Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
mosquitto-2.0.13
/
plugins
/
dynamic-security
/
sub_matches_sub.c

sub_matches_sub.c 5.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. /*
    2. 

  2. Copyright (c) 2020 Roger Light <roger@atchoo.org>
    3. 

  3. 

  4. All rights reserved. This program and the accompanying materials
    5. 

  5. are made available under the terms of the Eclipse Public License 2.0
    6. 

  6. and Eclipse Distribution License v1.0 which accompany this distribution.
    7. 

  7. 

  8. The Eclipse Public License is available at
    9. 

  9.    https://www.eclipse.org/legal/epl-2.0/
    10. 

  10. and the Eclipse Distribution License is available at
    11. 

  11.   http://www.eclipse.org/org/documents/edl-v10.php.
    12. 

  12. 

  13. SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
    14. 

  14. 

  15. Contributors:
    16. 

  16.    Roger Light - initial implementation and documentation.
    17. 

  17. */
    18. 

  18. 

  19. #include <stdbool.h>
    20. 

  20. #include <stdio.h>
    21. 

  21. #include <stdlib.h>
    22. 

  22. #include <string.h>
    23. 

  23. 

  24. #include "dynamic_security.h"
    25. 

  25. 

  26. static char *strtok_hier(char *str, char **saveptr)
    27. 

  27. {
    28. 

  28. 	char *c;
    29. 

  29. 

  30. 	if(str != NULL){
    31. 

  31. 		*saveptr = str;
    32. 

  32. 	}
    33. 

  33. 

  34. 	if(*saveptr == NULL){
    35. 

  35. 		return NULL;
    36. 

  36. 	}
    37. 

  37. 

  38. 	c = strchr(*saveptr, '/');
    39. 

  39. 	if(c){
    40. 

  40. 		str = *saveptr;
    41. 

  41. 		*saveptr = c+1;
    42. 

  42. 		c[0] = '\0';
    43. 

  43. 	}else if(*saveptr){
    44. 

  44. 		/* No match, but surplus string */
    45. 

  45. 		str = *saveptr;
    46. 

  46. 		*saveptr = NULL;
    47. 

  47. 	}
    48. 

  48. 	return str;
    49. 

  49. }
    50. 

  50. 

  51. 

  52. static int count_hier_levels(const char *s)
    53. 

  53. {
    54. 

  54. 	int count = 1;
    55. 

  55. 	const char *c = s;
    56. 

  56. 

  57. 	while((c = strchr(c, '/')) && c[0]){
    58. 

  58. 		c++;
    59. 

  59. 		count++;
    60. 

  60. 	}
    61. 

  61. 	return count;
    62. 

  62. }
    63. 

  63. 

  64. 

  65. static bool hash_check(char *s, size_t *len)
    66. 

  66. {
    67. 

  67. 	if((*len) == 1 && s[0] == '#'){
    68. 

  68. 		s[0] = '\0';
    69. 

  69. 		(*len)--;
    70. 

  70. 		return true;
    71. 

  71. 	}else if((*len) > 1 && s[(*len)-2] == '/' && s[(*len)-1] == '#'){
    72. 

  72. 		s[(*len)-2] = '\0';
    73. 

  73. 		s[(*len)-1] = '\0';
    74. 

  74. 		(*len) -= 2;
    75. 

  75. 		return true;
    76. 

  76. 	}
    77. 

  77. 	return false;
    78. 

  78. }
    79. 

  79. 

  80. 

  81. bool sub_acl_check(const char *acl, const char *sub)
    82. 

  82. {
    83. 

  83. 	char *acl_local;
    84. 

  84. 	char *sub_local;
    85. 

  85. 	size_t acl_len, sub_len;
    86. 

  86. 	bool acl_hash = false, sub_hash = false;
    87. 

  87. 	int acl_levels, sub_levels;
    88. 

  88. 	int i;
    89. 

  89. 	char *acl_token, *sub_token;
    90. 

  90. 	char *acl_saveptr, *sub_saveptr;
    91. 

  91. 

  92. 	acl_len = strlen(acl);
    93. 

  93. 	if(acl_len == 1 && acl[0] == '#'){
    94. 

  94. 		return true;
    95. 

  95. 	}
    96. 

  96. 

  97. 	sub_len = strlen(sub);
    98. 

  98. 	/* mosquitto_validate_utf8(acl, acl_len); */
    99. 

  99. 

  100. 	acl_local = strdup(acl);
    101. 

  101. 	sub_local = strdup(sub);
    102. 

  102. 	if(acl_local == NULL || sub_local == NULL){
    103. 

  103. 		free(acl_local);
    104. 

  104. 		free(sub_local);
    105. 

  105. 		return false;
    106. 

  106. 	}
    107. 

  107. 

  108. 	acl_hash = hash_check(acl_local, &acl_len);
    109. 

  109. 	sub_hash = hash_check(sub_local, &sub_len);
    110. 

  110. 

  111. 	if(sub_hash == true && acl_hash == false){
    112. 

  112. 		free(acl_local);
    113. 

  113. 		free(sub_local);
    114. 

  114. 		return false;
    115. 

  115. 	}
    116. 

  116. 

  117. 	acl_levels = count_hier_levels(acl_local);
    118. 

  118. 	sub_levels = count_hier_levels(sub_local);
    119. 

  119. 	if(acl_levels > sub_levels){
    120. 

  120. 		free(acl_local);
    121. 

  121. 		free(sub_local);
    122. 

  122. 		return false;
    123. 

  123. 	}else if(sub_levels > acl_levels){
    124. 

  124. 		if(acl_hash == false){
    125. 

  125. 			free(acl_local);
    126. 

  126. 			free(sub_local);
    127. 

  127. 			return false;
    128. 

  128. 		}
    129. 

