Changeset 707:e387d5c6b6f5 in freeDiameter

Timestamp:

Feb 9, 2011, 6:08:54 PM (13 years ago)

Author:

Sebastien Decugis <sdecugis@nict.go.jp>

Branch:

default

Phase:

public

Message:

Added support for Internationalized Domain Names (IDNA) using GNU libidn

Files:

• INSTALL.Fedora (modified) (1 diff)
• INSTALL.FreeBSD (modified) (2 diffs)
• INSTALL.OpenSUSE (modified) (1 diff)
• INSTALL.Ubuntu (modified) (3 diffs)
• cmake/Modules/FindIDNA.cmake (added)
• contrib/OpenWRT/packages/freeDiameter/Makefile (modified) (1 diff)
• contrib/debian/control (modified) (1 diff)
• contrib/nightly_tests/idnaignore.conf (added)
• contrib/nightly_tests/idnareject.conf (added)
• contrib/nightly_tests/tests.list (modified) (1 diff)
• include/freeDiameter/CMakeLists.txt (modified) (3 diffs)
• include/freeDiameter/freeDiameter-host.h.in (modified) (1 diff)
• libfdproto/CMakeLists.txt (modified) (1 diff)
• libfdproto/ostr.c (modified) (5 diffs)
• tests/testostr.c (modified) (2 diffs)

INSTALL.Fedora

@@ -4 +4 @@
 
 Dependencies on Fedora 13 (from minimal system):
-# yum install cmake make gcc flex bison lksctp-tools-devel gnutls-devel libgcrypt-devel
+# yum install cmake make gcc flex bison lksctp-tools-devel gnutls-devel libgcrypt-devel libidn-devel
 
 In addition, if you have not already retrieved the latest source:

INSTALL.FreeBSD

@@ -20 +20 @@
 
 
-2) Install cmake
+2) Install 'cmake'
 
  a) from sources:
@@ -30 +30 @@
         
  
-3) Install mercurial (optional)
-  (replace "cmake" by "mercurial" in the previous command) 
+3) Install 'mercurial' (optional)
+  (replace 'cmake' by 'mercurial' in the previous command) 
 
-4) Install flex and bison, same way.
+4) Install 'flex' and 'bison', same way.
 
-5) Install gnutls, same way also.
+5) Install 'gnutls' and 'libidn', same way also.
 
 6) Retrieve freeDiameter source code:

INSTALL.OpenSUSE

@@ -4 +4 @@
 
 Dependencies on OpenSUSE 11.3 (from minimal server system installation):
-# zypper install cmake make gcc flex bison lksctp-tools-devel libgnutls-devel libgcrypt-devel
+# zypper install cmake make gcc flex bison lksctp-tools-devel libgnutls-devel libgcrypt-devel libidn-devel
 # zypper install mercurial
 

INSTALL.Ubuntu

@@ -18 +18 @@
 
 The following packages are required to compile freeDiameter from source:
- cmake make gcc flex bison libsctp1 libsctp-dev libgnutls-dev libgcrypt-dev
+ cmake make gcc flex bison libsctp1 libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
+ 
+(note that libidn and libsctp can be avoided by defining DISABLE_SCTP and DIAMID_IDNA_REJECT)
  
 Additionnaly, these ones may be useful:
@@ -43 +45 @@
 
 # Install the dependencies for building the source:
-sudo apt-get -y install mercurial cmake make gcc bison flex libsctp-dev libgnutls-dev libgcrypt-dev ssl-cert debhelper fakeroot \
+sudo apt-get -y install mercurial cmake make gcc bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev ssl-cert debhelper fakeroot \
    libpq-dev libmysqlclient-dev libxml2-dev swig python-dev
 
@@ -84 +86 @@
 
 1) Install all packages dependencies
-# sudo apt-get install mercurial cmake make gcc bison flex libsctp-dev libgnutls-dev libgcrypt-dev
+# sudo apt-get install mercurial cmake make gcc bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
 
 2) (OPTION) If you will compile modules that require postgresql, also install:

contrib/OpenWRT/packages/freeDiameter/Makefile

@@ -76 +76 @@
                 -DCMAKE_PREFIX_PATH:PATH=$(STAGING_DIR)/usr \
                 -DCMAKE_INSTALL_PREFIX:PATH=/usr \
+                -DDIAMID_IDNA_REJECT:BOOL=ON \
                 -DBUILD_TESTING:BOOL=OFF \
                 -DCMAKE_BUILD_TYPE:STRING=DebianPackage \

contrib/debian/control

@@ -5 +5 @@
 Build-Depends: debhelper ( >= 7.3.9),
  cmake, make, gcc, bison, flex,
- libsctp-dev, libgnutls-dev, libgcrypt-dev, 
+ libsctp-dev, libgnutls-dev, libgcrypt-dev, libidn11-dev,
  libpq-dev, libmysqlclient-dev, libxml2-dev, swig, python-dev
 Standards-Version: 3.8.3

contrib/nightly_tests/tests.list

@@ -2 +2 @@
 alldefault
 nosctp
+idnaignore
+idnareject
 #noext

include/freeDiameter/CMakeLists.txt

@@ -19 +19 @@
 SET(DEFAULT_EXTENSIONS_PATH ${CMAKE_INSTALL_PREFIX}/${INSTALL_EXTENSIONS_SUFFIX})
 
