diff --git a/lib/cookies/control.c b/lib/cookies/control.c
index 96f0b0cfab7b95a23fb9735624c5c692c7fbcdc4..87b9dc52dfd315bc21ebff2caf866e8e0db0a14c 100644
--- a/lib/cookies/control.c
+++ b/lib/cookies/control.c
@@ -17,6 +17,7 @@
#include "lib/cookies/control.h"
struct kr_cookie_ctx kr_glob_cookie_ctx = {
- .clnt = { false, { NULL, -1 }, { NULL, -1}, DFLT_COOKIE_TTL },
- .srvr = { false, { NULL, -1 }, { NULL, -1} }
+ .clnt = { false, { NULL, -1 }, { NULL, -1} },
+ .srvr = { false, { NULL, -1 }, { NULL, -1} },
+ .cache_ttl = DFLT_COOKIE_TTL
};
diff --git a/lib/cookies/control.h b/lib/cookies/control.h
index ca546a078575deca495262d88104023495702121..97e6e5ad98a7ef11dc83b84c8a63cc92304a5abc 100644
--- a/lib/cookies/control.h
+++ b/lib/cookies/control.h
@@ -34,40 +34,26 @@ struct kr_cookie_secret {
/** Default cookie TTL. */
#define DFLT_COOKIE_TTL 72000
-/** Holds settings that have direct influence on client cookie values. */
-struct kr_clnt_cookie_settings {
- struct kr_cookie_secret *csec; /*!< Client secret data. */
- int calg_id; /*!< Client cookie algorithm identifier. */
+/** Holds settings that have direct influence on cookie values computation. */
+struct kr_cookie_comp {
+ struct kr_cookie_secret *secr; /*!< Secret data. */
+ int alg_id; /*!< Cookie algorithm identifier. */
};
-/** Holds settings that control client behaviour. */
-struct kr_clnt_cookie_ctx {
- bool enabled; /**< Enable/disables client DNS cookies functionality. */
+/** Holds settings that control client/server cookie behaviour. */
+struct kr_cookie_settings {
+ bool enabled; /**< Enable/disables DNS cookies functionality. */
- struct kr_clnt_cookie_settings current; /**< Current cookie client settings. */
- struct kr_clnt_cookie_settings recent; /**< Current cookie client settings. */
-
- uint32_t cache_ttl; /**< TTL used when caching cookies */
-};
-
-/** Holds settings that have direct influence on server cookie values. */
-struct kr_srvr_cookie_settings {
- struct kr_cookie_secret *ssec; /*!< Server secret data. */
- int salg_id; /**< Server cookie algorithm identifier. */
-};
-
-/** Holds settings that control server behaviour. */
-struct kr_srvr_cookie_ctx {
- bool enabled; /**< Enable/disables server DNS cookies functionality. */
-
- struct kr_srvr_cookie_settings current; /**< Current cookie server settings. */
- struct kr_srvr_cookie_settings recent; /**< Current cookie server settings. */
+ struct kr_cookie_comp current; /**< Current cookie settings. */
+ struct kr_cookie_comp recent; /**< Recent cookie settings. */
};
/** DNS cookies controlling structure. */
struct kr_cookie_ctx {
- struct kr_clnt_cookie_ctx clnt; /**< Client settings. */
- struct kr_srvr_cookie_ctx srvr; /**< Server settings. */
+ struct kr_cookie_settings clnt; /**< Client settings. */
+ struct kr_cookie_settings srvr; /**< Server settings. */
+
+ uint32_t cache_ttl; /**< TTL used when caching cookies */
};
/** Global cookie control context. */
diff --git a/lib/cookies/helper.c b/lib/cookies/helper.c
index e9a3a5ee9a103b9872b18dcca3658aae3b94d819..2e13462abff7560f549fdc9efac96861d8de0b36 100644
--- a/lib/cookies/helper.c
+++ b/lib/cookies/helper.c
@@ -111,13 +111,13 @@ static int opt_rr_add_cc(knot_rrset_t *opt_rr, uint8_t *cc, uint16_t cc_len,
