#include <arpa/inet.h>
#include <string.h>
#include <openssl/dh.h>
+#include <openssl/crypto.h>
#include <jansson.h>
#include <assert.h>
#include <talloc.h>
-
#include <tr_apc.h>
#include <tr_comm.h>
-#include <tr_msg.h>
-#include <trust_router/tr_name.h>
#include <trp_internal.h>
+#include <mon_internal.h>
+#include <tr_msg.h>
+#include <tr_name_internal.h>
#include <trust_router/tr_constraint.h>
+#include <trust_router/tr_dh.h>
#include <tr_debug.h>
/* JSON helpers */
msg->msg_type = type;
}
+/* NOTE: If you are manipulating messages with these getters/setters, the msg_rep
+ * objects are *not* put in the talloc context of the msg. If you are allocating
+ * the message directly with talloc, then you can talloc_steal() the rep into the
+ * message's context, but this is not handled automatically. */
+
+/**
+ * Get a TID_REQ message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a TID_REQUEST message
+ */
TID_REQ *tr_msg_get_req(TR_MSG *msg)
{
if (msg->msg_type == TID_REQUEST)
return NULL;
}
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
void tr_msg_set_req(TR_MSG *msg, TID_REQ *req)
{
msg->msg_rep = req;
msg->msg_type = TID_REQUEST;
}
+/**
+ * Get a TID_RESP message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a TID_RESPONSE message
+ */
TID_RESP *tr_msg_get_resp(TR_MSG *msg)
{
if (msg->msg_type == TID_RESPONSE)
return NULL;
}
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
void tr_msg_set_resp(TR_MSG *msg, TID_RESP *resp)
{
msg->msg_rep = resp;
msg->msg_type = TID_RESPONSE;
}
+/**
+ * Get a MON_REQ message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a MON_REQUEST message
+ */
+MON_REQ *tr_msg_get_mon_req(TR_MSG *msg)
+{
+ if (msg->msg_type == MON_REQUEST)
+ return (MON_REQ *)msg->msg_rep;
+ return NULL;
+}
+
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
+void tr_msg_set_mon_req(TR_MSG *msg, MON_REQ *req)
+{
+ msg->msg_rep = req;
+ msg->msg_type = MON_REQUEST;
+}
+
+/**
+ * Get a MON_RESP message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a MON_RESPONSE message
+ */
+MON_RESP *tr_msg_get_mon_resp(TR_MSG *msg)
+{
+ if (msg->msg_type == MON_RESPONSE)
+ return (MON_RESP *)msg->msg_rep;
+ return NULL;
+}
+
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
+void tr_msg_set_mon_resp(TR_MSG *msg, MON_RESP *resp)
+{
+ msg->msg_rep = resp;
+ msg->msg_type = MON_RESPONSE;
+}
+
+/**
+ * Get a TRP_UPD message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a TRP_UPDATE message
+ */
TRP_UPD *tr_msg_get_trp_upd(TR_MSG *msg)
{
if (msg->msg_type == TRP_UPDATE)
return NULL;
}
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
void tr_msg_set_trp_upd(TR_MSG *msg, TRP_UPD *update)
{
msg->msg_rep=update;
- talloc_steal(NULL, update); /* should attach to msg, but TR_MSG not usually talloc'ed */
msg->msg_type=TRP_UPDATE;
}
+/**
+ * Get a TRP_REQ message payload
+ *
+ * @param msg
+ * @return the message payload, or null if it is not a TRP_REQUEST message
+ */
TRP_REQ *tr_msg_get_trp_req(TR_MSG *msg)
{
if (msg->msg_type == TRP_REQUEST)
return NULL;
}
+/**
+ * Set message's payload
+ *
+ * Does not manage talloc contexts, works with any means of allocating
+ * the objects.
