};
typedef int (TIDS_REQ_FUNC)(TIDS_INSTANCE *, TID_REQ *, TID_RESP **, void *);
+typedef int (tids_auth_func)(gss_name_t client_name, TR_NAME *display_name, void *cookie);
+
struct tids_instance {
int req_count;
char *priv_key;
char *ipaddr;
TIDS_REQ_FUNC *req_handler;
+ tids_auth_func *auth_handler;
void *cookie;
};
TR_EXPORT void tidc_destroy (TIDC_INSTANCE *tidc);
TR_EXPORT TIDS_INSTANCE *tids_create (void);
-TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler, void *cookie);
+TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler,
+ void *cookie);
TR_EXPORT int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp);
TR_EXPORT int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg);
TR_EXPORT void tids_destroy (TIDS_INSTANCE *tids);
return s_keylen;
}
+static int auth_handler(gss_name_t gss_name, TR_NAME *client,
+ void *expected_client)
+{
+ TR_NAME *expected_client_trname = (TR_NAME*) expected_client;
+ return tr_name_cmp(client, expected_client_trname);
+}
+
int main (int argc,
const char *argv[])
TIDS_INSTANCE *tids;
int rc = 0;
char *ipaddr = NULL;
+ TR_NAME *gssname = NULL;
/* Parse command-line arguments */
- if (argc > 3)
- fprintf(stdout, "Usage: %s [<ip-address> [<database-name>]]\n", argv[0]);
+ if (argc > 4)
+ fprintf(stdout, "Usage: %s [<ip-address> <gss-name> [<database-name>]]\n", argv[0]);
if (argc >= 2) {
ipaddr = (char *)argv[1];
} else {
ipaddr = "127.0.0.1";
}
+ gssname = tr_new_name((char *) argv[2]);
/* TBD -- check that input is a valid IP address? */
/*If we have a database, open and prepare*/
- if (argc == 3) {
- if (SQLITE_OK != sqlite3_open(argv[2], &db)) {
+ if (argc == 4) {
+ if (SQLITE_OK != sqlite3_open(argv[3], &db)) {
fprintf(stdout, "Error opening database %s\n", argv[2]);
exit(1);
}
tids->ipaddr = ipaddr;
/* Start-up the server, won't return unless there is an error. */
- rc = tids_start(tids, &tids_req_handler , NULL);
+ rc = tids_start(tids, &tids_req_handler , auth_handler, gssname);
fprintf(stdout, "Error in tids_start(), rc = %d. Exiting.\n", rc);
static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName,
void *data)
{
- assert(data == NULL);
- assert (clientName != NULL);
- assert(displayName->value != NULL);
- return 0;
+ struct tids_instance *inst = (struct tids_instance *) data;
+ TR_NAME name ={(char *) displayName->value,
+ displayName->length};
+ return inst->auth_handler(clientName, &name, inst->cookie);
}
-static int tids_auth_connection (int conn, gss_ctx_id_t *gssctx)
+static int tids_auth_connection (struct tids_instance *inst,
+ int conn, gss_ctx_id_t *gssctx)
{
int rc = 0;
int auth, autherr = 0;
- if (rc = gsscon_passive_authenticate(conn, gssctx, tids_auth_cb, NULL)) {
+ if (rc = gsscon_passive_authenticate(conn, gssctx, tids_auth_cb, inst)) {
fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc);
return -1;
}
int rc = 0;
gss_ctx_id_t gssctx = GSS_C_NO_CONTEXT;
- if (tids_auth_connection(conn, &gssctx)) {
+ if (tids_auth_connection(tids, conn, &gssctx)) {
fprintf(stderr, "tids_handle_connection: Error authorizing TID Server connection.\n");
close(conn);
return;
int tids_start (TIDS_INSTANCE *tids,
TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler,
void *cookie)
{
int listen = -1;
/* store the caller's request handler & cookie */
tids->req_handler = req_handler;
+ tids->auth_handler = auth_handler;
tids->cookie = cookie;
while(1) { /* accept incoming conns until we are stopped */
projects / trust_router.git / commitdiff