#undef SC_LEN
}
-int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl,
+int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
struct kr_cache *cookie_cache,
const struct sockaddr *clnt_sa,
const struct sockaddr *srvr_sa,
knot_pkt_t *pkt)
{
- if (!clnt_cntrl || !pkt) {
+ if (!clnt_comp || !pkt) {
return kr_error(EINVAL);
}
@@ -125,7 +125,7 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl,
return kr_ok();
}
- if (!clnt_cntrl->csec || (clnt_cntrl->calg_id < 0) || !cookie_cache) {
+ if (!clnt_comp->secr || (clnt_comp->alg_id < 0) || !cookie_cache) {
return kr_error(EINVAL);
}
@@ -135,14 +135,14 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl,
struct knot_cc_input input = {
.clnt_sockaddr = clnt_sa,
.srvr_sockaddr = srvr_sa,
- .secret_data = clnt_cntrl->csec->data,
- .secret_len = clnt_cntrl->csec->size
+ .secret_data = clnt_comp->secr->data,
+ .secret_len = clnt_comp->secr->size
};
uint8_t cc[KNOT_OPT_COOKIE_CLNT];
uint16_t cc_len = KNOT_OPT_COOKIE_CLNT;
- assert((clnt_cntrl->calg_id >= 0) && kr_cc_algs[clnt_cntrl->calg_id] &&
- kr_cc_algs[clnt_cntrl->calg_id]->gen_func);
- int ret = kr_cc_algs[clnt_cntrl->calg_id]->gen_func(&input, cc, &cc_len);
+ assert((clnt_comp->alg_id >= 0) && kr_cc_algs[clnt_comp->alg_id] &&
+ kr_cc_algs[clnt_comp->alg_id]->gen_func);
+ int ret = kr_cc_algs[clnt_comp->alg_id]->gen_func(&input, cc, &cc_len);
if (ret != kr_ok()) {
return ret;
}
diff --git a/lib/cookies/helper.h b/lib/cookies/helper.h
index 2638535ebb38a188085f88286aaf262b80835904..ad780972d2323c00d22f0636b2b38c478ea583c1 100644
--- a/lib/cookies/helper.h
+++ b/lib/cookies/helper.h
@@ -25,7 +25,7 @@
/**
* @brief Insert a DNS cookie into query packet.
* @note The packet must already contain ENDS section.
- * @param clnt_cntrl client cookie control structure
+ * @param clnt_comp client cookie control structure
* @param cookie_cache cookie cache
* @param clnt_sa client socket address
* @param srvr_sa server socket address
@@ -33,7 +33,7 @@
* @return kr_ok() or error code
*/
KR_EXPORT
-int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl,
+int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
struct kr_cache *cookie_cache,
const struct sockaddr *clnt_sa,
const struct sockaddr *srvr_sa,
diff --git a/lib/layer/cookiemonster.c b/lib/layer/cookiemonster.c
index 5b408ceb4311894b0442a00fe71b64d707f452e1..73032f7b087f6ebdc01c1676d0401433d0fc5257 100644
--- a/lib/layer/cookiemonster.c
+++ b/lib/layer/cookiemonster.c
@@ -104,37 +104,37 @@ static const struct sockaddr *guess_server_addr(const struct kr_nsrep *nsrep,
* @param is_current set to true if the cookie was generate from current secret
* @param cc client cookie from the response
* @param cc_len client cookie size
- * @param clnt_cntr client cookie control structure
+ * @param clnt_sett client cookie settings structure
* @return kr_ok() if matching address found, error code else
*/
static int srvr_sockaddr_cc_check(const struct sockaddr **sockaddr,
bool *is_current, const struct kr_query *qry,
const uint8_t *cc, uint16_t cc_len,
- const struct kr_clnt_cookie_ctx *clnt_cntrl)
+ const struct kr_cookie_settings *clnt_sett)
{
- assert(sockaddr && is_current && qry && cc && cc_len && clnt_cntrl);
