From: pcarana Date: Sat, 13 Apr 2019 00:10:36 +0000 (-0500) Subject: Store SLURM data in memory, add doc to base64url_decode X-Git-Tag: v0.0.2~49^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce390912ba67d7b0efd32cdcf0be2edb7b38fb9a;p=thirdparty%2FFORT-validator.git Store SLURM data in memory, add doc to base64url_decode --- diff --git a/src/Makefile.am b/src/Makefile.am index 7041508c..003cf0ff 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -13,6 +13,7 @@ rtr_server_SOURCES += csv.c csv.h rtr_server_SOURCES += json_parser.c json_parser.h rtr_server_SOURCES += line_file.c line_file.h rtr_server_SOURCES += notify.c notify.h +rtr_server_SOURCES += slurm_db.c slurm_db.h rtr_server_SOURCES += slurm_loader.c slurm_loader.h rtr_server_SOURCES += slurm_parser.c slurm_parser.h rtr_server_SOURCES += updates_daemon.c updates_daemon.h diff --git a/src/crypto/base64.c b/src/crypto/base64.c index 7e893fc3..0ce85f23 100644 --- a/src/crypto/base64.c +++ b/src/crypto/base64.c @@ -125,6 +125,13 @@ end: return error ? error_ul2i(error) : 0; } +/* + * Decode a base64 encoded string (@str_encoded), the decoded value is + * allocated at @result with a length of @result_len. + * + * Return 0 on success, or the error code if something went wrong. Don't forget + * to free @result after a successful decoding. + */ int base64url_decode(char const *str_encoded, unsigned char **result, size_t *result_len) diff --git a/src/slurm_db.c b/src/slurm_db.c new file mode 100644 index 00000000..0d65122a --- /dev/null +++ b/src/slurm_db.c @@ -0,0 +1,158 @@ +#include "slurm_db.h" + +#include +#include "array_list.h" + +ARRAY_LIST(al_filter_prefix, struct slurm_prefix) +ARRAY_LIST(al_assertion_prefix, struct slurm_prefix) +ARRAY_LIST(al_filter_bgpsec, struct slurm_bgpsec) +ARRAY_LIST(al_assertion_bgpsec, struct slurm_bgpsec) + +struct arraylist_db { + struct al_filter_prefix filter_pfx_al; + struct al_assertion_prefix assertion_pfx_al; + struct al_filter_bgpsec filter_bgps_al; + struct al_assertion_bgpsec assertion_bgps_al; +} array_lists_db; + +int +slurm_db_init(void) +{ + al_filter_prefix_init(&array_lists_db.filter_pfx_al); + al_assertion_prefix_init(&array_lists_db.assertion_pfx_al); + al_filter_bgpsec_init(&array_lists_db.filter_bgps_al); + al_assertion_bgpsec_init(&array_lists_db.assertion_bgps_al); + + return 0; +} + +int +slurm_db_add_prefix_filter(struct slurm_prefix *prefix) +{ + /* TODO check for exact duplicates and overwritten rules */ + return al_filter_prefix_add(&array_lists_db.filter_pfx_al, prefix); +} + +int +slurm_db_add_prefix_assertion(struct slurm_prefix *prefix) +{ + /* TODO check for exact duplicates and overwritten rules */ + return al_assertion_prefix_add(&array_lists_db.assertion_pfx_al, + prefix); +} + +int +slurm_db_add_bgpsec_filter(struct slurm_bgpsec *bgpsec) +{ + /* TODO check for exact duplicates and overwritten rules */ + return al_filter_bgpsec_add(&array_lists_db.filter_bgps_al, bgpsec); +} + +int +slurm_db_add_bgpsec_assertion(struct slurm_bgpsec *bgpsec) +{ + /* TODO check for exact duplicates and overwritten rules */ + return