X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=tid%2Fexample%2Ftids_main.c;h=1ecc494d6c62a42db665eacbee4805fc3e743de8;hb=3c5fb17459ff56d5e23cea059503f46a42150a1e;hp=dba618521cb07afcb740a7a88b802f1c02ba8c84;hpb=97653780649381147015ed4af7ac55976251c1d0;p=trust_router.git diff --git a/tid/example/tids_main.c b/tid/example/tids_main.c index dba6185..1ecc494 100644 --- a/tid/example/tids_main.c +++ b/tid/example/tids_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, JANET(UK) + * Copyright (c) 2012, 2015, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -37,8 +37,11 @@ #include #include #include +#include +#include #include +#include #include #include #include @@ -104,7 +107,7 @@ static int handle_authorizations(TID_REQ *req, const unsigned char *dh_hash, int sqlite3_result; if (!req->cons) { - tr_debug("Request has no constraints, so no authorizations.\n"); + tr_debug("Request has no constraints, so no authorizations."); return 0; } intersected = tr_constraint_set_intersect(req, req->cons); @@ -118,17 +121,17 @@ static int handle_authorizations(TID_REQ *req, const unsigned char *dh_hash, intersected, "realm", &realm_wc, &realm_len)) return -1; - tr_debug(" %u domain constraint matches and %u realm constraint matches\n", + tr_debug(" %u domain constraint matches and %u realm constraint matches", (unsigned) domain_len, (unsigned) realm_len); if (0 != sqlify_wc(req, domain_wc, domain_len, &error)) { - tr_debug("Processing domain constraints: %s\n", error); + tr_debug("Processing domain constraints: %s", error); return -1; }else if (0 != sqlify_wc(req, realm_wc, realm_len, &error)) { - tr_debug("Processing realm constraints: %s\n", error); + tr_debug("Processing realm constraints: %s", error); return -1; } if (!authorization_insert) { - tr_debug( " No database, no authorizations inserted\n"); + tr_debug( " No database, no authorizations inserted"); return 0; } for (domain_index = 0; domain_index < domain_len; domain_index++) @@ -143,8 +146,9 @@ static int handle_authorizations(TID_REQ *req, const unsigned char *dh_hash, sqlite3_bind_text(authorization_insert, 5, req->comm->buf, req->comm->len, SQLITE_TRANSIENT); sqlite3_result = sqlite3_step(authorization_insert); if (SQLITE_DONE != sqlite3_result) - printf("sqlite3: failed to write to database\n"); + tr_crit("sqlite3: failed to write to database"); sqlite3_reset(authorization_insert); + sqlite3_clear_bindings(authorization_insert); } return 0; } @@ -152,42 +156,39 @@ static int handle_authorizations(TID_REQ *req, const unsigned char *dh_hash, static int tids_req_handler (TIDS_INSTANCE *tids, TID_REQ *req, - TID_RESP **resp, + TID_RESP *resp, void *cookie) { unsigned char *s_keybuf = NULL; int s_keylen = 0; char key_id[12]; - unsigned char *pub_digest; + unsigned char *pub_digest=NULL; size_t pub_digest_len; - fprintf(stdout, "tids_req_handler: Request received! target_realm = %s, community = %s\n", req->realm->buf, req->comm->buf); - if (tids) - tids->req_count++; - - if (!(resp) || !(*resp)) { - fprintf(stderr, "tids_req_handler: No response structure.\n"); + tr_debug("tids_req_handler: Request received! target_realm = %s, community = %s", req->realm->buf, req->comm->buf); + if (!(resp) || !resp) { + tr_debug("tids_req_handler: No response structure."); return -1; } + /* Allocate a new server block */ - if (NULL == ((*resp)->servers = malloc(sizeof(TID_SRVR_BLK)))){ - fprintf(stderr, "tids_req_handler(): malloc failed.\n"); + tid_srvr_blk_add(resp->servers, tid_srvr_blk_new(resp)); + if (NULL==resp->servers) { + tr_crit("tids_req_handler(): unable to allocate server block."); return -1; } - memset((*resp)->servers, 0, sizeof(TID_SRVR_BLK)); - (*resp)->num_servers = 1; /* TBD -- Set up the server IP Address */ if (!