Avoid error message after handling TID req.

[trust_router.git] / tid / tids.c

diff --git a/tid/tids.c b/tid/tids.c
index 925ff62..eb081dd 100644 (file)
--- a/tid/tids.c
+++ b/tid/tids.c
@@ -122,15 +122,24 @@ static int tids_listen (TIDS_INSTANCE *tids, int port)
     return conn;
 }
 
+/* returns EACCES if authorization is denied */
 static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
                        void *data)
 {
   struct tids_instance *inst = (struct tids_instance *) data;
   TR_NAME name ={(char *) displayName->value,
                 displayName->length};
-  return inst->auth_handler(clientName, &name, inst->cookie);
+  int result=0;
+
+  if (0!=inst->auth_handler(clientName, &name, inst->cookie)) {
+    tr_debug("tids_auth_cb: client '%.*s' denied authorization.", name.len, name.buf);
+    result=EACCES; /* denied */
+  }
+
+  return result;
 }
 
+/* returns 0 on authorization success, 1 on failure, or -1 in case of error */
 static int tids_auth_connection (struct tids_instance *inst,
                                 int conn, gss_ctx_id_t *gssctx)
 {
@@ -363,6 +372,7 @@ TIDS_INSTANCE *tids_create (void)
   return tids;
 }
 
+/* Process tids requests forever. Should not return except on error. */
 int tids_start (TIDS_INSTANCE *tids, 
                TIDS_REQ_FUNC *req_handler,
                tids_auth_func *auth_handler,
@@ -402,7 +412,7 @@ int tids_start (TIDS_INSTANCE *tids,
       close(listen);
       tids_handle_connection(tids, conn);
       close(conn);
-      return 0;
+      exit(0); /* exit to kill forked child process */
     } else {
       close(conn);
     }