Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame^] | 1 | /********************************************************************************************************* |
| 2 | * Software License Agreement (BSD License) * |
| 3 | * Author: Sebastien Decugis <sdecugis@freediameter.net> * |
| 4 | * * |
| 5 | * Copyright (c) 2013, WIDE Project and NICT * |
| 6 | * All rights reserved. * |
| 7 | * * |
| 8 | * Redistribution and use of this software in source and binary forms, with or without modification, are * |
| 9 | * permitted provided that the following conditions are met: * |
| 10 | * * |
| 11 | * * Redistributions of source code must retain the above * |
| 12 | * copyright notice, this list of conditions and the * |
| 13 | * following disclaimer. * |
| 14 | * * |
| 15 | * * Redistributions in binary form must reproduce the above * |
| 16 | * copyright notice, this list of conditions and the * |
| 17 | * following disclaimer in the documentation and/or other * |
| 18 | * materials provided with the distribution. * |
| 19 | * * |
| 20 | * * Neither the name of the WIDE Project or NICT nor the * |
| 21 | * names of its contributors may be used to endorse or * |
| 22 | * promote products derived from this software without * |
| 23 | * specific prior written permission of WIDE Project and * |
| 24 | * NICT. * |
| 25 | * * |
| 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
| 27 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
| 28 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
| 29 | * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
| 30 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
| 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
| 32 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
| 33 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
| 34 | *********************************************************************************************************/ |
| 35 | |
| 36 | #include "app_redir.h" |
| 37 | |
| 38 | static const char * redir_type_str[] = { |
| 39 | "DONT_CACHE", |
| 40 | "ALL_SESSION", |
| 41 | "ALL_REALM", |
| 42 | "REALM_AND_APPLICATION", |
| 43 | "ALL_APPLICATION", |
| 44 | "ALL_HOST", |
| 45 | "ALL_USER" |
| 46 | }; |
| 47 | |
| 48 | struct dict_object * avp_Redirect_Host = NULL; |
| 49 | struct dict_object * avp_Redirect_Host_Usage = NULL; |
| 50 | struct dict_object * avp_Redirect_Max_Cache_Time = NULL; |
| 51 | |
| 52 | |
| 53 | void ard_rule_dump(struct ard_rule * r) |
| 54 | { |
| 55 | struct fd_list * li; |
| 56 | fd_log_debug(" rule @%p: %s, %us", r, redir_type_str[r->type], r->rct); |
| 57 | for (li = r->criteria.next; li != &r->criteria; li = li->next) { |
| 58 | struct ard_criteria * c = li->o; |
| 59 | switch (c->type) { |
| 60 | case FROM_ID: |
| 61 | fd_log_debug(" Criteria: received from peer %s'%s'", c->is_regex?"REGEX":"", c->s); |
| 62 | break; |
| 63 | case FROM_REALM: |
| 64 | fd_log_debug(" Criteria: received from realm %s'%s'", c->is_regex?"REGEX":"", c->s); |
| 65 | break; |
| 66 | case APP_ID: |
| 67 | fd_log_debug(" Criteria: application id is %u", c->i); |
| 68 | break; |
| 69 | case AVP_INT: |
| 70 | fd_log_debug(" Criteria: contains '%s' AVP with value '%d'", c->avp_info.avp_name, c->i); |
| 71 | break; |
| 72 | case AVP_STR: |
| 73 | fd_log_debug(" Criteria: contains '%s' AVP with value %s'%s'", c->avp_info.avp_name, c->is_regex?"REGEX":"", c->s); |
| 74 | break; |
| 75 | |
| 76 | default: |
| 77 | fd_log_debug(" Criteria: invalid (%d)!", c->type); |
| 78 | } |
| 79 | } |
| 80 | for (li = r->targets.next; li != &r->targets; li = li->next) { |
| 81 | struct ard_target * t = li->o; |
| 82 | fd_log_debug(" Redirect to: '%s'", t->s); |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | /* Tells if the string in s (is0term or not) matches the string in the criteria (regex or not) */ |
