X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=tr%2Ftr_trp.c;h=c525f5473f00f2701e9115f69b311ebe36017c58;hb=b5117dd88f660ee157de3cf96f8fb6d952ac342a;hp=9f9c558d4707c6b23d5c8fd04e6447ef24f80d5e;hpb=81a61f8c6064bf52ff2a40a3d28e6ee5b2e478d4;p=trust_router.git diff --git a/tr/tr_trp.c b/tr/tr_trp.c index 9f9c558..c525f54 100644 --- a/tr/tr_trp.c +++ b/tr/tr_trp.c @@ -93,7 +93,7 @@ static TRP_RC tr_trps_msg_handler(TRPS_INSTANCE *trps, /* n.b., conn is available here, but do not hold onto the reference * because it may be cleaned up if the originating connection goes * down before the message is processed */ - mq_msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_MSG_RECEIVED, TR_MQ_PRIO_NORMAL); + mq_msg= tr_mq_msg_new(tmp_ctx, TR_MQMSG_MSG_RECEIVED); if (mq_msg==NULL) { return TRP_NOMEM; } @@ -147,7 +147,7 @@ static void *tr_trps_thread(void *arg) if (trps_authorize_connection(trps, conn)!=TRP_SUCCESS) goto cleanup; - msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPS_CONNECTED, TR_MQ_PRIO_HIGH); + msg= tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPS_CONNECTED); tr_mq_msg_set_payload(msg, (void *)tr_dup_name(trp_connection_get_peer(conn)), tr_free_name_helper); if (msg==NULL) { tr_err("tr_trps_thread: error allocating TR_MQ_MSG"); @@ -159,7 +159,7 @@ static void *tr_trps_thread(void *arg) trps_handle_connection(trps, conn); cleanup: - msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPS_DISCONNECTED, TR_MQ_PRIO_HIGH); + msg= tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPS_DISCONNECTED); tr_mq_msg_set_payload(msg, (void *)conn, NULL); /* do not pass a free routine */ if (msg==NULL) tr_err("tr_trps_thread: error allocating TR_MQ_MSG"); @@ -187,10 +187,12 @@ static void tr_trps_event_cb(int listener, short event, void *arg) name = talloc_asprintf(tmp_ctx, "trustrouter@%s", trps->hostname); if (name == NULL) goto cleanup; - gssname=tr_new_name(name); /* name cleaned up with tmp_ctx */ + gssname=tr_new_name(name); /* name cleaned up with tmp_ctx but need to handl gssname ourselves */ - conn=trp_connection_accept(tmp_ctx, listener, gssname); - if (conn!=NULL) { + conn=trp_connection_accept(tmp_ctx, listener, gssname); /* steals gssname unless it fails */ + if (conn == NULL) { + tr_free_name(gssname); + } else { /* need to monitor this fd and trigger events when read becomes possible */ thread_data=talloc(conn, struct trps_thread_data); if (thread_data==NULL) { @@ -275,60 +277,83 @@ static void tr_trps_process_mq(int socket, short event, void *arg) s=tr_mq_msg_get_message(msg); if (0==strcmp(s, TR_MQMSG_TRPS_CONNECTED)) { TR_NAME *peer_gssname=(TR_NAME *)tr_mq_msg_get_payload(msg); - peer=trps_get_peer_by_gssname(trps, peer_gssname); /* get the peer record */ - tmp = tr_name_strdup(peer_gssname); /* get the name as a null-terminated string */ - if (peer==NULL) - tr_err("tr_trps_process_mq: incoming connection from unknown peer (%s) reported.", tmp); - else { - trp_peer_set_incoming_status(peer, PEER_CONNECTED); - tr_notice("tr_trps_process_mq: incoming connection from %s established.", tmp); + if (NULL == peer_gssname) { + /* This should not happen, we should not be able to establish a connection if we do not + * know their GSS name */ + tr_err("tr_trps_process_mq: incoming connection from unknown GSS name reported."); + } else { + peer = trps_get_peer_by_gssname(trps, peer_gssname); /* get the peer record */ + tmp = tr_name_strdup(peer_gssname); /* get the name as a null-terminated string */ + if (peer == NULL) + tr_err("tr_trps_process_mq: