-static int tids_listen (TIDS_INSTANCE *tids, int port)
-{
- int rc = 0;
- int conn = -1;
- int optval = 1;
-
- union {
- struct sockaddr_storage storage;
- struct sockaddr_in in4;
- } addr;
-
- struct sockaddr_in *saddr = (struct sockaddr_in *) &addr.in4;
-
- saddr->sin_port = htons (port);
- saddr->sin_family = AF_INET;
- saddr->sin_addr.s_addr = INADDR_ANY;
-
- if (0 > (conn = socket (AF_INET, SOCK_STREAM, 0)))
- return conn;
-
- setsockopt(conn, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
-
- if (0 > (rc = bind (conn, (struct sockaddr *) saddr, sizeof(struct sockaddr_in))))
- return rc;
-
- if (0 > (rc = listen(conn, 512)))
- return rc;
-
- fprintf (stdout, "tids_listen: TID Server listening on port %d\n", port);
- return conn;
-}
-
-static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
- void *data)
-{
- struct tids_instance *inst = (struct tids_instance *) data;
- TR_NAME name ={(char *) displayName->value,
- displayName->length};
- return inst->auth_handler(clientName, &name, inst->cookie);
-}
-
-static int tids_auth_connection (struct tids_instance *inst,
- int conn, gss_ctx_id_t *gssctx)
-{
- int rc = 0;
- int auth, autherr = 0;
- gss_buffer_desc nameBuffer = {0, NULL};
- char *name = 0;
- int nameLen = 0;
-
- nameLen = asprintf(&name, "trustidentity@%s", inst->hostname);
- nameBuffer.length = nameLen;
- nameBuffer.value = name;
-
- if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, tids_auth_cb, inst)) {
- fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc);
- return -1;
- }
-
- if (rc = gsscon_authorize(*gssctx, &auth, &autherr)) {
- fprintf(stderr, "tids_auth_connection: Error from gsscon_authorize, rc = %d, autherr = %d.\n",
- rc, autherr);
- return -1;
- }
-
- if (auth)
- fprintf(stdout, "tids_auth_connection: Connection authenticated, conn = %d.\n", conn);
- else
- fprintf(stderr, "tids_auth_connection: Authentication failed, conn %d.\n", conn);
-
- return !auth;
-}
-
-static int tids_read_request (TIDS_INSTANCE *tids, int conn, gss_ctx_id_t *gssctx, TR_MSG **mreq)
-{
- int err;
- char *buf;
- size_t buflen = 0;
-
- if (err = gsscon_read_encrypted_token(conn, *gssctx, &buf, &buflen)) {
- if (buf)
- free(buf);
- return -1;
- }
-
- fprintf(stdout, "tids_read_request():Request Received, %u bytes.\n", (unsigned) buflen);
-
- /* Parse request */
- if (NULL == ((*mreq) = tr_msg_decode(buf, buflen))) {
- fprintf(stderr, "tids_read_request():Error decoding request.\n");
- free (buf);
- return -1;
- }
-
- /* If this isn't a TID Request, just drop it. */
- if (TID_REQUEST != (*mreq)->msg_type) {
- fprintf(stderr, "tids_read_request(): Not a TID Request, dropped.\n");
- return -1;