Mercurial > hg > freeDiameter

annotate extensions/acl_wl/acl_wl.c @ 1554:566bb46cc73f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated copyright information
author Sebastien Decugis <sdecugis@freediameter.net>
date Tue, 06 Oct 2020 21:34:53 +0800
parents 0dff6a604b0a
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
1 /*********************************************************************************************************
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
2 * Software License Agreement (BSD License) *
740
4a9f08d6b6ba Updated my mail address
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 332
diff changeset
3 * Author: Sebastien Decugis <sdecugis@freediameter.net> *
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
4 * *
1554
566bb46cc73f Updated copyright information
Sebastien Decugis <sdecugis@freediameter.net>
parents: 1354
diff changeset
5 * Copyright (c) 2019, WIDE Project and NICT *
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
6 * All rights reserved. *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
7 * *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
8 * Redistribution and use of this software in source and binary forms, with or without modification, are *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
9 * permitted provided that the following conditions are met: *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
10 * *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
11 * * Redistributions of source code must retain the above *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
12 * copyright notice, this list of conditions and the *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
13 * following disclaimer. *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
14 * *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
15 * * Redistributions in binary form must reproduce the above *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
16 * copyright notice, this list of conditions and the *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
17 * following disclaimer in the documentation and/or other *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
18 * materials provided with the distribution. *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
19 * *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
20 * * Neither the name of the WIDE Project or NICT nor the *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
21 * names of its contributors may be used to endorse or *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
22 * promote products derived from this software without *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
23 * specific prior written permission of WIDE Project and *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
24 * NICT. *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
25 * *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
34 *********************************************************************************************************/
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
35
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
36 /*
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
37 * Whitelist extension for freeDiameter.
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
38 */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
39
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
40 #include <pthread.h>
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
41 #include <signal.h>
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
42
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
43 #include "acl_wl.h"
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
44
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
45 static pthread_rwlock_t acl_wl_lock;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
46
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
47 #define MODULE_NAME "acl_wl"
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
48
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
49 static char *acl_wl_config_file;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
50
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
51 /* The validator function */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
52 static int aw_validate(struct peer_info * info, int * auth, int (**cb2)(struct peer_info *))
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
53 {
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
54 int res;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
55
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
56 TRACE_ENTRY("%p %p %p", info, auth, cb2);
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
57
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
58 CHECK_PARAMS(info && auth && cb2);
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
59
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
60 /* We don't use the second callback */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
61 *cb2 = NULL;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
62
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
63 /* Default to unknown result */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
64 *auth = 0;
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
65
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
66 if (pthread_rwlock_rdlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
67 fd_log_notice("%s: read-lock failed, skipping handler", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
68 return 0;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
69 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
70
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
71 /* Now search the peer in our tree */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
72 CHECK_FCT( aw_tree_lookup(info->pi_diamid, &res) );
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
73
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
74 if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
75 fd_log_notice("%s: read-unlock failed after aw_tree_lookup, exiting", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
76 exit(1);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
77 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
78
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
79 if (res < 0) {
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
80 /* The peer is not whitelisted */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
81 return 0;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
82 }
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
83
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
84 /* We found the peer in the tree, now check the status */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
85
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
86 /* First, if TLS is already in place, just accept */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
87 if (info->runtime.pir_cert_list) {
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
88 *auth = 1;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
89 return 0;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
90 }
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
91
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
92 /* Now, if we did not specify any flag, reject */
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
93 if (res == 0) {
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
94 TRACE_DEBUG(INFO, "Peer '%s' rejected, only TLS-protected connection is whitelisted.", info->pi_diamid);
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
95 /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
96 return 0;
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
97 }
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
98
332
e624fa5f85ca Attempt to fix a bug reported by Alexey Berdnikov (CER without ISI AVP)
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 258
diff changeset
99 /* Otherwise, just set the configured flags for the peer, and authorize it */
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
100 *auth = 1;
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
101
332
e624fa5f85ca Attempt to fix a bug reported by Alexey Berdnikov (CER without ISI AVP)
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 258
diff changeset
102 /* Save information about the security mechanism to use after CER/CEA exchange */
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
103 if ((res & PI_SEC_NONE) && (res & PI_SEC_TLS_OLD))
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
104 res = PI_SEC_NONE; /* If we authorized it, we must have an IPsec tunnel setup, no need for TLS in this case */
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
105
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
106 info->config.pic_flags.sec = res;
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
107 return 0;
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
108 }
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
109
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
110 static volatile int in_signal_handler = 0;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
111
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
112 /* signal handler */
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
113 static void sig_hdlr(void)
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
114 {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
115 struct fd_list old_tree;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
116
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
117 if (in_signal_handler) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
118 fd_log_error("%s: already handling a signal, ignoring new one", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
119 return;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
120 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
121 in_signal_handler = 1;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
122
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
123 if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
124 fd_log_error("%s: locking failed, aborting config reload", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
125 return;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
126 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
127
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
128 /* save old config in case reload goes wrong */
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
129 old_tree = tree_root;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
130 fd_list_init(&tree_root, NULL);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
131
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
132 if (aw_conf_handle(acl_wl_config_file) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
133 fd_log_error("%s: error reloading configuration, restoring previous configuration", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
134 aw_tree_destroy();
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
135 tree_root = old_tree;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
136 } else {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
137 struct fd_list new_tree;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
138 new_tree = tree_root;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
139 tree_root = old_tree;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
140 aw_tree_destroy();
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
141 tree_root = new_tree;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
142 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
143
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
144 if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
145 fd_log_error("%s: unlocking failed after config reload, exiting", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
146 exit(1);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
147 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
148
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
149 fd_log_notice("%s: reloaded configuration", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
150
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
151 in_signal_handler = 0;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
152 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
153
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
154
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
155 /* entry point */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
156 static int aw_entry(char * conffile)
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
157 {
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
158 TRACE_ENTRY("%p", conffile);
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
159 CHECK_PARAMS(conffile);
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
160
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
161 acl_wl_config_file = conffile;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
162
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
163 pthread_rwlock_init(&acl_wl_lock, NULL);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
164
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
165 if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
166 fd_log_notice("%s: write-lock failed, aborting", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
167 return EDEADLK;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
168 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
169
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
170 /* Parse configuration file */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
171 CHECK_FCT( aw_conf_handle(conffile) );
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
172
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
173 TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile);
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
174 if (TRACE_BOOL(ANNOYING)) {
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
175 aw_tree_dump();
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
176 }
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
177
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
178 if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
179 fd_log_notice("%s: write-unlock failed, aborting", MODULE_NAME);
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
180 return EDEADLK;
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
181 }
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
182
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
183 /* Register reload callback */
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
184 CHECK_FCT(fd_event_trig_regcb(SIGUSR1, MODULE_NAME, sig_hdlr));
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
185
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
186 /* Register the validator function */
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
187 CHECK_FCT( fd_peer_validate_register ( aw_validate ) );
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
188
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
189 return 0;
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
190 }
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
191
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
192 /* Unload */
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
193 void fd_ext_fini(void)
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
194 {
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
195 /* Destroy the tree */
162
79768bf7d208 Completed whitelist extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents: 161
diff changeset
196 aw_tree_destroy();
161
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
197 }
645ff1487c23 Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff changeset
198
1354
0dff6a604b0a acl_wl: add reload support using SIGUSR1
Thomas Klausner <tk@giga.or.at>
parents: 741
diff changeset
199 EXTENSION_ENTRY(MODULE_NAME, aw_entry);
"Welcome to our mercurial repository"