X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=blobdiff_plain;f=tid%2Ftidc.c;h=90335f0ed6375df3350183c9e59fc0eb001612e4;hp=62968fb8d8db701ace3bebec94ea21405cb93aef;hb=3c5fb17459ff56d5e23cea059503f46a42150a1e;hpb=7d59da0c160c7b4b288fbbfb5c2c1d17049372c5 diff --git a/tid/tidc.c b/tid/tidc.c index 62968fb..90335f0 100644 --- a/tid/tidc.c +++ b/tid/tidc.c @@ -36,67 +36,88 @@ #include #include +#include #include #include #include -#include #include +#include int tmp_len = 32; -TIDC_INSTANCE *tidc_create () +/* creates struct in talloc null context */ +TIDC_INSTANCE *tidc_create(void) { - TIDC_INSTANCE *tidc = NULL; - - if (NULL == (tidc = talloc_zero(NULL, TIDC_INSTANCE))) - return NULL; - + TIDC_INSTANCE *tidc=talloc(NULL, TIDC_INSTANCE); + if (tidc!=NULL) { + tidc->gssc = tr_gssc_instance_new(tidc); + if (tidc->gssc == NULL) { + talloc_free(tidc); + return NULL; + } + + tidc->gssc->service_name = "trustidentity"; + } return tidc; } -void tidc_destroy (TIDC_INSTANCE *tidc) +void tidc_destroy(TIDC_INSTANCE *tidc) { talloc_free(tidc); } int tidc_open_connection (TIDC_INSTANCE *tidc, - char *server, - unsigned int port, - gss_ctx_id_t *gssctx) + const char *server, + unsigned int port, + gss_ctx_id_t *gssctx) { - int err = 0; - int conn = -1; unsigned int use_port = 0; + tidc->gssc->gss_ctx = gssctx; if (0 == port) use_port = TID_PORT; - else + else use_port = port; - err = gsscon_connect(server, use_port, "trustidentity", &conn, gssctx); - - if (!err) - return conn; + tr_debug("tidc_open_connection: opening tidc connection to %s:%d", server, use_port); + if (0 == tr_gssc_open_connection(tidc->gssc, server, use_port)) + return tidc->gssc->conn; else return -1; } -int tidc_send_request (TIDC_INSTANCE *tidc, - int conn, - gss_ctx_id_t gssctx, - char *rp_realm, - char *realm, - char *comm, - TIDC_RESP_FUNC *resp_handler, - void *cookie) +int tidc_send_request (TIDC_INSTANCE *tidc, + int conn, + gss_ctx_id_t gssctx, + const char *rp_realm, + const char *realm, + const char *comm, + TIDC_RESP_FUNC *resp_handler, + void *cookie) { TID_REQ *tid_req = NULL; + char *request_id = NULL; int rc; + int orig_conn = 0; + gss_ctx_id_t *orig_gss_ctx = NULL; + + /* For ABI compatibility, replace the generic GSS client parameters + * with the arguments we were passed. */ + orig_conn = tidc->gssc->conn; /* save to restore later */ + if (conn != tidc->gssc->conn) { + tr_warning("tidc_send_request: WARNING: socket connection FD does not match FD opened by tidc_open_connection()"); + tidc->gssc->conn = conn; + } + orig_gss_ctx = tidc->gssc->gss_ctx; /* save to restore later */ + if (gssctx != *(tidc->gssc->gss_ctx)) { + tr_warning("tidc_send_request: WARNING: sending request with different GSS context than used for tidc_open_connection()"); + *tidc->gssc->gss_ctx = gssctx; + } /* Create and populate a TID req structure */ if (!(tid_req = tid_req_new())) - return -1; + goto error; tid_req->conn = conn; tid_req->gssctx = gssctx; @@ -108,110 +129,102 @@ int tidc_send_request (TIDC_INSTANCE *tidc, goto error; } - tid_req->tidc_dh = tidc->client_dh; + tid_req->tidc_dh = tr_dh_dup(tidc->gssc->client_dh); + + /* generate an ID */ + request_id = tr_random_id(NULL); + if (request_id) { + if (tid_req->request_id = tr_new_name(request_id)) + tr_debug("tidc_send_request: Created TID request ID: %s", request_id); + else + tr_debug("tidc_send_request: Unable to set request ID, proceeding without one"); + talloc_free(request_id); + } else + tr_debug("tidc_send_request: Failed to generate a TID request ID, proceeding without one"); rc = tidc_fwd_request(tidc, tid_req, resp_handler, cookie); goto cleanup; error: rc = -1; cleanup: - tid_req_free(tid_req); + if (tid_req) + tid_req_free(tid_req); + + tidc->gssc->conn = orig_conn; + tidc->gssc->gss_ctx = orig_gss_ctx; return rc; } -int tidc_fwd_request (TIDC_INSTANCE *tidc, - TID_REQ *tid_req, - TIDC_RESP_FUNC *resp_handler, - void *cookie) +int tidc_fwd_request(TIDC_INSTANCE *tidc, + TID_REQ *tid_req, + TIDC_RESP_FUNC *resp_handler, + void *cookie) { - char *req_buf = NULL; - char *resp_buf = NULL; - size_t resp_buflen = 0; + TALLOC_CTX *tmp_ctx = talloc_new(NULL); TR_MSG *msg = NULL; TR_MSG *resp_msg = NULL; - int err; + TID_RESP *tid_resp = NULL; int rc = 0; /* Create and populate a TID msg structure */ - if (!