[8bd77b5] | 1 | |
---|
| 2 | /** |
---|
| 3 | ** abac_util.c |
---|
| 4 | **/ |
---|
| 5 | |
---|
[7f25a67f] | 6 | #include <err.h> |
---|
| 7 | #include <stdlib.h> |
---|
| 8 | #include <string.h> |
---|
[7727f26] | 9 | #include <stdio.h> |
---|
[8bd77b5] | 10 | #include <assert.h> |
---|
| 11 | |
---|
| 12 | #include "abac_util.h" |
---|
[7727f26] | 13 | |
---|
| 14 | static int debug=0; |
---|
[7f25a67f] | 15 | |
---|
[8bd77b5] | 16 | #define SHA1_LENGTH 40 |
---|
| 17 | |
---|
| 18 | |
---|
[7f25a67f] | 19 | /** |
---|
| 20 | * Malloc, fatal on error. |
---|
| 21 | */ |
---|
[3c251d0] | 22 | void *abac_xmalloc(size_t size) { |
---|
[7f25a67f] | 23 | void *ret; |
---|
| 24 | |
---|
| 25 | ret = malloc(size); |
---|
| 26 | if (ret == NULL) |
---|
| 27 | err(1, "malloc"); |
---|
| 28 | |
---|
| 29 | return ret; |
---|
| 30 | } |
---|
| 31 | |
---|
[8bd77b5] | 32 | void *abac_xrealloc(void *ptr, size_t size) { |
---|
| 33 | void *ret = realloc(ptr, size); |
---|
| 34 | if (ret == NULL) |
---|
| 35 | err(1, "couldn't realloc %d bytes\n", size); |
---|
| 36 | return ret; |
---|
| 37 | } |
---|
| 38 | |
---|
| 39 | |
---|
[7f25a67f] | 40 | /** |
---|
| 41 | * strdup fatal on error |
---|
| 42 | */ |
---|
[3c251d0] | 43 | char *abac_xstrdup(char *source) { |
---|
[7f25a67f] | 44 | char *ret; |
---|
| 45 | |
---|
[7727f26] | 46 | if (source == NULL) { |
---|
| 47 | if(debug) printf("BAD -> duping null string..\n"); |
---|
[ff3d104] | 48 | return NULL; |
---|
[7727f26] | 49 | } |
---|
[ff3d104] | 50 | |
---|
[7f25a67f] | 51 | ret = strdup(source); |
---|
| 52 | if (ret == NULL) |
---|
| 53 | err(1, "strdup"); |
---|
| 54 | |
---|
| 55 | return ret; |
---|
| 56 | } |
---|
[9a411d7] | 57 | |
---|
[c586a3c] | 58 | /* make a brand new string with or without being trimmed */ |
---|
| 59 | char *abac_trim_quotes(char *string) { |
---|
| 60 | char *tmp=abac_xstrdup(string); |
---|
| 61 | int len=strlen(tmp); |
---|
| 62 | if( (tmp[len-1] == '\'' || tmp[len-1] == '"') && |
---|
| 63 | (tmp[0] == '\'' || tmp[0] == '"')) { |
---|
| 64 | tmp[len-1]='\0'; |
---|
| 65 | char *ntmp=abac_xstrdup(&tmp[1]); |
---|
| 66 | free(tmp); |
---|
| 67 | return ntmp; |
---|
| 68 | } |
---|
| 69 | return tmp; |
---|
| 70 | } |
---|
| 71 | |
---|
[9a411d7] | 72 | /** |
---|
| 73 | * Split a string based on the given delimiter. |
---|
| 74 | */ |
---|
| 75 | void abac_split(char *string, char *delim, char **ret, int *num) { |
---|
| 76 | int len = strlen(delim); |
---|
| 77 | char *start = string; |
---|
| 78 | int count = 0; |
---|
| 79 | |
---|
| 80 | // split the string by the delim |
---|
| 81 | while ((start = strstr(string, delim)) != NULL) { |
---|
| 82 | *start = 0; |
---|
| 83 | ret[count++] = string; |
---|
| 84 | string = start + len; |
---|
| 85 | } |
---|
| 86 | ret[count++] = string; |
---|
| 87 | |
---|
| 88 | *num = count; |
---|
| 89 | } |
---|
[8bd77b5] | 90 | |
---|
| 91 | int abac_validate_clean_name(char *string) { |
---|
| 92 | int i; |
---|
| 93 | |
---|
| 94 | assert(string != NULL); |
---|
| 95 | |
---|
| 96 | // must start with a letter/number |
---|
| 97 | if (!isalnum(string[0])) return 0; |
---|
| 98 | |
---|
| 99 | // Name must be alphanumeric or - |
---|
| 100 | for (i = 1; string[i] != '\0'; ++i) |
---|
| 101 | if (!isalnum(string[i]) && string[i] != '-') |
---|
| 102 | return 0; |
---|
| 103 | |
---|
| 104 | return 1; |
---|
| 105 | } |
---|
| 106 | |
---|
| 107 | /* check up to first ( if its there.. |
---|
| 108 | a.role(this) |
---|
| 109 | a.role(?,?Year:[100..200],?Value:[one,two,three]) |
---|
| 110 | a.role(isi) |
---|
| 111 | */ |
---|
| 112 | int abac_validate_clean_aspect_name(char *string) { |
---|
| 113 | int i; |
---|
| 114 | |
---|
| 115 | assert(string != NULL); |
---|
| 116 | |
---|
| 117 | // must start with a letter/number |
---|
| 118 | if (!isalnum(string[0])) return 0; |
---|
| 119 | |
---|
