X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=blobdiff_plain;f=tr%2Ftr_main.c;h=bb04bebf0841574771bcc2592b7ac38130fc5e2a;hp=9c8f9093529fd7c50dfb19330d7b1e80c5294ef7;hb=58571ae4cf8f7492d383b81ae0f55c5283184ee4;hpb=45c8d1e8259cae6eaaee3b4a66660a9aa92b1d5b diff --git a/tr/tr_main.c b/tr/tr_main.c index 9c8f909..bb04beb 100644 --- a/tr/tr_main.c +++ b/tr/tr_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, JANET(UK) + * Copyright (c) 2012, 2015, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,261 +33,264 @@ */ #include -#include +#include +#include +#include +#include +#include +#include -#include -#include #include +#include +#include +#include +#include #include -#include -#include -#include +#include +#include +#include #include -/* Structure to hold TR instance and original request in one cookie */ -typedef struct tr_resp_cookie { - TR_INSTANCE *tr; - TID_REQ *orig_req; -} TR_RESP_COOKIE; +#define TALLOC_DEBUG_ENABLE 1 +/***** command-line option handling / setup *****/ -static void tr_tidc_resp_handler (TIDC_INSTANCE *tidc, - TID_REQ *req, - TID_RESP *resp, - void *resp_cookie) +static void print_version_info(void) { - tr_debug("tr_tidc_resp_handler: Response received (conn = %d)! Realm = %s, Community = %s.", ((TR_RESP_COOKIE *)resp_cookie)->orig_req->conn, resp->realm->buf, resp->comm->buf); - req->resp_rcvd = 1; - - /* TBD -- handle concatentation of multiple responses to single req */ - tids_send_response(((TR_RESP_COOKIE *)resp_cookie)->tr->tids, - ((TR_RESP_COOKIE *)resp_cookie)->orig_req, - resp); - - return; + printf("Moonshot Trust Router %s\n\n", PACKAGE_VERSION); } -static int tr_tids_req_handler (TIDS_INSTANCE *tids, - TID_REQ *orig_req, - TID_RESP *resp, - void *tr) -{ - TIDC_INSTANCE *tidc = NULL; - TR_RESP_COOKIE resp_cookie; - TR_AAA_SERVER *aaa_servers = NULL; - TR_NAME *apc = NULL; - TID_REQ *fwd_req = NULL; - TR_COMM *cfg_comm = NULL; - TR_COMM *cfg_apc = NULL; - int oaction = TR_FILTER_ACTION_REJECT; - int rc = 0; - - if ((!tids) || (!orig_req) || (!resp) || (!tr)) { - tr_debug("tr_tids_req_handler: Bad parameters"); - return -1; - } - - tr_debug("tr_tids_req_handler: Request received (conn = %d)! Realm = %s, Comm = %s", orig_req->conn, - orig_req->realm->buf, orig_req->comm->buf); - if (tids) - tids->req_count++; - - /* Duplicate the request, so we can modify and forward it */ - if (NULL == (fwd_req = tid_dup_req(orig_req))) { - tr_debug("tr_tids_req_handler: Unable to duplicate request."); - return -1; - } +/* Strip trailing / from a path name.*/ +static void remove_trailing_slash(char *s) { + size_t n; - if (NULL == (cfg_comm = tr_comm_lookup((TR_INSTANCE *)tids->cookie, orig_req->comm))) { - tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "Unknown community"); - return -1; + n=strlen(s); + if(s[n-1]=='/') { + s[n-1]='\0'; } +} - /* Check that the rp_realm matches the filter for the GSS name that - * was received. */ - - if ((!((TR_INSTANCE *)tr)->rp_gss) || - (!((TR_INSTANCE *)tr)->rp_gss->filter)) { - tr_notice("tr_tids_req_handler: No GSS name for incoming request."); - tids_send_err_response(tids, orig_req, "No GSS name for request"); - return -1; - } +/* argp global parameters */ +const char *argp_program_bug_address=PACKAGE_BUGREPORT; /* bug reporting address */ + +/* doc strings */ +static const char doc[]=PACKAGE_NAME " - Moonshot Trust Router " PACKAGE_VERSION; +static const char arg_doc[]=""; /* string describing arguments, if any */ + +/* define the options here. Fields are: + * { long-name, short-name, variable name, options, help description } */ +static const struct argp_option cmdline_options[] = { + { "config-dir", 'c', "DIR", 0, "Specify configuration file location (default is current directory)"}, + { "version", 'v', NULL, 0, "Print version information and exit"}, + { NULL } +}; + +/* structure for communicating with option parser */ +struct cmdline_args { + int version_requested; + char *config_dir; +}; + +/* parser