+ assert(sockaddr && is_current && qry && cc && cc_len && clnt_sett);
const struct sockaddr *tmp_sockaddr = passed_server_sockaddr(qry);
/* The address must correspond with the client cookie. */
if (tmp_sockaddr) {
- assert(clnt_cntrl->current.csec);
+ assert(clnt_sett->current.secr);
struct knot_cc_input input = {
.clnt_sockaddr = NULL, /* Not supported yet. */
.srvr_sockaddr = tmp_sockaddr,
- .secret_data = clnt_cntrl->current.csec->data,
- .secret_len = clnt_cntrl->current.csec->size
+ .secret_data = clnt_sett->current.secr->data,
+ .secret_len = clnt_sett->current.secr->size
};
int ret = knot_cc_check(cc, cc_len, &input,
- kr_cc_algs[clnt_cntrl->current.calg_id]);
+ kr_cc_algs[clnt_sett->current.alg_id]);
bool have_current = (ret == KNOT_EOK);
if ((ret != KNOT_EOK) &&
- clnt_cntrl->recent.csec && (clnt_cntrl->recent.calg_id >= 0)) {
- input.secret_data = clnt_cntrl->recent.csec->data;
- input.secret_len = clnt_cntrl->recent.csec->size;
+ clnt_sett->recent.secr && (clnt_sett->recent.alg_id >= 0)) {
+ input.secret_data = clnt_sett->recent.secr->data;
+ input.secret_len = clnt_sett->recent.secr->size;
ret = knot_cc_check(cc, cc_len, &input,
- kr_cc_algs[clnt_cntrl->recent.calg_id]);
+ kr_cc_algs[clnt_sett->recent.alg_id]);
}
if (ret == KNOT_EOK) {
*sockaddr = tmp_sockaddr;
@@ -149,15 +149,15 @@ static int srvr_sockaddr_cc_check(const struct sockaddr **sockaddr,
/* Abusing name server reputation mechanism to guess IP addresses. */
const struct kr_nsrep *ns = &qry->ns;
tmp_sockaddr = guess_server_addr(ns, cc, cc_len,
- clnt_cntrl->current.csec,
- kr_cc_algs[clnt_cntrl->current.calg_id]);
+ clnt_sett->current.secr,
+ kr_cc_algs[clnt_sett->current.alg_id]);
bool have_current = (tmp_sockaddr != NULL);
if (!tmp_sockaddr &&
- clnt_cntrl->recent.csec && (clnt_cntrl->recent.calg_id >= 0)) {
+ clnt_sett->recent.secr && (clnt_sett->recent.alg_id >= 0)) {
/* Try recent client secret to check obtained cookie. */
tmp_sockaddr = guess_server_addr(ns, cc, cc_len,
- clnt_cntrl->recent.csec,
- kr_cc_algs[clnt_cntrl->recent.calg_id]);
+ clnt_sett->recent.secr,
+ kr_cc_algs[clnt_sett->recent.alg_id]);
}
if (tmp_sockaddr) {
*sockaddr = tmp_sockaddr;
@@ -248,12 +248,13 @@ static bool is_cookie_cached(struct kr_cache *cache,
/**
* Check cookie content and store it to cache.
*/
-static bool check_cookie_content_and_cache(struct kr_clnt_cookie_ctx *clnt_cntrl,
+static bool check_cookie_content_and_cache(const struct kr_cookie_settings *clnt_sett,
+ uint32_t cookie_cache_ttl,
struct kr_query *qry,
uint8_t *pkt_cookie_opt,
struct kr_cache *cache)
{
- assert(clnt_cntrl && qry && pkt_cookie_opt && cache);
+ assert(clnt_sett && qry && pkt_cookie_opt && cache);
uint8_t *pkt_cookie_data = knot_edns_opt_get_data(pkt_cookie_opt);
uint16_t pkt_cookie_len = knot_edns_opt_get_length(pkt_cookie_opt);
@@ -276,7 +277,7 @@ static bool check_cookie_content_and_cache(struct kr_clnt_cookie_ctx *clnt_cntrl
const struct sockaddr *srvr_sockaddr = NULL;
bool returned_current = false;
ret = srvr_sockaddr_cc_check(&srvr_sockaddr, &returned_current, qry,
- pkt_cc, pkt_cc_len, clnt_cntrl);
+ pkt_cc, pkt_cc_len, clnt_sett);
if (ret != kr_ok()) {
DEBUG_MSG(NULL, "%s\n", "could not match received cookie");
return false;
