+#include <pthread.h>
#include <fcntl.h>
#include <event2/event.h>
#include <talloc.h>
#include <gsscon.h>
#include <tr_rp.h>
+#include <trp_internal.h>
#include <tr_config.h>
#include <tr_event.h>
#include <tr_debug.h>
};
-/********** Ersatz TRPS implementation **********/
-TRPS_INSTANCE *trps_create (TALLOC_CTX *mem_ctx)
-{
- return talloc_zero(mem_ctx, TRPS_INSTANCE);
-}
-
-void trps_destroy (TRPS_INSTANCE *trps)
-{
- if (trps)
- talloc_free(trps);
-}
-
-static int trps_listen (TRPS_INSTANCE *trps, int port)
-{
- int rc = 0;
- int conn = -1;
- int optval = 1;
-
- union {
- struct sockaddr_storage storage;
- struct sockaddr_in in4;
- } addr;
-
- struct sockaddr_in *saddr = (struct sockaddr_in *) &addr.in4;
-
- saddr->sin_port = htons (port);
- saddr->sin_family = AF_INET;
- saddr->sin_addr.s_addr = INADDR_ANY;
-
- if (0 > (conn = socket (AF_INET, SOCK_STREAM, 0)))
- return conn;
-
- setsockopt(conn, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
-
- if (0 > (rc = bind (conn, (struct sockaddr *) saddr, sizeof(struct sockaddr_in))))
- return rc;
-
- if (0 > (rc = listen(conn, 512)))
- return rc;
-
- tr_debug("trps_listen: TRP Server listening on port %d", port);
- return conn;
-}
-
-#if 0
-
-/* returns EACCES if authorization is denied */
-static int trps_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
- void *data)
-{
- TRPS_INSTANCE *inst = (TRPS_INSTANCE *)data;
- TR_NAME name ={(char *) displayName->value,
- displayName->length};
- int result=0;
-
- if (0!=inst->auth_handler(clientName, &name, inst->cookie)) {
- tr_debug("trps_auth_cb: client '%.*s' denied authorization.", name.len, name.buf);
- result=EACCES; /* denied */
- }
-
- return result;
-}
-
-/* returns 0 on authorization success, 1 on failure, or -1 in case of error */
-static int trps_auth_connection (TRPS_INSTANCE *inst,
- int conn,
- gss_ctx_id_t *gssctx)
-{
- int rc = 0;
- int auth, autherr = 0;
- gss_buffer_desc nameBuffer = {0, NULL};
- char *name = 0;
- int nameLen = 0;
-
- nameLen = asprintf(&name, "trustrouter@%s", inst->hostname);
- nameBuffer.length = nameLen;
- nameBuffer.value = name;
-
- if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, trps_auth_cb, inst)) {
- tr_debug("trps_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.", rc);
- return -1;
- }
-
- if (rc = gsscon_authorize(*gssctx, &auth, &autherr)) {
- tr_debug("trps_auth_connection: Error from gsscon_authorize, rc = %d, autherr = %d.",
- rc, autherr);
- return -1;
- }
-
- if (auth)
- tr_debug("trps_auth_connection: Connection authenticated, conn = %d.", conn);
- else
- tr_debug("trps_auth_connection: Authentication failed, conn %d.", conn);
-
- return !auth;
-}
-#endif
-
static int tr_trps_req_handler (TRPS_INSTANCE *trps,
TRP_REQ *orig_req,
- TRP_RESP *resp,
void *tr_in)
{
if (orig_req != NULL)
return -1; /* not handling anything right now */
}
-static void trps_handle_connection (TRPS_INSTANCE *trps, int conn)
-{
- return;
-}
-static int tr_trps_gss_handler(gss_name_t client_name, TR_NAME *gss_name,
+static int tr_trps_gss_handler(gss_name_t client_name, gss_buffer_t gss_name,
void *cookie_in)
{
TR_RP_CLIENT *rp;
struct tr_trps_event_cookie *cookie=(struct tr_trps_event_cookie *)cookie_in;
TRPS_INSTANCE *trps = cookie->trps;
TR_CFG_MGR *cfg_mgr = cookie->cfg_mgr;
+ TR_NAME name={gss_name->value, gss_name->length};
tr_debug("tr_trps_gss_handler()");
}
/* look up the RP client matching the GSS name */
- if ((NULL == (rp = tr_rp_client_lookup(cfg_mgr->active->rp_clients, gss_name)))) {
- tr_debug("tr_trps_gss_handler: Unknown GSS name %s", gss_name->buf);
+ if ((NULL == (rp = tr_rp_client_lookup(cfg_mgr->active->rp_clients, &name)))) {
+ tr_debug("tr_trps_gss_handler: Unknown GSS name %.*s", name.len, name.buf);
return -1;
}
- trps->rp_gss = rp;