for individual options - fills in a struct cmdline_args */ +static error_t parse_option(int key, char *arg, struct argp_state *state) +{ + /* get a shorthand to the command line argument structure, part of state */ + struct cmdline_args *arguments=state->input; + + switch (key) { + case 'c': + if (arg == NULL) { + /* somehow we got called without an argument */ + return ARGP_ERR_UNKNOWN; + } + arguments->config_dir=arg; + break; - if ((TR_FILTER_NO_MATCH == tr_filter_process_rp_permitted(orig_req->rp_realm, ((TR_INSTANCE *)tr)->rp_gss->filter, orig_req->cons, &fwd_req->cons, &oaction)) || - (TR_FILTER_ACTION_REJECT == oaction)) { - tr_notice("tr_tids_req_handler: RP realm (%s) does not match RP Realm filter for GSS name", orig_req->rp_realm->buf); - tids_send_err_response(tids, orig_req, "RP Realm filter error"); - return -1; - } - /* Check that the rp_realm is a member of the community in the request */ - if (NULL == (tr_find_comm_rp(cfg_comm, orig_req->rp_realm))) { - tr_notice("tr_tids_req_handler: RP Realm (%s) not member of community (%s).", orig_req->rp_realm->buf, orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "RP COI membership error"); - return -1; - } + case 'v': + arguments->version_requested=1; + break; - /* Map the comm in the request from a COI to an APC, if needed */ - if (TR_COMM_COI == cfg_comm->type) { - tr_debug("tr_tids_req_handler: Community was a COI, switching."); - /* TBD -- In theory there can be more than one? How would that work? */ - if ((!cfg_comm->apcs) || (!cfg_comm->apcs->id)) { - tr_notice("No valid APC for COI %s.", orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "No valid APC for community"); - return -1; - } - apc = tr_dup_name(cfg_comm->apcs->id); - - /* Check that the APC is configured */ - if (NULL == (cfg_apc = tr_comm_lookup((TR_INSTANCE *)tids->cookie, apc))) { - tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", apc->buf); - tids_send_err_response(tids, orig_req, "Unknown APC"); - return -1; - } - - fwd_req->comm = apc; - fwd_req->orig_coi = orig_req->comm; - - /* Check that rp_realm is a member of this APC */ - if (NULL == (tr_find_comm_rp(cfg_apc, orig_req->rp_realm))) { - tr_notice("tr_tids_req_hander: RP Realm (%s) not member of community (%s).", orig_req->rp_realm->buf, orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "RP APC membership error"); - return -1; - } + default: + return ARGP_ERR_UNKNOWN; } - /* Find the AAA server(s) for this request */ - if (NULL == (aaa_servers = tr_idp_aaa_server_lookup((TR_INSTANCE *)tids->cookie, - orig_req->realm, - orig_req->comm))) { - tr_debug("tr_tids_req_handler: No AAA Servers for realm %s, defaulting.", orig_req->realm->buf); - if (NULL == (aaa_servers = tr_default_server_lookup ((TR_INSTANCE *)tids->cookie, - orig_req->comm))) { - tr_notice("tr_tids_req_handler: No default AAA servers, discarded."); - tids_send_err_response(tids, orig_req, "No path to AAA Server(s) for realm"); - return -1; - } - } else { - /* if we aren't defaulting, check idp coi and apc membership */ - if (NULL == (tr_find_comm_idp(cfg_comm, fwd_req->realm))) { - tr_notice("tr_tids_req_handler: IDP Realm (%s) not member of community (%s).", orig_req->realm->buf, orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "IDP community membership error"); - return -1; - } - if ( cfg_apc && (NULL == (tr_find_comm_idp(cfg_apc, fwd_req->realm)))) { - tr_notice("tr_tids_req_handler: IDP Realm (%s) not member of APC (%s).", orig_req->realm->buf, orig_req->comm->buf); - tids_send_err_response(tids, orig_req, "IDP APC membership error"); - return -1; - } - } + return 0; /* success */ +} - /* send a TID request to the AAA server(s), and get the answer(s) */ - /* TBD -- Handle multiple servers */ +/* assemble the argp parser */ +static struct argp argp = {cmdline_options, parse_option, arg_doc, doc}; - /* Create a TID client instance */ - if (NULL == (tidc = tidc_create())) { - tr_crit("tr_tids_req_hander: Unable to allocate TIDC instance."); - tids_send_err_response(tids, orig_req, "Memory allocation failure"); - return -1; - } - /* Use the DH parameters from the original request */ - /* TBD -- this needs to be fixed when we handle more than one req per conn */ - tidc->client_dh = orig_req->tidc_dh; - - /* Save information about this request for the response */ - resp_cookie.tr = tr; - resp_cookie.orig_req = orig_req; - - /* Set-up TID connection */ - if (-1 == (fwd_req->conn = tidc_open_connection(tidc, - aaa_servers->hostname->buf, - TID_PORT, - &(fwd_req->gssctx)))) { - tr_notice("tr_tids_req_handler: Error in tidc_open_connection."); - tids_send_err_response(tids, orig_req, "Can't open connection to next hop TIDS"); - return -1; - }; - - /* Send a TID request */ - if (0 > (rc = tidc_fwd_request(tidc, fwd_req, &tr_tidc_resp_handler, (void *)&resp_cookie))) { - tr_notice("Error from tidc_fwd_request, rc = %d.", rc); - tids_send_err_response(tids, orig_req, "Can't forward request to next hop TIDS"); - return -1; - } - - return 0; +/***** talloc error handling *****/ +/* called when talloc tries to abort */ +static void tr_abort(const char *reason) +{ + tr_crit("tr_abort: Critical error, talloc aborted. Reason: %s", reason); + abort(); } -static int tr_tids_gss_handler(gss_name_t client_name, TR_NAME *gss_name, - void *tr) +#if TALLOC_DEBUG_ENABLE +static void tr_talloc_log(const char *msg) { - TR_RP_CLIENT *rp; + tr_debug("talloc: %s", msg); +} +#endif /* TALLOC_DEBUG_ENABLE */ - if ((!client_name) || (!gss_name) || (!tr)) { - tr_debug("tr_tidc_gss_handler: Bad parameters."); - return -1; - } - - /* look up the RP client matching the GSS name */ - if ((NULL == (rp = tr_rp_client_lookup(tr, gss_name)))) { - tr_debug("tr_tids_gss_handler: Unknown GSS name %s", gss_name->buf); - return -1; - } +static void configure_signals(void) +{ + sigset_t signals; + /* ignore SIGPIPE */ + sigemptyset(&signals); + sigaddset(&signals, SIGPIPE); + pthread_sigmask(SIG_BLOCK, &signals, NULL); +} - /* Store the rp client in the TR_INSTANCE structure for now... - * TBD -- fix me for new tasking model. */ - ((TR_INSTANCE *)tr)->rp_gss = rp; - tr_debug("Client's GSS Name: %s", gss_name->buf); - return 0; +/* TODO move this function */ +static MON_RC tr_mon_handle_version(void *cookie, json_t **result_ptr) +{ + *result_ptr = json_string(PACKAGE_VERSION); + return (*result_ptr == NULL) ? MON_NOMEM : MON_SUCCESS; } +static MON_RC tr_mon_handle_uptime(void *cookie, json_t **result_ptr) +{ + time_t *start_time = cookie; + *result_ptr = json_integer(time(NULL) - (*start_time)); + return (*result_ptr == NULL) ? MON_NOMEM : MON_SUCCESS; +} -int main (int argc, const char *argv[]) +int main(int argc, char *argv[]) { + TALLOC_CTX *main_ctx=NULL; + TR_INSTANCE *tr = NULL; - struct dirent **cfg_files = NULL; - TR_CFG_RC rc = TR_CFG_SUCCESS; /* presume success */ - int err = 0, n = 0;; + struct cmdline_args opts; + struct event_base *ev_base; + struct tr_socket_event tids_ev = {0}; + struct tr_socket_event mon_ev = {0}; + struct event *cfgwatch_ev; - /* parse command-line arguments? -- TBD */ + time_t start_time = time(NULL); /* TODO move this? */ - /* create a Trust Router instance */ - if (NULL == (tr = tr_create())) { + configure_signals(); + + /* we're going to be multithreaded, so disable null context tracking */ + talloc_set_abort_fn(tr_abort); + talloc_disable_null_tracking(); +#if TALLOC_DEBUG_ENABLE + talloc_set_log_fn(tr_talloc_log); +#endif /* TALLOC_DEBUG_ENABLE */ + main_ctx=talloc_new(NULL); + + /* Use standalone logging */ + tr_log_open(); + + /***** parse command-line arguments *****/ + /* set defaults */ + opts.version_requested=0; + opts.config_dir="."; + + /* parse the command line*/ + argp_parse(&argp, argc, argv, 0, 0, &opts); + + /* process options */ + remove_trailing_slash(opts.config_dir); + + + /***** Print version info *****/ + print_version_info(); + if (opts.version_requested) + return 