1 | |
---|
2 | /** |
---|
3 | ** abac_util.c |
---|
4 | **/ |
---|
5 | |
---|
6 | #include <err.h> |
---|
7 | #include <stdlib.h> |
---|
8 | #include <string.h> |
---|
9 | #include <stdio.h> |
---|
10 | #include <assert.h> |
---|
11 | |
---|
12 | #include "abac_util.h" |
---|
13 | |
---|
14 | static int debug=0; |
---|
15 | |
---|
16 | #define SHA1_LENGTH 40 |
---|
17 | |
---|
18 | |
---|
19 | /** |
---|
20 | * Malloc, fatal on error. |
---|
21 | */ |
---|
22 | void *abac_xmalloc(size_t size) { |
---|
23 | void *ret; |
---|
24 | |
---|
25 | ret = malloc(size); |
---|
26 | if (ret == NULL) |
---|
27 | err(1, "malloc"); |
---|
28 | |
---|
29 | return ret; |
---|
30 | } |
---|
31 | |
---|
32 | void *abac_xrealloc(void *ptr, size_t size) { |
---|
33 | void *ret = realloc(ptr, size); |
---|
34 | if (ret == NULL) |
---|
35 | err(1, "couldn't realloc %d bytes\n", size); |
---|
36 | return ret; |
---|
37 | } |
---|
38 | |
---|
39 | |
---|
40 | /** |
---|
41 | * strdup fatal on error |
---|
42 | */ |
---|
43 | char *abac_xstrdup(char *source) { |
---|
44 | char *ret; |
---|
45 | |
---|
46 | if (source == NULL) { |
---|
47 | if(debug) printf("BAD -> duping null string..\n"); |
---|
48 | return NULL; |
---|
49 | } |
---|
50 | |
---|
51 | ret = strdup(source); |
---|
52 | if (ret == NULL) |
---|
53 | err(1, "strdup"); |
---|
54 | |
---|
55 | return ret; |
---|
56 | } |
---|
57 | |
---|
58 | /* make a brand new string with or without being trimmed */ |
---|
59 | char *abac_trim_quotes(char *string) { |
---|
60 | char *tmp=abac_xstrdup(string); |
---|
61 | int len=strlen(tmp); |
---|
62 | if( (tmp[len-1] == '\'' || tmp[len-1] == '"') && |
---|
63 | (tmp[0] == '\'' || tmp[0] == '"')) { |
---|
64 | tmp[len-1]='\0'; |
---|
65 | char *ntmp=abac_xstrdup(&tmp[1]); |
---|
66 | free(tmp); |
---|
67 | return ntmp; |
---|
68 | } |
---|
69 | return tmp; |
---|
70 | } |
---|
71 | |
---|
72 | /** |
---|
73 | * Split a string based on the given delimiter. |
---|
74 | */ |
---|
75 | void abac_split(char *string, char *delim, char **ret, int *num) { |
---|
76 | int len = strlen(delim); |
---|
77 | char *start = string; |
---|
78 | int count = 0; |
---|
79 | |
---|
80 | // split the string by the delim |
---|
81 | while ((start = strstr(string, delim)) != NULL) { |
---|
82 | *start = 0; |
---|
83 | ret[count++] = string; |
---|
84 | string = start + len; |
---|
85 | } |
---|
86 | ret[count++] = string; |
---|
87 | |
---|
88 | *num = count; |
---|
89 | } |
---|
90 | |
---|
91 | int abac_validate_clean_name(char *string) { |
---|
92 | int i; |
---|
93 | |
---|
94 | assert(string != NULL); |
---|
95 | |
---|
96 | // must start with a letter/number |
---|
97 | if (!isalnum(string[0])) return 0; |
---|
98 | |
---|
99 | // Name must be alphanumeric or - |
---|
100 | for (i = 1; string[i] != '\0'; ++i) |
---|
101 | if (!isalnum(string[i]) && string[i] != '-') |
---|
102 | return 0; |
---|
103 | |
---|
104 | return 1; |
---|
105 | } |
---|
106 | |
---|
107 | /* check up to first ( if its there.. |
---|
108 | a.role(this) |
---|
109 | a.role(?,?Year:[100..200],?Value:[one,two,three]) |
---|
110 | a.role(isi) |
---|
111 | */ |
---|
112 | int abac_validate_clean_aspect_name(char *string) { |
---|
113 | int i; |
---|
114 | |
---|
115 | assert(string != NULL); |
---|
116 | |
---|
117 | // must start with a letter/number |
---|
118 | if (!isalnum(string[0])) return 0; |
---|
119 | |
---|
120 | // Name must be alphanumeric or - or _ up to the ( if there is one |
---|
121 | for (i = 1; string[i] != '\0' && string[i] != '(' ; ++i) |
