+static int tids_listen(TIDS_INSTANCE *tids, int port, int *fd_out, size_t max_fd)
+{
+ int rc = 0;
+ int conn = -1;
+ int optval = 1;
+ struct addrinfo *ai=NULL;
+ struct addrinfo *ai_head=NULL;
+ struct addrinfo hints={.ai_flags=AI_PASSIVE,
+ .ai_family=AF_UNSPEC,
+ .ai_socktype=SOCK_STREAM,
+ .ai_protocol=IPPROTO_TCP};
+ char *port_str=NULL;
+ size_t n_opened=0;
+
+ tr_debug("tids_listen: started!");
+ port_str=talloc_asprintf(NULL, "%d", port);
+ if (port_str==NULL) {
+ tr_debug("tids_listen: unable to allocate port.");
+ return -1;
+ }
+
+ tr_debug("getaddrinfo()=%d", getaddrinfo(NULL, port_str, &hints, &ai_head));
+ talloc_free(port_str);
+ tr_debug("tids_listen: got address info");
+
+ /* TODO: listen on all ports */
+ for (ai=ai_head,n_opened=0; (ai!=NULL)&&(n_opened<max_fd); ai=ai->ai_next) {
+ if (0 > (conn = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol))) {
+ tr_debug("tids_listen: unable to open socket.");
+ continue;
+ }
+
+ optval=1;
+ if (0!=setsockopt(conn, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)))
+ tr_debug("tids_listen: unable to set SO_REUSEADDR."); /* not fatal? */
+
+ if (ai->ai_family==AF_INET6) {
+ /* don't allow IPv4-mapped IPv6 addresses (per RFC4942, not sure
+ * if still relevant) */
+ if (0!=setsockopt(conn, IPPROTO_IPV6, IPV6_V6ONLY, &optval, sizeof(optval))) {
+ tr_debug("tids_listen: unable to set IPV6_V6ONLY. Skipping interface.");
+ close(conn);
+ continue;
+ }
+ }
+
+ rc=bind(conn, ai->ai_addr, ai->ai_addrlen);
+ if (rc<0) {
+ tr_debug("tids_listen: unable to bind to socket.");
+ close(conn);
+ continue;
+ }
+
+ if (0>listen(conn, 512)) {
+ tr_debug("tids_listen: unable to listen on bound socket.");
+ close(conn);
+ continue;
+ }
+
+ /* ok, this one worked. Save it */
+ fd_out[n_opened++]=conn;
+ }
+ freeaddrinfo(ai_head);
+
+ if (n_opened==0) {
+ tr_debug("tids_listen: no addresses available for listening.");
+ return -1;
+ }
+
+ tr_debug("tids_listen: TRP Server listening on port %d on %d socket%s",
+ port,
+ n_opened,
+ (n_opened==1)?"":"s");
+
+ return n_opened;
+}
+
+/* returns EACCES if authorization is denied */
+static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
+ void *data)
+{
+ struct tids_instance *inst = (struct tids_instance *) data;
+ TR_NAME name ={(char *) displayName->value,
+ displayName->length};
+ int result=0;
+
+ if (0!=inst->auth_handler(clientName, &name, inst->cookie)) {
+ tr_debug("tids_auth_cb: client '%.*s' denied authorization.", name.len, name.buf);
+ result=EACCES; /* denied */
+ }
+
+ return result;
+}
+
+/* returns 0 on authorization success, 1 on failure, or -1 in case of error */
+static int tids_auth_connection (TIDS_INSTANCE *inst,
+ int conn,
+ gss_ctx_id_t *gssctx)