssctx; if ((NULL == (tid_req->rp_realm = tr_new_name(rp_realm))) || (NULL == (tid_req->realm = tr_new_name(realm))) || (NULL == (tid_req->comm = tr_new_name(comm)))) { tr_err ( "tidc_send_request: Error duplicating names.\n"); goto error; } tid_req->tidc_dh = tr_dh_dup(tidc->client_dh); rc = tidc_fwd_request(tidc, tid_req, resp_handler, cookie); goto cleanup; error: rc = -1; cleanup: tid_req_free(tid_req); return rc; }
static void trp_peer_set_servicename(TRP_PEER *peer, const char *server) { char *name=NULL; if (peer->servicename !=NULL) tr_free_name(peer->servicename); if (server!=NULL) name=talloc_asprintf(NULL, "trustrouter/%s", server); if (name!=NULL) { peer->servicename=tr_new_name(name); talloc_free(name); } else { peer->servicename=NULL; } }
static TR_AAA_SERVER *tr_cfg_parse_one_aaa_server (TR_CFG *trc, json_t *jaddr, TR_CFG_RC *rc) { TR_AAA_SERVER *aaa = NULL; if ((!trc) || (!jaddr) || (!json_is_string(jaddr))) { tr_debug("tr_cfg_parse_one_aaa_server: Bad parameters."); *rc = TR_CFG_BAD_PARAMS; return NULL; } if (NULL == (aaa = talloc(trc, TR_AAA_SERVER))) { tr_debug("tr_cfg_parse_one_aaa_server: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } memset(aaa, 0, sizeof(TR_AAA_SERVER)); aaa->hostname = tr_new_name((char *)(json_string_value(jaddr))); return aaa; }
static TR_RP_REALM *tr_cfg_parse_comm_rps (TR_CFG *trc, json_t *jrps, TR_CFG_RC *rc) { TR_RP_REALM *rp = NULL; TR_RP_REALM *temp_rp = NULL; int i = 0; if ((!trc) || (!jrps) || (!json_is_array(jrps))) { if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } for (i = (json_array_size(jrps)-1); i >= 0; i--) { if (NULL == (temp_rp = talloc(trc, TR_RP_REALM))) { tr_debug("tr_cfg_parse_comm_rps: Can't allocate memory for RP Realm."); if (rc) *rc = TR_CFG_NOMEM; return NULL; } memset (temp_rp, 0, sizeof(TR_RP_REALM)); if (NULL == (temp_rp->realm_name = tr_new_name((char *)json_string_value(json_array_get(jrps, i))))) { tr_debug("tr_cfg_parse_comm_rps: No memory for RP Realm Name."); if (rc) *rc = TR_CFG_NOMEM; return NULL; } temp_rp->next = rp; rp = temp_rp; } return rp; }
static TR_RP_CLIENT *tr_cfg_parse_one_rp_client (TR_CFG *trc, json_t *jrp, TR_CFG_RC *rc) { TR_RP_CLIENT *rp = NULL; json_t *jgns = NULL; json_t *jfilt = NULL; json_t *jftype = NULL; int i = 0; if ((!trc) || (!jrp) || (!rc)) { tr_debug("tr_cfg_parse_one_rp_realm: Bad parameters."); if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } if ((NULL == (jgns = json_object_get(jrp, "gss_names"))) || (!json_is_array(jgns))) { tr_debug("tr_cfg_parse_one_rp_client: Error parsing RP client configuration, no GSS names."); *rc = TR_CFG_NOPARSE; return NULL; } /* TBD -- Support more than one filter per RP client? */ if (NULL == (jfilt = json_object_get(jrp, "filter"))) { tr_debug("tr_cfg_parse_one_rp_client: Error parsing RP client configuration, no filter."); *rc = TR_CFG_NOPARSE; return NULL; } /* We only support rp_permitted filters for RP clients */ if ((NULL == (jftype = json_object_get(jfilt, "type"))) || (!json_is_string(jftype)) || (strcmp(json_string_value(jftype), "rp_permitted"))) { tr_debug("tr_cfg_parse_one_rp_client: Error parsing RP