2 * Copyright (c) 2012, 2015, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
40 #include <sys/socket.h>
45 #include <tid_internal.h>
49 #include <tr_socket.h>
54 * Create a response with minimal fields filled in
56 * @param mem_ctx talloc context for the return value
57 * @param req request to respond to
58 * @return new response structure allocated in the mem_ctx context
60 static TID_RESP *tids_create_response(TALLOC_CTX *mem_ctx, TID_REQ *req)
65 if (NULL == (resp = tid_resp_new(mem_ctx))) {
66 tr_crit("tids_create_response: Error allocating response structure.");
70 resp->result = TID_SUCCESS; /* presume success */
71 if ((NULL == (resp->rp_realm = tr_dup_name(req->rp_realm))) ||
72 (NULL == (resp->realm = tr_dup_name(req->realm))) ||
73 (NULL == (resp->comm = tr_dup_name(req->comm)))) {
74 tr_crit("tids_create_response: Error allocating fields in response.");
78 if (NULL == (resp->orig_coi = tr_dup_name(req->orig_coi))) {
79 tr_crit("tids_create_response: Error allocating fields in response.");
87 if ((!success) && (resp!=NULL)) {
94 static int tids_handle_request(TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp)
98 /* Check that this is a valid TID Request. If not, send an error return. */
100 (!(req->rp_realm)) ||
103 tr_notice("tids_handle_request(): Not a valid TID Request.");
104 tid_resp_set_result(resp, TID_ERROR);
105 tid_resp_set_err_msg(resp, tr_new_name("Bad request format"));
109 tr_debug("tids_handle_request: adding self to req path.");
110 tid_req_add_path(req, tids->hostname, tids->tids_port);
112 /* Call the caller's request handler */
113 /* TBD -- Handle different error returns/msgs */
114 if (0 > (rc = (*tids->req_handler)(tids, req, resp, tids->cookie))) {
115 /* set-up an error response */
116 tr_debug("tids_handle_request: req_handler returned error.");
117 tid_resp_set_result(resp, TID_ERROR);
118 if (!tid_resp_get_err_msg(resp)) /* Use msg set by handler, if any */
119 tid_resp_set_err_msg(resp, tr_new_name("Internal processing error"));
121 /* set-up a success response */
122 tr_debug("tids_handle_request: req_handler returned success.");
123 tid_resp_set_result(resp, TID_SUCCESS);
124 resp->err_msg = NULL; /* No error msg on successful return */
131 * Produces a JSON-encoded msg containing the TID response
133 * @param mem_ctx talloc context for the return value
134 * @param resp outgoing response
135 * @return JSON-encoded message containing the TID response
137 static char *tids_encode_response(TALLOC_CTX *mem_ctx, TID_RESP *resp)
140 char *resp_buf = NULL;
142 /* Construct the response message */
143 mresp.msg_type = TID_RESPONSE;
144 tr_msg_set_resp(&mresp, resp);
146 /* Encode the message to JSON */
147 resp_buf = tr_msg_encode(mem_ctx, &mresp);
148 if (resp_buf == NULL) {
149 tr_err("tids_encode_response: Error encoding json response.");
152 tr_debug("tids_encode_response: Encoded response: %s", resp_buf);
159 * Encode/send an error response
161 * Part of the public interface
168 int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg) {
169 TID_RESP *resp = NULL;
172 if ((!tids) || (!req) || (!err_msg)) {
173 tr_debug("tids_send_err_response: Invalid parameters.");
177 /* If we already sent a response, don't send another no matter what. */
181 if (NULL == (resp = tids_create_response(req, req))) {
182 tr_crit("tids_send_err_response: Can't create response.");
186 /* mark this as an error response, and include the error message */
187 resp->result = TID_ERROR;
188 resp->err_msg = tr_new_name((char *)err_msg);
189 resp->error_path = req->path;
191 rc = tids_send_response(tids, req, resp);
198 * Encode/send a response
200 * Part of the public interface
202 * @param tids not actually used, but kept for ABI compatibility
207 int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp)
212 if ((!tids) || (!req) || (!resp)) {
213 tr_debug("tids_send_response: Invalid parameters.");
217 /* Never send a second response if we already sent one. */
221 resp_buf = tids_encode_response(NULL, NULL);
222 if (resp_buf == NULL) {
223 tr_err("tids_send_response: Error encoding json response.");
228 tr_debug("tids_send_response: Encoded response: %s", resp_buf);
230 /* If external logging is enabled, fire off a message */
231 /* TODO Can be moved to end once segfault in gsscon_write_encrypted_token fixed */
234 /* Send the response over the connection */
235 err = gsscon_write_encrypted_token (req->conn, req->gssctx, resp_buf,
236 strlen(resp_buf) + 1);
238 tr_notice("tids_send_response: Error sending response over connection.");
243 /* indicate that a response has been sent for this request */
252 * Callback to process a request and produce a response
254 * @param req_str JSON-encoded request
255 * @param data pointer to a TIDS_INSTANCE
256 * @return pointer to the response string or null to send no response
258 static char *tids_req_cb(TALLOC_CTX *mem_ctx, const char *req_str, void *data)
260 TIDS_INSTANCE *tids = talloc_get_type_abort(data, TIDS_INSTANCE);
263 TID_RESP *resp = NULL;
264 char *resp_str = NULL;
267 mreq = tr_msg_decode(NULL, req_str, strlen(req_str)); // allocates memory on success!