incoming connection from unknown peer (%s) reported.", tmp); + else { + trp_peer_set_incoming_status(peer, PEER_CONNECTED); + tr_info("tr_trps_process_mq: incoming connection from %s established.", tmp); + } + free(tmp); } - free(tmp); } else if (0==strcmp(s, TR_MQMSG_TRPS_DISCONNECTED)) { TRP_CONNECTION *conn=talloc_get_type_abort(tr_mq_msg_get_payload(msg), TRP_CONNECTION); TR_NAME *peer_gssname=trp_connection_get_peer(conn); - peer=trps_get_peer_by_gssname(trps, peer_gssname); /* get the peer record */ - tmp = tr_name_strdup(peer_gssname); /* get the name as a null-terminated string */ - if (peer==NULL) { - tr_err("tr_trps_process_mq: incoming connection from unknown peer (%.*s) lost.", tmp); + + if (NULL == peer_gssname) { + /* If the GSS auth failed, then we don't know the peer's GSS name. */ + tr_info("tr_trps_process_mq: incoming connection failed to auth."); } else { - trp_peer_set_incoming_status(peer, PEER_DISCONNECTED); - tr_trps_cleanup_conn(trps, conn); - tr_notice("tr_trps_process_mq: incoming connection from %s lost.", tmp); + /* We do know the peer's GSS name, see if we recognize it. */ + peer = trps_get_peer_by_gssname(trps, peer_gssname); /* get the peer record */ + tmp = tr_name_strdup(peer_gssname); /* get the name as a null-terminated string */ + if (peer == NULL) { + tr_err("tr_trps_process_mq: incoming connection from unknown peer (%.*s) lost.", tmp); + } else { + trp_peer_set_incoming_status(peer, PEER_DISCONNECTED); + tr_trps_cleanup_conn(trps, conn); + tr_info("tr_trps_process_mq: incoming connection from %s lost.", tmp); + } + free(tmp); } - free(tmp); } else if (0==strcmp(s, TR_MQMSG_TRPC_CONNECTED)) { TR_NAME *svcname=(TR_NAME *)tr_mq_msg_get_payload(msg); - peer=trps_get_peer_by_servicename(trps, svcname); - tmp = tr_name_strdup(svcname); - if (peer==NULL) - tr_err("tr_trps_process_mq: outgoing connection to unknown peer (%s) reported.", tmp); - else { - trp_peer_set_outgoing_status(peer, PEER_CONNECTED); - tr_notice("tr_trps_process_mq: outgoing connection to %s established.", tmp); + if (NULL == svcname) { + /* This should not happen because we shouldn't be reporting a connection unless we were + * able to auth the service name. */ + tr_err("tr_trps_process_mq: outgoing connection established to unknown GSS service name."); + } else { + peer = trps_get_peer_by_servicename(trps, svcname); + tmp = tr_name_strdup(svcname); + if (peer == NULL) + tr_err("tr_trps_process_mq: outgoing connection to unknown peer (%s) reported.", tmp); + else { + trp_peer_set_outgoing_status(peer, PEER_CONNECTED); + tr_info("tr_trps_process_mq: outgoing connection to %s established.", tmp); + } + free(tmp); } - free(tmp); } else if (0==strcmp(s, TR_MQMSG_TRPC_DISCONNECTED)) { TRPC_INSTANCE *trpc=talloc_get_type_abort(tr_mq_msg_get_payload(msg), TRPC_INSTANCE); TR_NAME *svcname=trpc_get_gssname(trpc); - peer=trps_get_peer_by_servicename(trps, svcname); - tmp = tr_name_strdup(svcname); - if (peer==NULL) - tr_err("tr_trps_process_mq: outgoing connection to unknown peer (%s) lost.", tmp); - else { - trp_peer_set_outgoing_status(peer, PEER_DISCONNECTED); - tr_notice("tr_trps_process_mq: outgoing connection to %s lost.", tmp); - tr_trps_cleanup_trpc(trps, trpc); + if (NULL == svcname) { + tr_info("tr_trps_process_mq: outgoing connection to unknown GSS service name lost."); + } else { + peer = trps_get_peer_by_servicename(trps, svcname); + tmp = tr_name_strdup(svcname); + if (peer == NULL) + tr_err("tr_trps_process_mq: outgoing connection to unknown peer (%s) lost.", tmp); + else { + trp_peer_set_outgoing_status(peer, PEER_DISCONNECTED); + tr_info("tr_trps_process_mq: outgoing connection to %s lost.", tmp); + tr_trps_cleanup_trpc(trps, trpc); + } + free(tmp); } - free(tmp); } else if (0==strcmp(s, TR_MQMSG_MSG_RECEIVED)) { if (trps_handle_tr_msg(trps, tr_mq_msg_get_payload(msg))!