Gitiles
Code Review Sign In
gerrit.opencord.org / freeDiameter-old / 13d9601bf947af3286764506368fc3d04672bfde / . / extensions / app_redirect / ard_rules.c
blob: c7a3861b2b151be998008b262552bf3aebf3c11d [file] [log] [blame]
Brian Waters13d96012017-12-08 16:53:31 -0600[diff] [blame^]1/*********************************************************************************************************
2* Software License Agreement (BSD License) *
3* Author: Sebastien Decugis <sdecugis@freediameter.net> *
4* *
5* Copyright (c) 2013, WIDE Project and NICT *
6* All rights reserved. *
7* *
8* Redistribution and use of this software in source and binary forms, with or without modification, are *
9* permitted provided that the following conditions are met: *
10* *
11* * Redistributions of source code must retain the above *
12* copyright notice, this list of conditions and the *
13* following disclaimer. *
14* *
15* * Redistributions in binary form must reproduce the above *
16* copyright notice, this list of conditions and the *
17* following disclaimer in the documentation and/or other *
18* materials provided with the distribution. *
19* *
20* * Neither the name of the WIDE Project or NICT nor the *
21* names of its contributors may be used to endorse or *
22* promote products derived from this software without *
23* specific prior written permission of WIDE Project and *
24* NICT. *
25* *
26* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
30* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
31* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
33* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
34*********************************************************************************************************/
35
36#include "app_redir.h"
37
38static const char * redir_type_str[] = {
39 "DONT_CACHE",
40 "ALL_SESSION",
41 "ALL_REALM",
42 "REALM_AND_APPLICATION",
43 "ALL_APPLICATION",
44 "ALL_HOST",
45 "ALL_USER"
46};
47
48struct dict_object * avp_Redirect_Host = NULL;
49struct dict_object * avp_Redirect_Host_Usage = NULL;
50struct dict_object * avp_Redirect_Max_Cache_Time = NULL;
51
52
53void ard_rule_dump(struct ard_rule * r)
54{
55 struct fd_list * li;
56 fd_log_debug(" rule @%p: %s, %us", r, redir_type_str[r->type], r->rct);
57 for (li = r->criteria.next; li != &r->criteria; li = li->next) {
58 struct ard_criteria * c = li->o;
59 switch (c->type) {
60 case FROM_ID:
61 fd_log_debug(" Criteria: received from peer %s'%s'", c->is_regex?"REGEX":"", c->s);
62 break;
63 case FROM_REALM:
64 fd_log_debug(" Criteria: received from realm %s'%s'", c->is_regex?"REGEX":"", c->s);
65 break;
66 case APP_ID:
67 fd_log_debug(" Criteria: application id is %u", c->i);
68 break;
69 case AVP_INT:
70 fd_log_debug(" Criteria: contains '%s' AVP with value '%d'", c->avp_info.avp_name, c->i);
71 break;
72 case AVP_STR:
73 fd_log_debug(" Criteria: contains '%s' AVP with value %s'%s'", c->avp_info.avp_name, c->is_regex?"REGEX":"", c->s);
74 break;
75
76 default:
77 fd_log_debug(" Criteria: invalid (%d)!", c->type);
78 }
79 }
80 for (li = r->targets.next; li != &r->targets; li = li->next) {
81 struct ard_target * t = li->o;
82 fd_log_debug(" Redirect to: '%s'", t->s);
83 }
84}
85
86/* Tells if the string in s (is0term or not) matches the string in the criteria (regex or not) */
87static int str_match(struct ard_criteria * c, uint8_t *s, size_t l, int is0term, int * match)
88{
89 TRACE_ENTRY("%p %p %zd %d %p", c, s, l, is0term, match);
90
91 *match = 0;
92
93 if (c->is_regex == 0) {
94 if ( ! fd_os_almostcasesrch(c->s, c->sl, s, l, NULL) )
95 *match = 1;
96 } else {
97 int err;
98#ifdef HAVE_REG_STARTEND
99 regmatch_t pmatch[1];
100 memset(pmatch, 0, sizeof(pmatch));
101 pmatch[0].rm_so = 0;
102 pmatch[0].rm_eo = l;
103 err = regexec(&c->preg, (char *)s, 0, pmatch, REG_STARTEND);
104#else /* HAVE_REG_STARTEND */
105 if (!is0term) {
106 /* We have to create a copy of the string in this case */
107 char *mystrcpy;
108 CHECK_MALLOC( mystrcpy = (char *)os0dup(s, l) );
109 err = regexec(&c->preg, mystrcpy, 0, NULL, 0);
110 free(mystrcpy);
111 } else {
112 err = regexec(&c->preg, (char *)s, 0, NULL, 0);
113 }
114#endif /* HAVE_REG_STARTEND */
115
116 /* Now check the result */
117 if (err == 0) {
118 /* We have a match */
119 *match = 1;
120 } else if (err != REG_NOMATCH) {
121 /* An error occurred */
122 char * buf;
123 size_t bl;
124
125 /* Error while compiling the regex */
126 TRACE_DEBUG(INFO, "Error while executing the regular expression '%s':", c->s);
127
128 /* Get the error message size */
129 bl = regerror(err, &c->preg, NULL, 0);
130
131 /* Alloc the buffer for error message */
132 CHECK_MALLOC( buf = malloc(bl) );
133
134 /* Get the error message content */
