1/*
2 * security_stubs.c
3 *
4 * Copyright (C) 2014-2018 Aerospike, Inc.
5 *
6 * Portions may be licensed to Aerospike, Inc. under one or more contributor
7 * license agreements.
8 *
9 * This program is free software: you can redistribute it and/or modify it under
10 * the terms of the GNU Affero General Public License as published by the Free
11 * Software Foundation, either version 3 of the License, or (at your option) any
12 * later version.
13 *
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
17 * details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see http://www.gnu.org/licenses/
21 */
22
23//==========================================================
24// Includes.
25//
26
27#include "base/security.h"
28#include "base/security_config.h"
29
30#include <errno.h>
31#include <stdbool.h>
32#include <stddef.h>
33#include <stdint.h>
34#include <string.h>
35#include <unistd.h>
36
37#include "citrusleaf/alloc.h"
38
39#include "fault.h"
40#include "socket.h"
41
42#include "base/datamodel.h"
43#include "base/proto.h"
44#include "base/transaction.h"
45
46
47//==========================================================
48// Public API.
49//
50
51// Security is an enterprise feature - here, do nothing.
52void
53as_security_init(void)
54{
55}
56
57// Security is an enterprise feature - here, allow all operations.
58uint8_t
59as_security_check(const as_file_handle* fd_h, as_sec_perm perm)
60{
61 return AS_OK;
62}
63
64// Security is an enterprise feature - here, allow all operations.
65bool
66as_security_check_data_op(as_transaction* tr, as_namespace* ns,
67 as_sec_perm perm)
68{
69 return true;
70}
71
72// Security is an enterprise feature - here, there's no filter.
73void*
74as_security_filter_create(void)
75{
76 return NULL;
77}
78
79// Security is an enterprise feature - here, there's no filter.
80void
81as_security_filter_destroy(void* pv_filter)
82{
83}
84
85// Security is an enterprise feature - here, do nothing.
86void
87as_security_log(const as_file_handle* fd_h, uint8_t result, as_sec_perm perm,
88 const char* action, const char* detail)
89{
90}
91
92// Security is an enterprise feature - here, never need to refresh.
93bool
94as_security_should_refresh(void)
95{
96 return false;
97}
98
99// Security is an enterprise feature - shouldn't get here.
100void
101as_security_refresh(as_file_handle* fd_h)
102{
103 cf_crash(AS_SECURITY, "CE build called as_security_refresh()");
104}
105
106// Security is an enterprise feature. If we receive a security message from a
107// client here, quickly return AS_SEC_ERR_NOT_SUPPORTED. The client may choose
108// to continue using this (unsecured) socket.
109void
110as_security_transact(as_transaction* tr)
111{
112 // We don't need the request, since we're ignoring it.
113 cf_free(tr->msgp);
114 tr->msgp = NULL;
115
116 // Set up a simple response with a single as_sec_msg that has no fields.
117 size_t resp_size = sizeof(as_proto) + sizeof(as_sec_msg);
118 uint8_t resp[resp_size];
119
120 // Fill out the as_proto fields.
121 as_proto* p_resp_proto = (as_proto*)resp;
122
123 p_resp_proto->version = PROTO_VERSION;
124 p_resp_proto->type = PROTO_TYPE_SECURITY;
125 p_resp_proto->sz = sizeof(as_sec_msg);
126
127 // Switch to network byte order.
128 as_proto_swap(p_resp_proto);
129
130 uint8_t* p_proto_body = resp + sizeof(as_proto);
131
132 memset((void*)p_proto_body, 0, sizeof(as_sec_msg));
133
134 // Fill out the relevant as_sec_msg fields.
135 as_sec_msg* p_sec_msg = (as_sec_msg*)p_proto_body;
136
137 p_sec_msg->scheme = AS_SEC_MSG_SCHEME;
138 p_sec_msg->result = AS_SEC_ERR_NOT_SUPPORTED;
139
140 // Send the complete response.
141 cf_socket *sock = &tr->from.proto_fd_h->sock;
142
143 if (cf_socket_send_all(sock, resp, resp_size, MSG_NOSIGNAL,
144 CF_SOCKET_TIMEOUT) < 0) {
145 cf_warning(AS_SECURITY, "fd %d send failed, errno %d",
146 CSFD(sock), errno);
147 as_end_of_transaction_force_close(tr->from.proto_fd_h);
148 tr->from.proto_fd_h = NULL;
149 return;
150 }
151
152 as_end_of_transaction_ok(tr->from.proto_fd_h);
153 tr->from.proto_fd_h = NULL;
154}
155
156
157//==========================================================
158// Public API - security configuration.
159//
160
161// Security is an enterprise feature - here, do nothing.
162void
163as_security_config_check()
164{
165}
166
167// Security is an enterprise feature - here, do nothing.
168void
169as_security_config_log_scope(uint32_t sink, const char* ns_name,
170 const char* set_name)
171{
172}
173