| 120 | // Name must be alphanumeric or - or _ up to the ( if there is one |
---|
| 121 | for (i = 1; string[i] != '\0' && string[i] != '(' ; ++i) |
---|
| 122 | if (!isalnum(string[i]) && string[i] != '-' && |
---|
| 123 | string[i] != '_' ) |
---|
| 124 | return 0; |
---|
| 125 | return 1; |
---|
| 126 | } |
---|
| 127 | |
---|
| 128 | chunk_t abac_generate_serial() { |
---|
| 129 | chunk_t serial = chunk_empty; |
---|
| 130 | |
---|
| 131 | // create a serial (stolen from strongswan pki) |
---|
| 132 | rng_t *rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); |
---|
| 133 | if (!rng) |
---|
| 134 | errx(1, "no random number generator"); |
---|
| 135 | |
---|
| 136 | rng->allocate_bytes(rng, 8, &serial); |
---|
| 137 | while (serial.ptr[0] == 0) |
---|
| 138 | // don't get leading 0's |
---|
| 139 | rng->get_bytes(rng, 1, serial.ptr); |
---|
| 140 | rng->destroy(rng); |
---|
| 141 | |
---|
| 142 | return serial; |
---|
| 143 | } |
---|
| 144 | |
---|
| 145 | // validate a princpal's name |
---|
| 146 | // makes sure it's a valid SHA1 identifier |
---|
| 147 | // return values: |
---|
| 148 | // success: malloc'd copy with all hex digits lowercase |
---|
| 149 | // fail: NULL |
---|
| 150 | char *abac_validate_principal(char *keyid) { |
---|
| 151 | int i; |
---|
| 152 | char *copy = NULL; |
---|
| 153 | |
---|
| 154 | if (strlen(keyid) != SHA1_LENGTH) |
---|
| 155 | return NULL; |
---|
| 156 | |
---|
| 157 | int len = strlen(keyid) + 1; |
---|
| 158 | copy = abac_xmalloc(len); |
---|
| 159 | sprintf(copy, "%s", keyid); |
---|
| 160 | |
---|
| 161 | i=0; |
---|
| 162 | for (; i < SHA1_LENGTH; ++i) { |
---|
| 163 | copy[i] = tolower(copy[i]); |
---|
| 164 | if (!isxdigit(copy[i])) |
---|
| 165 | goto error; |
---|
| 166 | } |
---|
| 167 | return copy; |
---|
| 168 | error: |
---|
| 169 | free(copy); |
---|
| 170 | return NULL; |
---|
| 171 | } |
---|
| 172 | |
---|
| 173 | // parse&validate the validity |
---|
| 174 | int abac_validate_validity_string(char *validity_str) |
---|
| 175 | { |
---|
| 176 | int validity=0; |
---|
| 177 | if (validity_str != NULL) { |
---|
| 178 | char suffix = 'd'; // default suffix is days |
---|
| 179 | int multiplier; |
---|
| 180 | |
---|
| 181 | int len = strlen(validity_str); |
---|
| 182 | assert(len > 0); |
---|
| 183 | |
---|
| 184 | // get the suffix char if it's alphabetical |
---|
| 185 | if (isalpha(validity_str[len - 1])) { |
---|
| 186 | suffix = validity_str[len - 1]; |
---|
| 187 | |
---|
| 188 | // truncate |
---|
| 189 | validity_str[len - 1] = '\0'; |
---|
| 190 | --len; |
---|
| 191 | |
---|
| 192 | // make sure it's not only a suffix |
---|
| 193 | if (len == 0) { |
---|
| 194 | errx(1,"Invalid validity\n"); |
---|
| 195 | } |
---|
| 196 | } |
---|
| 197 | |
---|
| 198 | // convert the suffix to a multiplier |
---|
| 199 | switch(suffix) { |
---|
| 200 | case 's': multiplier = 1; break; |
---|
| 201 | case 'm': multiplier = 60; break; |
---|
| 202 | case 'h': multiplier = 3600; break; |
---|
| 203 | case 'd': multiplier = 86400; break; |
---|
| 204 | case 'y': multiplier = 31536000; break; |
---|
| 205 | default: |
---|
| 206 | errx(1,"Invalid suffix, must be s m h d y\n"); |
---|
| 207 | } |
---|
| 208 | |
---|
| 209 | // ascii to int |
---|
| 210 | char *end; |
---|
| 211 | validity = strtol(validity_str, &end, 10); |
---|
| 212 | if (end - validity_str < len) { |
---|
| 213 | errx(1,"Invalid validity\n"); |
---|
| 214 | } |
---|
| 215 | |
---|
| 216 | if (validity <= 0) { |
---|
| 217 | errx(1,"Invalid validity: must be > 0\n"); |
---|
| 218 | } |
---|
| 219 | |
---|
| 220 | // multiply! |
---|
| 221 | validity *= multiplier; |
---|
| 222 | } |
---|
| 223 | return validity; |
---|
| 224 | } |
---|
| 225 | |
---|
| 226 | |
---|
[d037f54] | 227 | void abac_errx(int val, const char *string) |
---|
[8bd77b5] | 228 | { |
---|
[13c9479] | 229 | errx(val, "%s", string); |
---|
[8bd77b5] | 230 | } |
---|
| 231 | |
---|