---|
122 | if (!isalnum(string[i]) && string[i] != '-' && |
---|
123 | string[i] != '_' ) |
---|
124 | return 0; |
---|
125 | return 1; |
---|
126 | } |
---|
127 | |
---|
128 | chunk_t abac_generate_serial() { |
---|
129 | chunk_t serial = chunk_empty; |
---|
130 | |
---|
131 | // create a serial (stolen from strongswan pki) |
---|
132 | rng_t *rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); |
---|
133 | if (!rng) |
---|
134 | errx(1, "no random number generator"); |
---|
135 | |
---|
136 | rng->allocate_bytes(rng, 8, &serial); |
---|
137 | while (serial.ptr[0] == 0) |
---|
138 | // don't get leading 0's |
---|
139 | rng->get_bytes(rng, 1, serial.ptr); |
---|
140 | rng->destroy(rng); |
---|
141 | |
---|
142 | return serial; |
---|
143 | } |
---|
144 | |
---|
145 | // validate a princpal's name |
---|
146 | // makes sure it's a valid SHA1 identifier |
---|
147 | // return values: |
---|
148 | // success: malloc'd copy with all hex digits lowercase |
---|
149 | // fail: NULL |
---|
150 | char *abac_validate_principal(char *keyid) { |
---|
151 | int i; |
---|
152 | char *copy = NULL; |
---|
153 | |
---|
154 | if (strlen(keyid) != SHA1_LENGTH) |
---|
155 | return NULL; |
---|
156 | |
---|
157 | int len = strlen(keyid) + 1; |
---|
158 | copy = abac_xmalloc(len); |
---|
159 | sprintf(copy, "%s", keyid); |
---|
160 | |
---|
161 | i=0; |
---|
162 | for (; i < SHA1_LENGTH; ++i) { |
---|
163 | copy[i] = tolower(copy[i]); |
---|
164 | if (!isxdigit(copy[i])) |
---|
165 | goto error; |
---|
166 | } |
---|
167 | return copy; |
---|
168 | error: |
---|
169 | free(copy); |
---|
170 | return NULL; |
---|
171 | } |
---|
172 | |
---|
173 | // parse&validate the validity |
---|
174 | int abac_validate_validity_string(char *validity_str) |
---|
175 | { |
---|
176 | int validity=0; |
---|
177 | if (validity_str != NULL) { |
---|
178 | char suffix = 'd'; // default suffix is days |
---|
179 | int multiplier; |
---|
180 | |
---|
181 | int len = strlen(validity_str); |
---|
182 | assert(len > 0); |
---|
183 | |
---|
184 | // get the suffix char if it's alphabetical |
---|
185 | if (isalpha(validity_str[len - 1])) { |
---|
186 | suffix = validity_str[len - 1]; |
---|
187 | |
---|
188 | // truncate |
---|
189 | validity_str[len - 1] = '\0'; |
---|
190 | --len; |
---|
191 | |
---|
192 | // make sure it's not only a suffix |
---|
193 | if (len == 0) { |
---|
194 | errx(1,"Invalid validity\n"); |
---|
195 | } |
---|
196 | } |
---|
197 | |
---|
198 | // convert the suffix to a multiplier |
---|
199 | switch(suffix) { |
---|
200 | case 's': multiplier = 1; break; |
---|
201 | case 'm': multiplier = 60; break; |
---|
202 | case 'h': multiplier = 3600; break; |
---|
203 | case 'd': multiplier = 86400; break; |
---|
204 | case 'y': multiplier = 31536000; break; |
---|
205 | default: |
---|
206 | errx(1,"Invalid suffix, must be s m h d y\n"); |
---|
207 | } |
---|
208 | |
---|
209 | // ascii to int |
---|
210 | char *end; |
---|
211 | validity = strtol(validity_str, &end, 10); |
---|
212 | if (end - validity_str < len) { |
---|
213 | errx(1,"Invalid validity\n"); |
---|
214 | } |
---|
215 | |
---|
216 | if (validity <= 0) { |
---|
217 | errx(1,"Invalid validity: must be > 0\n"); |
---|
218 | } |
---|
219 | |
---|
220 | // multiply! |
---|
221 | validity *= multiplier; |
---|
222 | } |
---|
223 | return validity; |
---|
224 | } |
---|
225 | |
---|
226 | |
---|
227 | void abac_errx(int val, const char *string) |
---|
228 | { |
---|
229 | errx(val, "%s", string); |
---|
230 | } |
---|
231 | |
---|