#include <sys/time.h>
#include <glib.h>
#include <string.h>
+#include <poll.h> // for nfds_t
#include <gsscon.h>
#include <tr_comm.h>
#include <tr_apc.h>
#include <tr_rp.h>
-#include <trust_router/tr_name.h>
+#include <tr_name_internal.h>
+#include <trp_route.h>
#include <trp_internal.h>
-#include <tr_gss.h>
+#include <tr_gss_names.h>
+#include <trp_peer.h>
#include <trp_ptable.h>
#include <trp_rtable.h>
#include <tr_debug.h>
#include <tr_util.h>
+#include <tr_socket.h>
static int trps_destructor(void *object)
{
/* get the connection for this peer */
trpc=trps_find_trpc(trps, peer);
- /* instead, let's let that happen and then clear the queue when an attempt to
- * connect fails */
+ /* The peer connection (trpc) usually exists even if the connection is down.
+ * We will queue messages even if the connection is down. To prevent this from
+ * endlessly increasing the size of the queue, the trpc handler needs to clear
+ * its queue periodically, even if it is unable to send the messages
+ */
if (trpc==NULL) {
tr_warning("trps_send_msg: skipping message queued for missing TRP client entry.");
} else {
return rc;
}
-/* Listens on all interfaces. Returns number of sockets opened. Their
- * descriptors are stored in *fd_out, which should point to space for
- * up to max_fd of them. */
-static size_t trps_listen(TRPS_INSTANCE *trps, int port, int *fd_out, size_t max_fd)
-{
- int rc = 0;
- int conn = -1;
- int optval=0;
- struct addrinfo *ai=NULL;
- struct addrinfo *ai_head=NULL;
- struct addrinfo hints={.ai_flags=AI_PASSIVE,
- .ai_family=AF_UNSPEC,
- .ai_socktype=SOCK_STREAM,
- .ai_protocol=IPPROTO_TCP};
- char *port_str=NULL;
- size_t n_opened=0;
-
- port_str=talloc_asprintf(NULL, "%d", port);
- if (port_str==NULL) {
- tr_debug("trps_listen: unable to allocate port.");
- return -1;
- }
- getaddrinfo(NULL, port_str, &hints, &ai_head);
- talloc_free(port_str);
-
- for (ai=ai_head,n_opened=0; (ai!=NULL)&&(n_opened<max_fd); ai=ai->ai_next) {
- if (0 > (conn = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol))) {
- tr_debug("trps_listen: unable to open socket.");
- continue;
- }
-
- optval=1;
- if (0!=setsockopt(conn, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)))
- tr_debug("trps_listen: unable to set SO_REUSEADDR."); /* not fatal? */
-
- if (ai->ai_family==AF_INET6) {
- /* don't allow IPv4-mapped IPv6 addresses (per RFC4942, not sure
- * if still relevant) */
- if (0!=setsockopt(conn, IPPROTO_IPV6, IPV6_V6ONLY, &optval, sizeof(optval))) {
- tr_debug("trps_listen: unable to set IPV6_V6ONLY. Skipping interface.");
- close(conn);
- continue;
- }
- }
-
- rc=bind(conn, ai->ai_addr, ai->ai_addrlen);
- if (rc<0) {
- tr_debug("trps_listen: unable to bind to socket.");
- close(conn);
- continue;
- }
-
- if (0>listen(conn, 512)) {
- tr_debug("trps_listen: unable to listen on bound socket.");
- close(conn);
- continue;
- }
-
- /* ok, this one worked. Save it */
- fd_out[n_opened++]=conn;
- }
- freeaddrinfo(ai_head);
-
- if (n_opened==0) {
- tr_debug("trps_listen: no addresses available for listening.");
- return -1;
- }
-
- tr_debug("trps_listen: TRP Server listening on port %d on %d socket%s",
- port,
- n_opened,
- (n_opened==1)?"":"s");
-
- return n_opened;
-}
-
/* get the currently selected route if available */
TRP_ROUTE *trps_get_route(TRPS_INSTANCE *trps, TR_NAME *comm, TR_NAME *realm, TR_NAME *peer)
{
tr_debug("trps_read_message: message received, %u bytes.", (unsigned) buflen);
tr_debug("trps_read_message: %.*s", buflen, buf);
- *msg=tr_msg_decode(buf, buflen);
+ *msg= tr_msg_decode(NULL, buf, buflen);
free(buf);
if (*msg==NULL)
return TRP_NOPARSE;
int *fd_out,
size_t max_fd)
{
- size_t n_fd=0;
- size_t ii=0;
+ nfds_t n_fd=0;
+ nfds_t ii=0;
+
+ n_fd = tr_sock_listen_all(port, fd_out, max_fd);
- n_fd=trps_listen(trps, port, fd_out, max_fd);
- if (n_fd==0)
- tr_debug("trps_get_listener: Error opening port %d.");
+ if (n_fd == 0)
+ tr_err("trps_get_listener: Error opening port %d.");
else {
/* opening port succeeded */
- tr_debug("trps_get_listener: Opened port %d.", port);
+ tr_info("trps_get_listener: Opened port %d.", port);
/* make the sockets non-blocking */
for (ii=0; ii<n_fd; ii++) {
if (0 != fcntl(fd_out[ii], F_SETFL, O_NONBLOCK)) {
- tr_debug("trps_get_listener: Error setting O_NONBLOCK.");
+ tr_err("trps_get_listener: Error setting O_NONBLOCK.");
for (ii=0; ii<n_fd; ii++) {
close(fd_out[ii]);
fd_out[ii]=-1;
}
- n_fd=0;
+ n_fd = 0;
break;
}
}
}
- if (n_fd>0) {
+ if (n_fd > 0) {
/* store the caller's request handler & cookie */
trps->msg_handler = msg_handler;
trps->auth_handler = auth_handler;
trps->cookie = cookie;
}
- return n_fd;
+ return (int) n_fd;
}
TRP_RC trps_authorize_connection(TRPS_INSTANCE *trps, TRP_CONNECTION *conn)
* Apply applicable TRP_INBOUND filters to an inforec. Rejects everything if peer has no filters.
