#include <netinet/in.h>
#include <jansson.h>
#include <talloc.h>
+#include <poll.h>
#include <tid_internal.h>
#include <gsscon.h>
#include <tr_debug.h>
TID_RESP *resp=NULL;
int success=0;
- if ((NULL == (resp = talloc_zero(req, TID_RESP)))) {
+ if (NULL == (resp = tid_resp_new(req))) {
tr_crit("tids_create_response: Error allocating response structure.");
return NULL;
}
goto cleanup;
}
}
+ if (req->request_id) {
+ if (NULL == (resp->request_id = tr_dup_name(req->request_id))) {
+ tr_crit("tids_create_response: Error allocating fields in response.");
+ goto cleanup;
+ }
+ }
success=1;
cleanup:
if ((!success) && (resp!=NULL)) {
- if (resp->rp_realm!=NULL)
- tr_free_name(resp->rp_realm);
- if (resp->realm!=NULL)
- tr_free_name(resp->realm);
- if (resp->comm!=NULL)
- tr_free_name(resp->comm);
- if (resp->orig_coi!=NULL)
- tr_free_name(resp->orig_coi);
talloc_free(resp);
resp=NULL;
}
return resp;
}
-static void tids_destroy_response(TIDS_INSTANCE *tids, TID_RESP *resp)
-{
- if (resp) {
- if (resp->err_msg)
- tr_free_name(resp->err_msg);
- if (resp->rp_realm)
- tr_free_name(resp->rp_realm);
- if (resp->realm)
- tr_free_name(resp->realm);
- if (resp->comm)
- tr_free_name(resp->comm);
- if (resp->orig_coi)
- tr_free_name(resp->orig_coi);
- talloc_free(resp);
- }
-}
-
static int tids_listen(TIDS_INSTANCE *tids, int port, int *fd_out, size_t max_fd)
{
int rc = 0;
.ai_protocol=IPPROTO_TCP};
char *port_str=NULL;
size_t n_opened=0;
-
+
+ tr_debug("tids_listen: started!");
port_str=talloc_asprintf(NULL, "%d", port);
if (port_str==NULL) {
tr_debug("tids_listen: unable to allocate port.");
return -1;
}
- getaddrinfo(NULL, port_str, &hints, &ai_head);
+ tr_debug("getaddrinfo()=%d", getaddrinfo(NULL, port_str, &hints, &ai_head));
talloc_free(port_str);
+ tr_debug("tids_listen: got address info");
/* TODO: listen on all ports */
for (ai=ai_head,n_opened=0; (ai!=NULL)&&(n_opened<max_fd); ai=ai->ai_next) {
if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, tids_auth_cb, inst)) {
tr_debug("tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.", rc);
+ free(name);
return -1;
}
+ free(name);
+ nameBuffer.value=NULL; nameBuffer.length=0;
if (rc = gsscon_authorize(*gssctx, &auth, &autherr)) {
tr_debug("tids_auth_connection: Error from gsscon_authorize, rc = %d, autherr = %d.",
tr_crit("tids_send_err_response: Can't create response.");
return -1;
}
-
/* mark this as an error response, and include the error message */
resp->result = TID_ERROR;
rc = tids_send_response(tids, req, resp);
- tids_destroy_response(tids, resp);
+ tid_resp_free(resp);
return rc;
}
if (NULL == (resp_buf = tr_msg_encode(&mresp))) {
- fprintf(stderr, "tids_send_response: Error encoding json response.\n");
+ tr_err("tids_send_response: Error encoding json response.");
tr_audit_req(req);
return -1;
tr_debug("tids_handle_connection: Error from tids_send_response(), rc = %d.", rc);
/* if we didn't already send a response, try to send a generic error. */
if (!tr_msg_get_req(mreq)->resp_sent)
