Blame - daemon/mgmt/command-validator.cpp - ndnSIM

blob: eb765724413c92aaa54bd8274d29fa5856e1e86a [file] [log] [blame]

Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -- */
				2	/**
				3	* Copyright (C) 2014 Named Data Networking Project
				4	* See COPYING for copyright and distribution information.
				5	*/
				6
				7	#include "command-validator.hpp"
Steve DiBenedetto	bf6a93d	2014-03-21 14:03:02 -0600	[diff] [blame^]	8	#include "core/logger.hpp"
				9
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	10	#include <ndn-cpp-dev/util/io.hpp>
				11	#include <ndn-cpp-dev/security/identity-certificate.hpp>
				12
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	13	#include <boost/filesystem.hpp>
				14
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	15	namespace nfd {
				16
				17	NFD_LOG_INIT("CommandValidator");
				18
				19	CommandValidator::CommandValidator()
				20	{
				21
				22	}
				23
				24	CommandValidator::~CommandValidator()
				25	{
				26
				27	}
				28
				29	void
				30	CommandValidator::setConfigFile(ConfigFile& configFile)
				31	{
				32	configFile.addSectionHandler("authorizations",
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	33	bind(&CommandValidator::onConfig, this, _1, _2, _3));
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	34	}
				35
				36	static inline void
				37	aggregateErrors(std::stringstream& ss, const std::string& msg)
				38	{
				39	if (!ss.str().empty())
				40	{
				41	ss << "\n";
				42	}
				43	ss << msg;
				44	}
				45
				46	void
				47	CommandValidator::onConfig(const ConfigSection& section,
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	48	bool isDryRun,
				49	const std::string& filename)
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	50	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	51	using namespace boost::filesystem;
				52
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	53	const ConfigSection EMPTY_SECTION;
				54
				55	if (section.begin() == section.end())
				56	{
				57	throw ConfigFile::Error("No authorize sections found");
				58	}
				59
				60	std::stringstream dryRunErrors;
				61	ConfigSection::const_iterator authIt;
				62	for (authIt = section.begin(); authIt != section.end(); authIt++)
				63	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	64	std::string certfile;
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	65	try
				66	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	67	certfile = authIt->second.get<std::string>("certfile");
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	68	}
				69	catch (const std::runtime_error& e)
				70	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	71	std::string msg = "No certfile specified";
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	72	if (!isDryRun)
				73	{
				74	throw ConfigFile::Error(msg);
				75	}
				76	aggregateErrors(dryRunErrors, msg);
				77	continue;
				78	}
				79
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	80	path certfilePath = absolute(certfile, path(filename).parent_path());
				81	NFD_LOG_DEBUG("generated certfile path: " << certfilePath.native());
				82
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	83	std::ifstream in;
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	84	in.open(certfilePath.c_str());
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	85	if (!in.is_open())
				86	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	87	std::string msg = "Unable to open certificate file " + certfilePath.native();
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	88	if (!isDryRun)
				89	{
				90	throw ConfigFile::Error(msg);
				91	}
				92	aggregateErrors(dryRunErrors, msg);
				93	continue;
				94	}
				95
				96	shared_ptr<ndn::IdentityCertificate> id;
				97	try
				98	{
				99	id = ndn::io::load<ndn::IdentityCertificate>(in);
				100	}
				101	catch(const std::runtime_error& error)
				102	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	103	std::string msg = "Malformed certificate file " + certfilePath.native();
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	104	if (!isDryRun)
				105	{
				106	throw ConfigFile::Error(msg);
				107	}
				108	aggregateErrors(dryRunErrors, msg);
				109	continue;
				110	}
				111
				112	in.close();
				113
				114	const ConfigSection* privileges = 0;
				115
				116	try
				117	{
				118	privileges = &authIt->second.get_child("privileges");
				119	}
				120	catch (const std::runtime_error& error)
				121	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	122	std::string msg = "No privileges section found for certificate file " +
				123	certfile + " (" + id->getPublicKeyName().toUri() + ")";
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	124	if (!isDryRun)
				125	{
				126	throw ConfigFile::Error(msg);
				127	}
				128	aggregateErrors(dryRunErrors, msg);
				129	continue;
				130	}
				131
				132	if (privileges->begin() == privileges->end())
				133	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	134	NFD_LOG_WARN("No privileges specified for certificate file " << certfile
				135	<< " (" << id->getPublicKeyName().toUri() << ")");
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	136	}
				137
				138	ConfigSection::const_iterator privIt;
				139	for (privIt = privileges->begin(); privIt != privileges->end(); privIt++)
				140	{
				141	const std::string& privilegeName = privIt->first;
				142	if (m_supportedPrivileges.find(privilegeName) != m_supportedPrivileges.end())
				143	{
				144	NFD_LOG_INFO("Giving privilege \"" << privilegeName
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	145	<< "\" to identity " << id->getPublicKeyName());
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	146	if (!isDryRun)
				147	{
				148	const std::string regex = "^<localhost><nfd><" + privilegeName + ">";
				149	m_validator.addInterestRule(regex, *id);
				150	}
				151	}
				152	else
				153	{
				154	// Invalid configuration
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	155	std::string msg = "Invalid privilege \"" + privilegeName + "\" for certificate file " +
				156	certfile + " (" + id->getPublicKeyName().toUri() + ")";
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	157	if (!isDryRun)
				158	{
				159	throw ConfigFile::Error(msg);
				160	}
				161	aggregateErrors(dryRunErrors, msg);
				162	}
				163	}
				164	}
				165
				166	if (!dryRunErrors.str().empty())
				167	{
				168	throw ConfigFile::Error(dryRunErrors.str());
				169	}
				170	}
				171
				172	void
				173	CommandValidator::addSupportedPrivilege(const std::string& privilege)
				174	{
				175	if (m_supportedPrivileges.find(privilege) != m_supportedPrivileges.end())
				176	{
Steve DiBenedetto	1a3c673	2014-03-13 06:44:05 -0600	[diff] [blame]	177	throw CommandValidator::Error("Duplicated privilege: " + privilege);
Steve DiBenedetto	2c2b889	2014-02-27 11:46:48 -0700	[diff] [blame]	178	}
				179	m_supportedPrivileges.insert(privilege);
				180	}
				181
				182	} // namespace nfd