diff options
author | Sumit Bose <sbose@redhat.com> | 2010-12-07 11:30:31 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-08 15:22:32 -0500 |
commit | 1ce240367a2144500187ccd3c0d32c975d8d346a (patch) | |
tree | 76699fd91dd41b232dba9fd33431fbd45371a2a9 /src/providers | |
parent | 890db77ce114fa416838f363fe2b8627ff9087e0 (diff) | |
download | sssd-1ce240367a2144500187ccd3c0d32c975d8d346a.tar.gz sssd-1ce240367a2144500187ccd3c0d32c975d8d346a.tar.bz2 sssd-1ce240367a2144500187ccd3c0d32c975d8d346a.zip |
Bye, bye, ipa_timerules
It was decided that IPA HBAC will move to a different format to specify
time ranges in access control rules. The evaluation based on the old
format is not needed anymore.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_timerules.c | 1187 | ||||
-rw-r--r-- | src/providers/ipa/ipa_timerules.h | 56 |
2 files changed, 0 insertions, 1243 deletions
diff --git a/src/providers/ipa/ipa_timerules.c b/src/providers/ipa/ipa_timerules.c deleted file mode 100644 index 857107df..00000000 --- a/src/providers/ipa/ipa_timerules.c +++ /dev/null @@ -1,1187 +0,0 @@ -/* - SSSD - - IPA Provider Time Rules Parsing - - Authors: - Jakub Hrozek <jhrozek@redhat.com> - - Copyright (C) Red Hat, Inc 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#define _XOPEN_SOURCE /* strptime() needs this */ - -#include <pcre.h> -#include <talloc.h> -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#include <time.h> -#include <stdbool.h> -#include <limits.h> - -#include "providers/ipa/ipa_timerules.h" -#include "util/util.h" - -#define JMP_NEOK(variable) do { \ - if (variable != EOK) goto done; \ -} while (0) - -#define JMP_NEOK_LABEL(variable, label) do { \ - if (variable != EOK) goto label; \ -} while (0) - -#define CHECK_PTR(ptr) do { \ - if (ptr == NULL) { \ - return ENOMEM; \ - } \ -} while (0) - -#define CHECK_PTR_JMP(ptr) do { \ - if (ptr == NULL) { \ - ret = ENOMEM; \ - goto done; \ - } \ -} while (0) - -#define BUFFER_OR_JUMP(ctx, ptr, count) do { \ - ptr = talloc_array(ctx, unsigned char, count); \ - if (ptr == NULL) { \ - return ENOMEM; \ - } \ - memset(ptr, 0, sizeof(unsigned char)*count); \ -} while (0) - -#define TEST_BIT_RANGE(bitfield, index, resptr) do { \ - if (bitfield) { \ - if (test_bit(&bitfield, index) == 0) { \ - *resptr = false; \ - return EOK; \ - } \ - } \ -} while (0) - -#define TEST_BIT_RANGE_PTR(bitfield, index, resptr) do { \ - if (bitfield) { \ - if (test_bit(bitfield, index) == 0) { \ - *resptr = false; \ - return EOK; \ - } \ - } \ -} while (0) - -/* number of match offsets when matching pcre regexes */ -#define OVEC_SIZE 30 - -/* regular expressions describing syntax of our HBAC grammar */ -#define RGX_WEEKLY "day (?P<day_of_week>(0|1|2|3|4|5|6|7|Mon|Tue|Wed|Thu|Fri|Sat|Sun|,|-)+)" - -#define RGX_MDAY "(?P<mperspec_day>day) (?P<interval_day>[0-9,-]+) " -#define RGX_MWEEK "(?P<mperspec_week>week) (?P<interval_week>[0-9,-]+) "RGX_WEEKLY -#define RGX_MONTHLY RGX_MDAY"|"RGX_MWEEK - -#define RGX_YDAY "(?P<yperspec_day>day) (?P<day_of_year>[0-9,-]+) " -#define RGX_YWEEK "(?P<yperspec_week>week) (?P<week_of_year>[0-9,-]+) "RGX_WEEKLY -#define RGX_YMONTH "(?P<yperspec_month>month) (?P<month_number>[0-9,-]+) (?P<m_period>.*?)$" -#define RGX_YEARLY RGX_YMONTH"|"RGX_YWEEK"|"RGX_YDAY - -#define RGX_TIMESPEC "(?P<timeFrom>[0-9]{4}) ~ (?P<timeTo>[0-9]{4})" - -#define RGX_GENERALIZED "(?P<year>[0-9]{4})(?P<month>[0-9]{2})(?P<day>[0-9]{2})(?P<hour>[0-9]{2})?(?P<minute>[0-9]{2})?(?P<second>[0-9]{2})?" - -#define RGX_PERIODIC "^periodic (?P<perspec>daily|weekly|monthly|yearly) (?P<period>.