| 87 | static int str_match(struct ard_criteria * c, uint8_t *s, size_t l, int is0term, int * match) |
| 88 | { |
| 89 | TRACE_ENTRY("%p %p %zd %d %p", c, s, l, is0term, match); |
| 90 | |
| 91 | *match = 0; |
| 92 | |
| 93 | if (c->is_regex == 0) { |
| 94 | if ( ! fd_os_almostcasesrch(c->s, c->sl, s, l, NULL) ) |
| 95 | *match = 1; |
| 96 | } else { |
| 97 | int err; |
| 98 | #ifdef HAVE_REG_STARTEND |
| 99 | regmatch_t pmatch[1]; |
| 100 | memset(pmatch, 0, sizeof(pmatch)); |
| 101 | pmatch[0].rm_so = 0; |
| 102 | pmatch[0].rm_eo = l; |
| 103 | err = regexec(&c->preg, (char *)s, 0, pmatch, REG_STARTEND); |
| 104 | #else /* HAVE_REG_STARTEND */ |
| 105 | if (!is0term) { |
| 106 | /* We have to create a copy of the string in this case */ |
| 107 | char *mystrcpy; |
| 108 | CHECK_MALLOC( mystrcpy = (char *)os0dup(s, l) ); |
| 109 | err = regexec(&c->preg, mystrcpy, 0, NULL, 0); |
| 110 | free(mystrcpy); |
| 111 | } else { |
| 112 | err = regexec(&c->preg, (char *)s, 0, NULL, 0); |
| 113 | } |
| 114 | #endif /* HAVE_REG_STARTEND */ |
| 115 | |
| 116 | /* Now check the result */ |
| 117 | if (err == 0) { |
| 118 | /* We have a match */ |
| 119 | *match = 1; |
| 120 | } else if (err != REG_NOMATCH) { |
| 121 | /* An error occurred */ |
| 122 | char * buf; |
| 123 | size_t bl; |
| 124 | |
| 125 | /* Error while compiling the regex */ |
| 126 | TRACE_DEBUG(INFO, "Error while executing the regular expression '%s':", c->s); |
| 127 | |
| 128 | /* Get the error message size */ |
| 129 | bl = regerror(err, &c->preg, NULL, 0); |
| 130 | |
| 131 | /* Alloc the buffer for error message */ |
| 132 | CHECK_MALLOC( buf = malloc(bl) ); |
| 133 | |
| 134 | /* Get the error message content */ |
| 135 | regerror(err, &c->preg, buf, bl); |
| 136 | TRACE_DEBUG(INFO, "\t%s", buf); |
| 137 | |
| 138 | /* Free the buffer, return the error */ |
| 139 | free(buf); |
| 140 | return (err == REG_ESPACE) ? ENOMEM : EINVAL; |
| 141 | } |
| 142 | } |
| 143 | return 0; |
| 144 | } |
| 145 | |
| 146 | /* Search the first matching rule in the config */ |
| 147 | static int find_rule(struct msg * msg, struct ard_rule ** found) |
| 148 | { |
| 149 | struct fd_list * li; |
| 150 | struct msg_hdr * mhdr = NULL; |
| 151 | struct peer_hdr * phdr = NULL; |
| 152 | |
| 153 | ASSERT(msg && found); |
| 154 | *found = NULL; |
| 155 | |
| 156 | /* Get the message's header */ |
| 157 | CHECK_FCT( fd_msg_hdr(msg, &mhdr) ); |
| 158 | |
| 159 | /* Get the message's origin */ |
| 160 | { |
| 161 | DiamId_t id; |
| 162 | size_t len; |
| 163 | CHECK_FCT( fd_msg_source_get(msg, &id, &len) ); |
| 164 | CHECK_FCT( fd_peer_getbyid(id, len, 0, &phdr) ); |
| 165 | } |
| 166 | |
| 167 | /* Now for each rule check if all criteria match */ |
| 168 | for (li = ard_conf->rules.next; li != &ard_conf->rules; li = li->next) { |
| 169 | struct fd_list * lic; |
| 170 | struct ard_rule * r = li->o; |
| 171 | int is_match = 1; |
| 172 | |
| 173 | for (lic = r->criteria.next; is_match && (lic != &r->criteria); lic = lic->next) { |
| 174 | struct ard_criteria * c = lic->o; |
| 175 | |
| 176 | /* Does this criteria match ? */ |
| 177 | switch (c->type) { |
| 178 | case APP_ID: |
| 179 | if (c->i != mhdr->msg_appl) |
| 180 | is_match = 0; |
| 181 | break; |
| 182 | |
| 183 | case FROM_ID: |
| 184 | CHECK_FCT( str_match(c, (uint8_t *)phdr->info.pi_diamid, phdr->info.pi_diamidlen, 1, &is_match) ); |
| 185 | break; |
| 186 | |
| 187 | case FROM_REALM: |
| 188 | if (phdr->info.runtime.pir_realm) { |
| 189 | CHECK_FCT( str_match(c, (uint8_t *)phdr->info.runtime.pir_realm, phdr->info.runtime.pir_realmlen, 1, &is_match) ); |
| 190 | } else { |
| 191 | /* since we don't have the realm it was received from, assume it does not match */ |
