1 /* 2 * $Id: policy.h 1038 2009-01-07 17:33:42Z aaron $ 3 */ 4 /************************************************************************ 5 * * 6 * Copyright (C) 2003 * 7 * Internet2 * 8 * All Rights Reserved * 9 * * 10 ************************************************************************/ 11 /* 12 * File: policy.h 13 * 14 * Author: Jeff W. Boote 15 * Internet2 16 * 17 * Date: Sat Jan 11 00:15:45 MST 2003 18 * 19 * Description: 20 * This file declares the types needed by applications 21 * to use the "default" 22 * 23 */ 24 #ifndef _OWP_DEFAULTS_H 25 #define _OWP_DEFAULTS_H 26 27 #include <I2util/util.h> 28 #include <owamp/owamp.h> 29 30 #ifndef OWP_PFS_FILE 31 #define OWP_PFS_FILE "owampd.pfs" 32 #endif 33 34 #ifndef OWP_LIMITS_FILE 35 #define OWP_LIMITS_FILE "owampd.limits" 36 #endif 37 38 /* 39 * Defines for path elements of the server datastore: 40 * datadir/ 41 * catalog/ 42 * (symlinks named by SID pointing to real files 43 * in datadir/nodes.) 44 * nodes/ 45 * (dir hier based on user classification hier.) 46 * This allows filesystem based limits to be used 47 * by mounting a particular filesystem into this 48 * hierarchy. 49 */ 50 #ifndef OWP_CATALOG_DIR 51 #define OWP_CATALOG_DIR "catalog" 52 #endif 53 #ifndef OWP_HIER_DIR 54 #define OWP_HIER_DIR "hierarchy" 55 #endif 56 57 /* 58 * Holds the policy record that was parsed and contains all the "limits" 59 * and identity information. 60 * 61 * type: (owp_policy_data*) - defined in access.h 62 * location: Context Config 63 */ 64 #define OWPDPOLICY "OWPDPOLICY" 65 66 /* 67 * Holds the identifying "node" from the policy tree that contains the 68 * class and limits information for the given control connection. 69 * 70 * type: (owp_tree_node_ptr) - defined in access.h 71 * location: Control Config 72 */ 73 #define OWPDPOLICY_NODE "OWPDPOLICY_NODE" 74 75 /* 76 * Types used by policy functions 77 */ 78 #define OWPDMAXCLASSLEN (80) 79 80 typedef struct OWPDPolicyRec OWPDPolicyRec, *OWPDPolicy; 81 typedef struct OWPDPolicyNodeRec OWPDPolicyNodeRec, *OWPDPolicyNode; 82 typedef struct OWPDPolicyKeyRec OWPDPolicyKeyRec, *OWPDPolicyKey; 83 84 struct OWPDPolicyRec{ 85 OWPContext ctx; 86 87 double diskfudge; 88 89 int fd; /* socket to parent. */ 90 char *datadir; 91 92 OWPDPolicyNode root; 93 94 /* limits: 95 * key = char* (classname from "limit" lines) 96 * val = OWPDPolicyNode 97 */ 98 I2Table limits; 99 100 /* idents: 101 * key = OWPDPid 102 * val = OWPDPolicyNode 103 */ 104 I2Table idents; 105 106 /* pfs: 107 * key = OWPUserID (uint8_t[80]) (username from owamp protocol) 108 * val = uint8_t * 109 */ 110 I2Table pfs; 111 112 }; 113 114 typedef I2numT OWPDLimitT; /* values */ 115 typedef uint32_t OWPDMesgT; 116 117 typedef struct OWPDLimRec{ 118 OWPDMesgT limit; 119 OWPDLimitT value; 120 } OWPDLimRec; 121 122 /* parent cname */ 123 /* bandwidth uint (bits/sec) */ 124 /* disk uint (bytes) */ 125 /* delete_on_fetch on/(off) */ 126 /* allow_open_mode (on)/off */ 127 128 #define OWPDLimParent 0 129 #define OWPDLimBandwidth 1 130 #define OWPDLimDisk 3 131 #define OWPDLimDeleteOnFetch 4 132 #define OWPDLimAllowOpenMode 5 133 134 struct OWPDPolicyNodeRec{ 135 OWPDPolicy policy; 136 char *nodename; 137 OWPDPolicyNode parent; 138 size_t ilim; 139 OWPDLimRec *limits; 140 OWPDLimRec *used; 141 off_t initdisk; 142 }; 143 144 typedef enum{ 145 OWPDPidInvalid=0, 146 OWPDPidDefaultType, 147 OWPDPidNetmaskType, 148 