(req) || !(req->tidc_dh)) { - fprintf(stderr, "tids_req_handler(): No client DH info.\n"); + tr_debug("tids_req_handler(): No client DH info."); return -1; } if ((!req->tidc_dh->p) || (!req->tidc_dh->g)) { - fprintf(stderr, "tids_req_handler(): NULL dh values.\n"); + tr_debug("tids_req_handler: NULL dh values."); return -1; } @@ -195,46 +196,54 @@ static int tids_req_handler (TIDS_INSTANCE *tids, // fprintf(stderr, "Generating the server DH block.\n"); // fprintf(stderr, "...from client DH block, dh_g = %s, dh_p = %s.\n", BN_bn2hex(req->tidc_dh->g), BN_bn2hex(req->tidc_dh->p)); - if (NULL == ((*resp)->servers->aaa_server_dh = tr_create_matching_dh(NULL, 0, req->tidc_dh))) { - fprintf(stderr, "tids_req_handler(): Can't create server DH params.\n"); + if (NULL == (resp->servers->aaa_server_dh = tr_create_matching_dh(NULL, 0, req->tidc_dh))) { + tr_debug("tids_req_handler: Can't create server DH params."); return -1; } - if (0 == inet_aton(tids->ipaddr, &((*resp)->servers->aaa_server_addr))) { - fprintf(stderr, "tids_req_handler(): inet_aton() failed.\n"); - return -1; - } + resp->servers->aaa_server_addr=talloc_strdup(resp->servers, tids->ipaddr); /* Set the key name */ if (-1 == create_key_id(key_id, sizeof(key_id))) return -1; - (*resp)->servers->key_name = tr_new_name(key_id); + resp->servers->key_name = tr_new_name(key_id); /* Generate the server key */ // fprintf(stderr, "Generating the server key.\n"); if (0 > (s_keylen = tr_compute_dh_key(&s_keybuf, req->tidc_dh->pub_key, - (*resp)->servers->aaa_server_dh))) { - fprintf(stderr, "tids_req_handler(): Key computation failed."); + resp->servers->aaa_server_dh))) { + tr_debug("tids_req_handler: Key computation failed."); return -1; } if (0 != tr_dh_pub_hash(req, &pub_digest, &pub_digest_len)) { - tr_debug("Unable to digest client public key\n"); + tr_debug("tids_req_handler: Unable to digest client public key"); return -1; } if (0 != handle_authorizations(req, pub_digest, pub_digest_len)) return -1; + tid_srvr_blk_set_path(resp->servers, (TID_PATH *)(req->path)); + + if (req->expiration_interval < 1) + req->expiration_interval = 1; + g_get_current_time(&resp->servers->key_expiration); + resp->servers->key_expiration.tv_sec += req->expiration_interval * 60 /*in minutes*/; + if (NULL != insert_stmt) { int sqlite3_result; + gchar *expiration_str = g_time_val_to_iso8601(&resp->servers->key_expiration); sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT); sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT); sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT); + sqlite3_bind_text(insert_stmt, 4, expiration_str, -1, SQLITE_TRANSIENT); + g_free(expiration_str); /* bind_text already made its own copy */ sqlite3_result = sqlite3_step(insert_stmt); if (SQLITE_DONE != sqlite3_result) - printf("sqlite3: failed to write to database\n"); + tr_crit("sqlite3: failed to write to database"); sqlite3_reset(insert_stmt); + sqlite3_clear_bindings(insert_stmt); } /* Print out the key. */ @@ -244,55 +253,149 @@ static int tids_req_handler (TIDS_INSTANCE *tids, // } // fprintf(stderr, "\n"); + if (s_keybuf!=NULL) + free(s_keybuf); + + if (pub_digest!=NULL) + talloc_free(pub_digest); + return s_keylen; } + static int auth_handler(gss_name_t gss_name, TR_NAME *client, void *expected_client) { TR_NAME *expected_client_trname = (TR_NAME*) expected_client; - return tr_name_cmp(client, expected_client_trname); + int result=tr_name_cmp(client, expected_client_trname); + if (result != 0) { + tr_notice("Auth denied for incorrect gss-name ('%.*s' requested, expected '%.