#include <stdlib.h>
#include <talloc.h>
#include <sqlite3.h>
+#include <argp.h>
+#include <poll.h>
#include <tr_debug.h>
+#include <tr_util.h>
#include <tid_internal.h>
#include <trust_router/tr_constraint.h>
#include <trust_router/tr_dh.h>
if (SQLITE_DONE != sqlite3_result)
tr_crit("sqlite3: failed to write to database");
sqlite3_reset(authorization_insert);
+ sqlite3_clear_bindings(authorization_insert);
}
return 0;
}
unsigned char *s_keybuf = NULL;
int s_keylen = 0;
char key_id[12];
- unsigned char *pub_digest;
+ unsigned char *pub_digest=NULL;
size_t pub_digest_len;
/* Allocate a new server block */
- if (NULL == (resp->servers = talloc_zero(resp, TID_SRVR_BLK))){
- tr_crit("tids_req_handler(): malloc failed.");
+ tid_srvr_blk_add(resp->servers, tid_srvr_blk_new(resp));
+ if (NULL==resp->servers) {
+ tr_crit("tids_req_handler(): unable to allocate server block.");
return -1;
}
- resp->num_servers = 1;
-
/* TBD -- Set up the server IP Address */
if (!(req) || !(req->tidc_dh)) {
return -1;
}
- if (0 == inet_aton(tids->ipaddr, &(resp->servers->aaa_server_addr))) {
- tr_debug("tids_req_handler: inet_aton() failed.");
- return -1;
- }
+ resp->servers->aaa_server_addr=talloc_strdup(resp->servers, tids->ipaddr);
/* Set the key name */
if (-1 == create_key_id(key_id, sizeof(key_id)))
}
if (0 != handle_authorizations(req, pub_digest, pub_digest_len))
return -1;
- resp->servers->path = req->path;
+ tid_srvr_blk_set_path(resp->servers, (TID_PATH *)(req->path));
+
if (req->expiration_interval < 1)
req->expiration_interval = 1;
g_get_current_time(&resp->servers->key_expiration);
if (NULL != insert_stmt) {
int sqlite3_result;
gchar *expiration_str = g_time_val_to_iso8601(&resp->servers->key_expiration);
- sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
+ sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT);
- sqlite3_bind_text(insert_stmt, 4, expiration_str, -1, SQLITE_TRANSIENT);
+ sqlite3_bind_text(insert_stmt, 4, expiration_str, -1, SQLITE_TRANSIENT);
+ g_free(expiration_str); /* bind_text already made its own copy */
sqlite3_result = sqlite3_step(insert_stmt);
if (SQLITE_DONE != sqlite3_result)
tr_crit("sqlite3: failed to write to database");
sqlite3_reset(insert_stmt);
+ sqlite3_clear_bindings(insert_stmt);
}
/* Print out the key. */
// }
// fprintf(stderr, "\n");
+ if (s_keybuf!=NULL)
+ free(s_keybuf);
+
+ if (pub_digest!=NULL)
+ talloc_free(pub_digest);
+
return s_keylen;
}
+
static int auth_handler(gss_name_t gss_name, TR_NAME *client,
void *expected_client)
{
TR_NAME *expected_client_trname = (TR_NAME*) expected_client;
- return tr_name_cmp(client, expected_client_trname);
+ int result=tr_name_cmp(client, expected_client_trname);
+ if (result != 0) {
+ tr_notice("Auth denied for incorrect gss-name ('%.*s' requested, expected '%.*s').",
+ client->len, client->buf,
+ expected_client_trname->len, expected_client_trname->buf);
+ }
+ return result;
+}
+
+static void print_version_info(void)
+{
+ printf("Moonshot TID Server %s\n\n", PACKAGE_VERSION);
+}
+
+/* command-line option setup */
+
+/* argp global parameters */
+const char *argp_program_bug_address=PACKAGE_BUGREPORT; /* bug reporting address */
+
+/* doc strings */
+static const char doc[]=PACKAGE_NAME " - Moonshot TID Server " PACKAGE_VERSION;
