1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// Copyright (C) 2022-2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Kea Hooks Basic
// Commercial End User License Agreement v2.0. See COPYING file in the premium/
// directory.

#include <config.h>

#include <rbac_api.h><--- Include file:  not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <rbac_log.h><--- Include file:  not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <exceptions/exceptions.h>

// C++11 has no directory walking tool.
#include <dirent.h><--- Include file:  not found. Please note: Cppcheck does not need standard library headers to get proper results.

#include <iostream><--- Include file:  not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <cerrno><--- Include file:  not found. Please note: Cppcheck does not need standard library headers to get proper results.

using namespace isc;
using namespace isc::data;
using namespace isc::rbac;
using namespace std;

namespace isc {
namespace rbac {

ApiTable apiTable;

set<string> apiAccesses;

set<string> apiHooks;

ApiPtr
Api::getApiByName(const string& name) {
    auto const& it = apiTable.find(name);
    if (it == apiTable.cend()) {
        return (ApiPtr());
    }
    return (*it);
}

void
Api::fillApiTable(const string& dirname) {
    DIR* dir = 0;
    try {
        dir = opendir(dirname.c_str());
        if (!dir) {
            isc_throw(BadValue, "can't open directory '" << dirname
                      << "': " << string(strerror(errno)));
        }
        for (;;) {
            struct dirent *ent = readdir(dir);
            if (!ent) {
                // done or in error but do not care...
                break;
            }
            string filename(ent->d_name);
            size_t len = filename.size();
            if (len < 6) {
                // too short: skip it.
                continue;
            }
            if ((filename[0] == '_') ||
                (filename[len - 1] != 'n') ||
                (filename[len - 2] != 'o') ||
                (filename[len - 3] != 's') ||
                (filename[len - 4] != 'j') ||
                (filename[len - 5] != '.')) {
                // not [^_]*.json: skip it.
                continue;
            }
            filename = dirname + "/" + filename;
            ConstElementPtr json = Element::fromJSONFile(filename, true);
            Api::parse(json, true);
        }
        static_cast<void>(closedir(dir));
    } catch (const std::exception& ex) {
        if (dir) {
            static_cast<void>(closedir(dir));
        }
        isc_throw(BadValue, "fill API table from '" << dirname
                  << "' failed with " << ex.what());
    }

    if (apiTable.empty()) {
        isc_throw(BadValue, "can't fill API table from '" << dirname
                  << "': got no command config?");
    }

    LOG_INFO(rbac_logger, RBAC_READ_API_FILES)
        .arg(dirname)
        .arg(apiTable.size())
        .arg(apiAccesses.size())
        .arg(apiHooks.size());
}

void
Api::parse(ConstElementPtr cfg, bool others) {
    if (!cfg) {
        isc_throw(BadValue, "parse null command config");
    }
    if (cfg->getType() != Element::map) {
        isc_throw(BadValue, "command config is not a map");
    }
    string name;
    string access;
    string hook;
    for (auto const& entry : cfg->mapValue()) {
        if (entry.first == "name") {
            if (entry.second->getType() != Element::string) {
                isc_throw(BadValue, "command name is not a string");
            }
            name = entry.second->stringValue();
            if (name.empty()) {
                isc_throw(BadValue, "command name is empty");
            }
        } else if (entry.first == "access") {
            if (entry.second->getType() != Element::string) {
                isc_throw(BadValue, "command access is not a string");
            }
            access = entry.second->stringValue();
            if (access.empty()) {
                isc_throw(BadValue, "command access is empty");
            }
            if ((access != "read") && (access != "write")) {
                isc_throw(BadValue, "command access '" << access
                          << "' is not 'read' or 'write'");
            }
        } else if (entry.first == "hook") {
            if (entry.second->getType() != Element::string) {
                isc_throw(BadValue, "command hook is not a string");
            }
            hook = entry.second->stringValue();
        } else if (!others) {
            isc_throw(BadValue, "command spurious keyword '"
                      << entry.first << "'");
        }
    }
    if (name.empty()) {
        isc_throw(BadValue, "'name' is required in command config");
    }
    if (access.empty()) {
        isc_throw(BadValue, "'access' is required in command config");
    }
    if (Api::getApiByName(name)) {
        isc_throw(BadValue, "command '" << name << "' is already defined");
    }
    static_cast<void>(apiTable.insert(ApiPtr(new Api(name, access, hook))));
    static_cast<void>(apiAccesses.insert(access));
    if (!hook.empty()) {
        static_cast<void>(apiHooks.insert(hook));
    }
}

} // end of namespace rbac
} // end of namespace isc