+ */
void tr_msg_set_trp_req(TR_MSG *msg, TRP_REQ *req)
{
msg->msg_rep=req;
{
json_t *jdh = NULL;
json_t *jbn = NULL;
+ char *s=NULL;
if ((!dh) || (!dh->p) || (!dh->g) || (!dh->pub_key))
return NULL;
jdh = json_object();
- jbn = json_string(BN_bn2hex(dh->p));
+ jbn = json_string(s=BN_bn2hex(dh->p));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_p", jbn);
- jbn = json_string(BN_bn2hex(dh->g));
+ jbn = json_string(s=BN_bn2hex(dh->g));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_g", jbn);
- jbn = json_string(BN_bn2hex(dh->pub_key));
+ jbn = json_string(s=BN_bn2hex(dh->pub_key));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_pub_key", jbn);
return jdh;
json_t *jg = NULL;
json_t *jpub_key = NULL;
- if (!(dh = malloc(sizeof(DH)))) {
+ if (!(dh=tr_dh_new())) {
tr_crit("tr_msg_decode_dh(): Error allocating DH structure.");
return NULL;
}
- memset(dh, 0, sizeof(DH));
-
/* store required fields from dh object */
if ((NULL == (jp = json_object_get(jdh, "dh_p"))) ||
(NULL == (jg = json_object_get(jdh, "dh_g"))) ||
(NULL == (jpub_key = json_object_get(jdh, "dh_pub_key")))) {
tr_debug("tr_msg_decode_dh(): Error parsing dh_info.");
- free(dh);
+ tr_dh_destroy(dh);
return NULL;
}
if ((!req) || (!req->rp_realm) || (!req->realm) || !(req->comm))
return NULL;
- assert(jreq = json_object());
+ jreq = json_object();
+ assert(jreq);
- jstr = json_string(req->rp_realm->buf);
+ jstr = tr_name_to_json_string(req->rp_realm);
json_object_set_new(jreq, "rp_realm", jstr);
- jstr = json_string(req->realm->buf);
+ jstr = tr_name_to_json_string(req->realm);
json_object_set_new(jreq, "target_realm", jstr);
- jstr = json_string(req->comm->buf);
+ jstr = tr_name_to_json_string(req->comm);
json_object_set_new(jreq, "community", jstr);
-
+
if (req->orig_coi) {
- jstr = json_string(req->orig_coi->buf);
+ jstr = tr_name_to_json_string(req->orig_coi);
json_object_set_new(jreq, "orig_coi", jstr);
}
+ if (tid_req_get_request_id(req)) {
+ jstr = tr_name_to_json_string(tid_req_get_request_id(req));
+ json_object_set_new(jreq, "request_id", jstr);
+ }
+
json_object_set_new(jreq, "dh_info", tr_msg_encode_dh(req->tidc_dh));
if (req->cons)
return jreq;
}
-static TID_REQ *tr_msg_decode_tidreq(json_t *jreq)
+static TID_REQ *tr_msg_decode_tidreq(TALLOC_CTX *mem_ctx, json_t *jreq)
{
TID_REQ *treq = NULL;
json_t *jrp_realm = NULL;
json_t *jrealm = NULL;
json_t *jcomm = NULL;
json_t *jorig_coi = NULL;
+ json_t *jrequest_id = NULL;
json_t *jdh = NULL;
json_t *jpath = NULL;
json_t *jexpire_interval = NULL;
tr_crit("tr_msg_decode_tidreq(): Error allocating TID_REQ structure.");
return NULL;
}
-
+ talloc_steal(mem_ctx, treq);
+
/* store required fields from request */
if ((NULL == (jrp_realm = json_object_get(jreq, "rp_realm"))) ||
(NULL == (jrealm = json_object_get(jreq, "target_realm"))) ||
jpath = json_object_get(jreq, "path");
jexpire_interval = json_object_get(jreq, "expiration_interval");
- treq->rp_realm = tr_new_name((char *)json_string_value(jrp_realm));
- treq->realm = tr_new_name((char *)json_string_value(jrealm));
- treq->comm = tr_new_name((char *)json_string_value(jcomm));
+ treq->rp_realm = tr_new_name(json_string_value(jrp_realm));
+ treq->realm = tr_new_name(json_string_value(jrealm));
+ treq->comm = tr_new_name(json_string_value(jcomm));
/* Get DH Info from the request */
if (NULL == (jdh = json_object_get(jreq, "dh_info"))) {
/* store optional "orig_coi" field */
if (NULL != (jorig_coi = json_object_get(jreq, "orig_coi"))) {