  129. 	}
    130. 

  130. 

  131. 	acl_saveptr = acl_local;
    132. 

  132. 	sub_saveptr = sub_local;
    133. 

  133. 	for(i=0; i<sub_levels; i++){
    134. 

  134. 		acl_token = strtok_hier(acl_saveptr, &acl_saveptr);
    135. 

  135. 		sub_token = strtok_hier(sub_saveptr, &sub_saveptr);
    136. 

  136. 

  137. 		if(i<acl_levels &&
    138. 

  138. 				(!strcmp(acl_token, "+")
    139. 

  139. 				 || !strcmp(acl_token, sub_token))){
    140. 

  140. 

  141. 			/* This level matches a single level wildcard, or is an exact
    142. 

  142. 			 * match, so carry on checking. */
    143. 

  143. 		}else if(i>=acl_levels && acl_hash == true){
    144. 

  144. 			/* The sub has more levels of hierarchy than the acl, but the acl
    145. 

  145. 			 * ends in a multi level wildcard so the match is fine. */
    146. 

  146. 		}else{
    147. 

  147. 			free(acl_local);
    148. 

  148. 			free(sub_local);
    149. 

  149. 			return false;
    150. 

  150. 		}
    151. 

  151. 	}
    152. 

  152. 

  153. 	free(acl_local);
    154. 

  154. 	free(sub_local);
    155. 

  155. 	return true;
    156. 

  156. }
    157. 

  157. 

  158. 

  159. #ifdef TEST
    160. 

  160. 

  161. #define BLK "\e[0;30m"
    162. 

  162. #define RED "\e[0;31m"
    163. 

  163. #define GRN "\e[0;32m"
    164. 

  164. #define YEL "\e[0;33m"
    165. 

  165. #define BLU "\e[0;34m"
    166. 

  166. #define MAG "\e[0;35m"
    167. 

  167. #define CYN "\e[0;36m"
    168. 

  168. #define WHT "\e[0;37m"
    169. 

  169. #define RST "\e[0m"
    170. 

  170. 

  171. void hier_test(const char *s, int expected)
    172. 

  172. {
    173. 

  173. 	int levels;
    174. 

  174. 

  175. 	levels = count_hier_levels(s);
    176. 

  176. 	printf("HIER %s %d:%d ", s, expected, levels);
    177. 

  177. 	if(levels == expected){
    178. 

  178. 		printf(GRN "passed" RST "\n");
    179. 

  179. 	}else{
    180. 

  180. 		printf(RED "failed" RST "\n");
    181. 

  181. 	}
    182. 

  182. }
    183. 

  183. 

  184. void test(const char *sub1, const char *sub2, bool expected)
    185. 

  185. {
    186. 

  186. 	bool result;
    187. 

  187. 

  188. 	printf("ACL %s : %s ", sub1, sub2);
    189. 

  189. 	result = sub_acl_check(sub1, sub2);
    190. 

  190. 	if(result == expected){
    191. 

  191. 		printf(GRN "passed\n" RST);
    192. 

  192. 	}else{
    193. 

  193. 		printf(RED "failed\n" RST);
    194. 

  194. 	}
    195. 

  195. }
    196. 

  196. 

  197. 

  198. int main(int argc, char *argv[])
    199. 

  199. {
    200. 

  200. 	hier_test("foo/+/bar", 3);
    201. 

  201. 	hier_test("foo/#", 2);
    202. 

  202. 	hier_test("foo/+/ba℞/#", 4);
    203. 

  203. 	hier_test("foo/baz/ba℞", 3);
    204. 

  204. 	hier_test("foo/+/ba℞/#", 4);
    205. 

  205. 	hier_test("foo/baz/ba℞/+", 4);
    206. 

  206. 	hier_test("foo/+/ba℞/#", 4);
    207. 

  207. 	hier_test("foo/baz/ba℞/#", 4);
    208. 

  208. 	hier_test("foo/+/ba℞/#", 4);
    209. 

  209. 	hier_test("foo/baz/+/#", 4);
    210. 

  210. 	hier_test("/+//#", 4);
    211. 

  211. 	hier_test("/foo///#", 5);
    212. 

  212. 	hier_test("#", 1);
    213. 

  213. 	hier_test("+", 1);
    214. 

  214. 	hier_test("/", 2);
    215. 

  215. 	hier_test("////////////////////////////////////////////////////////////////////////////////////////////////////", 101);
    216. 

  216. 

  217. 	test("foo/+/bar", "foo/#", false);
    218. 

  218. 	test("foo/+/ba℞/#", "foo/baz/ba℞", true);
    219. 

  219. 	test("foo/+/ba℞/#", "foo/baz/ba℞/+", true);
    220. 

  220. 	test("foo/+/ba℞/#", "foo/baz/ba℞/#", true);
    221. 

  221. 	test("foo/+/ba℞/#", "foo/baz/+/#", false);
    222. 

  222. 	test("/+//#", "/foo///#", true);
    223. 

  223. 	test("#", "#", true);
    224. 

  224. 	test("#", "+", true);
    225. 

  225. 	test("/#", "+", false);
    226. 

  226. 	test("/#", "/+", true);
    227. 

  227. 	test("/+", "#", false);
    228. 

  228. 	test("/+", "+", false);
    229. 

  229. 	test("+/+", "topic/topic", true);
    230. 

  230. 	test("+/+", "topic/topic/", false);
    231. 

  231. 	test("+", "#", false);
    232. 

  232. 	test("+", "+", true);
    233. 

  233. 	test("a/b/c/d/e", "a/b/c/d/e", true);
    234. 

  234. 	test("a/b/ /d/e", "a/b/c/d/e", false);
    235. 

  235. 

  236. 	return 0;
    237. 

  237. }
    238. 

  238. #endif
    239.