OWPDPidUserType 149 } OWPDPidType; 150 151 typedef struct{ 152 OWPDPidType id_type; 153 uint8_t mask_len; 154 size_t addrsize; 155 uint8_t addrval[16]; 156 } OWPDPidNetmask; 157 158 typedef struct{ 159 OWPDPidType id_type; 160 OWPUserID userid; 161 } OWPDPidUser; 162 163 typedef union OWPDPidUnion{ 164 OWPDPidType id_type; 165 OWPDPidNetmask net; 166 OWPDPidUser user; 167 } OWPDPidRec, *OWPDPid; 168 169 /* 170 * The following section defines the message tags used to communicate 171 * from the children processes to the parent to request/release 172 * resources on a global basis. 173 * 174 * All message "type" defines will be of type OWPDMesgT. 175 */ 176 #define OWPDMESGMARK 0xfefefefe 177 #define OWPDMESGCLASS 0xcdef 178 #define OWPDMESGRESOURCE 0xbeef 179 #define OWPDMESGREQUEST 0xfeed 180 #define OWPDMESGRELEASE 0xdead 181 #define OWPDMESGCLAIM 0x1feed1 182 183 /* 184 * "parent" response messages will be one of: 185 */ 186 #define OWPDMESGINVALID 0x0 187 #define OWPDMESGOK 0x1 188 #define OWPDMESGDENIED 0x2 189 190 /* 191 * After forking, the new "server" process (called "child" in the following) 192 * should determine the "usage class" the given connection should belong to. 193 * The first message to the "parent" master process should communicate this 194 * information so that all further resource requests/releases are relative 195 * to that "usage class". The format of this message should be as follows: 196 * 197 * (All integers are in host order since this is expected to be ipc 198 * communication on a single host. It could be a future enhancement to 199 * allow a "single" distributed owampd OWAMP-Control server to manage 200 * multiple test endpoints at which time it might be worth the overhead 201 * to deal with byte ordering issues.) 202 * 203 * Initial child->parent message: 204 * 205 * 0 1 2 3 206 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 207 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 208 * 00| OWPDMESGMARK | 209 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 * 04| OWPDMESGCLASS | 211 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 * [nul terminated ascii string of classname] 213 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 * 00| OWPDMESGMARK | 215 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 216 * 217 * There is one other child message format. This message is used to either 218 * request or release resources. (The parent should release all "temporary" 219 * resources (i.e. bandwidth) on exit of the child if the child does not 220 * explicitly release the resource. More "permenent" resources should only 221 * be released explicitly (i.e. disk-space). 222 * 223 * 0 1 2 3 224 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 225 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 * 00| OWPDMESGMARK | 227 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 * 04| OWPDMESGRESOURCE | 229 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 * 08| OWPDMESGWANT|OWPDMESGRELEASE | 231 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 * 12| OWPDMesgT(limit name) | 233 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 * 16| OWPDLimitT | 235 * 20| | 236 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 * 24| OWPDMESGMARK | 238 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 * 240 * Parent responses are all of the format: 241 * 242 * 0 1 2 3 243 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 