| 192 | TRACE_DEBUG(INFO, "Missing realm info for peer '%s', skipping rule %p", phdr->info.pi_diamid, r); |
| 193 | is_match = 0; |
| 194 | } |
| 195 | break; |
| 196 | |
| 197 | case AVP_INT: |
| 198 | case AVP_STR: |
| 199 | /* We have to search the whole message for the matching AVP */ |
| 200 | { |
| 201 | is_match = 0; |
| 202 | struct avp * avp = NULL; |
| 203 | CHECK_FCT( fd_msg_browse(msg, MSG_BRW_FIRST_CHILD, &avp, NULL) ); |
| 204 | while (avp && !is_match) { |
| 205 | struct avp_hdr * ahdr = NULL; |
| 206 | CHECK_FCT( fd_msg_avp_hdr(avp, &ahdr) ); |
| 207 | |
| 208 | if ( (ahdr->avp_code == c->avp_info.avp_code) |
| 209 | && (ahdr->avp_vendor == c->avp_info.avp_vendor) ) /* always 0 if no V flag */ |
| 210 | { |
| 211 | /* dict-parse this AVP to ensure it has a value */ |
| 212 | CHECK_FCT( fd_msg_parse_dict( avp, fd_g_config->cnf_dict, NULL ) ); |
| 213 | |
| 214 | /* Now check if the value matches our criteria */ |
| 215 | if (c->type == AVP_INT) { |
| 216 | if (ahdr->avp_value->u32 == c->i) |
| 217 | is_match = 1; |
| 218 | } else { |
| 219 | /* it is AVP_STR */ |
| 220 | CHECK_FCT( str_match(c, ahdr->avp_value->os.data, ahdr->avp_value->os.len, 0, &is_match) ); |
| 221 | } |
| 222 | |
| 223 | if (is_match) |
| 224 | break; |
| 225 | } |
| 226 | |
| 227 | /* go to next */ |
| 228 | CHECK_FCT( fd_msg_browse(avp, MSG_BRW_NEXT, &avp, NULL) ); |
| 229 | } |
| 230 | |
| 231 | } |
| 232 | |
| 233 | break; |
| 234 | |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | if (is_match) { |
| 239 | /* We found the first rule that matches for this message */ |
| 240 | *found = r; |
| 241 | break; |
| 242 | } |
| 243 | } |
| 244 | |
| 245 | return 0; |
| 246 | } |
| 247 | |
| 248 | /* The forward callback */ |
| 249 | int ard_rule_apply(void * cbdata, struct msg ** msg) |
| 250 | { |
| 251 | struct ard_rule * rule = NULL; |
| 252 | |
| 253 | TRACE_ENTRY("%p %p", cbdata, msg); |
| 254 | CHECK_PARAMS(msg && *msg); |
| 255 | |
| 256 | /* First, check if we have a rule that applies to this message */ |
| 257 | CHECK_FCT( find_rule(*msg, &rule) ); |
| 258 | |
| 259 | if (rule) { |
| 260 | struct avp * avp; |
| 261 | union avp_value val; |
| 262 | struct fd_list * li; |
| 263 | |
| 264 | /* We have to reply a Redirect message in this case */ |
| 265 | CHECK_FCT( fd_msg_new_answer_from_req(fd_g_config->cnf_dict, msg, MSGFL_ANSW_ERROR) ); |
| 266 | |
| 267 | CHECK_FCT( fd_msg_rescode_set( *msg, "DIAMETER_REDIRECT_INDICATION", NULL, NULL, 1 ) ); |
| 268 | |
| 269 | /* Now add the Redirect-* AVPs */ |
| 270 | CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host_Usage, 0, &avp ) ); |
| 271 | val.u32 = rule->type; |
| 272 | CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) ); |
| 273 | CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) ); |
| 274 | |
| 275 | if (rule->type) { |
| 276 | CHECK_FCT( fd_msg_avp_new( avp_Redirect_Max_Cache_Time, 0, &avp ) ); |
| 277 | val.u32 = rule->rct ?: ard_conf->default_rct; |
| 278 | CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) ); |
| 279 | CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) ); |
| 280 | } |
| 281 | |
| 282 | for (li = rule->targets.next; li != &rule->targets; li = li->next) { |
| 283 | struct ard_target * t = li->o; |
| 284 | |
| 285 | CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host, 0, &avp ) ); |
| 286 | val.os.data = t->s; |
| 287 | val.os.len = t->l; |
| 288 | CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) ); |
| 289 | CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) ); |
| 290 | } |
| 291 | |
| 292 | /* Send this answer */ |
| 293 | CHECK_FCT( fd_msg_send( msg, NULL, NULL) ); |
| 294 | } |
| 295 | |
| 296 | return 0; |
| 297 | } |
| 298 | |