*s').", + client->len, client->buf, + expected_client_trname->len, expected_client_trname->buf); + } + return result; } +static void print_version_info(void) +{ + printf("Moonshot TID Server %s\n\n", PACKAGE_VERSION); +} + +/* command-line option setup */ + +/* argp global parameters */ +const char *argp_program_bug_address=PACKAGE_BUGREPORT; /* bug reporting address */ + +/* doc strings */ +static const char doc[]=PACKAGE_NAME " - Moonshot TID Server " PACKAGE_VERSION; +static const char arg_doc[]=" "; /* string describing arguments, if any */ + +/* define the options here. Fields are: + * { long-name, short-name, variable name, options, help description } */ +static const struct argp_option cmdline_options[] = { + { "version", 'v', NULL, 0, "Print version information and exit"}, + { NULL } +}; + +/* structure for communicating with option parser */ +struct cmdline_args { + char *ip_address; + char *gss_name; + char *hostname; + char *database_name; +}; + +/* parser for individual options - fills in a struct cmdline_args */ +static error_t parse_option(int key, char *arg, struct argp_state *state) +{ + /* get a shorthand to the command line argument structure, part of state */ + struct cmdline_args *arguments=state->input; + + switch (key) { + case ARGP_KEY_ARG: /* handle argument (not option) */ + switch (state->arg_num) { + case 0: + arguments->ip_address=arg; + break; + + case 1: + arguments->gss_name=arg; + break; + + case 2: + arguments->hostname=arg; + break; + + case 3: + arguments->database_name=arg; + break; + + default: + /* too many arguments */ + argp_usage(state); + } + break; + + case ARGP_KEY_END: /* no more arguments */ + if (state->arg_num < 4) { + /* not enough arguments encountered */ + argp_usage(state); + } + break; + + case 'v': + print_version_info(); + exit(0); + + default: + return ARGP_ERR_UNKNOWN; + } + + return 0; /* success */ +} + +/* assemble the argp parser */ +static struct argp argp = {cmdline_options, parse_option, arg_doc, doc}; int main (int argc, - const char *argv[]) + char *argv[]) { TIDS_INSTANCE *tids; - int rc = 0; - char *ipaddr = NULL; - const char *hostname = NULL; TR_NAME *gssname = NULL; + struct cmdline_args opts={0}; + + /* parse the command line*/ + argp_parse(&argp, argc, argv, 0, 0, &opts); + + print_version_info(); talloc_set_log_stderr(); - /* Parse command-line arguments */ - if (argc != 5) { - fprintf(stdout, "Usage: %s \n", argv[0]); - exit(1); - } - ipaddr = (char *)argv[1]; - gssname = tr_new_name((char *) argv[2]); - hostname = argv[3]; - if (SQLITE_OK != sqlite3_open(argv[4], &db)) { - fprintf(stdout, "Error opening database %s\n", argv[4]); + + /* Use standalone logging */ + tr_log_open(); + + /* set logging levels */ + tr_log_threshold(LOG_CRIT); + tr_console_threshold(LOG_DEBUG); + + gssname = tr_new_name(opts.gss_name); + if (SQLITE_OK != sqlite3_open(opts.database_name, &db)) { + tr_crit("Error opening database %s", opts.database_name); exit(1); } - sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)", + sqlite3_busy_timeout( db, 1000); + sqlite3_prepare_v2(db, "insert into psk_keys_tab (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)", -1, &insert_stmt, NULL); sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)", -1, &authorization_insert, NULL); /* Create a TID server instance */ if (NULL == (tids = tids_create())) { - fprintf(stdout, "Unable to create TIDS instance, exiting.\n"); + tr_crit("Unable to create TIDS instance, exiting."); return 1; } - tids->ipaddr = ipaddr; - - /* Start-up the server, won't return unless there is an error. */ - rc = tids_start(tids, &tids_req_handler , auth_handler, hostname, TID_PORT, gssname); - - fprintf(stdout, "Error in tids_start(), rc = %d. Exiting.\n", rc); + tids->ipaddr = opts.ip_address; + (void) tids_start(tids, &tids_req_handler, auth_handler, opts.hostname, TID_PORT, gssname); /* Clean-up the TID server instance */ tids_destroy(tids);