244 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 * 00| OWPDMESGMARK | 246 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 * 04| OWPDMESGOK|OWPDMESGDENIED | 248 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 * 08| OWPDMESGMARK | 250 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 * 252 */ 253 254 /* 255 * The following api convienence functions are defined to make the child/parent 256 * communication easier. (These are the functions needed by the parent in 257 * the master owampd "resource broker" process.) 258 */ 259 260 extern OWPDPolicyNode 261 OWPDReadClass( 262 OWPDPolicy policy, 263 int fd, 264 int *err 265 ); 266 267 /* 268 * returns True on success - query/lim_ret will contain request 269 * err will be non-zero on error. 0 on empty read. 270 */ 271 extern OWPBoolean 272 OWPDReadQuery( 273 int fd, 274 OWPDMesgT *query, 275 OWPDLimRec *lim_ret, 276 int *err 277 ); 278 279 extern int 280 OWPDSendResponse( 281 int fd, 282 OWPDMesgT mesg 283 ); 284 285 /* 286 * This function is used to add/subtract resource allocations from the 287 * current tree of resource usage. It is only used in the resource 288 * broker process. 289 */ 290 extern OWPBoolean 291 OWPDResourceDemand( 292 OWPDPolicyNode node, 293 OWPDMesgT query, 294 OWPDLimRec lim 295 ); 296 /* 297 * Functions called directly from owampd regarding "policy" decisions 298 * (If false, check err_ret to determine if it is an "error" condition, 299 * or if open_mode is simply denied.) 300 */ 301 extern OWPBoolean 302 OWPDAllowOpenMode( 303 OWPDPolicy policy, 304 struct sockaddr *peer_addr, 305 OWPErrSeverity *err_ret 306 ); 307 308 /* 309 * Functions actually used to install policy hooks into libowamp. 310 */ 311 extern OWPBoolean 312 OWPDGetPF( 313 OWPContext ctx, 314 const OWPUserID userid, 315 uint8_t **pf, 316 size_t *pf_len, 317 void **pf_free, 318 OWPErrSeverity *err_ret 319 ); 320 321 extern OWPBoolean 322 OWPDCheckControlPolicy( 323 OWPControl cntrl, 324 OWPSessionMode mode, 325 const OWPUserID userid, 326 struct sockaddr *local_saddr, 327 struct sockaddr *remote_saddr, 328 OWPErrSeverity *err_ret 329 ); 330 331 extern OWPBoolean 332 OWPDCheckTestPolicy( 333 OWPControl cntrl, 334 OWPBoolean local_sender, 335 struct sockaddr *local_saddr, 336 struct sockaddr *remote_saddr, 337 socklen_t sa_len, 338 OWPTestSpec *test_spec, 339 void **closure, 340 OWPErrSeverity *err_ret 341 ); 342 343 extern OWPBoolean 344 OWPDCheckFetchPolicy( 345 OWPControl cntrl, 346 struct sockaddr *local_saddr, 347 struct sockaddr *remote_saddr, 348 socklen_t sa_len, 349 uint32_t begin, 350 uint32_t end, 351 OWPSID sid, 352 void **closure, 353 OWPErrSeverity *err_ret 354 ); 355 356 extern void 357 OWPDTestComplete( 358 OWPControl cntrl, 359 void *closure, 360 OWPAcceptType aval 361 ); 362 363 extern FILE* 364 OWPDOpenFile( 365 OWPControl cntrl, 366 void *closure, 367 OWPSID sid, 368 char fname_ret[PATH_MAX+1] 369 ); 370 371 extern void 372 OWPDCloseFile( 373 OWPControl cntrl, 374 void *closure, 375 FILE *fp, 376 OWPAcceptType aval 377 ); 378 379 extern OWPDPolicy 380 OWPDPolicyInstall( 381 OWPContext ctx, 382 char *datadir, /* root dir for datafiles */ 383 char *confdir, /* conf dir for policy */ 384 double diskfudge, 385 char **lbuf, 386 size_t *lbuf_max 387 ); 388 389 extern OWPBoolean 390 OWPDPolicyPostInstall( 391 OWPDPolicy policy 392 ); 393 394 #endif /* _OWP_DEFAULTS_H */ 395