*?)"RGX_TIMESPEC"$" -#define RGX_ABSOLUTE "^absolute (?P<from>\\S+) ~ (?P<to>\\S+)$" - -/* limits on various parameters */ -#define DAY_OF_WEEK_MAX 7 -#define DAY_OF_MONTH_MAX 31 -#define WEEK_OF_MONTH_MAX 5 -#define WEEK_OF_YEAR_MAX 54 -#define DAY_OF_YEAR_MAX 366 -#define MONTH_MAX 12 -#define HOUR_MAX 23 -#define MINUTE_MAX 59 - -/* limits on sizes of buffers for bit arrays */ -#define DAY_OF_MONTH_BUFSIZE 8 -#define DAY_OF_YEAR_BUFSIZE 44 -#define WEEK_OF_YEAR_BUFSIZE 13 -#define MONTH_BUFSIZE 2 -#define HOUR_BUFSIZE 4 -#define MINUTE_BUFSIZE 8 - -/* Lookup tables for translating names of days and months */ -static const char *names_day_of_week[] = - { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun", NULL }; -static const char *names_months[] = - { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Nov", "Dec", NULL }; - -/* - * Timelib knows two types of ranges - periodic and absolute - */ -enum rangetypes { - TYPE_ABSOLUTE, - TYPE_PERIODIC -}; - -struct absolute_range { - time_t time_from; - time_t time_to; -}; - -struct periodic_range { - unsigned char day_of_week; - unsigned char *day_of_month; - unsigned char *day_of_year; - unsigned char week_of_month; - unsigned char *week_of_year; - unsigned char *month; - unsigned char *hour; - unsigned char *minute; -}; - -/* - * Context of one time rule being analyzed - */ -struct range_ctx { - /* main context with precompiled patterns */ - struct time_rules_ctx *trctx; - /* enum rangetypes */ - enum rangetypes type; - - struct absolute_range *abs; - struct periodic_range *per; -}; - - -/* - * The context of one regular expression - */ -struct parse_ctx { - /* the regular expression used for one parsing */ - pcre *re; - /* number of matches */ - int matches; - /* vector of matches */ - int *ovec; -}; - -/* indexes to the array of precompiled regexes */ -enum timelib_rgx { - LP_RGX_GENERALIZED, - LP_RGX_MDAY, - LP_RGX_MWEEK, - LP_RGX_YEARLY, - LP_RGX_WEEKLY, - LP_RGX_ABSOLUTE, - LP_RGX_PERIODIC, - LP_RGX_MAX, -}; - -/* matches the indexes */ -static const char *lookup_table[] = { - RGX_GENERALIZED, - RGX_MDAY, - RGX_MWEEK, - RGX_YEARLY, - RGX_WEEKLY, - RGX_ABSOLUTE, - RGX_PERIODIC, - NULL, -}; - -/* - * Main struct passed outside - * holds precompiled regular expressions - */ -struct time_rules_ctx { - pcre *re[LP_RGX_MAX]; -}; - -/******************************************************************* - * helper function - bit arrays * - *******************************************************************/ - -/* set a single bit in a bitmap */ -static void set_bit(unsigned char *bitmap, unsigned int bit) -{ - bitmap[bit/CHAR_BIT] |= 1 << (bit%CHAR_BIT); -} - -/* - * This function is based on bit_nset macro written originally by Paul Vixie, - * copyrighted by The Regents of the University of California, as found - * in tarball of fcron, file bitstring.h - */ -static void set_bit_range(unsigned char *bitmap, unsigned int start, - unsigned int stop) -{ - int startbyte = start/CHAR_BIT; - int stopbyte = stop/CHAR_BIT; - - if (startbyte == stopbyte) { - bitmap[startbyte] |= ((0xff << (start & 0x7)) & - (0xff >> (CHAR_BIT- 1 - (stop & 0x7)))); - } else { - bitmap[startbyte] |= 0xff << (start & 0x7); - while (++startbyte < stopbyte) { - bitmap[startbyte] |= 0xff; - } - bitmap[stopbyte] |= 0xff >> (CHAR_BIT- 1 - (stop & 0x7)); - } -} - -static int test_bit(unsigned char *bitmap, unsigned int bit) -{ - return (int)(bitmap[bit/CHAR_BIT] >> (bit%CHAR_BIT)) & 1; -} - -/******************************************************************* - * parsing intervals * - *******************************************************************/ - -/* - * Some ranges allow symbolic names, like Mon..Sun for names of day. - * This routine takes a list of symbolic names as NAME_ARRAY and the - * one we're looking for as KEY and returns its index or -1 when not - * found. The last member of NAME_ARRAY must be NULL. - */ -static int name_index(const char **name_array, const char *key, int min) -{ - int idx = 0; - const char *one; - - if (name_array == NULL) { - return -1; - } - - while ((one = name_array[idx]) != NULL) { - if (strcmp(key,one) == 0) { - return idx+min; - } - idx++; - } - - return -1; -} - -/* - * Sets appropriate bits given by an interval in STR (in form of 1,5-7,10) to - * a