client filter type."); *rc = TR_CFG_NOPARSE; return NULL; } if (TR_MAX_GSS_NAMES < json_array_size(jgns)) { tr_debug("tr_cfg_parse_one_rp_client: RP Client has too many GSS Names."); *rc = TR_CFG_NOPARSE; return NULL; } if (NULL == (rp = talloc(trc, TR_RP_CLIENT))) { tr_debug("tr_cfg_parse_one_rp_realm: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } memset(rp, 0, sizeof(TR_RP_CLIENT)); /* TBD -- support more than one filter entry per RP Client? */ if (NULL == (rp->filter = tr_cfg_parse_one_filter(trc, jfilt, rc))) { tr_debug("tr_cfg_parse_one_rp_client: Error parsing filter."); *rc = TR_CFG_NOPARSE; return NULL; } for (i = 0; i < json_array_size(jgns); i++) { if (NULL == (rp->gss_names[i] = tr_new_name ((char *)json_string_value(json_array_get(jgns, i))))) { tr_debug("tr_cfg_parse_one_rp_client: No memory for GSS Name."); *rc = TR_CFG_NOMEM; return NULL; } } return rp; }
static TR_IDP_REALM *tr_cfg_parse_one_idp_realm (TR_CFG *trc, json_t *jidp, TR_CFG_RC *rc) { TR_IDP_REALM *idp = NULL; json_t *jrid = NULL; json_t *jscfg = NULL; json_t *jsrvrs = NULL; json_t *japcs = NULL; if ((!trc) || (!jidp) || (!rc)) { tr_debug("tr_cfg_parse_one_idp_realm: Bad parameters."); if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } if (NULL == (idp = talloc(trc, TR_IDP_REALM))) { tr_debug("tr_cfg_parse_one_idp_realm: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } memset(idp, 0, sizeof(TR_IDP_REALM)); if ((NULL == (jrid = json_object_get(jidp, "realm_id"))) || (!json_is_string(jrid)) || (NULL == (jscfg = json_object_get(jidp, "shared_config"))) || (!json_is_string(jscfg)) || (NULL == (jsrvrs = json_object_get(jidp, "aaa_servers"))) || (!json_is_array(jsrvrs))) { tr_debug("tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration."); *rc = TR_CFG_NOPARSE; return NULL; } if (0 == strcmp(json_string_value(jscfg), "no")) { idp->shared_config = 0; } else { idp->shared_config = 1; } if (NULL == (idp->realm_id = tr_new_name((char *)json_string_value(jrid)))) { tr_debug("tr_cfg_parse_one_idp_realm: No memory for realm id."); *rc = TR_CFG_NOMEM; return NULL; } if (NULL == (idp->aaa_servers = tr_cfg_parse_aaa_servers(trc, jsrvrs, rc))) { tr_debug("tr_cfg_parse_one_idp_realm: Can't parse AAA servers for realm %s.", idp->realm_id->buf); tr_free_name(idp->realm_id); return NULL; } if ((NULL != (japcs = json_object_get(jidp, "apcs"))) && (json_is_array(japcs))) { if (NULL == (idp->apcs = tr_cfg_parse_apcs(trc, japcs, rc))) { tr_debug("tr_cfg_parse_one_idp_realm: Can't parse APCs for realm %s .", idp->realm_id->buf); tr_free_name(idp->realm_id); /* TBD -- free aaa_servers */; return NULL; } } return idp; }
/* decode a single record */ static TRP_INFOREC *tr_msg_decode_trp_inforec(TALLOC_CTX *mem_ctx, json_t *jrecord) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TRP_INFOREC_TYPE rectype; TRP_INFOREC *rec=NULL; TRP_RC rc=TRP_ERROR; char *s=NULL; int num=0; if (0!=tr_msg_get_json_string(jrecord, "record_type", &s, tmp_ctx)) goto cleanup; rectype=trp_inforec_type_from_string(s); talloc_free(s); s=NULL; rec=trp_inforec_new(tmp_ctx, rectype); if (rec==NULL) { rc=TRP_NOMEM; goto cleanup; } /* We only support route_info records for now*/ if (trp_inforec_get_type(rec)!