2 * Copyright (c) 2016, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
42 #include <trp_internal.h>
43 #include <tr_socket.h>
45 /* Threading note: mutex lock is only used for protecting get_status() and set_status().
46 * If needed, locking for other operations (notably adding/removing connections) must be managed
47 * by whomever is holding on to the connection list. */
49 int trp_connection_lock(TRP_CONNECTION *conn)
51 return pthread_mutex_lock(&(conn->mutex));
54 int trp_connection_unlock(TRP_CONNECTION *conn)
56 return pthread_mutex_unlock(&(conn->mutex));
59 int trp_connection_get_fd(TRP_CONNECTION *conn)
64 void trp_connection_set_fd(TRP_CONNECTION *conn, int fd)
69 /* we use the gss name of the peer to identify it */
70 static TRP_RC trp_connection_set_peer(TRP_CONNECTION *conn)
72 OM_uint32 major_status=0;
73 OM_uint32 minor_status=0;
74 gss_name_t source_name=GSS_C_NO_NAME;
75 gss_name_t target_name=GSS_C_NO_NAME;
76 gss_buffer_desc peer_display_name={0,NULL};
79 major_status=gss_inquire_context(&minor_status,
80 *trp_connection_get_gssctx(conn),
89 if (major_status != GSS_S_COMPLETE) {
90 tr_err("trp_connection_set_peer: unable to identify GSS peer.");
91 if (source_name!=GSS_C_NO_NAME)
92 gss_release_name(&minor_status, &source_name);
93 if (target_name!=GSS_C_NO_NAME)
94 gss_release_name(&minor_status, &target_name);
99 /* we are the source, peer is the target */
100 major_status=gss_display_name(&minor_status, target_name, &peer_display_name, NULL);
102 /* we are the target, peer is the source */
103 major_status=gss_display_name(&minor_status, source_name, &peer_display_name, NULL);
105 gss_release_name(&minor_status, &source_name);
106 gss_release_name(&minor_status, &target_name);
108 conn->peer=tr_new_name(peer_display_name.value);
109 if (conn->peer==NULL)
110 tr_err("trp_connection_set_peer: unable to allocate peer name.");
112 if (conn->peer->len != peer_display_name.length) {
113 tr_err("trp_connection_set_peer: error converting GSS display name to TR_NAME.");
114 tr_free_name(conn->peer);
118 gss_release_buffer(&minor_status, &peer_display_name);
120 if (conn->peer==NULL)
123 tr_debug("trp_connection_set_peer: set peer for %p to %.*s (%p).", conn, conn->peer->len, conn->peer->buf, conn->peer);
127 TR_NAME *trp_connection_get_peer(TRP_CONNECTION *conn)
132 TR_NAME *trp_connection_get_gssname(TRP_CONNECTION *conn)
134 return conn->gssname;
137 void trp_connection_set_gssname(TRP_CONNECTION *conn, TR_NAME *gssname)
139 conn->gssname=gssname;
142 gss_ctx_id_t *trp_connection_get_gssctx(TRP_CONNECTION *conn)
147 void trp_connection_set_gssctx(TRP_CONNECTION *conn, gss_ctx_id_t *gssctx)
152 TRP_CONNECTION_STATUS trp_connection_get_status(TRP_CONNECTION *conn)
154 TRP_CONNECTION_STATUS status=TRP_CONNECTION_UNKNOWN;
155 trp_connection_lock(conn);
157 trp_connection_unlock(conn);
161 static void trp_connection_set_status(TRP_CONNECTION *conn, TRP_CONNECTION_STATUS status)
163 TRP_CONNECTION_STATUS old_status=TRP_CONNECTION_UNKNOWN;
164 trp_connection_lock(conn);
165 old_status=conn->status;
167 trp_connection_unlock(conn);
168 if ((status!=old_status) && (conn->status_change_cb!=NULL))
169 conn->status_change_cb(conn, conn->status_change_cookie);
172 pthread_t *trp_connection_get_thread(TRP_CONNECTION *conn)
177 void trp_connection_set_thread(TRP_CONNECTION *conn, pthread_t *thread)
182 TRP_CONNECTION *trp_connection_get_next(TRP_CONNECTION *conn)
187 static void trp_connection_set_next(TRP_CONNECTION *conn, TRP_CONNECTION *next)
192 /* Ok to call more than once; guarantees connection no longer in the list. Does not free removed element.
