Mercurial > hg > freeDiameter
annotate extensions/acl_wl/acl_wl.c @ 161:645ff1487c23
Draft for ACL white-list extension
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Mon, 25 Jan 2010 19:07:29 +0900 |
| parents | |
| children | 79768bf7d208 |
| rev | line source |
|---|---|
|
161
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 /********************************************************************************************************* |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 * Software License Agreement (BSD License) * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
5 * Copyright (c) 2009, WIDE Project and NICT * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
6 * All rights reserved. * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
7 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
8 * Redistribution and use of this software in source and binary forms, with or without modification, are * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
9 * permitted provided that the following conditions are met: * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
10 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 * * Redistributions of source code must retain the above * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 * copyright notice, this list of conditions and the * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 * following disclaimer. * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
14 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 * * Redistributions in binary form must reproduce the above * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 * copyright notice, this list of conditions and the * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 * following disclaimer in the documentation and/or other * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
18 * materials provided with the distribution. * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
20 * * Neither the name of the WIDE Project or NICT nor the * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
21 * names of its contributors may be used to endorse or * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
22 * promote products derived from this software without * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
23 * specific prior written permission of WIDE Project and * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
24 * NICT. * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
25 * * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
34 *********************************************************************************************************/ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
35 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
36 /* |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
37 * Whitelist extension for freeDiameter. |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
38 */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
39 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
40 #include "acl_wl.h" |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
41 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
42 /* The validator function */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
43 static int aw_validate(struct peer_info * info, int * auth, int (**cb2)(struct peer_info *)) |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
44 { |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
45 int res; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
46 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
47 TRACE_ENTRY("%p %p %p", info, auth, cb2); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
48 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
49 CHECK_PARAMS(info && auth && cb2); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
50 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
51 /* We don't use the second callback */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
52 *cb2 = NULL; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
53 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
54 /* Default to unknown result */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
55 *auth = 0; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
56 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
57 /* Now search the peer in our tree */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
58 CHECK_FCT( aw_tree_lookup(info->pi_diamid, &res) ); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
59 if (res < 0) { |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
60 /* The peer is not whitelisted */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
61 return 0; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
62 } |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
63 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
64 /* We found the peer in the tree, now check the status */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
65 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
66 /* First, if TLS is already in place, just accept */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
67 if (info->runtime.pir_cert_list) { |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
68 *auth = 1; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
69 return 0; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
70 } |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
71 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
72 /* Now, if we did not specify any flag, reject */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
73 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
74 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
75 } |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
76 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
77 /* entry point */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
78 static int aw_entry(char * conffile) |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
79 { |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
80 TRACE_ENTRY("%p", conffile); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
81 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
82 CHECK_PARAMS(conffile); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
83 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
84 /* Parse configuration file */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
85 CHECK_FCT( aw_conf_handle(conffile) ); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
86 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
87 TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
88 aw_tree_dump(); |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
89 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
90 /* Register the validator function */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
91 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
92 return 0; |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
93 } |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
94 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
95 /* Unload */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
96 void fd_ext_fini(void) |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
97 { |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
98 /* Unregister the validator function */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
99 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
100 /* Destroy the tree */ |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
101 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
102 } |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
103 |
|
645ff1487c23
Draft for ACL white-list extension
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
104 EXTENSION_ENTRY("acl_wl", aw_entry); |