@@ -287,7 +288,7 @@ static bool check_cookie_content_and_cache(struct kr_clnt_cookie_ctx *clnt_cntrl
if (returned_current &&
!is_cookie_cached(cache, srvr_sockaddr, qry->timestamp.tv_sec,
pkt_cookie_opt)) {
- struct timed_cookie timed_cookie = { clnt_cntrl->cache_ttl, pkt_cookie_opt };
+ struct timed_cookie timed_cookie = { cookie_cache_ttl, pkt_cookie_opt };
ret = kr_cookie_cache_insert_cookie(cache, srvr_sockaddr,
&timed_cookie,
@@ -337,7 +338,8 @@ static int check_response(knot_layer_t *ctx, knot_pkt_t *pkt)
return ctx->state;
}
- if (!check_cookie_content_and_cache(&kr_glob_cookie_ctx.clnt, qry,
+ if (!check_cookie_content_and_cache(&kr_glob_cookie_ctx.clnt,
+ kr_glob_cookie_ctx.cache_ttl, qry,
pkt_cookie_opt, cookie_cache)) {
return KNOT_STATE_FAIL;
}
@@ -404,9 +406,9 @@ static int check_request(knot_layer_t *ctx, void *module_param)
bool ignore_badcookie = true; /* TODO -- Occasionally ignore? */
- struct kr_srvr_cookie_ctx *srvr_cntrl = &kr_glob_cookie_ctx.srvr;
+ struct kr_cookie_settings *srvr_sett = &kr_glob_cookie_ctx.srvr;
if (!req->qsource.addr ||
- !srvr_cntrl->current.ssec || (srvr_cntrl->current.salg_id < 0)) {
+ !srvr_sett->current.secr || (srvr_sett->current.alg_id < 0)) {
DEBUG_MSG(NULL, "%s\n", "missing server cookie context");
return KNOT_STATE_FAIL;
}
@@ -415,8 +417,8 @@ static int check_request(knot_layer_t *ctx, void *module_param)
struct knot_sc_private srvr_data = {
.clnt_sockaddr = req->qsource.addr,
- .secret_data = srvr_cntrl->current.ssec->data,
- .secret_len = srvr_cntrl->current.ssec->size
+ .secret_data = srvr_sett->current.secr->data,
+ .secret_len = srvr_sett->current.secr->size
};
struct kr_nonce_input nonce = {
@@ -445,17 +447,17 @@ static int check_request(knot_layer_t *ctx, void *module_param)
/* Check server cookie obtained in request. */
ret = knot_sc_check(NONCE_LEN, &cookies, &srvr_data,
- kr_sc_algs[srvr_cntrl->current.salg_id]);
+ kr_sc_algs[srvr_sett->current.alg_id]);
if (ret == KNOT_EINVAL &&
- srvr_cntrl->recent.ssec && (srvr_cntrl->recent.salg_id >= 0)) {
+ srvr_sett->recent.secr && (srvr_sett->recent.alg_id >= 0)) {
/* Try recent algorithm. */
struct knot_sc_private recent_srvr_data = {
.clnt_sockaddr = req->qsource.addr,
- .secret_data = srvr_cntrl->recent.ssec->data,
- .secret_len = srvr_cntrl->recent.ssec->size
+ .secret_data = srvr_sett->recent.secr->data,
+ .secret_len = srvr_sett->recent.secr->size
};
ret = knot_sc_check(NONCE_LEN, &cookies, &recent_srvr_data,
- kr_sc_algs[srvr_cntrl->recent.salg_id]);
+ kr_sc_algs[srvr_sett->recent.alg_id]);
}
if (ret != KNOT_EOK) {
/* TODO -- Silently discard? */
@@ -481,7 +483,7 @@ answer_add_cookies:
/* Add server cookie into response. */
ret = kr_answer_write_cookie(&srvr_data, cookies.cc, cookies.cc_len,
&nonce,
- kr_sc_algs[srvr_cntrl->current.salg_id],
+ kr_sc_algs[srvr_sett->current.alg_id],
req->answer);
if (ret != kr_ok()) {
return_state = KNOT_STATE_FAIL;
diff --git a/lib/resolve.c b/lib/resolve.c
index 12eefdd4b145fd29c50a9f01f285a57140190367..5d11b54cc428ac38911278dcce51619d34031d07 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -395,16 +395,16 @@ int kr_resolve_begin(struct kr_request *request, struct kr_context *ctx, knot_pk
/**
* @brief Put cookie into answer packet.