- treq->orig_coi = tr_new_name((char *)json_string_value(jorig_coi));
+ treq->orig_coi = tr_new_name(json_string_value(jorig_coi));
+ }
+
+ /* store optional "request_id" field */
+ if (NULL != (jrequest_id = json_object_get(jreq, "request_id"))) {
+ tid_req_set_request_id(treq, tr_new_name(json_string_value(jrequest_id)));
}
treq->cons = (TR_CONSTRAINT_SET *) json_object_get(jreq, "constraints");
jsrvr = json_object();
- /* Server IP Address -- TBD handle IPv6 */
- jstr = json_string(inet_ntoa(srvr->aaa_server_addr));
+ jstr = json_string(srvr->aaa_server_addr);
json_object_set_new(jsrvr, "server_addr", jstr);
json_object_set_new(jsrvr,
"key_expiration", json_string(time_str));
g_free(time_str);
/* Server DH Block */
- jstr = json_string(srvr->key_name->buf);
+ jstr = tr_name_to_json_string(srvr->key_name);
json_object_set_new(jsrvr, "key_name", jstr);
json_object_set_new(jsrvr, "server_dh", tr_msg_encode_dh(srvr->aaa_server_dh));
if (srvr->path)
/* The path is owned by the srvr, so grab an extra ref*/
- json_object_set(jsrvr, "path", srvr->path);
+ json_object_set(jsrvr, "path", (json_t *)(srvr->path));
return jsrvr;
}
tr_notice("tr_msg_decode_one_server(): Error parsing required fields.");
return -1;
}
-
- /* TBD -- handle IPv6 Addresses */
- inet_aton(json_string_value(jsrvr_addr), &(srvr->aaa_server_addr));
+
+ srvr->aaa_server_addr=talloc_strdup(srvr, json_string_value(jsrvr_addr));
srvr->key_name = tr_new_name((char *)json_string_value(jsrvr_kn));
srvr->aaa_server_dh = tr_msg_decode_dh(jsrvr_dh);
- srvr->path = json_object_get(jsrvr, "path");
+ tid_srvr_blk_set_path(srvr, (TID_PATH *) json_object_get(jsrvr, "path"));
jsrvr_expire = json_object_get(jsrvr, "key_expiration");
if (jsrvr_expire && json_is_string(jsrvr_expire)) {
if (!g_time_val_from_iso8601(json_string_value(jsrvr_expire),
return jservers;
}
-static TID_SRVR_BLK *tr_msg_decode_servers(void * ctx, json_t *jservers, size_t *out_len)
+static TID_SRVR_BLK *tr_msg_decode_servers(TALLOC_CTX *mem_ctx, json_t *jservers)
{
- TID_SRVR_BLK *servers = NULL;
+ TALLOC_CTX *tmp_ctx=talloc_new(NULL);
+ TID_SRVR_BLK *servers=NULL;
+ TID_SRVR_BLK *new_srvr=NULL;
json_t *jsrvr;
size_t i, num_servers;
if (0 == num_servers) {
tr_debug("tr_msg_decode_servers(): Server array is empty.");
- return NULL;
+ goto cleanup;
}
- servers = talloc_zero_array(ctx, TID_SRVR_BLK, num_servers);
for (i = 0; i < num_servers; i++) {
jsrvr = json_array_get(jservers, i);
- if (0 != tr_msg_decode_one_server(jsrvr, &servers[i])) {
- talloc_free(servers);
- return NULL;
- }
+ new_srvr=tid_srvr_blk_new(tmp_ctx);
+ if (new_srvr==NULL) {
+ servers=NULL; /* it's all in tmp_ctx, so we can just let go */
+ goto cleanup;
+ }
+
+ if (0 != tr_msg_decode_one_server(jsrvr, new_srvr)) {
+ servers=NULL; /* it's all in tmp_ctx, so we can just let go */
+ goto cleanup;
+ }
+ tid_srvr_blk_add(servers, new_srvr);
}
- *out_len = num_servers;
+
+ talloc_steal(mem_ctx, servers);
+
+cleanup:
+ talloc_free(tmp_ctx);
return servers;
}
jstr = json_string("error");
json_object_set_new(jresp, "result", jstr);
if (resp->err_msg) {
- jstr = json_string(resp->err_msg->buf);
+ jstr = tr_name_to_json_string(resp->err_msg);
json_object_set_new(jresp, "err_msg", jstr);
}
}
json_object_set_new(jresp, "result", jstr);
}
- jstr = json_string(resp->rp_realm->buf);
+ jstr = tr_name_to_json_string(resp->rp_realm);
json_object_set_new(jresp, "rp_realm", jstr);
- jstr = json_string(resp->realm->buf);
+ jstr = tr_name_to_json_string(resp->realm);