269 tr_debug("tids_req_cb: Error decoding request.");
273 /* If this isn't a TID Request, just drop it. */
274 if (mreq->msg_type != TID_REQUEST) {
275 tr_msg_free_decoded(mreq);
276 tr_debug("tids_req_cb: Not a TID request, dropped.");
280 /* Get a handle on the request itself. Don't free req - it belongs to mreq */
281 req = tr_msg_get_req(mreq);
283 /* Allocate a response structure and populate common fields. The resp is in req's talloc context,
284 * which will be cleaned up when mreq is freed. */
285 resp = tids_create_response(req, req);
287 /* If we were unable to create a response, we cannot reply. Log an
288 * error if we can, then drop the request. */
289 tr_msg_free_decoded(mreq);
290 tr_crit("tids_req_cb: Error creating response structure.");
294 /* Handle the request and fill in resp */
295 rc = tids_handle_request(tids, req, resp);
297 tr_debug("tids_req_cb: Error from tids_handle_request(), rc = %d.", rc);
298 /* Fall through, to send the response, either way */
301 /* Convert the completed response into an encoded response */
302 resp_str = tids_encode_response(mem_ctx, resp);
304 /* Finished; free the request and return */
305 tr_msg_free_decoded(mreq); // this frees req and resp, too
309 TIDS_INSTANCE *tids_new(TALLOC_CTX *mem_ctx)
311 return talloc_zero(mem_ctx, TIDS_INSTANCE);
315 * Create a new TIDS instance
317 * Deprecated: exists for ABI compatibility, but tids_new() should be used instead
320 TIDS_INSTANCE *tids_create(void)
322 return talloc_zero(NULL, TIDS_INSTANCE);
324 /* Get a listener for tids requests, returns its socket fd. Accept
325 * connections with tids_accept() */
326 nfds_t tids_get_listener(TIDS_INSTANCE *tids,
327 TIDS_REQ_FUNC *req_handler,
328 tids_auth_func *auth_handler,
329 const char *hostname,
338 tids->tids_port = port;
339 n_fd = tr_sock_listen_all(port, fd_out, max_fd);
342 tr_err("tids_get_listener: Error opening port %d");
344 /* opening port succeeded */
345 tr_info("tids_get_listener: Opened port %d.", port);
347 /* make this socket non-blocking */
348 for (ii=0; ii<n_fd; ii++) {
349 if (0 != fcntl(fd_out[ii], F_SETFL, O_NONBLOCK)) {
350 tr_err("tids_get_listener: Error setting O_NONBLOCK.");
351 for (ii=0; ii<n_fd; ii++) {
362 /* store the caller's request handler & cookie */
363 tids->req_handler = req_handler;
364 tids->auth_handler = auth_handler;
365 tids->hostname = hostname;
366 tids->cookie = cookie;
372 /* Accept and process a connection on a port opened with tids_get_listener() */
373 int tids_accept(TIDS_INSTANCE *tids, int listen)
378 if (0 > (conn = accept(listen, NULL, NULL))) {
379 perror("Error from TIDS Server accept()");
383 if (0 > (pid = fork())) {
384 perror("Error on fork()");
390 tr_gss_handle_connection(conn,
391 "trustidentity", tids->hostname, /* acceptor name */
392 tids->auth_handler, tids->cookie, /* auth callback and cookie */
393 tids_req_cb, tids /* req callback and cookie */
396 exit(0); /* exit to kill forked child process */
401 /* clean up any processes that have completed (TBD: move to main loop?) */
402 while (waitpid(-1, 0, WNOHANG) > 0);
407 /* Process tids requests forever. Should not return except on error. */
408 int tids_start (TIDS_INSTANCE *tids,
409 TIDS_REQ_FUNC *req_handler,
410 tids_auth_func *auth_handler,
411 const char *hostname,
415 int fd[TR_MAX_SOCKETS]={0};
417 struct pollfd poll_fd[TR_MAX_SOCKETS]={{0}};
420 n_fd = tids_get_listener(tids, req_handler, auth_handler, hostname, port, cookie, fd, TR_MAX_SOCKETS);
422 perror ("Error from tids_listen()");
426 tr_info("Trust Path Query Server starting on host %s:%d.", hostname, port);
428 /* set up the poll structs */
429 for (ii=0; ii<n_fd; ii++) {
430 poll_fd[ii].fd=fd[ii];
431 poll_fd[ii].events=POLLIN;
434 while(1) { /* accept incoming conns until we are stopped */
435 /* clear out events from previous iteration */
436 for (ii=0; ii<n_fd; ii++)
437 poll_fd[ii].revents=0;
439 /* wait indefinitely for a connection */
440 if (poll(poll_fd, n_fd, -1) < 0) {
441 perror("Error from poll()");
445 /* fork handlers for any sockets that have data */
446 for (ii=0; ii<n_fd; ii++) {
447 if (poll_fd[ii].revents == 0)
450 if ((poll_fd[ii].revents & POLLERR) || (poll_fd[ii].revents & POLLNVAL)) {
451 perror("Error polling fd");
455 if (poll_fd[ii].revents & POLLIN) {
456 if (tids_accept(tids, poll_fd[ii].fd))
457 tr_err("tids_start: error in tids_accept().");
462 return 1; /* should never get here, loops "forever" */
465 void tids_destroy (TIDS_INSTANCE *tids)
467 /* clean up logfiles */