* @param clnt_sockaddr client socket address
- * @param srvr_cntrl control structure of the server cookie algorithm
+ * @param srvr_sett settings structure of the server cookie algorithm
* @param cookies obtained cookies
* @param answer answer packet
* @return state
*/
static int cookie_answer(const void *clnt_sockaddr,
- const struct kr_srvr_cookie_ctx *srvr_cntrl,
+ const struct kr_cookie_settings *srvr_sett,
struct knot_dns_cookies *cookies, knot_pkt_t *answer)
{
- assert(srvr_cntrl && cookies && answer);
+ assert(srvr_sett && cookies && answer);
/* Initialise answer. */
knot_wire_set_qr(answer->wire);
@@ -414,8 +414,8 @@ static int cookie_answer(const void *clnt_sockaddr,
struct knot_sc_private srvr_data = {
.clnt_sockaddr = clnt_sockaddr,
- .secret_data = srvr_cntrl->current.ssec->data,
- .secret_len = srvr_cntrl->current.ssec->size
+ .secret_data = srvr_sett->current.secr->data,
+ .secret_len = srvr_sett->current.secr->size
};
struct timeval tv;
@@ -429,14 +429,14 @@ static int cookie_answer(const void *clnt_sockaddr,
/* Add fres cookie into the answer. */
int ret = kr_answer_write_cookie(&srvr_data,
cookies->cc, cookies->cc_len, &nonce,
- kr_sc_algs[srvr_cntrl->current.salg_id], answer);
+ kr_sc_algs[srvr_sett->current.alg_id], answer);
if (ret != kr_ok()) {
return KNOT_STATE_FAIL;
}
/* Check server cookie only with current settings. */
ret = knot_sc_check(NONCE_LEN, cookies, &srvr_data,
- kr_sc_algs[srvr_cntrl->current.salg_id]);
+ kr_sc_algs[srvr_sett->current.alg_id]);
if (ret != KNOT_EOK) {
kr_pkt_set_ext_rcode(answer, KNOT_RCODE_BADCOOKIE);
return KNOT_STATE_FAIL | KNOT_STATE_DONE;
diff --git a/modules/cookiectl/cookiectl.c b/modules/cookiectl/cookiectl.c
index 498ab07b7485fae5340a9efd2701eb215efec0f4..cebb5058d002e524df48063b3ae906a50d47c23c 100644
--- a/modules/cookiectl/cookiectl.c
+++ b/modules/cookiectl/cookiectl.c
@@ -31,13 +31,14 @@
#define NAME_CLIENT_SECRET "client_secret"
#define NAME_CLIENT_COOKIE_ALG "client_cookie_alg"
#define NAME_AVAILABLE_CLIENT_COOKIE_ALGS "available_client_cookie_algs"
-#define NAME_CACHE_TTL "cache_ttl"
#define NAME_SERVER_ENABLED "server_enabled"
#define NAME_SERVER_SECRET "server_secret"
#define NAME_SERVER_COOKIE_ALG "server_cookie_alg"
#define NAME_AVAILABLE_SERVER_COOKIE_ALGS "available_server_cookie_algs"
+#define NAME_CACHE_TTL "cache_ttl"
+
static bool aply_enabled(bool *enabled, const JsonNode *node)
{
assert(enabled && node);
@@ -141,32 +142,16 @@ static bool apply_secret(struct kr_cookie_secret **sec, const JsonNode *node)
return true;
}
-static bool apply_client_hash_func(struct kr_cookie_ctx *cntrl,
- const JsonNode *node)
+static bool apply_hash_func(struct kr_cookie_settings *sett,
+ const JsonNode *node, const knot_lookup_t table[])
{
if (node->tag == JSON_STRING) {
- const knot_lookup_t *lookup = knot_lookup_by_name(kr_cc_alg_names,
+ const knot_lookup_t *lookup = knot_lookup_by_name(table,
node->string_);
if (!lookup) {
return false;
}
- cntrl->clnt.current.calg_id = lookup->id;
- return true;
- }
-
- return false;
-}
-
-static bool apply_server_hash_func(struct kr_cookie_ctx *cntrl,