=TRP_INFOREC_TYPE_ROUTE) { rc=TRP_UNSUPPORTED; goto cleanup; } tr_debug("tr_msg_decode_trp_inforec: '%s' record found.", trp_inforec_type_to_string(rec->type)); rc=tr_msg_get_json_string(jrecord, "community", &s, tmp_ctx); if (rc != TRP_SUCCESS) goto cleanup; if (TRP_SUCCESS!=trp_inforec_set_comm(rec, tr_new_name(s))) goto cleanup; talloc_free(s); s=NULL; rc=tr_msg_get_json_string(jrecord, "realm", &s, tmp_ctx); if (rc != TRP_SUCCESS) goto cleanup; if (TRP_SUCCESS!=trp_inforec_set_realm(rec, tr_new_name(s))) goto cleanup; talloc_free(s); s=NULL; rc=tr_msg_get_json_string(jrecord, "trust_router", &s, tmp_ctx); if (rc != TRP_SUCCESS) goto cleanup; if (TRP_SUCCESS!=trp_inforec_set_trust_router(rec, tr_new_name(s))) goto cleanup; talloc_free(s); s=NULL; trp_inforec_set_next_hop(rec, NULL); /* make sure this is null (filled in later) */ rc=tr_msg_get_json_integer(jrecord, "metric", &num); if ((rc != TRP_SUCCESS) || (TRP_SUCCESS!=trp_inforec_set_metric(rec,num))) goto cleanup; rc=tr_msg_get_json_integer(jrecord, "interval", &num); if ((rc != TRP_SUCCESS) || (TRP_SUCCESS!=trp_inforec_set_interval(rec,num))) goto cleanup; talloc_steal(mem_ctx, rec); rc=TRP_SUCCESS; cleanup: if (rc != TRP_SUCCESS) { trp_inforec_free(rec); rec=NULL; } talloc_free(tmp_ctx); return rec; }
static TID_RESP *tr_msg_decode_tidresp(json_t *jresp) { TID_RESP *tresp = NULL; json_t *jresult = NULL; json_t *jrp_realm = NULL; json_t *jrealm = NULL; json_t *jcomm = NULL; json_t *jorig_coi = NULL; json_t *jservers = NULL; json_t *jerr_msg = NULL; if (!(tresp=tid_resp_new(NULL))) { tr_crit("tr_msg_decode_tidresp(): Error allocating TID_RESP structure."); return NULL; } /* store required fields from response */ if ((NULL == (jresult = json_object_get(jresp, "result"))) || (!json_is_string(jresult)) || (NULL == (jrp_realm = json_object_get(jresp, "rp_realm"))) || (!json_is_string(jrp_realm)) || (NULL == (jrealm = json_object_get(jresp, "target_realm"))) || (!json_is_string(jrealm)) || (NULL == (jcomm = json_object_get(jresp, "comm"))) || (!json_is_string(jcomm))) { tr_debug("tr_msg_decode_tidresp(): Error parsing response."); talloc_free(tresp); return NULL; } if (0 == (strcmp(json_string_value(jresult), "success"))) { tr_debug("tr_msg_decode_tidresp(): Success! result = %s.", json_string_value(jresult)); if ((NULL != (jservers = json_object_get(jresp, "servers"))) || (!json_is_array(jservers))) { tresp->servers = tr_msg_decode_servers(tresp, jservers, &tresp->num_servers); } else { talloc_free(tresp); return NULL; } tresp->result = TID_SUCCESS; } else { tresp->result = TID_ERROR; tr_debug("tr_msg_decode_tidresp(): Error! result = %s.", json_string_value(jresult)); if ((NULL != (jerr_msg = json_object_get(jresp, "err_msg"))) || (!json_is_string(jerr_msg))) { tresp->err_msg = tr_new_name((char *)json_string_value(jerr_msg)); } } tresp->rp_realm = tr_new_name((char *)json_string_value(jrp_realm)); tresp->realm = tr_new_name((char *)json_string_value(jrealm)); tresp->comm = tr_new_name((char *)json_string_value(jcomm)); /* store optional "orig_coi" field */ if ((NULL != (jorig_coi = json_object_get(jresp, "orig_coi"))) && (!json_is_object(jorig_coi))) { tresp->orig_coi = tr_new_name((char *)json_string_value(jorig_coi)); } return tresp; }