- tids_send_err_response(tids, tr_msg_get_req(mreq), "Error sending response.");
+ tids_send_err_response(tids, tr_msg_get_req(mreq), "Error sending response.");
/* Fall through to free the response, either way. */
}
- tids_destroy_response(tids, resp);
- tr_msg_free_decoded(mreq);
+ tr_msg_free_decoded(mreq); /* takes resp with it */
return;
}
}
-TIDS_INSTANCE *tids_create (TALLOC_CTX *mem_ctx)
+TIDS_INSTANCE *tids_create (void)
{
- return talloc_zero(mem_ctx, TIDS_INSTANCE);
+ return talloc_zero(NULL, TIDS_INSTANCE);
}
/* Get a listener for tids requests, returns its socket fd. Accept
* connections with tids_accept() */
int tids_get_listener(TIDS_INSTANCE *tids,
TIDS_REQ_FUNC *req_handler,
- TIDS_AUTH_FUNC *auth_handler,
+ tids_auth_func *auth_handler,
const char *hostname,
unsigned int port,
void *cookie,
tids->tids_port = port;
n_fd=tids_listen(tids, port, fd_out, max_fd);
- if (n_fd==0)
- tr_debug("tids_get_listener: Error opening port %d");
+ if (n_fd<=0)
+ tr_err("tids_get_listener: Error opening port %d");
else {
/* opening port succeeded */
- tr_debug("tids_get_listener: Opened port %d.", port);
+ tr_info("tids_get_listener: Opened port %d.", port);
/* make this socket non-blocking */
for (ii=0; ii<n_fd; ii++) {
if (0 != fcntl(fd_out[ii], F_SETFL, O_NONBLOCK)) {
- tr_debug("tids_get_listener: Error setting O_NONBLOCK.");
+ tr_err("tids_get_listener: Error setting O_NONBLOCK.");
for (ii=0; ii<n_fd; ii++) {
close(fd_out[ii]);
fd_out[ii]=-1;
return 0;
}
+/* Process tids requests forever. Should not return except on error. */
+#define MAX_SOCKETS 10
+int tids_start (TIDS_INSTANCE *tids,
+ TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler,
+ const char *hostname,
+ unsigned int port,
+ void *cookie)
+{
+ int fd[MAX_SOCKETS]={0};
+ size_t n_fd=0;
+ struct pollfd poll_fd[MAX_SOCKETS]={{0}};
+ int ii=0;
+
+ n_fd=tids_get_listener(tids, req_handler, auth_handler, hostname, port, cookie, fd, MAX_SOCKETS);
+ if (n_fd <= 0) {
+ perror ("Error from tids_listen()");
+ return 1;
+ }
+
+ tr_info("Trust Path Query Server starting on host %s:%d.", hostname, port);
+
+ /* set up the poll structs */
+ for (ii=0; ii<n_fd; ii++) {
+ poll_fd[ii].fd=fd[ii];
+ poll_fd[ii].events=POLLIN;
+ }
+
+ while(1) { /* accept incoming conns until we are stopped */
+ /* clear out events from previous iteration */
+ for (ii=0; ii<n_fd; ii++)
+ poll_fd[ii].revents=0;
+
+ /* wait indefinitely for a connection */
+ if (poll(poll_fd, n_fd, -1) < 0) {
+ perror("Error from poll()");
+ return 1;
+ }
+
+ /* fork handlers for any sockets that have data */
+ for (ii=0; ii<n_fd; ii++) {
+ if (poll_fd[ii].revents == 0)
+ continue;
+
+ if ((poll_fd[ii].revents & POLLERR) || (poll_fd[ii].revents & POLLNVAL)) {
+ perror("Error polling fd");
+ continue;
+ }
+
+ if (poll_fd[ii].revents & POLLIN) {
+ if (tids_accept(tids, poll_fd[ii].fd))
+ tr_err("tids_start: error in tids_accept().");
+ }
+ }
+ }
+
+ return 1; /* should never get here, loops "forever" */
+}
+#undef MAX_SOCKETS
+
void tids_destroy (TIDS_INSTANCE *tids)
{
/* clean up logfiles */