al_assertion_bgpsec_add(&array_lists_db.assertion_bgps_al, + bgpsec); +} + +static void +clean_slurm_prefix(struct slurm_prefix *prefix) +{ + if ((prefix->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + free((void *)prefix->comment); +} + +static void +clean_slurm_bgpsec(struct slurm_bgpsec *bgpsec) +{ + if ((bgpsec->data_flag & SLURM_BGPS_FLAG_SKI) > 0) + free(bgpsec->ski); + if ((bgpsec->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) + free(bgpsec->router_public_key); + if ((bgpsec->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + free((void *)bgpsec->comment); +} + +void +slurm_db_cleanup(void) +{ + /* TODO TEST DEBUG */ + struct slurm_prefix *p; + struct slurm_bgpsec *b; + ARRAYLIST_FOREACH(&array_lists_db.filter_pfx_al, p) { + warnx("SLURM Prefix Filter:"); + if ((p->data_flag & SLURM_COM_FLAG_ASN) > 0) + warnx("-->ASN: %u", p->asn); + if ((p->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + warnx("-->Comment: %s", p->comment); + if ((p->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) { + warnx("-->Addr fam: %u", p->addr_fam); + warnx("-->Prefix len: %u", p->prefix_length); + } + } + + ARRAYLIST_FOREACH(&array_lists_db.filter_bgps_al, b) { + warnx("SLURM BGPsec Filter:"); + if ((b->data_flag & SLURM_COM_FLAG_ASN) > 0) + warnx("-->ASN: %u", b->asn); + if ((b->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + warnx("-->Comment: %s", b->comment); + if ((b->data_flag & SLURM_BGPS_FLAG_SKI) > 0) { + warnx("-->SKI:"); + int i = 0; + for (; i < b->ski_len; i++) + warnx("---->[%d] = %02X", i, b->ski[i]); + } + if ((b->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) { + warnx("-->SPKI:"); + int i = 0; + for (; i < b->router_public_key_len; i++) + warnx("---->[%d] = %02X", i, + b->router_public_key[i]); + } + } + + ARRAYLIST_FOREACH(&array_lists_db.assertion_pfx_al, p) { + warnx("SLURM Prefix Assertion:"); + if ((p->data_flag & SLURM_COM_FLAG_ASN) > 0) + warnx("-->ASN: %u", p->asn); + if ((p->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + warnx("-->Comment: %s", p->comment); + if ((p->data_flag & SLURM_PFX_FLAG_PREFIX) > 0) { + warnx("-->Addr fam: %u", p->addr_fam); + warnx("-->Prefix len: %u", p->prefix_length); + } + } + + ARRAYLIST_FOREACH(&array_lists_db.assertion_bgps_al, b) { + warnx("SLURM BGPsec Assertion:"); + if ((b->data_flag & SLURM_COM_FLAG_ASN) > 0) + warnx("-->ASN: %u", b->asn); + if ((b->data_flag & SLURM_COM_FLAG_COMMENT) > 0) + warnx("-->Comment: %s", b->comment); + if ((b->data_flag & SLURM_BGPS_FLAG_SKI) > 0) { + warnx("-->SKI:"); + int i = 0; + for (; i < b->ski_len; i++) + warnx("---->[%d] = %02X", i, b->ski[i]); + } + if ((b->data_flag & SLURM_BGPS_FLAG_ROUTER_KEY) > 0) { + warnx("-->SPKI:"); + int i = 0; + for (; i < b->router_public_key_len; i++) + warnx("---->[%d] = %02X", i, + b->router_public_key[i]); + } + } + warnx("**Deleting SLURM DB now**"); + + al_filter_prefix_cleanup(&array_lists_db.filter_pfx_al, + clean_slurm_prefix); + al_filter_bgpsec_cleanup(&array_lists_db.filter_bgps_al, + clean_slurm_bgpsec); + al_assertion_prefix_cleanup(&array_lists_db.assertion_pfx_al, + clean_slurm_prefix); + al_assertion_bgpsec_cleanup(&array_lists_db.assertion_bgps_al, + clean_slurm_bgpsec); +} diff --git a/src/slurm_db.h b/src/slurm_db.h new file mode 100644 index 00000000..2e090a56 --- /dev/null +++ b/src/slurm_db.h @@ -0,0 +1,32 @@ +#ifndef SRC_SLURM_DB_H_ +#define SRC_SLURM_DB_H_ + +#include "slurm_parser.h" + +struct slurm_prefix_list { + struct slurm_prefix *list; + unsigned int len; +}; + +struct slurm_bgpsec_list { + struct slurm_bgpsec *list; + unsigned int len; +}; + +struct slurm_db { + struct slurm_prefix_list prefix_filters; + struct slurm_bgpsec_list bgpsec_filters; + struct slurm_prefix_list prefix_assertions; + struct slurm_bgpsec_list bgpsec_assertions; +}; + +int slurm_db_init(void); + +int slurm_db_add_prefix_filter(struct slurm_prefix *); +int slurm_db_add_prefix_assertion(struct slurm_prefix *); +int slurm_db_add_bgpsec_filter(struct slurm_bgpsec *); +int slurm_db_add_bgpsec_assertion(struct slurm_bgpsec *); + +void slurm_db_cleanup(void); + +#endif /* SRC_SLURM_DB_H_ */ diff --git a/src/slurm_loader.c b/src/slurm_loader.c index 6a56fac6..f409d379 100644 --- a/src/slurm_loader.c +++ b/src/slurm_loader.c @@ -7,6 +7,7 @@ #include #include "configuration.h" +#include "slurm_db.h" #include "slurm_parser.h" #define SLURM_FILE_EXTENSION ".slurm" @@ -63,13 +64,16 @@ slurm_load(void) if (slurm_dir == NULL) return 0; + error = slurm_db_init(); + if (error) + return error; + dir_loc = opendir(slurm_dir); if (dir_loc == NULL) { warn("Couldn't open dir %s", slurm_dir); return -errno; } - error = 0; errno = 0; while ((dir_ent = readdir(dir_loc)) != NULL) { error = single_slurm_load(slurm_dir, dir_ent->d_name); @@ -89,5 +93,7 @@ end: void slurm_cleanup(void) { - /* TODO Nothing for now */ + /* Only if the SLURM was configured */ + if (config_get_slurm_location() != NULL) + slurm_db_cleanup(); } diff --git a/src/slurm_parser.c b/src/slurm_parser.c index 85665f95..d88087f6 100644 --- a/src/slurm_parser.c +++ b/src/slurm_parser.c @@ -7,9 +7,10 @@ #include #include -#include "address.h" #include "crypto/base64.h" +#include "address.h" #include "json_parser.h" +#include "slurm_db.h" /* JSON members */ #define SLURM_VERSION "slurmVersion" @@ -34,29 +35,6 @@ return -EINVAL; \ } -struct slurm_prefix { - u_int8_t data_flag; - u_int32_t asn; - union { - struct in_addr ipv4_prefix; - struct in6_addr ipv6_prefix; - }; - u_int8_t prefix_length; - u_int8_t max_prefix_length; - u_int8_t addr_fam; - char const *comment; -}; - -struct slurm_bgpsec { - u_int8_t data_flag; - u_int32_t asn; - unsigned char *ski; - size_t ski_len; - unsigned char *routerPublicKey; - size_t routerPublicKey_len; - char const *comment; -}; - static int handle_json(json_t *); int @@ -143,14 +121,18 @@ set_asn(json_t *object, bool is_assertion, u_int32_t *result, static int set_comment(json_t *object, char const **comment, u_int8_t *flag) { + char const *tmp; int error; - error = json_get_string(object, COMMENT, comment); + error = json_get_string(object, COMMENT, &tmp); if (error) return error; - if (*comment != NULL) - *flag = *flag | SLURM_COM_FLAG_COMMENT; + if (tmp == NULL) + return 0; + + *comment = strdup(tmp); + *flag = *flag | SLURM_COM_FLAG_COMMENT; return 