json_object_set_new(jresp, "target_realm", jstr);
- jstr = json_string(resp->comm->buf);
+ jstr = tr_name_to_json_string(resp->comm);
json_object_set_new(jresp, "comm", jstr);
if (resp->orig_coi) {
- jstr = json_string(resp->orig_coi->buf);
+ jstr = tr_name_to_json_string(resp->orig_coi);
json_object_set_new(jresp, "orig_coi", jstr);
}
+ if (tid_resp_get_request_id(resp)) {
+ jstr = tr_name_to_json_string(tid_resp_get_request_id(resp));
+ json_object_set_new(jresp, "request_id", jstr);
+ }
+
if (NULL == resp->servers) {
tr_debug("tr_msg_encode_tidresp(): No servers to encode.");
}
return jresp;
}
-static TID_RESP *tr_msg_decode_tidresp(json_t *jresp)
+static TID_RESP *tr_msg_decode_tidresp(TALLOC_CTX *mem_ctx, json_t *jresp)
{
TID_RESP *tresp = NULL;
json_t *jresult = NULL;
json_t *jrealm = NULL;
json_t *jcomm = NULL;
json_t *jorig_coi = NULL;
+ json_t *jrequest_id = NULL;
json_t *jservers = NULL;
json_t *jerr_msg = NULL;
- if (!(tresp=tid_resp_new(NULL))) {
+ if (!(tresp=tid_resp_new(mem_ctx))) {
tr_crit("tr_msg_decode_tidresp(): Error allocating TID_RESP structure.");
return NULL;
}
-
/* store required fields from response */
if ((NULL == (jresult = json_object_get(jresp, "result"))) ||
tr_debug("tr_msg_decode_tidresp(): Success! result = %s.", json_string_value(jresult));
if ((NULL != (jservers = json_object_get(jresp, "servers"))) ||
(!json_is_array(jservers))) {
- tresp->servers = tr_msg_decode_servers(tresp, jservers, &tresp->num_servers);
+ tresp->servers = tr_msg_decode_servers(tresp, jservers);
}
else {
talloc_free(tresp);
tr_debug("tr_msg_decode_tidresp(): Error! result = %s.", json_string_value(jresult));
if ((NULL != (jerr_msg = json_object_get(jresp, "err_msg"))) ||
(!json_is_string(jerr_msg))) {
- tresp->err_msg = tr_new_name((char *)json_string_value(jerr_msg));
- }
+ tresp->err_msg = tr_new_name(json_string_value(jerr_msg));
+ } else
+ tresp->err_msg = tr_new_name("No error message set.");
+
+ if (NULL !=(tresp->error_path = json_object_get(jresp, "error_path")))
+ json_incref(tresp->error_path);
}
- tresp->rp_realm = tr_new_name((char *)json_string_value(jrp_realm));
- tresp->realm = tr_new_name((char *)json_string_value(jrealm));
- tresp->comm = tr_new_name((char *)json_string_value(jcomm));
+ tresp->rp_realm = tr_new_name(json_string_value(jrp_realm));
+ tresp->realm = tr_new_name(json_string_value(jrealm));
+ tresp->comm = tr_new_name(json_string_value(jcomm));
/* store optional "orig_coi" field */
if ((NULL != (jorig_coi = json_object_get(jresp, "orig_coi"))) &&
- (!json_is_object(jorig_coi))) {
- tresp->orig_coi = tr_new_name((char *)json_string_value(jorig_coi));
+ json_is_string(jorig_coi)) {
+ tresp->orig_coi = tr_new_name(json_string_value(jorig_coi));
+ }
+
+ /* store optional "request_id" field */
+ if ((NULL != (jrequest_id = json_object_get(jresp, "request_id"))) &&
+ json_is_string(jrequest_id)) {
+ tid_resp_set_request_id(tresp, tr_new_name(json_string_value(jrequest_id)));
}
-
+
return tresp;
}
return req;
}
-char *tr_msg_encode(TR_MSG *msg)
+char *tr_msg_encode(TALLOC_CTX *mem_ctx, TR_MSG *msg)
{
json_t *jmsg=NULL;
json_t *jmsg_type=NULL;
+ char *encoded_tmp=NULL;
char *encoded=NULL;
TID_RESP *tidresp=NULL;
TID_REQ *tidreq=NULL;
TRP_UPD *trpupd=NULL;
TRP_REQ *trpreq=NULL;
+ MON_REQ *monreq=NULL;
+ MON_RESP *monresp=NULL;
/* TBD -- add error handling */
jmsg = json_object();
- switch (msg->msg_type)
- {
+ switch (msg->msg_type) {
case TID_REQUEST:
jmsg_type = json_string("tid_request");
json_object_set_new(jmsg, "msg_type", jmsg_type);