+# IDNA considerations
+OPTION(DIAMID_IDNA_IGNORE "Ignore completly invalid characters in Diameter Identities (process blindly)?" OFF)
+IF (NOT DIAMID_IDNA_IGNORE)
+        OPTION (DIAMID_IDNA_REJECT "Reject internationalized Diameter Identities, do not attempt to convert it (stringprep) ?" OFF)
+ENDIF (NOT DIAMID_IDNA_IGNORE)
 
-MARK_AS_ADVANCED(DISABLE_SCTP DEBUG_SCTP SCTP_USE_MAPPED_ADDRESSES ERRORS_ON_TODO)
+MARK_AS_ADVANCED(DISABLE_SCTP DEBUG_SCTP SCTP_USE_MAPPED_ADDRESSES ERRORS_ON_TODO DIAMID_IDNA_IGNORE DIAMID_IDNA_REJECT)
 
 ########################
@@ -109 +114 @@
 SET(SCTP_LIBRARIES ${SCTP_LIBRARIES} PARENT_SCOPE)
 
+# IDNA process: we use libidn from GNU (unless the function & header files are included in libc)
+IF(NOT DIAMID_IDNA_IGNORE  AND NOT DIAMID_IDNA_REJECT)
+        FIND_PACKAGE(IDNA)
+        SET(CHECK_IDNA_SOURCE_CODE "
+                #include <idna.h>
+                int main() {
+                   return idna_to_ascii_8z(NULL, NULL, 0);
+                }
+                ")
+        SET(CMAKE_REQUIRED_INCLUDES ${IDNA_INCLUDE_DIR})
+        SET(CMAKE_REQUIRED_LIBRARIES ${IDNA_LIBRARIES})
+        CHECK_C_SOURCE_COMPILES("${CHECK_IDNA_SOURCE_CODE}" HAS_IDNA_SUPPORT)
+        IF(NOT HAS_IDNA_SUPPORT)
+                MESSAGE(SEND_ERROR "Unable to find idna.h header or idna_to_ascii_8z function, please install libidn-dev or equivalent, or set DIAMID_IDNA_IGNORE or DIAMID_IDNA_REJECT")
+        ENDIF(NOT HAS_IDNA_SUPPORT)
+ELSE (NOT DIAMID_IDNA_IGNORE  AND NOT DIAMID_IDNA_REJECT)
+        MESSAGE(STATUS "Non-default Internationalized Domain Names (IDN) behavior selected (no stringprep).")
+ENDIF(NOT DIAMID_IDNA_IGNORE  AND NOT DIAMID_IDNA_REJECT)
+SET(IDNA_INCLUDE_DIR ${IDNA_INCLUDE_DIR} PARENT_SCOPE)
+SET(IDNA_LIBRARIES ${IDNA_LIBRARIES} PARENT_SCOPE)
+
 
 # Require GNU TLS for building the library
@@ -135 +161 @@
 
 # LFDPROTO_LIBS = libraries required by the libfdproto.
-SET(LFDPROTO_LIBS ${CLOCK_GETTIME_LIBS} ${CMAKE_THREAD_LIBS_INIT} PARENT_SCOPE)
+SET(LFDPROTO_LIBS ${CLOCK_GETTIME_LIBS} ${CMAKE_THREAD_LIBS_INIT} ${IDNA_LIBRARIES} PARENT_SCOPE)
+# And includes paths
+SET(LFDPROTO_INCLUDES ${IDNA_INCLUDE_DIR} PARENT_SCOPE)
 # Dependencies: the libraries required by any code linking to libfdproto.
 SET(LFDPROTO_LINK_INTERFACES ${CMAKE_THREAD_LIBS_INIT} PARENT_SCOPE)

include/freeDiameter/freeDiameter-host.h.in

@@ -49 +49 @@
 #cmakedefine SCTP_CONNECTX_4_ARGS
 #cmakedefine SKIP_DLCLOSE
+#cmakedefine DIAMID_IDNA_IGNORE
+#cmakedefine DIAMID_IDNA_REJECT
 
 #cmakedefine ERRORS_ON_TODO

libfdproto/CMakeLists.txt

@@ -21 +21 @@
 SET(LFDPROTO_SRC ${LFDPROTO_SRC} PARENT_SCOPE)
 