- tr_debug("Client's GSS Name: %s", gss_name->buf);
+ /*trps->rp_gss = rp;*/
+ tr_debug("Client's GSS Name: %.*s", name.len, name.buf);
return 0;
}
-static int trps_get_listener(TRPS_INSTANCE *trps,
- TRPS_REQ_FUNC *req_handler,
- trps_auth_func *auth_handler,
- const char *hostname,
- unsigned int port,
- void *cookie)
-{
- int listen = -1;
-
- if (0 > (listen = trps_listen(trps, port))) {
- char errbuf[256];
- if (0 == strerror_r(errno, errbuf, 256)) {
- tr_debug("trps_get_listener: Error opening port %d: %s.", port, errbuf);
- } else {
- tr_debug("trps_get_listener: Unknown error openining port %d.", port);
- }
- }
-
- if (listen > 0) {
- /* opening port succeeded */
- tr_debug("trps_get_listener: Opened port %d.", port);
-
- /* make this socket non-blocking */
- if (0 != fcntl(listen, F_SETFL, O_NONBLOCK)) {
- tr_debug("trps_get_listener: Error setting O_NONBLOCK.");
- close(listen);
- listen=-1;
- }
- }
-
- if (listen > 0) {
- /* store the caller's request handler & cookie */
- trps->req_handler = req_handler;
- trps->auth_handler = auth_handler;
- trps->hostname = talloc_strdup(trps, hostname);
- trps->port = port;
- trps->cookie = cookie;
- }
-
- return listen;
-}
-
-
-/* Accept and process a connection on a port opened with trps_get_listener() */
-int trps_accept(TRPS_INSTANCE *trps, int listen)
+/* data passed to thread */
+struct thread_data {
+ TRP_CONNECTION *conn;
+ TRPS_INSTANCE *trps;
+};
+/* thread to handle GSS connections to peers */
+static void *tr_trps_conn_thread(void *arg)
{
- int conn=-1;
-
- conn = accept(listen, NULL, NULL);
-
- if (0 > conn) {
- perror("Error from TRP Server accept()");
- return 1;
+ struct thread_data *thread_data=talloc_get_type_abort(arg, struct thread_data);
+ TRP_CONNECTION *conn=thread_data->conn;
+ TRPS_INSTANCE *trps=thread_data->trps;
+
+ tr_debug("tr_trps_conn_thread: started");
+ /* try to establish a GSS context */
+ if (0!=trp_connection_auth(conn, trps->auth_handler, trps->cookie)) {
+ tr_notice("tr_trps_conn_thread: failed to authorize connection");
+ pthread_exit(NULL);
}
-
- /* does not fork, handles request in main process */
- trps_handle_connection(trps, conn);
- write(conn, "TRP Online\n", strlen("TRP Online\n"));
- close(conn);
- return 0;
+ tr_notice("tr_trps_conn_thread: authorized connection");
+ return NULL;
}
-
-/********** Event Handling **********/
-
/* called when a connection to the TRPS port is received */
static void tr_trps_event_cb(int listener, short event, void *arg)
{
- TRPS_INSTANCE *trps = (TRPS_INSTANCE *)arg;
+ TALLOC_CTX *tmp_ctx=talloc_new(NULL);
+ TRPS_INSTANCE *trps = talloc_get_type_abort(arg, TRPS_INSTANCE); /* aborts on wrong type */
+ TRP_CONNECTION *conn=NULL;
+ TR_NAME *gssname=NULL;
+ char *name=NULL;
+ struct thread_data *thread_data;
- if (0==(event & EV_READ))
+ if (0==(event & EV_READ)) {
tr_debug("tr_trps_event_cb: unexpected event on TRPS socket (event=0x%X)", event);
- else
- trps_accept(trps, listener);
+ } else {
+ /* create a thread to handle this connection */
+ asprintf(&name, "trustrouter@%s", trps->hostname);
+ gssname=tr_new_name(name);
+ free(name); name=NULL;
+ conn=trp_connection_accept(tmp_ctx, listener, gssname, trps_auth_cb, NULL, trps);
+ if (conn!=NULL) {
+ /* need to monitor this fd and trigger events when read becomes possible */
+ thread_data=talloc(conn, struct thread_data);
+ if (thread_data==NULL) {
+ tr_err("tr_trps_event_cb: unable to allocate thread_data");
+ talloc_free(tmp_ctx);
+ return;
+ }
+ thread_data->conn=conn;
+ thread_data->trps=trps;
+ pthread_create(conn->thread, NULL, tr_trps_conn_thread, thread_data);
+ trps_add_connection(trps, conn); /* remember the connection */
+ }
+ }
+ talloc_free(tmp_ctx);
}
talloc_free(tmp_ctx);
return retval;
}
+
projects / trust_router.git / blobdiff