bitfield given in OUT. Does no boundary checking. STR can also contain - * symbolic names, these would be given in TRANSLATE. - */ -static int interval2bitfield(TALLOC_CTX *mem_ctx, - unsigned char *out, - const char *str, - int min, int max, - const char **translate) -{ - char *copy; - char *next, *token; - int tokval, tokmax; - char *end_ptr; - int ret; - char *dash; - - DEBUG(9, ("Converting '%s' to interval\n", str)); - - copy = talloc_strdup(mem_ctx, str); - CHECK_PTR(copy); - - next = copy; - while (next) { - token = next; - next = strchr(next, ','); - if (next) { - *next = '\0'; - next++; - } - - errno = 0; - tokval = strtol(token, &end_ptr, 10); - if (*end_ptr == '\0' && errno == 0) { - if (tokval <= max && tokval >= 0) { - set_bit(out, tokval); - continue; - } else { - ret = ERANGE; - goto done; - } - } else if ((dash = strchr(token, '-')) != NULL){ - *dash = '\0'; - ++dash; - - errno = 0; - tokval = strtol(token, &end_ptr, 10); - if (*end_ptr != '\0' || errno != 0) { - tokval = name_index(translate, token, min); - if (tokval == -1) { - ret = ERANGE; - goto done; - } - } - errno = 0; - tokmax = strtol(dash, &end_ptr, 10); - if (*end_ptr != '\0' || errno != 0) { - tokmax = name_index(translate, dash, min); - if (tokmax == -1) { - ret = ERANGE; - goto done; - } - } - - if (tokval <= max && tokmax <= max && - tokval >= min && tokmax >= min) { - if (tokmax > tokval) { - DEBUG(7, ("Setting interval %d-%d\n", tokval, tokmax)); - DEBUG(9, ("interval: %p\n", out)); - set_bit_range(out, tokval, tokmax); - } else { - /* Interval wraps around - i.e. from 18.00 to 06.00 */ - DEBUG(7, ("Setting inverted interval %d-%d\n", tokval, tokmax)); - DEBUG(9, ("interval: %p\n", out)); - set_bit_range(out, min, tokmax); - set_bit_range(out, tokval, max); - } - continue; - } else { - /* tokval or tokmax are not between <min, max> */ - ret = ERANGE; - goto done; - } - } else if ((tokval = name_index(translate, token, min)) != -1) { - /* Try to translate one token by name */ - if (tokval <= max) { - set_bit(out, tokval); - continue; - } else { - ret = ERANGE; - goto done; - } - } else { - ret = EINVAL; - goto done; - } - } - - ret = EOK; -done: - talloc_free(copy); - return ret; -} - -/******************************************************************* - * wrappers around regexp handling * - *******************************************************************/ - -/* - * Copies a named substring SUBSTR_NAME from string STR using the parsing - * information from PCTX. The context PCTX is also used as a talloc context. - * - * The resulting string is stored in OUT. - * Return value is EOK on no error or ENOENT on error capturing the substring - */ -static int copy_substring(struct parse_ctx *pctx, - const char *str, - const char *substr_name, - char **out) -{ - const char *result = NULL; - int ret; - char *o = NULL; - - result = NULL; - - ret = pcre_get_named_substring(pctx->re, str, pctx->ovec, - pctx->matches, substr_name, &result); - if (ret < 0 || result == NULL) { - DEBUG(5, ("named substring '%s' does not exist in '%s'\n", - substr_name, str)); - return ENOENT; - } - - o = talloc_strdup(pctx, result); - pcre_free_substring(result); - if (o == NULL) { - return ENOMEM; - } - - DEBUG(9, ("Copied substring named '%s' value '%s'\n", substr_name, o)); - - *out = o; - return EOK; -} - -/* - * Copies a named substring SUBSTR_NAME from string STR using the parsing - * information from PCTX and converts it to an integer. - * The context PCTX is also used as a talloc context. - * - * The resulting string is stored in OUT. - * Return value is EOK on no error or ENOENT on error capturing the substring - */ -static int substring_strtol(struct parse_ctx *pctx, - const char *str, - const char *substr_name, - int *out) -{ - char *substr = NULL; - int ret; - int val; - char *err_ptr; - - ret = copy_substring(pctx, str, substr_name, &substr); - if (ret != EOK) { - DEBUG(5, ("substring '%s' does