/*
SSSD
Secrets Responder
Copyright (C) Simo Sorce <ssorce@redhat.com> 2016
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "responder/secrets/secsrv_private.h"
#include "responder/secrets/secsrv_local.h"
#include "responder/secrets/secsrv_proxy.h"
#include "util/sss_iobuf.h"
#include <jansson.h>
char **mapped_path);
struct url_pfx_router {
const char *prefix;
};
char **mapped_path)
{
/* change path to be user specific */
*mapped_path =
if (!*mapped_path) {
"Failed to map request to user specific url\n");
return ENOMEM;
}
"User-specific secrets path is [%s]\n", *mapped_path);
return EOK;
}
char **mapped_path)
{
if (c_euid != KCM_PEER_UID) {
c_euid);
return EPERM;
}
if (!*mapped_path) {
"Failed to map request to user specific url\n");
return ENOMEM;
}
"User-specific KCM path is [%s]\n", *mapped_path);
return EOK;
}
};
struct provider_handle **handle)
{
char **sections;
char *def_provider;
char *provider;
int num_sections;
int ret;
break;
}
}
"Path [%s] does not start with any allowed prefix\n",
return EPERM;
}
"Failed to map the user path [%d]: %s\n",
return ret;
}
/* source default provider */
&def_provider);
"The default provider is '%s'\n", def_provider);
&num_sections);
"confdb section %s has %d sub-sections\n",
// TODO order by length?
for (int i = 0; i < num_sections; i++) {
int slen;
"matching subsection [%s]\n", sections[i]);
char *secname;
sections[i]);
&provider);
"matched subsection %s with provider %s\n",
break;
}
}
"Request provider is [%s]\n", provider);
} else {
"Unknown provider type: %s\n", provider);
}
}
}
return ret;
}
return EOK;
}
static struct sec_http_status_format_table {
int status;
const char *text;
const char *description;
} sec_http_status_format_table[] = {
{ 200, "OK", "Success" },
{ 400, "Bad Request",
"The request format is invalid." },
{ 401, "Unauthorized",
"Access to the requested resource requires authentication." },
{ 403, "Forbidden",
"Access to the requested resource is forbidden." },
{ 404, "Not Found",
"The requested resource was not found." },
{ 405, "Method Not Allowed",
"Request method not allowed for this resource." },
{ 406, "Not Acceptable",
"The request cannot be accepted." },
{ 409, "Conflict",
"The requested resource already exists." },
{ 413, "Payload Too Large",
"The secret payload is too large." },
{ 500, "Internal Server Error",
"The server encountered an internal error." },
{ 504, "Gateway timeout",
"No response from a proxy server." },
{ 507, "Insufficient Storage",
"The server is unable to store the resource needed to complete the request." },
};
enum sec_http_status_codes code)
{
"<html>\r\n"
"<head>\r\n<title>%d %s</title></head>\r\n"
"<body>\r\n"
"<h1>%s</h1>\r\n"
"<p>%s</p>\r\n"
"</body>",
"HTTP/1.1 %d %s\r\n"
"Content-Length: %u\r\n"
"\r\n"
"%s",
"HTTP reply %d: %s\n",
return EOK;
}
enum sec_http_status_codes code,
const char *content_type,
{
int head_size;
"HTTP/1.1 %d %s\r\n"
"Content-Type: %s\r\n"
"Content-Length: %zu\r\n"
"\r\n",
"HTTP reply %d: %s\n",
return EOK;
}
{
} else {
}
return EOK;
}
int status_code, const char *reason,
{
bool add_content_length = true;
bool has_content_type = false;
int ret;
/* Status-Line */
/* Headers */
for (int i = 0; i < num_headers; i++) {
add_content_length = false;
has_content_type = true;
}
}
if (!has_content_type) {
return EINVAL;
}
if (add_content_length) {
}
/* CRLF separator before body */
/* Message-Body */
}
return EOK;
}
static errno_t
const char **headers,
const char **body)
{
char *delim;
/* The last header ends with \r\n and then comes \r\n again as a separator
* of body from headers. We can use this to find this point. */
return EINVAL;
}
/* Skip to the body delimiter. */
/* Replace \r\n with zeros turning data into:
* from HEADER\r\nBODY into HEADER\0\0BODY format. */
delim[0] = '\0';
/* Split the buffer. */
return 0;
}
static const char *
const char *headers,
{
/* If Content-Length is already present we do nothing. */
return headers;
}
}
int response_code,
{
const char *headers;
const char *body;
"Unexpected HTTP reply, returning what we got from server\n");
return EOK;
}
/* Add Content-Length header if not present so client does not await
* not-existing incoming data. */
return ENOMEM;
}
return ENOMEM;
}
return EOK;
}
{
switch (err) {
case EOK:
return STATUS_200;
case EINVAL:
return STATUS_400;
case EACCES:
return STATUS_401;
case EPERM:
return STATUS_403;
case ENOENT:
return STATUS_404;
case EISDIR:
return STATUS_405;
case EMEDIUMTYPE:
return STATUS_406;
case EEXIST:
return STATUS_409;
return STATUS_413;
case ERR_SEC_NO_PROXY:
return STATUS_504;
return STATUS_507;
default:
return STATUS_500;
}
}
const char *input,
char **secret)
{
int ret;
if (!root) {
"Failed to parse JSON payload on line %d: %s\n",
return EINVAL;
}
if (!json_is_object(root)) {
goto done;
}
if (!element) {
goto done;
}
if (!json_is_string(element)) {
goto done;
}
ret = EMEDIUMTYPE;
goto done;
}
if (!element) {
goto done;
}
if (!json_is_string(element)) {
goto done;
}
if (!*secret) {
} else {
}
done:
return ret;
}
const char *secret,
char **output)
{
int ret;
if (!root) {
return ENOMEM;
}
if (!jsonized) {
goto done;
}
if (!*output) {
goto done;
}
done:
return ret;
}
char **output)
{
int ret;
root = json_array();
goto done;
}
for (int i = 0; i < count; i++) {
// FIXME: json_string mem leak?
// FIXME: Error checking
}
if (!jsonized) {
goto done;
}
if (!*output) {
goto done;
}
done:
return ret;
}
struct provider_handle **out_handle)
{
continue;
}
*out_handle = handle;
return EOK;
}
return ENOENT;
}
{
int c;
continue;
struct provider_handle *, c + 2);
return EOK;
}
{
for (int i = 0; i < req->num_headers; i++) {
}
}
return false;
}