=TRP_SUCCESS) - tr_notice("tr_trps_process_mq: error handling message."); + tr_err("tr_trps_process_mq: error handling message."); } else tr_notice("tr_trps_process_mq: unknown message '%s' received.", tr_mq_msg_get_message(msg)); @@ -612,7 +637,7 @@ static void *tr_trpc_thread(void *arg) tr_debug("tr_trpc_thread: connected to peer %.*s", peer_gssname->len, peer_gssname->buf); - msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_CONNECTED, TR_MQ_PRIO_HIGH); + msg= tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_CONNECTED); tr_mq_msg_set_payload(msg, (void *)tr_dup_name(peer_gssname), tr_free_name_helper); if (msg==NULL) { tr_err("tr_trpc_thread: error allocating TR_MQ_MSG"); @@ -664,8 +689,7 @@ static void *tr_trpc_thread(void *arg) } /* Send a DISCONNECTED message to the main thread */ - tr_debug("tr_trpc_thread: notifying main thread of disconnection."); - msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_DISCONNECTED, TR_MQ_PRIO_NORMAL); + msg= tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_DISCONNECTED); tr_mq_msg_set_payload(msg, (void *)trpc, NULL); /* do not pass a free routine */ if (msg==NULL) { /* can't notify main thread */ @@ -679,11 +703,21 @@ static void *tr_trpc_thread(void *arg) return NULL; } -/* convert an IDP realm into routing table entries. Outputs number in *n_routes */ +/** + * convert an IDP realm into routing table entries. + * + * @param mem_ctx talloc context for the result + * @param realm IDP realm whose routes should be generated + * @param trust_router hostname for TRP connections to us + * @param trust_router_port TRP port of our trust router + * @param n_routes (output) the number of routes in the returned array + * @return Pointer to an array of pointers to routes + */ static TRP_ROUTE **tr_make_local_routes(TALLOC_CTX *mem_ctx, - TR_IDP_REALM *realm, - char *trust_router, - size_t *n_routes) + TR_IDP_REALM *realm, + const char *trust_router, + int trust_router_port, + size_t *n_routes) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TR_APC *comm=NULL; @@ -712,7 +746,9 @@ static TRP_ROUTE **tr_make_local_routes(TALLOC_CTX *mem_ctx, trp_route_set_peer(new_entry, tr_new_name("")); /* no peer, it's us */ trp_route_set_metric(new_entry, 0); trp_route_set_trust_router(new_entry, tr_new_name(trust_router)); - trp_route_set_next_hop(new_entry, tr_new_name("")); + trp_route_set_trust_router_port(new_entry, trust_router_port); + trp_route_set_next_hop(new_entry, tr_new_name("")); /* no next hop */ + trp_route_set_next_hop_port(new_entry, -1); /* no next hop */ trp_route_set_local(new_entry, 1); entries[ii]=new_entry; } @@ -792,14 +828,9 @@ TRP_RC tr_add_local_routes(TRPS_INSTANCE *trps, TR_CFG *cfg) TRP_ROUTE **local_routes=NULL; size_t n_routes=0; size_t ii=0; - char *trust_router_name=talloc_asprintf(tmp_ctx, "%s:%d", cfg->internal->hostname, cfg->internal->trps_port); - - /* determine our trust router name */ - if (trust_router_name==NULL) - return TRP_NOMEM; for (cur=cfg->ctable->idp_realms; cur!=NULL; cur=cur->next) { - local_routes=tr_make_local_routes(tmp_ctx, cur, trust_router_name, &n_routes); + local_routes= tr_make_local_routes(tmp_ctx, cur, cfg->internal->hostname, cfg->internal->trps_port, &n_routes); for (ii=0; ii