1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
/* Copyright 2017 IBM Corp.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef FRAMEWORK_UTILS_H
#define FRAMEWORK_UTILS_H
#include <json/json.h>
#include "utils.h"
/* maximum size of a framework configuration file, for the malloc sanity check */
#define MAX_CONFIG 64000
/// Maximum number of dropbox directories to watch (max num of unique signers)
#define MAX_WATCHERS 30
/// Maximum char length of signers userid
#define MAX_USERNAME 30
/* Crypto constants */
/* password encryption key, encryption blocks, uses AES 128 */
#define AES128_SIZE 16
/* password HMAC key, uses SHA-256 */
#define AKU_SIZE 32
/* password HMAC is the same size as the HMAC key, SHA-256 */
#define HMAC_SIZE 32
/* encryption and KDF initialization vector, uses AES 128 */
#define IV_SIZE 16
/* digest for logging, uses SHA-256 */
#define DIGEST_SIZE 32
/*
ProjectConfig represents a project configuration file.
*/
typedef struct tdProjectConfig {
unsigned char digest[DIGEST_SIZE];
char *program;
char *projectLogFilename;
int needKey;
char *keyFilename;
int needAuxCfg;
char *auxCfgFilename;
int needInputAttachment;
int needOutputAttachment;
int needPassword;
char *emailProject;
int needSenders; /* project uses sender authorization */
size_t sendersCount; /* number of authorized senders */
char **senders; /* array of authorized sender dropbox ids */
char **senderemails; /* array of associated sender email addresses */
size_t notificationListCount; /* number of notification receivers */
char **notificationList; /* array of notification names */
} ProjectConfig;
/// Status/configuration information for a dropbox
typedef struct tdDropboxWatchConfig
{
char sender[MAX_USERNAME]; ///< Sender id
int wd; ///< Watch descriptor
} DropboxWatchConfig;
/*
FrameworkConfig represents the entire framework, the parsed and validated framework and project
configuration files.
*/
typedef struct tdFrameworkConfig {
const char *frameworkConfigFilename;
char *frameworkName; /* Name to refer to framework */
char *frameworkLogFilename; /* framework audit log */
FILE *frameworkLogFile; /* framework audit log */
unsigned char digest[DIGEST_SIZE];
size_t lineMax; /* maximum line length in text parsing */
size_t fileMax; ///< Maximum upload file size
unsigned int passwordExpire; /* CCA password expiration duration in months */
char *dropboxDir; /* Base directory of signer dropboxes */
char *stopFile; /* file used to stop the framework */
char *restartFile; /* file used to restart the framework */
char *outputBodyFilename; /* output body, response to sender */
char *notificationFilename; /* output notification response */
char *emailFilename; /* file to write email to send */
char *inputAttachmentFilename; /* fixed names for the input and output
attachments */
char *outputAttachmentFilename;
char *masterAesKeyTokenFilename;
unsigned char *masterAesKeyToken; /* the CCA AES master key token used to derive the
password encryption and HMAC keys (not the
plaintext AES key)*/
char *ldapUrl; /* LDAP url for lookup */
char *ldapBase; /* LDAP BASEDN for search */
size_t frameworkAdminCount; /* number framework administrators */
char **frameworkAdmins; /* array of framework administrators */
size_t projectLength; /* number of project to config file mappings */
char **projectNames; /* array of project names */
char **projectConfigFilenames; /* array of project config file names */
ProjectConfig **projectConfigFiles; /* array of project config files */
int inotifyFd; ///< inotify file descriptor
int controlWd; ///< Stop/restart file watcher
DropboxWatchConfig dropboxWatchers[MAX_WATCHERS]; ///< array of dropbox watchers
} FrameworkConfig;
/// Store all relevant info for a unique dropbox request
typedef struct tdDropboxRequest {
FrameworkConfig* frameworkConfig;
int status; ///< Request status
struct inotify_event* event; ///< Inotify event
DropboxWatchConfig* dbConfig; ///< Signers dropbox configuration
char* requestId; ///< Unique identifier for request
char* requestJson; ///< Json request from sender
json_object* rJsonO;
// Request fields
const char* project;
char* comment;
const char* user;
const char* epwd;
int hasPayload;
const char* parameters;
json_object* respJsonO; ///< Response JSON
int hasResult;
int closeMessageFile; /* hack to keep the messageFile (output body) open when
sending notifications. If closed, trace messages would
start to go to stdout */
} DropboxRequest;
void FrameworkConfig_Init(FrameworkConfig *frameworkConfig);
void FrameworkConfig_Delete(FrameworkConfig *frameworkConfig);
int FrameworkConfig_Parse(int needMasterKey,
int validate,
FrameworkConfig *frameworkConfig);
int FrameworkConfig_LogStart(FrameworkConfig *frameworkConfig);
int FrameworkConfig_SendStartupMessage(FrameworkConfig *frameworkConfig,
int transientError);
/*
Framework Processing
*/
int FrameworkProcess_Process(DropboxRequest *requestParms);
int FrameworkProcess_ProcessOK(DropboxRequest *requestParms);
int FrameworkProcess_SendResponse(int responseType,
DropboxRequest *requestParms);
int FrameworkProcess_SendNotificationMessage(const char *project,
ProjectConfig *projectConfig,
DropboxRequest *mailParms);
/*
Project Configuration
*/
void ProjectConfig_Init(ProjectConfig *projectConfig);
void ProjectConfig_Delete(ProjectConfig *projectConfig);
int ProjectConfig_Parse(ProjectConfig *projectConfig,
int validate,
const char *projectConfigFilename,
FrameworkConfig *frameworkConfig);
int ProjectConfig_Process(Arguments *arguments,
ProjectConfig *projectConfig,
DropboxRequest *requestParms);
int ProjectConfig_ValidateSender(const char *sender,
ProjectConfig *projectConfig,
FrameworkConfig *frameworkConfig);
int ProjectProcess_ProcessInputParameters(Arguments *arguments,
DropboxRequest *requestParms);
int Comment_Validate(DropboxRequest *requestParms);
int Env_Validate(void);
int Password_KDF(unsigned char *eku,
unsigned char *aku,
const char *sender,
const unsigned char *masterAesKeyToken);
int Password_Generate(char *password,
size_t password_length);
int Password_ToString(char **passwordString,
size_t *passwordStringLength,
unsigned char *initialization_vector,
unsigned char *hmac,
unsigned char *passwordCiphertext,
size_t passwordCiphertextLength);
int Password_FromString(unsigned char *initialization_vector,
unsigned char *hmac,
unsigned char **passwordCiphertext,
size_t *passwordCiphertextLength,
const char *passwordString,
size_t passwordStringLength,
FILE *logFile);
int Password_Decrypt(Arguments *arguments,
const char *sender,
const unsigned char *masterAesKeyToken,
FILE *logFile);
int CallSigner(Arguments *arguments,
int useOutputBody,
const char *outputBodyFilename);
#endif
|