json_object_set_new(jmsg, "msg_body", tr_msg_encode_trp_req(trpreq));
break;
+ case MON_REQUEST:
+ jmsg_type = json_string("mon_request");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ monreq=tr_msg_get_mon_req(msg);
+ json_object_set_new(jmsg, "msg_body", mon_req_encode(monreq));
+ break;
+
+ case MON_RESPONSE:
+ jmsg_type = json_string("mon_response");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ monresp=tr_msg_get_mon_resp(msg);
+ json_object_set_new(jmsg, "msg_body", mon_resp_encode(monresp));
+ break;
+
default:
json_decref(jmsg);
return NULL;
- }
+ }
+
+ /* We should perhaps use json_set_alloc_funcs to automatically use talloc, but for
+ * now, we'll encode to a malloc'ed buffer, then copy that to a talloc'ed buffer. */
+ encoded_tmp=json_dumps(jmsg, 0); // malloc'ed version
+ json_decref(jmsg); // free the JSON structure
+ encoded = talloc_strdup(mem_ctx, encoded_tmp); // get the talloc'ed version
+ free(encoded_tmp); // free the malloc'ed version
- encoded=json_dumps(jmsg, 0);
tr_debug("tr_msg_encode: outgoing msg=%s", encoded);
- json_decref(jmsg);
return encoded;
}
-TR_MSG *tr_msg_decode(char *jbuf, size_t buflen)
+TR_MSG *tr_msg_decode(TALLOC_CTX *mem_ctx, const char *jbuf, size_t buflen)
{
TR_MSG *msg=NULL;
json_t *jmsg = NULL;
return NULL;
}
- if (!(msg = malloc(sizeof(TR_MSG)))) {
+ if (!(msg = talloc_zero(mem_ctx, TR_MSG))) {
tr_debug("tr_msg_decode(): Error allocating TR_MSG structure.");
json_decref(jmsg);
return NULL;
}
- memset(msg, 0, sizeof(TR_MSG));
-
if ((NULL == (jtype = json_object_get(jmsg, "msg_type"))) ||
(NULL == (jbody = json_object_get(jmsg, "msg_body")))) {
tr_debug("tr_msg_decode(): Error parsing message header.");
if (0 == strcmp(mtype, "tid_request")) {
msg->msg_type = TID_REQUEST;
- tr_msg_set_req(msg, tr_msg_decode_tidreq(jbody));
+ tr_msg_set_req(msg, tr_msg_decode_tidreq(msg, jbody));
}
else if (0 == strcmp(mtype, "tid_response")) {
msg->msg_type = TID_RESPONSE;
- tr_msg_set_resp(msg, tr_msg_decode_tidresp(jbody));
+ tr_msg_set_resp(msg, tr_msg_decode_tidresp(msg, jbody));
}
else if (0 == strcmp(mtype, "trp_update")) {
msg->msg_type = TRP_UPDATE;
- tr_msg_set_trp_upd(msg, tr_msg_decode_trp_upd(NULL, jbody)); /* null talloc context for now */
+ tr_msg_set_trp_upd(msg, tr_msg_decode_trp_upd(msg, jbody));
}
else if (0 == strcmp(mtype, "trp_request")) {
msg->msg_type = TRP_UPDATE;
- tr_msg_set_trp_req(msg, tr_msg_decode_trp_req(NULL, jbody)); /* null talloc context for now */
+ tr_msg_set_trp_req(msg, tr_msg_decode_trp_req(msg, jbody));
+ }
+ else if (0 == strcmp(mtype, "mon_request")) {
+ msg->msg_type = MON_REQUEST;
+ tr_msg_set_mon_req(msg, mon_req_decode(msg, jbody));
+ }
+ /* We do not currently handle monitoring responses */
+ else if (0 == strcmp(mtype, "mon_response")) {
+ msg->msg_type = MON_RESPONSE;
+ tr_msg_set_mon_resp(msg, mon_resp_decode(msg, jbody));
}
else {
msg->msg_type = TR_UNKNOWN;
msg->msg_rep = NULL;
}
+
+ json_decref(jmsg);
+
return msg;
}
void tr_msg_free_encoded(char *jmsg)
{
if (jmsg)
- free (jmsg);
+ talloc_free(jmsg);
}
void tr_msg_free_decoded(TR_MSG *msg)
{
- if (msg) {
- switch (msg->msg_type) {
- case TID_REQUEST:
- tid_req_free(tr_msg_get_req(msg));
- break;
- case TID_RESPONSE:
- tid_resp_free(tr_msg_get_resp(msg));
- break;
- case TRP_UPDATE:
- trp_upd_free(tr_msg_get_trp_upd(msg));
- break;
- case TRP_REQUEST:
- trp_req_free(tr_msg_get_trp_req(msg));
- default:
- break;
- }
- free (msg);
- }
+ if (msg)
+ talloc_free(msg);
}