+static const char arg_doc[]="<ip-address> <gss-name> <hostname> <database-name>"; /* string describing arguments, if any */
+
+/* define the options here. Fields are:
+ * { long-name, short-name, variable name, options, help description } */
+static const struct argp_option cmdline_options[] = {
+ { "version", 'v', NULL, 0, "Print version information and exit"},
+ { NULL }
+};
+
+/* structure for communicating with option parser */
+struct cmdline_args {
+ char *ip_address;
+ char *gss_name;
+ char *hostname;
+ char *database_name;
+};
+
+/* parser for individual options - fills in a struct cmdline_args */
+static error_t parse_option(int key, char *arg, struct argp_state *state)
+{
+ /* get a shorthand to the command line argument structure, part of state */
+ struct cmdline_args *arguments=state->input;
+
+ switch (key) {
+ case ARGP_KEY_ARG: /* handle argument (not option) */
+ switch (state->arg_num) {
+ case 0:
+ arguments->ip_address=arg;
+ break;
+
+ case 1:
+ arguments->gss_name=arg;
+ break;
+
+ case 2:
+ arguments->hostname=arg;
+ break;
+
+ case 3:
+ arguments->database_name=arg;
+ break;
+
+ default:
+ /* too many arguments */
+ argp_usage(state);
+ }
+ break;
+
+ case ARGP_KEY_END: /* no more arguments */
+ if (state->arg_num < 4) {
+ /* not enough arguments encountered */
+ argp_usage(state);
+ }
+ break;
+
+ case 'v':
+ print_version_info();
+ exit(0);
+
+ default:
+ return ARGP_ERR_UNKNOWN;
+ }
+
+ return 0; /* success */
}
+/* assemble the argp parser */
+static struct argp argp = {cmdline_options, parse_option, arg_doc, doc};
int main (int argc,
- const char *argv[])
+ char *argv[])
{
TIDS_INSTANCE *tids;
- int rc = 0;
- char *ipaddr = NULL;
- const char *hostname = NULL;
TR_NAME *gssname = NULL;
+ struct cmdline_args opts={0};
+
+ /* parse the command line*/
+ argp_parse(&argp, argc, argv, 0, 0, &opts);
+
+ print_version_info();
talloc_set_log_stderr();
- /* Parse command-line arguments */
- if (argc != 5) {
- fprintf(stdout, "Usage: %s <ip-address> <gss-name> <hostname> <database-name>\n", argv[0]);
- exit(1);
- }
/* Use standalone logging */
tr_log_open();
tr_log_threshold(LOG_CRIT);
tr_console_threshold(LOG_DEBUG);
- ipaddr = (char *)argv[1];
- gssname = tr_new_name((char *) argv[2]);
- hostname = argv[3];
- if (SQLITE_OK != sqlite3_open(argv[4], &db)) {
- tr_crit("Error opening database %s", argv[4]);
+ gssname = tr_new_name(opts.gss_name);
+ if (SQLITE_OK != sqlite3_open(opts.database_name, &db)) {
+ tr_crit("Error opening database %s", opts.database_name);
exit(1);
}
sqlite3_busy_timeout( db, 1000);
- sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)",
+ sqlite3_prepare_v2(db, "insert into psk_keys_tab (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)",
-1, &insert_stmt, NULL);
sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)",
-1, &authorization_insert, NULL);
return 1;
}
- tids->ipaddr = ipaddr;
-
- /* Start-up the server, won't return unless there is an error. */
- rc = tids_start(tids, &tids_req_handler , auth_handler, hostname, TID_PORT, gssname);
-
- tr_crit("Error in tids_start(), rc = %d. Exiting.", rc);
+ tids->ipaddr = opts.ip_address;
+ (void) tids_start(tids, &tids_req_handler, auth_handler, opts.hostname, TID_PORT, gssname);
/* Clean-up the TID server instance */
tids_destroy(tids);