135 regerror(err, &c->preg, buf, bl);
136 TRACE_DEBUG(INFO, "\t%s", buf);
137
138 /* Free the buffer, return the error */
139 free(buf);
140 return (err == REG_ESPACE) ? ENOMEM : EINVAL;
141 }
142 }
143 return 0;
144}
145
146/* Search the first matching rule in the config */
147static int find_rule(struct msg * msg, struct ard_rule ** found)
148{
149 struct fd_list * li;
150 struct msg_hdr * mhdr = NULL;
151 struct peer_hdr * phdr = NULL;
152
153 ASSERT(msg && found);
154 *found = NULL;
155
156 /* Get the message's header */
157 CHECK_FCT( fd_msg_hdr(msg, &mhdr) );
158
159 /* Get the message's origin */
160 {
161 DiamId_t id;
162 size_t len;
163 CHECK_FCT( fd_msg_source_get(msg, &id, &len) );
164 CHECK_FCT( fd_peer_getbyid(id, len, 0, &phdr) );
165 }
166
167 /* Now for each rule check if all criteria match */
168 for (li = ard_conf->rules.next; li != &ard_conf->rules; li = li->next) {
169 struct fd_list * lic;
170 struct ard_rule * r = li->o;
171 int is_match = 1;
172
173 for (lic = r->criteria.next; is_match && (lic != &r->criteria); lic = lic->next) {
174 struct ard_criteria * c = lic->o;
175
176 /* Does this criteria match ? */
177 switch (c->type) {
178 case APP_ID:
179 if (c->i != mhdr->msg_appl)
180 is_match = 0;
181 break;
182
183 case FROM_ID:
184 CHECK_FCT( str_match(c, (uint8_t *)phdr->info.pi_diamid, phdr->info.pi_diamidlen, 1, &is_match) );
185 break;
186
187 case FROM_REALM:
188 if (phdr->info.runtime.pir_realm) {
189 CHECK_FCT( str_match(c, (uint8_t *)phdr->info.runtime.pir_realm, phdr->info.runtime.pir_realmlen, 1, &is_match) );
190 } else {
191 /* since we don't have the realm it was received from, assume it does not match */
192 TRACE_DEBUG(INFO, "Missing realm info for peer '%s', skipping rule %p", phdr->info.pi_diamid, r);
193 is_match = 0;
194 }
195 break;
196
197 case AVP_INT:
198 case AVP_STR:
199 /* We have to search the whole message for the matching AVP */
200 {
201 is_match = 0;
202 struct avp * avp = NULL;
203 CHECK_FCT( fd_msg_browse(msg, MSG_BRW_FIRST_CHILD, &avp, NULL) );
204 while (avp && !is_match) {
205 struct avp_hdr * ahdr = NULL;
206 CHECK_FCT( fd_msg_avp_hdr(avp, &ahdr) );
207
208 if ( (ahdr->avp_code == c->avp_info.avp_code)
209 && (ahdr->avp_vendor == c->avp_info.avp_vendor) ) /* always 0 if no V flag */
210 {
211 /* dict-parse this AVP to ensure it has a value */
212 CHECK_FCT( fd_msg_parse_dict( avp, fd_g_config->cnf_dict, NULL ) );
213
214 /* Now check if the value matches our criteria */
215 if (c->type == AVP_INT) {
216 if (ahdr->avp_value->u32 == c->i)
217 is_match = 1;
218 } else {
219 /* it is AVP_STR */
220 CHECK_FCT( str_match(c, ahdr->avp_value->os.data, ahdr->avp_value->os.len, 0, &is_match) );
221 }
222
223 if (is_match)
224 break;
225 }
226
227 /* go to next */
228 CHECK_FCT( fd_msg_browse(avp, MSG_BRW_NEXT, &avp, NULL) );
229 }
230
231 }
232
233 break;
234
235 }
236 }
237
238 if (is_match) {
239 /* We found the first rule that matches for this message */
240 *found = r;
241 break;
242 }
243 }
244
245 return 0;
246}
247
248/* The forward callback */
249int ard_rule_apply(void * cbdata, struct msg ** msg)
250{
251 struct ard_rule * rule = NULL;
252
253 TRACE_ENTRY("%p %p", cbdata, msg);
254 CHECK_PARAMS(msg && *msg);
255
256 /* First, check if we have a rule that applies to this message */
257 CHECK_FCT( find_rule(*msg, &rule) );
258
259 if (rule) {
260 struct avp * avp;
261 union avp_value val;
262 struct fd_list * li;
263
264 /* We have to reply a Redirect message in this case */
265 CHECK_FCT( fd_msg_new_answer_from_req(fd_g_config->cnf_dict, msg, MSGFL_ANSW_ERROR) );
266
267 CHECK_FCT( fd_msg_rescode_set( *msg, "DIAMETER_REDIRECT_INDICATION", NULL, NULL, 1 ) );
268
269 /* Now add the Redirect-* AVPs */
270 CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host_Usage, 0, &avp ) );
271 val.u32 = rule->type;
272 CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
273 CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
274
275 if (rule->type) {
276 CHECK_FCT( fd_msg_avp_new( avp_Redirect_Max_Cache_Time, 0, &avp ) );
277 val.u32 = rule->rct ?: ard_conf->default_rct;
278 CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
279 CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
280 }
281
282 for (li = rule->targets.next; li != &rule->targets; li = li->next) {
283 struct ard_target * t = li->o;
284
285 CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host, 0, &avp ) );
286 val.os.data = t->s;
287 val.os.len = t->l;
288 CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
289 CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
290 }
291
292 /* Send this answer */
293 CHECK_FCT( fd_msg_send( msg, NULL, NULL) );
294 }
295
296 return 0;
297}
298