*
*/
+#include <assert.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <jansson.h>
-
-#include <trust_router/tid.h>
+#include <talloc.h>
+#include <tid_internal.h>
#include <gsscon.h>
#include <tr_msg.h>
{
TID_RESP *resp;
- if ((NULL == (resp = calloc(sizeof(TID_RESP), 1)))) {
+ if ((NULL == (resp = talloc_zero(req, TID_RESP)))) {
fprintf(stderr, "tids_create_response: Error allocating response structure.\n");
return NULL;
}
tr_free_name(resp->comm);
if (resp->orig_coi)
tr_free_name(resp->orig_coi);
- free (resp);
+ talloc_free(resp);
}
}
return conn;
}
-static int tids_auth_connection (int conn, gss_ctx_id_t *gssctx)
+static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
+ void *data)
+{
+ struct tids_instance *inst = (struct tids_instance *) data;
+ TR_NAME name ={(char *) displayName->value,
+ displayName->length};
+ return inst->auth_handler(clientName, &name, inst->cookie);
+}
+
+static int tids_auth_connection (struct tids_instance *inst,
+ int conn, gss_ctx_id_t *gssctx)
{
int rc = 0;
int auth, autherr = 0;
+ gss_buffer_desc nameBuffer = {0, NULL};
+ char *name = 0;
+ int nameLen = 0;
- if (rc = gsscon_passive_authenticate(conn, gssctx)) {
+ nameLen = asprintf(&name, "trustidentity@%s", inst->hostname);
+ nameBuffer.length = nameLen;
+ nameBuffer.value = name;
+
+ if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, tids_auth_cb, inst)) {
fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc);
return -1;
}
return buflen;
}
-static int tids_handle_request (TIDS_INSTANCE *tids, TR_MSG *mreq, TID_RESP **resp)
+static int tids_handle_request (TIDS_INSTANCE *tids, TR_MSG *mreq, TID_RESP *resp)
{
int rc;
(!mreq->tid_req->realm) ||
(!mreq->tid_req->comm)) {
fprintf(stderr, "tids_handle_request():Not a valid TID Request.\n");
- (*resp)->result = TID_ERROR;
- (*resp)->err_msg = tr_new_name("Bad request format");
+ resp->result = TID_ERROR;
+ resp->err_msg = tr_new_name("Bad request format");
return -1;
}
/* Call the caller's request handler */
/* TBD -- Handle different error returns/msgs */
- if (0 > (rc = (*tids->req_handler)(tids, mreq->tid_req, &(*resp), tids->cookie))) {
+ if (0 > (rc = (*tids->req_handler)(tids, mreq->tid_req, resp, tids->cookie))) {
/* set-up an error response */
- (*resp)->result = TID_ERROR;
- if (!(*resp)->err_msg) /* Use msg set by handler, if any */
- (*resp)->err_msg = tr_new_name("Internal processing error");
+ resp->result = TID_ERROR;
+ if (!resp->err_msg) /* Use msg set by handler, if any */
+ resp->err_msg = tr_new_name("Internal processing error");
}
else {
/* set-up a success response */
- (*resp)->result = TID_SUCCESS;
- (*resp)->err_msg = NULL; /* No error msg on successful return */
+ resp->result = TID_SUCCESS;
+ resp->err_msg = NULL; /* No error msg on successful return */
}
return rc;
int rc = 0;
gss_ctx_id_t gssctx = GSS_C_NO_CONTEXT;
- if (tids_auth_connection(conn, &gssctx)) {
+ if (tids_auth_connection(tids, conn, &gssctx)) {
fprintf(stderr, "tids_handle_connection: Error authorizing TID Server connection.\n");
close(conn);
return;
return;
}
- if (0 > (rc = tids_handle_request(tids, mreq, &resp))) {
+ if (0 > (rc = tids_handle_request(tids, mreq, resp))) {
fprintf(stderr, "tids_handle_connection: Error from tids_handle_request(), rc = %d.\n", rc);
/* Fall through, to send the response, either way */
}
int tids_start (TIDS_INSTANCE *tids,
TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler,
+ const char *hostname,
+ unsigned int port,
void *cookie)
{
int listen = -1;
int conn = -1;
pid_t pid;
- if (0 > (listen = tids_listen(tids, TID_PORT)))
+ if (0 > (listen = tids_listen(tids, port)))
perror ("Error from tids_listen()");
/* store the caller's request handler & cookie */
tids->req_handler = req_handler;
+ tids->auth_handler = auth_handler;
+ tids->hostname = hostname;
tids->cookie = cookie;
while(1) { /* accept incoming conns until we are stopped */
close(listen);
tids_handle_connection(tids, conn);
close(conn);
- exit(0);
+ return 0;
} else {
close(conn);
}