policy.c revision 7265bdf201763eb23ef8d1d0c3facfa546887f64
/**
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014 - 2015 ForgeRock AS.
*/
#include "platform.h"
#include "am.h"
#include "utility.h"
static const char *policy_fetch_scope_str[] = {
"self",
"subtree",
"response-attributes-only"
};
const char *am_policy_strerror(char status) {
switch (status) {
case AM_EXACT_MATCH: return "exact match";
case AM_EXACT_PATTERN_MATCH: return "exact pattern match";
default:
return "no match";
}
}
if (case_sensitive == AM_FALSE) {
} else {
}
return status;
}
const char *thisfunc = "compare_pattern_resource():";
unsigned int one_level_sep_count = 0;
/* walk the resource and the pattern strings one character at a time */
while (1) {
t = *resource;
w = *pattern;
if (one_level_sep_count > 1) {
break;
}
/* is the resource string still valid? */
if (!t || t == '\0') {
/* if the pattern string has additional characters by the time
* processing reaches the end of the resource string, and if at least
* one of those additional characters in the pattern string is not
* a multi/single-level wildcard 'items', then the strings don't match
**/
if (!w || w == '\0') {
break; /* x matches x */
one_level_sep_count = 0;
pattern += 3;
continue;
} else if (w == '*') {
one_level_sep_count = 0;
pattern++;
continue; /* x* matches x or xy */
} else if (after_last_resource) {
/* look through the remaining resource string, from which we
* started after last wildcard
*/
break;
}
continue;
}
break; /* x doesn't match xy */
} else {
/* algorithm entry */
if (!case_sensitive) {
/* lowercase the characters to be compared */
if (t >= 'A' && t <= 'Z') {
t += ('a' - 'A');
}
if (w >= 'A' && w <= 'Z') {
w += ('a' - 'A');
}
}
if (t != w) {
/* characters do not match */
/* one-level wildcard. save the pointers to the next
* character after the wildcard (both in the resource and in
* the pattern strings)
*/
pattern += 3;
one_level_sep_count = 0;
w = *pattern;
if (!w || w == '\0') {
/* special case where one-level wildcard is the last
* item in a pattern:
* and should not match /a/b/c or /a/c
* /a/-*- will match /a/
*/
break;
}
break; /* * matches x */
}
continue; /* *y matches xy */
} else if (w == '*') {
/* multi-level wildcard. the same rule as above. */
one_level_sep_count = 0;
after_last_wild = ++pattern;
w = *pattern;
if (!w || w == '\0') {
break; /* * matches x */
}
continue; /* *y matches xy */
} else if (after_last_wild) {
/* found a valid (earlier) saved pointer - we've encountered
* a wildcard character already. */
if (after_last_wild != pattern) {
w = *pattern;
w += ('a' - 'A');
}
if (t == w) {
/* the current char in the resource and the pattern strings match.
* move to the next pattern (and the resource) character
**/
pattern++;
} /* else: they don't match - move only to the next char
* in the resource string. restart the loop from the beginning
**/
}
resource++;
/* keep track of the one-level-wildcard separator count,
* when in one-level wildcard processing state.
* if there are more than one '/' - break out of the loop
* with no-match
*/
continue; /* *ue* matches queue */
} else {
break; /* x doesn't match y */
}
}
}
/* advance to the next character */
resource++;
pattern++;
}
return status;
}
static void policy_get_proto_host_port(const char *string, int *c) {
int j;
for (j = 0; string[j]; j++) {
if (string[j] == ':') {
if (c[0] == 0) c[0] = j;
else c[1] = j;
} else if (string[j] == '/') {
c[2] += 1;
}
if (c[2] == 3) {
c[2] = j;
break;
}
}
}
const char *thisfunc = "policy_compare_url():";
char has_wildcard = AM_FALSE;
return AM_NO_MATCH;
/* validate pattern */
/*
* pattern matching algorithm forbids:
* - wildcard only (i.e. "all allowed")
* is passed down to an agent as a space separated value object
*/
return AM_NO_MATCH;
}
}
/* validate resource */
/*
* pattern matching algorithm forbids:
* - wildcard in a resource
*/
return AM_NO_MATCH;
}
if (has_wildcard == AM_TRUE) {
int pi[3] = {0, 0, 0};
int ri[3] = {0, 0, 0};
char *a, *b, match;
/*quick sanity check for field indicators*/
/*compare protocol*/
match = compare_pattern_resource(r, a, b);
free(a);
free(b);
/*port is not set, compare host*/
match = compare_pattern_resource(r, a, b);
free(a);
free(b);
/*port is set, compare host first*/
match = compare_pattern_resource(r, a, b);
free(a);
free(b);
/*compare port*/
match = compare_pattern_resource(r, a, b);
free(a);
free(b);
}
/*am_log_debug(instance_id, "%s '%s' and '%s' matched (%s)",
thisfunc, resource, pattern, am_policy_strerror(AM_EXACT_PATTERN_MATCH));*/
return AM_EXACT_PATTERN_MATCH;
}
} else {
/* no wildcard */
/*am_log_debug(instance_id, "%s '%s' and '%s' matched (%s)",
thisfunc, resource, pattern, am_policy_strerror(AM_EXACT_MATCH));*/
return AM_EXACT_MATCH;
}
}
/*am_log_debug(instance_id, "%s '%s' and '%s' did no match",
thisfunc, resource, pattern);*/
return AM_NO_MATCH;
}
int am_scope_to_num(const char *scope) {
int i;
}
return 0;
}
const char *am_scope_to_str(int scope) {
return policy_fetch_scope_str[0];
return policy_fetch_scope_str[scope];
}