+# Include path
+INCLUDE_DIRECTORIES(${LFDPROTO_INCLUDES})
+
 # Build as a shared library
 ADD_LIBRARY(libfdproto SHARED ${LFDPROTO_SRC})

libfdproto/ostr.c

@@ -36 +36 @@
 #include "fdproto-internal.h"
 
+#if (!defined(DIAMID_IDNA_IGNORE) && !defined(DIAMID_IDNA_REJECT))
+/* Process IDNA with stringprep -- See RFC5890 -- and libidn documentation... */
+#include <idna.h> /* idna_to_ascii_8z() */
+#endif /* !defined(DIAMID_IDNA_IGNORE) && !defined(DIAMID_IDNA_REJECT) */
+
 /* Similar to strdup with (must be verified) os0_t */
 os0_t os0dup_int(os0_t s, size_t l) {
@@ -89 +94 @@
 int fd_os_is_valid_DiameterIdentity(uint8_t * os, size_t ossz)
 {
+#ifdef DIAMID_IDNA_IGNORE
+        
+        /* Allow anything */
+        
+#else /* DIAMID_IDNA_IGNORE */
+        
         int i;
         
-        /* Allow letters, digits, hyphen, dot */
+        /* Allow only letters, digits, hyphen, dot */
         for (i=0; i < ossz; i++) {
                 if (os[i] > 'z')
@@ -106 +117 @@
         }
         if (i < ossz) {
-                TRACE_DEBUG(INFO, "Invalid character '%c' in DiameterIdentity '%.*s'", os[i], ossz, os);
+                int nb = 1;
+                /* To get a better display, check if the invalid char is UTF-8 */
+                if ((os[i] & 0xE0) == 0xC0 /* 110xxxxx */) {
+                        if ((i < ossz - 1) && ((os[i + 1] & 0xC0) == 0x80 /* 10xxxxxx */))
+                                nb = 2;
+                        goto disp;
+                }
+                if ((os[i] & 0xF0) == 0xE0 /* 1110xxxx */) {
+                        if ((i < ossz - 2) && ((os[i + 1] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 2] & 0xC0) == 0x80 /* 10xxxxxx */))
+                                nb = 3;
+                        goto disp;
+                }
+                if ((os[i] & 0xF8) == 0xF0 /* 11110xxx */) {
+                        if ((i < ossz - 3) && ((os[i + 1] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 2] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 3] & 0xC0) == 0x80 /* 10xxxxxx */))
+                                nb = 4;
+                        goto disp;
+                }
+                if ((os[i] & 0xFC) == 0xF8 /* 111110xx */) {
+                        if ((i < ossz - 4) && ((os[i + 1] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 2] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 3] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 4] & 0xC0) == 0x80 /* 10xxxxxx */))
+                                nb = 5;
+                        goto disp;
+                }
+                if ((os[i] & 0xFE) == 0xFC /* 1111110x */) {
+                        if ((i < ossz - 5) && ((os[i + 1] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 2] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 3] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 4] & 0xC0) == 0x80 /* 10xxxxxx */)
+                                           && ((os[i + 5] & 0xC0) == 0x80 /* 10xxxxxx */))
+                                nb = 6;
+                        goto disp;
+                }
+                /* otherwise, we just display the hex code */
+                TRACE_DEBUG(INFO, "Invalid character (0xhhX) at offset %d in DiameterIdentity '%.*s'", os[i], i+1, ossz, os);
                 return 0;
-        }
+disp:
+                TRACE_DEBUG(INFO, "Invalid character '%.*s' at offset %d in DiameterIdentity '%.*s'", nb, os + i, i+1, ossz, os);
+                return 0;
+        }
+        
+#endif /* DIAMID_IDNA_IGNORE */
+        
         return 1;
 }
@@ -119 +174 @@
         *outsz = strlen(*id);
         