not exist\n", substr_name)); - return ret; - } - - errno = 0; - val = strtol(substr, &err_ptr, 10); - if (substr == '\0' || *err_ptr != '\0' || errno != 0) { - DEBUG(5, ("substring '%s' does not contain an integerexist\n", - substr)); - talloc_free(substr); - return EINVAL; - } - - *out = val; - talloc_free(substr); - return EOK; -} - -/* - * Compiles a regular expression REGEXP and tries to match it against the - * string STR. Fills in structure _PCTX with info about matching. - * - * Returns EOK on no error, EFAULT on bad regexp, EINVAL when it cannot - * match the regexp. - */ -static int matches_regexp(TALLOC_CTX *ctx, - struct time_rules_ctx *trctx, - const char *str, - enum timelib_rgx regex, - struct parse_ctx **_pctx) -{ - int ret; - struct parse_ctx *pctx = NULL; - - pctx = talloc_zero(ctx, struct parse_ctx); - CHECK_PTR(pctx); - pctx->ovec = talloc_array(pctx, int, OVEC_SIZE); - CHECK_PTR_JMP(pctx->ovec); - pctx->re = trctx->re[regex]; - - ret = pcre_exec(pctx->re, NULL, str, strlen(str), 0, PCRE_NOTEMPTY, pctx->ovec, OVEC_SIZE); - if (ret <= 0) { - DEBUG(8, ("string '%s' did *NOT* match regexp '%s'\n", str, lookup_table[regex])); - ret = EINVAL; - goto done; - } - DEBUG(8, ("string '%s' matched regexp '%s'\n", str, lookup_table[regex])); - - pctx->matches = ret; - *_pctx = pctx; - return EOK; - -done: - talloc_free(pctx); - return ret; -} - -/******************************************************************* - * date/time helper functions * - *******************************************************************/ - -/* - * Returns week number as an integer - * This may seem ugly, but I think it's actually less error prone - * than writing my own routine - */ -static int weeknum(const struct tm *t) -{ - char buf[3]; - - if (!strftime(buf, 3, "%U", t)) { - return -1; - } - - /* %U returns 0-53, we want 1-54 */ - return atoi(buf)+1; -} - -/* - * Return the week of the month - * Range is 1 to 5 - */ -static int get_week_of_month(const struct tm *t) -{ - int fs; /* first sunday */ - - fs = (t->tm_mday % 7) - t->tm_wday; - if (fs <= 0) { - fs += 7; - } - - return (t->tm_mday <= fs) ? 1 : (2 + (t->tm_mday - fs - 1) / 7); -} - -/* - * Normalize differencies between our HBAC definition and semantics of - * struct tm - */ -static void abs2tm(struct tm *t) -{ - /* tm defines tm_year as num of yrs since 1900, we have absolute number */ - t->tm_year %= 1900; - /* struct tm defines tm_mon as number of month since January */ - t->tm_mon--; -} - -/* - * Normalize differencies between our HBAC definition and semantics of - * struct tm - */ -static void tm2abs(struct tm *t) -{ - /* tm defines tm_year as num of yrs since 1900, we have absolute number */ - t->tm_year += 1900; - /* struct tm defines tm_mon as number of month since January */ - t->tm_mon++; -} - -/******************************************************************* - * parsing of HBAC rules themselves * - *******************************************************************/ - -/* - * Parses generalized time string given in STR and fills the - * information into OUT. - */ -static int parse_generalized_time(struct parse_ctx *pctx, - struct time_rules_ctx *trctx, - const char *str, - time_t *out) -{ - int ret; - struct parse_ctx *gctx = NULL; - struct tm tm; - - memset(&tm, 0, sizeof(tm)); - tm.tm_isdst = -1; - - ret = matches_regexp(pctx, trctx, str, LP_RGX_GENERALIZED, &gctx); - JMP_NEOK(ret); - - /* compulsory */ - ret = substring_strtol(gctx, str, "year", &tm.tm_year); - JMP_NEOK(ret); - ret = substring_strtol(gctx, str, "month", &tm.tm_mon); - JMP_NEOK(ret); - ret = substring_strtol(gctx, str, "day", &tm.tm_mday); - JMP_NEOK(ret); - /* optional */ - ret = substring_strtol(gctx, str, "hour", &tm.tm_hour); - JMP_NEOK_LABEL(ret, enoent); - ret = substring_strtol(gctx, str, "minute", &tm.tm_min); - JMP_NEOK_LABEL(ret, enoent); - ret = substring_strtol(gctx, str, "second", &tm.tm_sec); - JMP_NEOK_LABEL(ret, enoent); - -enoent: - if (ret == ENOENT) { - ret = EOK; - } - - abs2tm(&tm); - - *out = mktime(&tm); - DEBUG(3, ("converted to time: '%s'\n", ctime(out))); - if (*out == -1) { - ret = EINVAL; - } -done: - talloc_free(gctx); - return ret; -} - -/* - * Parses absolute timerange string given in STR and fills the - * information into ABS. - */ -static int parse_absolute(struct absolute_range *absr, - struct time_rules_ctx *trctx, - struct parse_ctx *pctx, - const char *str) -{ - char *from = NULL, *to = NULL; - int ret; - - ret = copy_substring(pctx, str, "from", &from); - if (ret != EOK) { - DEBUG(1, ("Missing required part 'from' in absolute timespec\n")); - ret = EINVAL; - goto done; - } - ret = copy_substring(pctx, str, "to", &to); - if (ret != EOK) { - DEBUG(1, ("Missing required part 'to' in absolute timespec\n")); - ret = EINVAL; - goto done; - } - - ret = parse_generalized_time(pctx, trctx, from, &absr->time_from); - if (ret != EOK) { - DEBUG(1, ("Cannot parse generalized time - first part\n")); - goto done; - } - - ret = parse_generalized_time(pctx, trctx, to, &absr->time_to); - if (ret != EOK) { - DEBUG(1, ("Cannot parse generalized time - second part\n")); - goto done; - } - - if (difftime(absr->time_to, absr->time_from) < 0) { - DEBUG(1, ("Not a valid interval\n")); - ret = EINVAL; - goto done; - } - - ret = EOK; -done: - talloc_free(from); - talloc_free(to); - return ret; -} - -static int parse_hhmm(const char *str, int *hour, int *min) -{ - struct tm t; - char *err; - - err = strptime(str, "%H%M", &t); - if (*err != '\0') { - return EINVAL; - } - - *hour = t.tm_hour; - *min = t.tm_min; - - return EOK; -} - -/* - * Parses monthly periodic timerange given in STR. - * Fills the information into PER. - */ -static int parse_periodic_monthly(TALLOC_CTX *ctx, - struct time_rules_ctx *trctx, - struct periodic_range *per, - const char *str) -{ - int ret; - struct parse_ctx *mpctx = NULL; - char *match = NULL; - char *mperspec = NULL; - - /* This code would be much less ugly if RHEL5 PCRE knew about PCRE_DUPNAMES */ - ret = matches_regexp(ctx, trctx, str, LP_RGX_MDAY, &mpctx); - if (ret == EOK) { - ret = copy_substring(mpctx, str, "mperspec_day", &mperspec); - JMP_NEOK(ret); - ret = copy_substring(mpctx, str, "interval_day", &match); - JMP_NEOK(ret); - BUFFER_OR_JUMP(per, per->day_of_month, DAY_OF_MONTH_BUFSIZE); - ret = interval2bitfield(mpctx, per->day_of_month, match, - 1, DAY_OF_MONTH_MAX, NULL); - JMP_NEOK(ret); - } else { - ret = matches_regexp(ctx, trctx, str, LP_RGX_MWEEK, &mpctx); - JMP_NEOK(ret); - ret = copy_substring(mpctx, str, "mperspec_week", &mperspec); - JMP_NEOK(ret); - - ret = copy_substring(mpctx, str, "interval_week", &match); - JMP_NEOK(ret); - ret = interval2bitfield(mpctx, &per->week_of_month, match, - 1, WEEK_OF_MONTH_MAX, NULL); - JMP_NEOK(ret); - - ret = copy_substring(mpctx, str, "day_of_week", &match); - JMP_NEOK(ret); - ret = interval2bitfield(mpctx, &per->day_of_week, match, - 1, DAY_OF_WEEK_MAX, names_day_of_week); - JMP_NEOK(ret); - } - -done: - talloc_free(mpctx); - return ret; -} - -/* - * Parses yearly periodic timerange given in STR. - * Fills the information into PER. - */ -static int parse_periodic_yearly(TALLOC_CTX *ctx, - struct time_rules_ctx *trctx, - struct periodic_range *per, - const char *str) -{ - int ret; - struct parse_ctx *ypctx = NULL; - char *match = NULL; - char *yperspec = NULL; - - ret = matches_regexp(ctx, trctx, str, LP_RGX_YEARLY, &ypctx); - JMP_NEOK(ret); - ret = copy_substring(ypctx, str, "yperspec_day", &yperspec); - if (ret == EOK) { - ret = copy_substring(ypctx, str, "day_of_year", &match); - JMP_NEOK(ret); - BUFFER_OR_JUMP(per, per->day_of_year, DAY_OF_YEAR_BUFSIZE); - ret = interval2bitfield(ypctx, per->day_of_year, match, - 1, DAY_OF_YEAR_MAX, NULL); - JMP_NEOK(ret); - } - - if (ret != ENOENT) goto done; - - ret = copy_substring(ypctx, str, "yperspec_week", &yperspec); - if (ret == EOK) { - ret = copy_substring(ypctx, str, "week_of_year", &match); - JMP_NEOK(ret); - BUFFER_OR_JUMP(per, per->week_of_year, WEEK_OF_YEAR_BUFSIZE); - ret = interval2bitfield(ypctx, per->week_of_year, match, - 1, WEEK_OF_YEAR_MAX, NULL); - JMP_NEOK(ret); - - talloc_free(match); - ret = copy_substring(ypctx, str, "day_of_week", &match); - JMP_NEOK(ret); - ret = interval2bitfield(ypctx, &per->day_of_week, match, - 1, DAY_OF_WEEK_MAX, names_day_of_week); - JMP_NEOK(ret); - } - - if (ret != ENOENT) goto done; - - ret = copy_substring(ypctx, str, "yperspec_month", &yperspec); - JMP_NEOK(ret); - - talloc_free(match); - ret = copy_substring(ypctx, str, "month_number", &match); - JMP_NEOK(ret); - BUFFER_OR_JUMP(per, per->month, MONTH_BUFSIZE); - ret = interval2bitfield(ypctx, per->month, match, - 1, MONTH_MAX, names_months); - JMP_NEOK(ret); - - talloc_free(match); - ret = copy_substring(ypctx, str, "m_period", &match); - JMP_NEOK(ret); - DEBUG(7, ("Monthly year period - calling parse_periodic_monthly()\n")); - ret = parse_periodic_monthly(ypctx, trctx, per, match); - JMP_NEOK(ret); - -done: - talloc_free(ypctx); - return ret; -} - -/* - * Parses weekly periodic timerange given in STR. - * Fills the information into PER. - */ -static int parse_periodic_weekly(TALLOC_CTX *ctx, - struct time_rules_ctx *trctx, - struct periodic_range *per, - const char *str) -{ - int ret; - struct parse_ctx *wpctx = NULL; - char *dow = NULL; - - ret = matches_regexp(ctx, trctx, str, LP_RGX_WEEKLY, &wpctx); - JMP_NEOK(ret); - - ret = copy_substring(wpctx, str, "day_of_week", &dow); - JMP_NEOK(ret); - DEBUG(8, ("day_of_week = '%s'\n", dow)); - - ret = interval2bitfield(wpctx, &per->day_of_week, dow, - 1, DAY_OF_WEEK_MAX, names_day_of_week); - -done: - talloc_free(wpctx); - return ret; -} - -static int parse_periodic_time(struct periodic_range *per, - struct parse_ctx *pctx, - const char *str) -{ - char *substr = NULL; - int ret; - - int hour_from; - int hour_to; - int min_from; - int min_to; - - /* parse out the time */ - ret = copy_substring(pctx, str, "timeFrom", &substr); - JMP_NEOK(ret); - parse_hhmm(substr, &hour_from, &min_from); - DEBUG(7, ("Parsed timeFrom: %d:%d\n", hour_from, min_from)); - JMP_NEOK(ret); - - talloc_free(substr); - ret = copy_substring(pctx, str, "timeTo", &substr); - JMP_NEOK(ret); - parse_hhmm(substr, &hour_to, &min_to); - DEBUG(7, ("Parsed timeTo: %d:%d\n", hour_to, min_to)); - JMP_NEOK(ret); - - /* set the interval */ - if (hour_from > hour_to ) { - set_bit_range(per->hour, 0, hour_to); - set_bit_range(per->hour, hour_from, HOUR_MAX); - } else { - set_bit_range(per->hour, hour_from, hour_to); - } - - if (min_from > min_to) { - set_bit_range(per->minute, 0, min_to); - set_bit_range(per->minute, min_from, MINUTE_MAX); - } else { - set_bit_range(per->minute, min_from, min_to); - } - - - ret = EOK; -done: - talloc_free(substr); - return ret; -} - -/* - * Parses periodic timerange given in STR. - * Fills the information into PER. - */ -static int parse_periodic(struct periodic_range *per, - struct time_rules_ctx *trctx, - struct parse_ctx *pctx, - const char *str) -{ - char *substr = NULL; - char *period = NULL; - int ret; - - /* These are mandatory */ - BUFFER_OR_JUMP(per, per->hour, HOUR_BUFSIZE); - BUFFER_OR_JUMP(per, per->minute, MINUTE_BUFSIZE); - - ret = copy_substring(pctx, str, "perspec", &substr); - JMP_NEOK(ret); - ret = copy_substring(pctx, str, "period", &period); - JMP_NEOK(ret); - - if (strcmp(substr, "yearly") == 0) { - DEBUG(5, ("periodic yearly\n")); - ret = parse_periodic_yearly(pctx, trctx, per, period); - JMP_NEOK(ret); - } else if (strcmp(substr, "monthly") == 0) { - DEBUG(5, ("periodic monthly\n")); - ret = parse_periodic_monthly(pctx, trctx, per, period); - JMP_NEOK(ret); - } else if (strcmp(substr, "weekly") == 0) { - DEBUG(5, ("periodic weekly\n")); - ret = parse_periodic_weekly(pctx, trctx, per, period); - JMP_NEOK(ret); - } else if (strcmp(substr, "daily") == 0) { - DEBUG(5, ("periodic daily\n")); - } else { - DEBUG(1, ("Cannot determine periodic rule type" - "(perspec = '%s', period = '%s')\n", substr, period)); - ret = EINVAL; - goto done; - } - - talloc_free(period); - - ret = parse_periodic_time(per, pctx, str); - JMP_NEOK(ret); - - ret = EOK; -done: - talloc_free(substr); - return ret; -} - -/* - * Parses time specification given in string RULE into range_ctx - * context CTX. - */ -static int parse_timespec(struct range_ctx *ctx, const char *rule) -{ - int ret; - struct parse_ctx *pctx = NULL; - - if (matches_regexp(ctx, ctx->trctx, rule, LP_RGX_ABSOLUTE, &pctx) == EOK) { - DEBUG(5, ("Matched absolute range\n")); - ctx->type = TYPE_ABSOLUTE; - ctx->abs = talloc_zero(ctx, struct absolute_range); - CHECK_PTR_JMP(ctx->abs); - - ret = parse_absolute(ctx->abs, ctx->trctx, pctx, rule); - JMP_NEOK(ret); - } else if (matches_regexp(ctx, ctx->trctx, rule, LP_RGX_PERIODIC, &pctx) == EOK) { - DEBUG(5, ("Matched periodic range\n")); - ctx->type = TYPE_PERIODIC; - ctx->per = talloc_zero(ctx, struct periodic_range); - CHECK_PTR_JMP(ctx->per); - - ret = parse_periodic(ctx->per, ctx->trctx, pctx, rule); - JMP_NEOK(ret); - } else { - DEBUG(1, ("Cannot determine rule type\n")); - ret = EINVAL; - goto done; - } - - ret = EOK; -done: - talloc_free(pctx); - return ret; -} - -/******************************************************************* - * validation of rules against time_t * - *******************************************************************/ - -static int absolute_timerange_valid(struct absolute_range *absr, - const time_t now, - bool *result) -{ - if (difftime(absr->time_from, now) > 0) { - DEBUG(3, ("Absolute timerange invalid (before interval)\n")); - *result = false; - return EOK; - } - - if (difftime(absr->time_to, now) < 0) { - DEBUG(3, ("Absolute timerange invalid (after interval)\n")); - *result = false; - return EOK; - } - - DEBUG(3, ("Absolute timerange valid\n")); - *result = true; - return EOK; -} - -static int periodic_timerange_valid(struct periodic_range *per, - const time_t now, - bool *result) -{ - struct tm tm_now; - int wnum; - int wom; - - memset(&tm_now, 0, sizeof(struct tm)); - if (localtime_r(&now, &tm_now) == NULL) { - DEBUG(0, ("Cannot convert time_t to struct tm\n")); - return EFAULT; - } - DEBUG(9, ("Got struct tm value %s", asctime(&tm_now))); - tm2abs(&tm_now); - - wnum = weeknum(&tm_now); - if (wnum == -1) { - DEBUG(7, ("Cannot get week number")); - return EINVAL; - } - DEBUG(9, ("Week number is %d\n", wnum)); - - wom = get_week_of_month(&tm_now); - if (wnum == -1) { - DEBUG(7, ("Cannot get week of number")); - return EINVAL; - } - DEBUG(9, ("Week of month number is %d\n", wom)); - - /* The validation itself */ - TEST_BIT_RANGE(per->day_of_week, tm_now.tm_wday, result); - DEBUG(9, ("day of week OK\n")); - TEST_BIT_RANGE_PTR(per->day_of_month, tm_now.tm_mday, result); - DEBUG(9, ("day of month OK\n")); - TEST_BIT_RANGE(per->week_of_month, wom, result); - DEBUG(9, ("week of month OK\n")); - TEST_BIT_RANGE_PTR(per->week_of_year, wnum, result); - DEBUG(9, ("week of year OK\n")); - TEST_BIT_RANGE_PTR(per->month, tm_now.tm_mon, result); - DEBUG(9, ("month OK\n")); - TEST_BIT_RANGE_PTR(per->day_of_year, tm_now.tm_yday, result); - DEBUG(9, ("day of year OK\n")); - TEST_BIT_RANGE_PTR(per->hour, tm_now.tm_hour, result); - DEBUG(9, ("hour OK\n")); - TEST_BIT_RANGE_PTR(per->minute, tm_now.tm_min, result); - DEBUG(9, ("minute OK\n")); - - DEBUG(3, ("Periodic timerange valid\n")); - *result = true; - return EOK; -} - -/* - * Returns EOK if the timerange in range_ctx context is valid compared against a - * given time_t value in NOW, returns ERANGE if the time value is outside the - * specified range. - */ -static int timerange_valid(struct range_ctx *ctx, - const time_t now, - bool *result) -{ - int ret; - - switch(ctx->type) { - case TYPE_ABSOLUTE: - DEBUG(7, ("Checking absolute