- const JsonNode *node)
-{
- if (node->tag == JSON_STRING) {
- const knot_lookup_t *lookup = knot_lookup_by_name(kr_sc_alg_names,
- node->string_);
- if (!lookup) {
- return false;
- }
- cntrl->srvr.current.salg_id = lookup->id;
+ sett->current.alg_id = lookup->id;
return true;
}
@@ -176,14 +161,15 @@ static bool apply_server_hash_func(struct kr_cookie_ctx *cntrl,
static bool apply_cache_ttl(struct kr_cookie_ctx *cntrl, const JsonNode *node)
{
if (node->tag == JSON_NUMBER) {
- cntrl->clnt.cache_ttl = node->number_;
+ cntrl->cache_ttl = node->number_;
return true;
}
return false;
}
-static bool apply_configuration(struct kr_cookie_ctx *cntrl, const JsonNode *node)
+static bool apply_configuration(struct kr_cookie_ctx *cntrl,
+ const JsonNode *node)
{
assert(cntrl && node);
@@ -195,17 +181,17 @@ static bool apply_configuration(struct kr_cookie_ctx *cntrl, const JsonNode *nod
if (strcmp(node->key, NAME_CLIENT_ENABLED) == 0) {
return aply_enabled(&cntrl->clnt.enabled, node);
} else if (strcmp(node->key, NAME_CLIENT_SECRET) == 0) {
- return apply_secret(&cntrl->clnt.current.csec, node);
+ return apply_secret(&cntrl->clnt.current.secr, node);
} else if (strcmp(node->key, NAME_CLIENT_COOKIE_ALG) == 0) {
- return apply_client_hash_func(cntrl, node);
+ return apply_hash_func(&cntrl->clnt, node, kr_cc_alg_names);
} else if (strcmp(node->key, NAME_CACHE_TTL) == 0) {
return apply_cache_ttl(cntrl, node);
} else if (strcmp(node->key, NAME_SERVER_ENABLED) == 0) {
return aply_enabled(&cntrl->srvr.enabled, node);
} else if (strcmp(node->key, NAME_SERVER_SECRET) == 0) {
- return apply_secret(&cntrl->srvr.current.ssec, node);
+ return apply_secret(&cntrl->srvr.current.secr, node);
} else if (strcmp(node->key, NAME_SERVER_COOKIE_ALG) == 0) {
- return apply_server_hash_func(cntrl, node);
+ return apply_hash_func(&cntrl->srvr, node, kr_sc_alg_names);
}
return false;
@@ -240,16 +226,17 @@ fail:
return false;
}
-static bool read_available_cc_hashes(JsonNode *root)
+static bool read_available_hashes(JsonNode *root, const char *root_name,
+ const knot_lookup_t table[])
{
- assert(root);
+ assert(root && root_name && table);
JsonNode *array = json_mkarray();
if (!array) {
return false;
}
- const knot_lookup_t *aux_ptr = kr_cc_alg_names;
+ const knot_lookup_t *aux_ptr = table;
while (aux_ptr && (aux_ptr->id >= 0) && aux_ptr->name) {
JsonNode *element = json_mkstring(aux_ptr->name);
if (!element) {
@@ -259,7 +246,7 @@ static bool read_available_cc_hashes(JsonNode *root)
++aux_ptr;
}
- json_append_member(root, NAME_AVAILABLE_CLIENT_COOKIE_ALGS, array);
+ json_append_member(root, root_name, array);
return true;
@@ -270,58 +257,16 @@ fail:
return false;
}
-static bool read_available_sc_hashes(JsonNode *root)
+static bool settings_equal(const struct kr_cookie_comp *s1,
+ const struct kr_cookie_comp *s2)
{
- assert(root);
+ assert(s1 && s2 && s1->secr && s2->secr);
- JsonNode *array = json_mkarray();
- if (!array) {
+ if (s1->alg_id != s2->alg_id || s1->secr->size != s2->secr->size) {
return false;
}
- const knot_lookup_t *aux_ptr = kr_sc_alg_names;