+#ifndef DIAMID_IDNA_IGNORE
+        
         if (!fd_os_is_valid_DiameterIdentity((os0_t)*id, *outsz)) {
-                char buf[HOST_NAME_MAX];
-                
-                TODO("Stringprep in into buf");
-                TRACE_DEBUG(INFO, "The string '%s' is not a valid DiameterIdentity, it was changed to '%s'", *id, buf);
-                TODO("Realloc *id if !memory");
-                /* copy buf */
-                /* update the size */
-                return ENOTSUP;
-        } else {
+        
+#ifdef DIAMID_IDNA_REJECT
+                
+                TRACE_DEBUG(INFO, "The string '%s' is not a valid DiameterIdentity!", *id);
+                TRACE_DEBUG(INFO, "Returning EINVAL since fD is compiled with option DIAMID_IDNA_REJECT.");
+                return EINVAL;
+        
+#else /* DIAMID_IDNA_REJECT */
+        
+                char *processed;
+                int ret;
+                
+                ret = idna_to_ascii_8z ( *id, &processed, IDNA_USE_STD3_ASCII_RULES );
+                if (ret == IDNA_SUCCESS) {
+                        TRACE_DEBUG(INFO, "The string '%s' is not a valid DiameterIdentity, it was changed to '%s'", *id, processed);
+                        if (memory == 0)
+                                free(*id);
+                        *id = processed;
+                        *outsz = strlen(processed);
+                        /* Done! */
+                } else {
+                        TRACE_DEBUG(INFO, "The string '%s' is not a valid DiameterIdentity and cannot be sanitanized: %s", *id, idna_strerror (ret));
+                        return EINVAL;
+                }
+        
+#endif /* DIAMID_IDNA_REJECT */
+        } else
+#endif /* ! DIAMID_IDNA_IGNORE */
+        {
                 if (memory == 1) {
                         CHECK_MALLOC( *id = os0dup(*id, *outsz) );
@@ -135 +212 @@
         return 0;
 }
-
-
 
 

tests/testostr.c

@@ -38 +38 @@
 #define TEST_STR (os0_t)"This is my test string (with extra unused data)"
 
+/* The following string contains UTF-8 encoded characters (Chinese characters) */
+#define TEST_IDN_UTF8  "freeDiameter.中国"
+#define TEST_IDN_CONV  "freeDiameter.xn--fiqs8s"
+
 /* Main test routine */
 int main(int argc, char *argv[])
@@ -67 +71 @@
                 CHECK( hash, fd_os_hash(buf + 1, CONSTSTRLEN(TEST_STR)) );
         }
+        
+        /* Check the Diameter Identity functions */
+        {
+                char * res;
+                size_t len;
+                
+                /* A valid ASCII domain name */
+                res = TEST_IDN_CONV;
+                CHECK( 0, fd_os_validate_DiameterIdentity(&res, &len, 1) );
+                CHECK( 0, strcasecmp(res, TEST_IDN_CONV) ); /* the function does not change a valid DN */
+                CHECK( 0, fd_os_validate_DiameterIdentity(&res, &len, 0) );
+                CHECK( 0, strcasecmp(res, TEST_IDN_CONV) );
+                CHECK( CONSTSTRLEN(TEST_IDN_CONV), len );
+                free(res);
+                
+                /* Now, an invalid string */
+                res = TEST_IDN_UTF8;
+                
+                #ifdef DIAMID_IDNA_IGNORE
+                
+                /* The UTF-8 chars are considered valid */
+                CHECK( 1, fd_os_is_valid_DiameterIdentity((os0_t)TEST_IDN_UTF8, CONSTSTRLEN(TEST_IDN_UTF8) );
+                
+                /* The string should be passed unmodified */
+                CHECK( 0, fd_os_validate_DiameterIdentity(&res, &len, 1) );
+                CHECK( 0, strcasecmp(res, TEST_IDN_UTF8) );
+                CHECK( 0, fd_os_cmp(res, len, TEST_IDN_UTF8, CONSTSTRLEN(TEST_IDN_UTF8)) );
+                CHECK( 0, fd_os_almostcasecmp(res, len, TEST_IDN_UTF8, CONSTSTRLEN(TEST_IDN_UTF8)) );
+                CHECK( 0, fd_os_validate_DiameterIdentity(&res, &len, 0) );
+                CHECK( 0, strcasecmp(res, TEST_IDN_UTF8) );
+                CHECK( CONSTSTRLEN(TEST_IDN_UTF8), len );
+                free(res);
+                
+                #else /* DIAMID_IDNA_IGNORE */
+                
+                /* The UTF-8 chars are recognized as invalid DiameterIdentity */
+                CHECK( 0, fd_os_is_valid_DiameterIdentity((os0_t)TEST_IDN_UTF8, CONSTSTRLEN(TEST_IDN_UTF8) ));
+                
+                # ifdef DIAMID_IDNA_REJECT
+                
+                /* The string must be rejected */
+                CHECK( EINVAL, fd_os_validate_DiameterIdentity(&res, &len, 1) );
+                
+                # else /* DIAMID_IDNA_REJECT */
+                
+                /* The string should be transformed into TEST_IDN_CONV */
+                CHECK( 0, fd_os_validate_DiameterIdentity(&res, &len, 1) );
+                CHECK( 0, strcasecmp(res, TEST_IDN_CONV) );
+                CHECK( CONSTSTRLEN(TEST_IDN_CONV), len );
+                free(res);
+                
+                # endif /* DIAMID_IDNA_REJECT */
+                #endif /* DIAMID_IDNA_IGNORE */
 
+        }
+        
         /* That's all for the tests yet */
         PASSTEST();