range\n")); - ret = absolute_timerange_valid(ctx->abs, now, result); - break; - - case TYPE_PERIODIC: - DEBUG(7, ("Checking periodic range\n")); - ret = periodic_timerange_valid(ctx->per, now, result); - break; - - default: - DEBUG(1, ("Unknown range type (%d)\n", ctx->type)); - ret = EINVAL; - break; - } - - return ret; -} - -/******************************************************************* - * public interface * - *******************************************************************/ - -/* - * This is actually the meat of the library. The function takes a string - * representation of a time rule in STR and time to check against (usually that - * would be current time) in NOW. - * - * It returns EOK if the rule is valid in the current time, ERANGE if not and - * EINVAL if the rule cannot be parsed - */ -int check_time_rule(TALLOC_CTX *mem_ctx, - struct time_rules_ctx *trctx, - const char *str, - const time_t now, - bool *result) -{ - int ret; - struct range_ctx *ctx; - - ctx = talloc_zero(mem_ctx, struct range_ctx); - CHECK_PTR_JMP(ctx); - ctx->trctx = trctx; - - DEBUG(9, ("Got time_t value %s", ctime(&now))); - - ret = parse_timespec(ctx, str); - if (ret != EOK) { - DEBUG(1, ("Cannot parse the time specification (%d)\n", ret)); - goto done; - } - - ret = timerange_valid(ctx, now, result); - if (ret != EOK) { - DEBUG(1, ("Cannot check the time range (%d)\n", ret)); - goto done; - } - - ret = EOK; -done: - talloc_free(ctx); - return ret; -} - -/* - * Frees the resources taken by the precompiled rules - */ -static int time_rules_parser_destructor(struct time_rules_ctx *ctx) -{ - int i; - - for (i = 0; i< LP_RGX_MAX; ++i) { - pcre_free(ctx->re[i]); - ctx->re[i] = NULL; - } - - return 0; -} - -/* - * Initializes the parser by precompiling the regular expressions - * for later use - */ -int init_time_rules_parser(TALLOC_CTX *mem_ctx, - struct time_rules_ctx **_out) -{ - const char *errstr; - int errval; - int errpos; - int ret; - int i; - struct time_rules_ctx *ctx = NULL; - - ctx = talloc_zero(mem_ctx, struct time_rules_ctx); - CHECK_PTR(ctx); - talloc_set_destructor(ctx, time_rules_parser_destructor); - - /* Precompile regular expressions */ - for (i = LP_RGX_GENERALIZED; i< LP_RGX_MAX; ++i) { - ctx->re[i] = pcre_compile2(lookup_table[i], - 0, - &errval, - &errstr, - &errpos, - NULL); - - if (ctx->re[i] == NULL) { - DEBUG(0, ("Invalid Regular Expression pattern '%s' at position %d" - " (Error: %d [%s])\n", lookup_table[i], - errpos, errval, errstr)); - ret = EFAULT; - goto done; - } - - } - - *_out = ctx; - return EOK; -done: - talloc_free(ctx); - return ret; -} - diff --git a/src/providers/ipa/ipa_timerules.h b/src/providers/ipa/ipa_timerules.h deleted file mode 100644 index e1beaa22..00000000 --- a/src/providers/ipa/ipa_timerules.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - SSSD - - IPA Provider Time Rules Parsing - - Authors: - Jakub Hrozek <jhrozek@redhat.com> - - Copyright (C) Red Hat, Inc 2009 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef __IPA_TIMERULES_H_ -#define __IPA_TIMERULES_H_ - -#include <stdbool.h> -#include <talloc.h> - -/* Opaque structure given after init */ -struct time_rules_ctx; - -/* - * Init the parser. Destroy the allocated resources by simply - * talloc_free()-ing the time_rules_ctx - */ -int init_time_rules_parser(TALLOC_CTX *mem_ctx, - struct time_rules_ctx **_out); - -/* - * This is actually the meat of the library. The function takes a string - * representation of a time rule in STR and time to check against (usually that - * would be current time) in NOW. - * - * It returns EOK if the rule can be parsed, error code if not. If the time - * given in the NOW parameter would be accepted by the rule, it stores true in - * RESULT, false otherwise. - */ -int check_time_rule(TALLOC_CTX *mem_ctx, - struct time_rules_ctx *trctx, - const char *str, - const time_t now, - bool *result); - -#endif /* __IPA_TIMERULES_H_ */ |