*
* @param trps Active TRPS instance
- * @param peer_name Name of peer that sent this inforec
+ * @param upd TRP_UPD that contains the inforec to filter
* @param rec Inforec to filter
- * @param realm Name of realm
- * @param comm Name of community
* @return 1 if accepted by the filter, 0 otherwise
*/
-static int trps_filter_inbound_inforec(TRPS_INSTANCE *trps, TR_NAME *peer_name, TRP_INFOREC *rec, TR_NAME *realm, TR_NAME *comm)
+static int trps_filter_inbound_inforec(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC *rec)
{
TRP_PEER *peer=NULL;
+ TR_NAME *peer_name=NULL;
TR_FILTER_ACTION action=TR_FILTER_ACTION_REJECT;
TR_FILTER_TARGET *target=NULL;
int retval=0;
/* Look up the peer. For inbound messages, the peer is identified by its GSS name */
+ peer_name=trp_upd_get_peer(upd);
peer=trps_get_peer_by_gssname(trps, peer_name);
if (peer==NULL) {
tr_err("trps_filter_inbound_inforec: received inforec from unknown peer (%.*s), rejecting.",
}
/* tr_filter_apply() and tr_filter_set_get() handle null filter sets/filters by rejecting */
- target=tr_filter_target_trp_inforec(NULL, rec, realm, comm);
+ target= tr_filter_target_trp_inforec(NULL, upd, rec);
if (target==NULL) {
/* TODO: signal that filtering failed. Until then, just filter everything and give an error message. */
tr_crit("trps_filter_inbound_inforec: Unable to allocate filter target, cannot apply filter!");
}
for (rec=trp_upd_get_inforec(upd); rec!=NULL; rec=trp_inforec_get_next(rec)) {
- if (!trps_filter_inbound_inforec(trps,
- trp_upd_get_peer(upd),
- rec,
- trp_upd_get_realm(upd),
- trp_upd_get_comm(upd))) {
+ if (!trps_filter_inbound_inforec(trps, upd, rec)) {
tr_debug("trps_handle_update: inforec rejected by filter.");
continue; /* just go on to the next record */
}
return TRP_ERROR;
}
- entry=trp_rtable_get_entries(trps->rtable, &n_entry); /* must talloc_free *entry */
+ entry= trp_rtable_get_entries(NULL, trps->rtable, &n_entry); /* must talloc_free *entry */
/* loop over the entries */
for (ii=0; ii<n_entry; ii++) {
}
-static char *timespec_to_str(struct timespec *ts)
-{
- struct tm tm;
- char *s=NULL;
-
- if (localtime_r(&(ts->tv_sec), &tm)==NULL)
- return NULL;
-
- s=malloc(40); /* long enough to contain strftime result */
- if (s==NULL)
- return NULL;
-
- if (strftime(s, 40, "%F %T", &tm)==0) {
- free(s);
- return NULL;
- }
- return s;
-}
-
-
/* Sweep for expired communities/realms/memberships. */
TRP_RC trps_sweep_ctable(TRPS_INSTANCE *trps)
{
for(this=trp_upd_get_inforec(upd); this!=NULL; this=next) {
next=this->next;
- target=tr_filter_target_trp_inforec(NULL, this, trp_upd_get_realm(upd), trp_upd_get_comm(upd));
+ target= tr_filter_target_trp_inforec(NULL, upd, this);
if (target==NULL) {
/* TODO: signal that filtering failed. Until then, just filter everything and give an error message. */
tr_crit("trps_filter_one_outbound_update: Unable to allocate filter target, cannot apply filter!");
static void trps_filter_outbound_updates(TR_FILTER_SET *filters, GPtrArray *updates)
{
TRP_UPD *upd=NULL;
- int ii=0;
+ guint ii=0;
- /* walk backward through the array so we can remove elements */
- for (ii=updates->len-1; ii>=0; ii--) {
- upd=g_ptr_array_index(updates, ii);
+ /* Walk backward through the array so we can remove elements. Careful about loop
+ * termination - remember that ii is unsigned. */
+ for (ii=updates->len; ii>0; ii--) {
+ upd=g_ptr_array_index(updates, ii-1);
trps_filter_one_outbound_update(tr_filter_set_get(filters, TR_FILTER_TYPE_TRP_OUTBOUND), upd);
/* see if we removed all the records from this update */
if (trp_upd_num_inforecs(upd)==0)
- g_ptr_array_remove_index_fast(updates, ii); /* does not preserve order at index ii or higher */
+ g_ptr_array_remove_index_fast(updates, ii-1); /* does not preserve order at index ii or higher */
}
}
upd = (TRP_UPD *) g_ptr_array_index(updates, ii);
/* now encode the update message */
tr_msg_set_trp_upd(&msg, upd);
- encoded = tr_msg_encode(&msg);
+ encoded = tr_msg_encode(NULL, &msg);
if (encoded == NULL) {
tr_err("trps_update_one_peer: error encoding update.");
rc = TRP_ERROR;
}
tr_msg_set_trp_req(&msg, req);
- encoded=tr_msg_encode(&msg);
+ encoded= tr_msg_encode(NULL, &msg);
if (encoded==NULL) {
tr_err("trps_wildcard_route_req: error encoding wildcard TRP request.");
rc=TRP_ERROR;
projects / trust_router.git / blobdiff