- while (aux_ptr && (aux_ptr->id >= 0) && aux_ptr->name) {
- JsonNode *element = json_mkstring(aux_ptr->name);
- if (!element) {
- goto fail;
- }
- json_append_element(array, element);
- ++aux_ptr;
- }
-
- json_append_member(root, NAME_AVAILABLE_SERVER_COOKIE_ALGS, array);
-
- return true;
-
-fail:
- if (array) {
- json_delete(array);
- }
- return false;
-}
-
-static bool clnt_settings_equal(const struct kr_clnt_cookie_settings *s1,
- const struct kr_clnt_cookie_settings *s2)
-{
- assert(s1 && s2 && s1->csec && s2->csec);
-
- if (s1->calg_id != s2->calg_id || s1->csec->size != s2->csec->size) {
- return false;
- }
-
- return 0 == memcmp(s1->csec->data, s2->csec->data, s1->csec->size);
-}
-
-static bool srvr_settings_equal(const struct kr_srvr_cookie_settings *s1,
- const struct kr_srvr_cookie_settings *s2)
-{
- assert(s1 && s2 && s1->ssec && s2->ssec);
-
- if (s1->salg_id != s2->salg_id || s1->ssec->size != s2->ssec->size) {
- return false;
- }
-
- return 0 == memcmp(s1->ssec->data, s2->ssec->data, s1->ssec->size);
+ return 0 == memcmp(s1->secr->data, s2->secr->data, s1->secr->size);
}
static void apply_from_copy(struct kr_cookie_ctx *running,
@@ -329,24 +274,22 @@ static void apply_from_copy(struct kr_cookie_ctx *running,
{
assert(running && shallow);
- if (!clnt_settings_equal(&running->clnt.current,
- &shallow->clnt.current)) {
- free(running->clnt.recent.csec); /* Delete old secret. */
+ if (!settings_equal(&running->clnt.current, &shallow->clnt.current)) {
+ free(running->clnt.recent.secr); /* Delete old secret. */
running->clnt.recent = running->clnt.current;
running->clnt.current = shallow->clnt.current;
/* Shallow will be deleted after this function call. */
}
- if (!srvr_settings_equal(&running->srvr.current,
- &shallow->srvr.current)) {
- free(running->srvr.recent.ssec); /* Delete old secret. */
+ if (!settings_equal(&running->srvr.current, &shallow->srvr.current)) {
+ free(running->srvr.recent.secr); /* Delete old secret. */
running->srvr.recent = running->srvr.current;
running->srvr.current = shallow->srvr.current;
/* Shallow will be deleted after this function call. */
}
/* Direct application. */
- running->clnt.cache_ttl = shallow->clnt.cache_ttl;
+ running->cache_ttl = shallow->cache_ttl;
running->clnt.enabled = shallow->clnt.enabled;
running->srvr.enabled = shallow->srvr.enabled;
}
@@ -382,11 +325,11 @@ static bool apply_config(struct kr_cookie_ctx *ctx, const char *args)
apply_from_copy(ctx, &shallow_copy);
} else {
/* Clean newly allocated data. */
- if (shallow_copy.clnt.current.csec != ctx->clnt.current.csec) {
- free(shallow_copy.clnt.current.csec);
+ if (shallow_copy.clnt.current.secr != ctx->clnt.current.secr) {
+ free(shallow_copy.clnt.current.secr);
}
- if (shallow_copy.srvr.current.ssec != ctx->srvr.current.ssec) {
- free(shallow_copy.srvr.current.ssec);
+ if (shallow_copy.srvr.current.secr != ctx->srvr.current.secr) {
+ free(shallow_copy.srvr.current.secr);
}
}
@@ -406,31 +349,33 @@ char *read_config(struct kr_cookie_ctx *ctx)
json_append_member(root_node, NAME_CLIENT_ENABLED,
json_mkbool(ctx->clnt.enabled));
- read_secret(root_node, NAME_CLIENT_SECRET, ctx->clnt.current.csec);