193 * Returns handle to new list, you must replace your old handle on the list with this. */
194 TRP_CONNECTION *trp_connection_remove(TRP_CONNECTION *conn, TRP_CONNECTION *remove)
196 TRP_CONNECTION *cur=conn;
197 TRP_CONNECTION *last=NULL;
202 /* first element is a special case */
204 conn=trp_connection_get_next(cur); /* advance list head */
206 /* it was not the first element */
208 cur=trp_connection_get_next(cur);
211 trp_connection_set_next(last, trp_connection_get_next(cur));
215 cur=trp_connection_get_next(cur);
221 static TRP_CONNECTION *trp_connection_get_tail(TRP_CONNECTION *conn)
223 while((conn!=NULL)&&(trp_connection_get_next(conn)!=NULL))
224 conn=trp_connection_get_next(conn);
228 void trp_connection_append(TRP_CONNECTION *conn, TRP_CONNECTION *new)
230 trp_connection_set_next(trp_connection_get_tail(conn), new);
233 static void trp_connection_mutex_init(TRP_CONNECTION *conn)
235 pthread_mutex_init(&(conn->mutex), NULL);
238 /* talloc destructor for a connection: ensures connection is closed, memory freed */
239 static int trp_connection_destructor(void *object)
241 TRP_CONNECTION *conn=talloc_get_type_abort(object, TRP_CONNECTION); /* aborts on wrong type */
242 if ((trp_connection_get_status(conn)!=TRP_CONNECTION_CLOSED)
243 && (trp_connection_get_fd(conn)!=-1))
244 close(trp_connection_get_fd(conn));
245 if (conn->peer!=NULL)
246 tr_free_name(conn->peer);
247 if (conn->gssname!=NULL)
248 tr_free_name(conn->gssname);
252 TRP_CONNECTION *trp_connection_new(TALLOC_CTX *mem_ctx)
254 TRP_CONNECTION *new_conn=talloc(mem_ctx, TRP_CONNECTION);
255 gss_ctx_id_t *gssctx=NULL;
256 pthread_t *thread=NULL;
259 if (new_conn != NULL) {
260 trp_connection_set_next(new_conn, NULL);
261 trp_connection_set_fd(new_conn, -1);
262 trp_connection_set_gssname(new_conn, NULL);
263 trp_connection_mutex_init(new_conn);
264 new_conn->peer=NULL; /* no true set function for this */
265 new_conn->status_change_cb=NULL;
266 new_conn->status_change_cookie=NULL;
267 new_conn->status=TRP_CONNECTION_CLOSED;
269 thread=talloc(new_conn, pthread_t);
271 talloc_free(new_conn);
274 trp_connection_set_thread(new_conn, thread);
276 gssctx=talloc(new_conn, gss_ctx_id_t);
278 talloc_free(new_conn);
281 trp_connection_set_gssctx(new_conn, gssctx);
282 talloc_set_destructor((void *)new_conn, trp_connection_destructor);
287 void trp_connection_free(TRP_CONNECTION *conn)
292 void trp_connection_close(TRP_CONNECTION *conn)
294 if ((conn->status!=TRP_CONNECTION_DOWN) && (conn->fd>0))
295 close(trp_connection_get_fd(conn));
296 trp_connection_set_fd(conn, -1);
297 trp_connection_set_status(conn, TRP_CONNECTION_DOWN);
300 /* returns 0 on authorization success, 1 on failure, or -1 in case of error */
301 int trp_connection_auth(TRP_CONNECTION *conn, TRP_AUTH_FUNC auth_callback, void *callback_data)
304 int auth, autherr = 0;
305 gss_buffer_desc nameBuffer = {0, NULL};
306 gss_ctx_id_t *gssctx=trp_connection_get_gssctx(conn);
308 nameBuffer.length = trp_connection_get_gssname(conn)->len;
309 nameBuffer.value = tr_name_strdup(trp_connection_get_gssname(conn));
311 tr_debug("trp_connection_auth: beginning passive authentication");
312 if (trp_connection_get_status(conn)!=TRP_CONNECTION_AUTHORIZING)
313 tr_warning("trp_connection_auth: warning: connection was not in TRP_CONNECTION_AUTHORIZING state.");
315 rc = gsscon_passive_authenticate(trp_connection_get_fd(conn), nameBuffer, gssctx, auth_callback, callback_data);
316 gss_release_buffer(NULL, &nameBuffer);
318 tr_debug("trp_connection_auth: Error from gsscon_passive_authenticate(), rc = 0x%08X.", rc);
319 trp_connection_set_status(conn, TRP_CONNECTION_DOWN);
323 tr_debug("trp_connection_auth: beginning second stage authentication");
324 if (rc = gsscon_authorize(*gssctx, &auth, &autherr)) {
325 tr_debug("trp_connection_auth: Error from gsscon_authorize, rc = %d, autherr = %d.",
327 trp_connection_set_status(conn, TRP_CONNECTION_DOWN);
331 trp_connection_set_peer(conn);
332 trp_connection_set_status(conn, TRP_CONNECTION_UP);
335 tr_debug("trp_connection_auth: Connection authenticated, fd = %d.", trp_connection_get_fd(conn));
337 tr_debug("trp_connection_auth: Authentication failed, fd = %d.", trp_connection_get_fd(conn));
345 * @param mem_ctx talloc context for return value
346 * @param listen socket fd for incoming connection
347 * @param gss_servicename our GSS service name to use for passive auth */
348 TRP_CONNECTION *trp_connection_accept(TALLOC_CTX *mem_ctx, int listen, TR_NAME *gss_servicename)
351 TRP_CONNECTION *conn=NULL;
353 conn_fd = tr_sock_accept(listen);
356 tr_notice("trp_connection_accept: Error accepting connection.");
359 conn=trp_connection_new(mem_ctx);
360 trp_connection_set_fd(conn, conn_fd);
361 trp_connection_set_gssname(conn, gss_servicename);
362 trp_connection_set_status(conn, TRP_CONNECTION_AUTHORIZING);
366 /* Initiate connection */
367 TRP_RC trp_connection_initiate(TRP_CONNECTION *conn, char *server, int port)
379 tr_err("trp_connection_initiate: null TRP_CONNECTION");
383 tr_debug("trp_connection_initiate: opening GSS connection to %s:%d",
386 err = gsscon_connect(server,
390 trp_connection_get_gssctx(conn));
392 tr_err("trp_connection_initiate: connection failed.");
395 tr_debug("trp_connection_initiate: connected.");
396 trp_connection_set_fd(conn, fd);
397 if (trp_connection_set_peer(conn)!=TRP_SUCCESS) {
398 tr_err("trp_connection_initiate: error setting peer gssname.");
399 trp_connection_close(conn);
402 trp_connection_set_status(conn, TRP_CONNECTION_UP);