0; /* requested that we print version and exit */ + + /***** create a Trust Router instance *****/ + if (NULL == (tr = tr_create(main_ctx))) { tr_crit("Unable to create Trust Router instance, exiting."); return 1; } - /* find the configuration files */ - if (0 == (n = tr_find_config_files(&cfg_files))) { - tr_crit("Can't locate configuration files, exiting."); - exit(1); + /***** initialize the trust path query server instance *****/ + if (NULL == (tr->tids = tids_new(tr))) { + tr_crit("Error initializing Trust Path Query Server instance."); + return 1; } - if (TR_CFG_SUCCESS != tr_parse_config(tr, n, cfg_files)) { - tr_crit("Error decoding configuration information, exiting."); - exit(1); + /***** initialize the trust router protocol server instance *****/ + if (NULL == (tr->trps = trps_new(tr))) { + tr_crit("Error initializing Trust Router Protocol Server instance."); + return 1; } - /* apply initial configuration */ - if (TR_CFG_SUCCESS != (rc = tr_apply_new_config(tr))) { - tr_crit("Error applying configuration, rc = %d.", rc); - exit(1); + /***** initialize the monitoring interface instance *****/ + if (NULL == (tr->mons = mons_new(tr))) { + tr_crit("Error initializing monitoring interface instance."); + return 1; + } + /* Monitor our tids/trps instances */ + tr->mons->tids = tr->tids; + tr->mons->trps = tr->trps; + + /* TODO do this more systematically */ + mons_register_handler(tr->mons, MON_CMD_SHOW, OPT_TYPE_SHOW_VERSION, tr_mon_handle_version, NULL); + mons_register_handler(tr->mons, MON_CMD_SHOW, OPT_TYPE_SHOW_UPTIME, tr_mon_handle_uptime, &start_time); + + /***** process configuration *****/ + tr->cfgwatch=tr_cfgwatch_create(tr); + if (tr->cfgwatch == NULL) { + tr_crit("Unable to create configuration watcher object, exiting."); + return 1; + } + tr->cfgwatch->config_dir=opts.config_dir; + tr->cfgwatch->cfg_mgr=tr->cfg_mgr; + tr->cfgwatch->update_cb=tr_config_changed; /* handle configuration changes */ + tr->cfgwatch->update_cookie=(void *)tr; + if (0 != tr_read_and_apply_config(tr->cfgwatch)) { + tr_crit("Error reading configuration, exiting."); + return 1; } - /* initialize the trust path query server instance */ - if (0 == (tr->tids = tids_create ())) { + /***** Set up the event loop *****/ + ev_base=tr_event_loop_init(); /* Set up the event loop */ + if (ev_base==NULL) { + tr_crit("Error initializing event loop."); + return 1; + } + + /* already set config_dir, fstat_list and n_files earlier */ + if (0 != tr_cfgwatch_event_init(ev_base, tr->cfgwatch, &cfgwatch_ev)) { + tr_crit("Error initializing configuration file watcher."); + return 1; + } + + /* install monitoring interface events */ + tr_debug("Initializing monitoring interface events."); + if (0 != tr_mons_event_init(ev_base, tr->mons, tr->cfg_mgr, &mon_ev)) { + tr_crit("Error initializing monitoring interface."); + return 1; + } + + /* install TID server events */ + tr_debug("Initializing TID server events."); + if (0 != tr_tids_event_init(ev_base, + tr->tids, + tr->cfg_mgr, + tr->trps, + &tids_ev)) { tr_crit("Error initializing Trust Path Query Server instance."); - exit(1); + return 1; } - /* start the trust path query server, won't return unless fatal error. */ - if (0 != (err = tids_start(tr->tids, &tr_tids_req_handler, &tr_tids_gss_handler, tr->active_cfg->internal->hostname, tr->active_cfg->internal->tids_port, (void *)tr))) { - tr_crit("Error from Trust Path Query Server, err = %d.", err); - exit(err); + /* install TRP handler events */ + tr_debug("Initializing Dynamic Trust Router Protocol events."); + if (TRP_SUCCESS != tr_trps_event_init(ev_base, tr)) { + tr_crit("Error initializing Trust Path Query Server instance."); + return 1; } - tids_destroy(tr->tids); - tr_destroy(tr); - exit(0); + tr_debug("Starting event loop."); + tr_event_loop_run(ev_base); /* does not return until we are done */ + + tr_destroy(tr); /* thanks to talloc, should destroy everything */ + + talloc_free(main_ctx); + return 0; }