0; } @@ -313,12 +295,10 @@ set_ski(json_t *object, bool is_assertion, struct slurm_bgpsec *result) if (error) return error; - /* TODO persist, free later */ - free(result->ski); - /* Validate that's at least 20 octects long */ if (result->ski_len != 20) { warnx("The decoded SKI must be 20 octets long"); + free(result->ski); return -EINVAL; } @@ -352,8 +332,8 @@ set_router_pub_key(json_t *object, bool is_assertion, return error; /* TODO The public key may contain NULL chars as part of the string */ - error = base64url_decode(str_encoded, &result->routerPublicKey, - &result->routerPublicKey_len); + error = base64url_decode(str_encoded, &result->router_public_key, + &result->router_public_key_len); if (error) return error; @@ -370,13 +350,11 @@ set_router_pub_key(json_t *object, bool is_assertion, * #include * #include "asn1/decode.h" * struct SubjectPublicKeyInfo *router_pki; - * error = asn1_decode(result->routerPublicKey, result->routerPublicKey_len, - * &asn_DEF_SubjectPublicKeyInfo, (void **) &router_pki); + * error = asn1_decode(result->router_public_key, + * result->router_public_key_len, &asn_DEF_SubjectPublicKeyInfo, + * (void **) &router_pki); */ - /* TODO persist, free later */ - free(result->routerPublicKey); - result->data_flag = result->data_flag | SLURM_BGPS_FLAG_ROUTER_KEY; return 0; } @@ -418,7 +396,12 @@ load_single_prefix(json_t *object, bool is_assertion) return -EINVAL; } - /* TODO Loaded! Now persist it... */ + /* Loaded! Now persist it */ + if (is_assertion) + slurm_db_add_prefix_assertion(&result); + else + slurm_db_add_prefix_filter(&result); + return 0; } @@ -464,13 +447,27 @@ load_single_bgpsec(json_t *object, bool is_assertion) error = set_router_pub_key(object, is_assertion, &result); if (error) - return error; + goto release_ski; error = set_comment(object, &result.comment, &result.data_flag); if (error) - return error; + goto release_router_key; + + /* Loaded! Now persist it */ + if (is_assertion) + error = slurm_db_add_bgpsec_assertion(&result); + else + error = slurm_db_add_bgpsec_filter(&result); + if (error) + goto release_router_key; return 0; + +release_router_key: + free(result.router_public_key); +release_ski: + free(result.ski); + return error; } static int diff --git a/src/slurm_parser.h b/src/slurm_parser.h index 290d5543..2c1c965a 100644 --- a/src/slurm_parser.h +++ b/src/slurm_parser.h @@ -1,6 +1,8 @@ #ifndef SRC_SLURM_PARSER_H_ #define SRC_SLURM_PARSER_H_ +#include + /* Flags to get data from structs */ #define SLURM_COM_FLAG_NONE 0x00 #define SLURM_COM_FLAG_ASN 0x01 @@ -12,6 +14,29 @@ #define SLURM_BGPS_FLAG_SKI 0x04 #define SLURM_BGPS_FLAG_ROUTER_KEY 0x08 +struct slurm_prefix { + u_int8_t data_flag; + u_int32_t asn; + union { + struct in_addr ipv4_prefix; + struct in6_addr ipv6_prefix; + }; + u_int8_t prefix_length; + u_int8_t max_prefix_length; + u_int8_t addr_fam; + char const *comment; +}; + +struct slurm_bgpsec { + u_int8_t data_flag; + u_int32_t asn; + unsigned char *ski; + size_t ski_len; + unsigned char *router_public_key; + size_t router_public_key_len; + char const *comment; +}; + int slurm_parse(char const *);