static TID_REQ *tr_msg_decode_tidreq(json_t *jreq) { TID_REQ *treq = NULL; json_t *jrp_realm = NULL; json_t *jrealm = NULL; json_t *jcomm = NULL; json_t *jorig_coi = NULL; json_t *jdh = NULL; json_t *jpath = NULL; json_t *jexpire_interval = NULL; if (!(treq =tid_req_new())) { tr_crit("tr_msg_decode_tidreq(): Error allocating TID_REQ structure."); return NULL; } /* store required fields from request */ if ((NULL == (jrp_realm = json_object_get(jreq, "rp_realm"))) || (NULL == (jrealm = json_object_get(jreq, "target_realm"))) || (NULL == (jcomm = json_object_get(jreq, "community")))) { tr_notice("tr_msg_decode(): Error parsing required fields."); tid_req_free(treq); return NULL; } jpath = json_object_get(jreq, "path"); jexpire_interval = json_object_get(jreq, "expiration_interval"); treq->rp_realm = tr_new_name((char *)json_string_value(jrp_realm)); treq->realm = tr_new_name((char *)json_string_value(jrealm)); treq->comm = tr_new_name((char *)json_string_value(jcomm)); /* Get DH Info from the request */ if (NULL == (jdh = json_object_get(jreq, "dh_info"))) { tr_debug("tr_msg_decode(): Error parsing dh_info."); tid_req_free(treq); return NULL; } treq->tidc_dh = tr_msg_decode_dh(jdh); /* store optional "orig_coi" field */ if (NULL != (jorig_coi = json_object_get(jreq, "orig_coi"))) { treq->orig_coi = tr_new_name((char *)json_string_value(jorig_coi)); } treq->cons = (TR_CONSTRAINT_SET *) json_object_get(jreq, "constraints"); if (treq->cons) { if (!tr_constraint_set_validate(treq->cons)) { tr_debug("Constraint set validation failed"); tid_req_free(treq); return NULL; } json_incref((json_t *) treq->cons); tid_req_cleanup_json(treq, (json_t *) treq->cons); } if (jpath) { json_incref(jpath); treq->path = jpath; tid_req_cleanup_json(treq, jpath); } if (jexpire_interval) treq->expiration_interval = json_integer_value(jexpire_interval); return treq; }
static TR_FILTER *tr_cfg_parse_one_filter (TR_CFG *trc, json_t *jfilt, TR_CFG_RC *rc) { TR_FILTER *filt = NULL; json_t *jftype = NULL; json_t *jfls = NULL; json_t *jfaction = NULL; json_t *jfspecs = NULL; json_t *jffield = NULL; json_t *jfmatch = NULL; json_t *jrc = NULL; json_t *jdc = NULL; int i = 0, j = 0; if ((NULL == (jftype = json_object_get(jfilt, "type"))) || (!json_is_string(jftype))) { tr_debug("tr_cfg_parse_one_filter: Error parsing filter type."); *rc = TR_CFG_NOPARSE; return NULL; } if ((NULL == (jfls = json_object_get(jfilt, "filter_lines"))) || (!json_is_array(jfls))) { tr_debug("tr_cfg_parse_one_filter: Error parsing filter type."); *rc = TR_CFG_NOPARSE; return NULL; } if (TR_MAX_FILTER_LINES < json_array_size(jfls)) { tr_debug("tr_cfg_parse_one_filter: Filter has too many filter_lines, maximimum of %d.", TR_MAX_FILTER_LINES); *rc = TR_CFG_NOPARSE; return NULL; } if (NULL == (filt = talloc(trc, TR_FILTER))) { tr_debug("tr_cfg_parse_one_filter: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } memset(filt, 0, sizeof(TR_FILTER)); if (!strcmp(json_string_value(jftype), "rp_permitted")) { filt->type = TR_FILTER_TYPE_RP_PERMITTED; } else { tr_debug("tr_cfg_parse_one_filter: Error parsing filter type, unknown type '%s'.", json_string_value(jftype)); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } /* For each filter line... */ for (i = 0; i < json_array_size(jfls); i++) { if ((NULL == (jfaction = json_object_get(json_array_get(jfls, i), "action"))) || (!json_is_string(jfaction))) { tr_debug("tr_cfg_parse_one_filter: Error parsing filter action."); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } if ((NULL == (jfspecs = json_object_get(json_array_get(jfls, i), "filter_specs"))) || (!json_is_array(jfspecs)) || (0 == json_array_size(jfspecs))) { tr_debug("tr_cfg_parse_one_filter: Error parsing filter specs."); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } if (TR_MAX_FILTER_SPECS < json_array_size(jfspecs)) { tr_debug("tr_cfg_parse_one_filter: Filter has too many filter_specs, maximimum of %d.", TR_MAX_FILTER_SPECS); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } if (NULL == (filt->lines[i] = talloc(trc, TR_FLINE))) { tr_debug("tr_cfg_parse_one_filter: Out of memory (fline)."); *rc = TR_CFG_NOMEM; tr_filter_free(filt); return NULL; } memset(filt->lines[i], 0, sizeof(TR_FLINE)); if (!strcmp(json_string_value(jfaction), "accept")) { filt->lines[i]->action = TR_FILTER_ACTION_ACCEPT; } else if (!strcmp(json_string_value(jfaction), "reject")) { filt->lines[i]->action = TR_FILTER_ACTION_REJECT; } else { tr_debug("tr_cfg_parse_one_filter: Error parsing filter action, unknown action' %s'.", json_string_value(jfaction)); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } if ((NULL != (jrc = json_object_get(json_array_get(jfls, i), "realm_constraints"))) && (json_is_array(jrc)) && (0 != json_array_size(jrc)) && (TR_MAX_CONST_MATCHES >= json_array_size(jrc))) { if (NULL == (filt->lines[i]->realm_cons = tr_cfg_parse_one_constraint(trc, "realm", jrc, rc))) { tr_debug("tr_cfg_parse_one_filter: Error parsing realm constraint"); tr_filter_free(filt); return NULL; } } if ((NULL != (jdc = json_object_get(json_array_get(jfls, i), "domain_constraints"))) && (json_is_array(jdc)) && (0 != json_array_size(jdc)) && (TR_MAX_CONST_MATCHES >= json_array_size(jdc))) { if (NULL == (filt->lines[i]->domain_cons = tr_cfg_parse_one_constraint(trc, "domain", jdc, rc))) { tr_debug("tr_cfg_parse_one_filter: Error parsing domain constraint"); tr_filter_free(filt); return NULL; } } /*For each filter spec within the filter line... */ for (j = 0; j <json_array_size(jfspecs); j++) { if ((NULL == (jffield = json_object_get(json_array_get(jfspecs, j), "field"))) || (!json_is_string(jffield)) || (NULL == (jfmatch = json_object_get(json_array_get(jfspecs, j), "match"))) || (!json_is_string(jfmatch))) { tr_debug("tr_cfg_parse_one_filter: Error parsing filter field and match for filter spec %d, filter line %d.", i, j); *rc = TR_CFG_NOPARSE; tr_filter_free(filt); return NULL; } if (NULL == (filt->lines[i]->specs[j] = talloc(trc, TR_FSPEC))) { tr_debug("tr_cfg_parse_one_filter: Out of memory."); *rc = TR_CFG_NOMEM; tr_filter_free(filt); return NULL; } memset(filt->lines[i]->specs[j], 0, sizeof(TR_FSPEC)); if ((NULL == (filt->lines[i]->specs[j]->field = tr_new_name((char *)json_string_value(jffield)))) || (NULL == (filt->lines[i]->specs[j]->match = tr_new_name((char *)json_string_value(jfmatch))))) { tr_debug("tr_cfg_parse_one_filter: Out of memory."); *rc = TR_CFG_NOMEM; tr_filter_free(filt); return NULL; } } } return filt; }