(msg = talloc_zero(tid_req, TR_MSG))) + if (!(msg = talloc_zero(tmp_ctx, TR_MSG))) goto error; msg->msg_type = TID_REQUEST; tr_msg_set_req(msg, tid_req); - /* store the response function and cookie */ - // tid_req->resp_func = resp_handler; - // tid_req->cookie = cookie; - - - /* Encode the request into a json string */ - if (!(req_buf = tr_msg_encode(msg))) { - tr_err("tidc_fwd_request: Error encoding TID request.\n"); - goto error; - } - tr_debug( "tidc_fwd_request: Sending TID request:\n"); - tr_debug( "%s\n", req_buf); + tr_debug( "tidc_fwd_request: Sending TID request\n"); /* Send the request over the connection */ - if (err = gsscon_write_encrypted_token (tid_req->conn, tid_req->gssctx, req_buf, - strlen(req_buf))) { - tr_err( "tidc_fwd_request: Error sending request over connection.\n"); + resp_msg = tr_gssc_exchange_msgs(tmp_ctx, tidc->gssc, msg); + if (resp_msg == NULL) goto error; - } - /* TBD -- queue request on instance, read resps in separate thread */ - - /* Read the response from the connection */ - /* TBD -- timeout? */ - if (err = gsscon_read_encrypted_token(tid_req->conn, tid_req->gssctx, &resp_buf, &resp_buflen)) { - if (resp_buf) - free(resp_buf); + /* TBD -- Check if this is actually a valid response */ + tid_resp = tr_msg_get_resp(resp_msg); + if (tid_resp == NULL) { + tr_err( "tidc_fwd_request: Error, no response in the response!\n"); goto error; } - tr_debug( "tidc_fwd_request: Response Received (%u bytes).\n", (unsigned) resp_buflen); - tr_debug( "%s\n", resp_buf); - - if (NULL == (resp_msg = tr_msg_decode(resp_buf, resp_buflen))) { - tr_err( "tidc_fwd_request: Error decoding response.\n"); - goto error; + /* Check whether the request IDs matched and warn if not. Do nothing if we don't get + * an ID on the return - it is not mandatory to preserve that field. */ + if (tid_req->request_id) { + if ((tid_resp->request_id) + && (tr_name_cmp(tid_resp->request_id, tid_req->request_id) != 0)) { + /* Requests present but do not match */ + tr_warning("tidc_fwd_request: Sent request ID %.*s, received response for %.*s", + tid_req->request_id->len, tid_req->request_id->buf, + tid_resp->request_id->len, tid_resp->request_id->buf); + } + } else if (tid_resp->request_id) { + tr_warning("tidc_fwd_request: Sent request without ID, received response for %.*s", + tid_resp->request_id->len, tid_resp->request_id->buf); } - /* TBD -- Check if this is actually a valid response */ - if (TID_RESPONSE != tr_msg_get_msg_type(resp_msg)) { - tr_err( "tidc_fwd_request: Error, no response in the response!\n"); - goto error; - } - - if (resp_handler) - /* Call the caller's response function */ + if (resp_handler) { + /* Call the caller's response function. It must copy any data it needs before returning. */ + tr_debug("tidc_fwd_request: calling response callback function."); (*resp_handler)(tidc, tid_req, tr_msg_get_resp(resp_msg), cookie); + } + goto cleanup; error: rc = -1; cleanup: - if (msg) - talloc_free(msg); - if (req_buf) - free(req_buf); - if (resp_buf) - free(resp_buf); - - /* TBD -- free the decoded response */ - + talloc_free(tmp_ctx); return rc; } DH * tidc_get_dh(TIDC_INSTANCE *inst) { - return inst->client_dh; + return tr_gssc_get_dh(inst->gssc); } DH *tidc_set_dh(TIDC_INSTANCE *inst, DH *dh) { - inst->client_dh = dh; - return dh; + return tr_gssc_set_dh(inst->gssc, dh); }