...
 
......@@ -21,29 +21,26 @@ Akamai SecureHD Token Authorization VMOD
SYNOPSIS
========
.. parsed-literal::
::
import hoailona [from "path"] ;
new xpolicy = hoailona.policy(ENUM type, DURATION ttl, STRING description, BLOB secret, INT start_offset)
import hoailona [from "path"]
new xhosts = hoailona.hosts()
new xpolicy = hoailona.policy(ENUM type, DURATION ttl, STRING description, BLOB secret, INT start_offset)
VOID xhosts.add(STRING host, STRING policy, STRING path, STRING description)
new xhosts = hoailona.hosts()
VOID xhosts.add(STRING host, STRING policy, STRING path, STRING description)
INT xhosts.policy(STRING host, STRING path)
STRING xhosts.token(STRING acl, DURATION ttl, STRING data)
BLOB xhosts.secret()
STRING xhosts.explain()
STRING version()
STRING version()
::
new OBJECT = hoailona.policy(ENUM type [, DURATION ttl]
......@@ -246,11 +243,10 @@ subroutines, subsequent calls to ``.token()`` and ``.secret()`` in the
same backend transaction are based on the policy that was determined
by that call.
.. _obj_policy:
policy(...)
-----------
new xpolicy = hoailona.policy(ENUM type, DURATION ttl, STRING description, BLOB secret, INT start_offset)
---------------------------------------------------------------------------------------------------------
::
......@@ -315,9 +311,6 @@ Examples::
# A policy for "access denied"
new forbid = hoailona.policy(DENY, description="access denied");
.. _obj_hosts:
new xhosts = hoailona.hosts()
......@@ -330,8 +323,8 @@ becomes useful by calling the ``.add()`` method.
.. _func_hosts.add:
hosts.add(...)
--------------
VOID xhosts.add(STRING host, STRING policy, STRING path, STRING description)
----------------------------------------------------------------------------
::
......@@ -473,7 +466,6 @@ Examples::
h.add("evil.org", "deny", description="no access to evil.org");
}
.. _func_hosts.policy:
INT xhosts.policy(STRING host=0, STRING path=0)
......@@ -541,7 +533,6 @@ with parameters.
Calling ``.policy()`` with only one of the ``host`` and ``path``
parameters empty is an error.
.. _func_hosts.token:
STRING xhosts.token(STRING acl, DURATION ttl, STRING data)
......@@ -603,7 +594,6 @@ Examples::
# needed for SecureHD authorization.
}
.. _func_hosts.secret:
BLOB xhosts.secret()
......@@ -647,7 +637,6 @@ Examples::
}
}
.. _func_hosts.explain:
STRING xhosts.explain()
......@@ -682,10 +671,6 @@ Example::
std.log("Policy determination: " + config.explain());
}
.. _func_version:
STRING version()
......@@ -768,7 +753,6 @@ Users of the Luna Control Center can consult:
* https://control.akamai.com/dl/customers/SPE/EdgeAuth-latest.zip
COPYRIGHT
=========
......
......@@ -71,7 +71,7 @@ struct vmod_hoailona_hosts {
struct policyitem {
VSLIST_ENTRY(policyitem) list;
struct vmod_hoailona_policy *policy;
struct vmod_hoailona_policy *policy;
};
typedef VSLIST_HEAD(policyhead, policyitem) policyhead_t;
......@@ -81,9 +81,11 @@ struct policy_task {
#define VMOD_HOAILONA_POLICY_TASK_MAGIC 0x5fc90249
struct host *host;
struct assignment *assignment;
struct vmod_hoailona_policy *policy;
struct vmod_hoailona_policy *policy;
};
#define BLOB_VMOD_HOAILONA_SECRET_TYPE 0xaa50e92c
static inline void
WS_Contains(struct ws * const restrict ws, const void * const restrict ptr,
const size_t len)
......@@ -136,11 +138,13 @@ VCL_VOID
vmod_policy__init(VRT_CTX, struct vmod_hoailona_policy **policyp,
const char *vcl_name, struct vmod_priv *init_task,
VCL_ENUM policys, VCL_DURATION ttl, VCL_STRING description,
VCL_BLOB secret, VCL_INT start_offset)
VCL_BLOB secret_in, VCL_INT start_offset)
{
struct vmod_hoailona_policy *policy;
policyhead_t *policyhead;
struct policyitem *item;
struct vrt_blob *secret;
unsigned char *spc;
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
......@@ -197,14 +201,20 @@ vmod_policy__init(VRT_CTX, struct vmod_hoailona_policy **policyp,
policy->description = strdup(description);
else
AZ(policy->description);
if (secret != NULL) {
policy->secret = malloc(sizeof(*secret));
AN(policy->secret);
policy->secret->len = secret->len;
policy->secret->priv = malloc(secret->len);
AN(policy->secret->priv);
memcpy(policy->secret->priv, secret->priv, secret->len);
policy->secret->free = NULL;
if (secret_in != NULL && secret_in->len > 0) {
AN(secret_in->blob);
spc = malloc(sizeof(*secret) + secret_in->len);
AN(spc);
secret = (void *)spc;
spc += sizeof(*secret);
memcpy(spc, secret_in->blob, secret_in->len);
secret->blob = spc;
secret->len = secret_in->len;
secret->type = BLOB_VMOD_HOAILONA_SECRET_TYPE;
policy->secret = secret;
}
else
AZ(policy->secret);
......@@ -227,9 +237,8 @@ vmod_policy__fini(struct vmod_hoailona_policy **policyp)
if (policy->description != NULL)
free(policy->description);
if (policy->secret != NULL) {
AN(policy->secret->priv);
free(policy->secret->priv);
free(policy->secret);
// single allocation including blob
free(policy->freeptr);
}
FREE_OBJ(policy);
}
......
......@@ -49,7 +49,10 @@ struct vmod_hoailona_policy {
#define VMOD_HOAILONA_POLICY_MAGIC 0xf729cbfa
char *vcl_name;
char *description;
struct vmod_priv *secret;
union {
VCL_BLOB secret;
void *freeptr;
};
VCL_DURATION ttl;
enum policy_type type;
VCL_INT start_offset;
......