static TR_COMM *tr_cfg_parse_one_comm (TR_CFG *trc, json_t *jcomm, TR_CFG_RC *rc) { TR_COMM *comm = NULL; json_t *jid = NULL; json_t *jtype = NULL; json_t *japcs = NULL; json_t *jidps = NULL; json_t *jrps = NULL; if ((!trc) || (!jcomm) || (!rc)) { tr_debug("tr_cfg_parse_one_comm: Bad parameters."); if (rc) *rc = TR_CFG_BAD_PARAMS; return NULL; } if (NULL == (comm = talloc_zero(trc, TR_COMM))) { tr_crit("tr_cfg_parse_one_comm: Out of memory."); *rc = TR_CFG_NOMEM; return NULL; } if ((NULL == (jid = json_object_get(jcomm, "community_id"))) || (!json_is_string(jid)) || (NULL == (jtype = json_object_get(jcomm, "type"))) || (!json_is_string(jtype)) || (NULL == (japcs = json_object_get(jcomm, "apcs"))) || (!json_is_array(japcs)) || (NULL == (jidps = json_object_get(jcomm, "idp_realms"))) || (!json_is_array(jidps)) || (NULL == (jrps = json_object_get(jcomm, "rp_realms"))) || (!json_is_array(jrps))) { tr_debug("tr_cfg_parse_one_comm: Error parsing Communities configuration."); *rc = TR_CFG_NOPARSE; return NULL; } if (NULL == (comm->id = tr_new_name((char *)json_string_value(jid)))) { tr_debug("tr_cfg_parse_one_comm: No memory for community id."); *rc = TR_CFG_NOMEM; return NULL; } if (0 == strcmp(json_string_value(jtype), "apc")) { comm->type = TR_COMM_APC; } else if (0 == strcmp(json_string_value(jtype), "coi")) { comm->type = TR_COMM_COI; if (NULL == (comm->apcs = tr_cfg_parse_apcs(trc, japcs, rc))) { tr_debug("tr_cfg_parse_one_comm: Can't parse APCs for COI %s.", comm->id->buf); tr_free_name(comm->id); return NULL; } } else { tr_debug("tr_cfg_parse_one_comm: Invalid community type, comm = %s, type = %s", comm->id->buf, json_string_value(jtype)); tr_free_name(comm->id); *rc = TR_CFG_NOPARSE; return NULL; } comm->idp_realms = tr_cfg_parse_comm_idps(trc, jidps, rc); if (TR_CFG_SUCCESS != *rc) { tr_debug("tr_cfg_parse_one_comm: Can't parse IDP realms for comm %s.", comm->id->buf); tr_free_name(comm->id); return NULL; } comm->rp_realms = tr_cfg_parse_comm_rps(trc, jrps, rc); if (TR_CFG_SUCCESS != *rc) { tr_debug("tr_cfg_parse_comm: Can't parse RP realms for comm %s .", comm->id->buf); tr_free_name(comm->id); return NULL; } if (TR_COMM_APC == comm->type) { json_t *jexpire = json_object_get(jcomm, "expiration_interval"); comm->expiration_interval = 43200; /*30 days*/ if (jexpire) { if (!json_is_integer(jexpire)) { fprintf(stderr, "tr_parse_comm: expirae_interval is not an integer\n"); return NULL; } comm->expiration_interval = json_integer_value(jexpire); if (comm->expiration_interval <= 10) comm->expiration_interval = 11; /* Freeradius waits 10 minutes between successful TR queries*/ if (comm->expiration_interval > 129600) /* 90 days*/ comm->expiration_interval = 129600; } } return comm; }