+ read_secret(root_node, NAME_CLIENT_SECRET, ctx->clnt.current.secr);
- lookup = knot_lookup_by_id(kr_cc_alg_names, ctx->clnt.current.calg_id);
+ lookup = knot_lookup_by_id(kr_cc_alg_names, ctx->clnt.current.alg_id);
if (lookup) {
json_append_member(root_node, NAME_CLIENT_COOKIE_ALG,
json_mkstring(lookup->name));
}
- read_available_cc_hashes(root_node);
+ read_available_hashes(root_node, NAME_AVAILABLE_CLIENT_COOKIE_ALGS,
+ kr_cc_alg_names);
json_append_member(root_node, NAME_CACHE_TTL,
- json_mknumber(ctx->clnt.cache_ttl));
+ json_mknumber(ctx->cache_ttl));
json_append_member(root_node, NAME_SERVER_ENABLED,
json_mkbool(ctx->srvr.enabled));
- read_secret(root_node, NAME_SERVER_SECRET, ctx->srvr.current.ssec);
+ read_secret(root_node, NAME_SERVER_SECRET, ctx->srvr.current.secr);
- lookup = knot_lookup_by_id(kr_sc_alg_names, ctx->srvr.current.salg_id);
+ lookup = knot_lookup_by_id(kr_sc_alg_names, ctx->srvr.current.alg_id);
if (lookup) {
json_append_member(root_node, NAME_SERVER_COOKIE_ALG,
json_mkstring(lookup->name));
}
- read_available_sc_hashes(root_node);
+ read_available_hashes(root_node, NAME_AVAILABLE_SERVER_COOKIE_ALGS,
+ kr_sc_alg_names);
result = json_encode(root_node);
json_delete(root_node);
@@ -476,17 +421,20 @@ int cookiectl_init(struct kr_module *module)
const knot_lookup_t *lookup;
kr_glob_cookie_ctx.clnt.enabled = false;
- kr_glob_cookie_ctx.clnt.current.csec = cs;
+ kr_glob_cookie_ctx.clnt.current.secr = cs;
lookup = knot_lookup_by_name(kr_cc_alg_names, "FNV-64");
assert(lookup);
- kr_glob_cookie_ctx.clnt.current.calg_id = lookup->id;
- kr_glob_cookie_ctx.clnt.cache_ttl = DFLT_COOKIE_TTL;
+ kr_glob_cookie_ctx.clnt.current.alg_id = lookup->id;
+ kr_glob_cookie_ctx.clnt.recent.alg_id = -1;
kr_glob_cookie_ctx.srvr.enabled = false;
- kr_glob_cookie_ctx.srvr.current.ssec = ss;
+ kr_glob_cookie_ctx.srvr.current.secr = ss;
lookup = knot_lookup_by_name(kr_sc_alg_names, "FNV-64");
assert(lookup);
- kr_glob_cookie_ctx.srvr.current.salg_id = lookup->id;
+ kr_glob_cookie_ctx.srvr.current.alg_id = lookup->id;
+ kr_glob_cookie_ctx.srvr.recent.alg_id = -1;
+
+ kr_glob_cookie_ctx.cache_ttl = DFLT_COOKIE_TTL;
module->data = NULL;
@@ -498,19 +446,19 @@ int cookiectl_deinit(struct kr_module *module)
{
kr_glob_cookie_ctx.clnt.enabled = false;
- free(kr_glob_cookie_ctx.clnt.recent.csec);
- kr_glob_cookie_ctx.clnt.recent.csec = NULL;
+ free(kr_glob_cookie_ctx.clnt.recent.secr);
+ kr_glob_cookie_ctx.clnt.recent.secr = NULL;
- free(kr_glob_cookie_ctx.clnt.current.csec);
- kr_glob_cookie_ctx.clnt.current.csec = NULL;
+ free(kr_glob_cookie_ctx.clnt.current.secr);
+ kr_glob_cookie_ctx.clnt.current.secr = NULL;
kr_glob_cookie_ctx.srvr.enabled = false;
- free(kr_glob_cookie_ctx.srvr.recent.ssec);
- kr_glob_cookie_ctx.srvr.recent.ssec = NULL;
+ free(kr_glob_cookie_ctx.srvr.recent.secr);
+ kr_glob_cookie_ctx.srvr.recent.secr = NULL;
- free(kr_glob_cookie_ctx.srvr.current.ssec);
- kr_glob_cookie_ctx.srvr.current.ssec = NULL;
+ free(kr_glob_cookie_ctx.srvr.current.secr);
+ kr_glob_cookie_ctx.srvr.current.secr = NULL;
return kr_ok();
}