static TR_CFG_RC tr_cfg_parse_internal (TR_INSTANCE *tr, json_t *jcfg) {
json_t *jint = NULL;
json_t *jmtd = NULL;
+ json_t *jhname = NULL;
if ((!tr) || (!tr->new_cfg) || (!jcfg))
return TR_CFG_BAD_PARAMS;
/* If not configured, use the default */
tr->new_cfg->internal->max_tree_depth = TR_DEFAULT_MAX_TREE_DEPTH;
}
- if (NULL != (jrname = json_object_get(jint, "realm_name"))) {
- if (json_is_string(jrname)) {
- tr->new_cfg->internal->realm_name = json_integer_value(jrname);
+ if (NULL != (jhname = json_object_get(jint, "hostname"))) {
+ if (json_is_string(jhname)) {
+ tr->new_cfg->internal->hostname = json_string_value(jhname);
} else {
- fprintf(stderr,"tr_cfg_parse_internal: Parsing error, realm_name is not a string.\n");
+ fprintf(stderr,"tr_cfg_parse_internal: Parsing error, hostname is not a string.\n");
return TR_CFG_NOPARSE;
}
}
else {
- fprintf(stderr, "tr_cfg_parse_internal: Parsing error, realm_name is not found.\n");
+ fprintf(stderr, "tr_cfg_parse_internal: Parsing error, hostname is not found.\n");
return TR_CFG_NOPARSE;
}
fprintf(stderr, "tr_cfg_parse_internal: Internal config parsed.\n");
else {
fprintf(stderr, "tr_cfg_parse_internal: Parsing error, tr_internal configuration section not found.\n");
return TR_CFG_NOPARSE;
+ }
}
static TR_FILTER *tr_cfg_parse_one_filter (TR_INSTANCE *tr, json_t *jfilt, TR_CFG_RC *rc)
int listenFD = -1;
gss_ctx_id_t gssContext = GSS_C_NO_CONTEXT;
int i = 0;
-
+ gss_buffer_desc nameBuffer = {0, "trustidentity"};
+
for (i = 1; (i < argc) && !err; i++) {
if ((strcmp (argv[i], "--port") == 0) && (i < (argc - 1))) {
port = strtol (argv[++i], NULL, 0);
}
printf ("Accepting new connection...\n");
- connectionErr = gsscon_passive_authenticate (connectionFD, &gssContext,
+ connectionErr = gsscon_passive_authenticate (connectionFD, nameBuffer, &gssContext,
cb_print_names, NULL);
if (!connectionErr) {
typedef struct tr_cfg_internal {
unsigned int max_tree_depth;
- char *realm_name;
+ const char *hostname;
} TR_CFG_INTERNAL;
typedef struct tr_cfg {
int req_count;
char *priv_key;
char *ipaddr;
+ const char *hostname;
TIDS_REQ_FUNC *req_handler;
tids_auth_func *auth_handler;
void *cookie;
/* TID Server functions, in tid/tids.c */
TR_EXPORT TIDS_INSTANCE *tids_create (void);
TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler,
- tids_auth_func *auth_handler,
+ tids_auth_func *auth_handler, const char *hostname,
void *cookie);
TR_EXPORT int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp);
TR_EXPORT int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg);
return 0;
}
-static int tids_req_handler (TIDS_INSTANCE * tids,
+static int tids_req_handler (TIDS_INSTANCE *tids,
TID_REQ *req,
TID_RESP **resp,
void *cookie)
TIDS_INSTANCE *tids;
int rc = 0;
char *ipaddr = NULL;
+ const char *hostname = NULL;
TR_NAME *gssname = NULL;
/* Parse command-line arguments */
- if (argc > 4)
- fprintf(stdout, "Usage: %s [<ip-address> <gss-name> [<database-name>]]\n", argv[0]);
-
- if (argc >= 2) {
- ipaddr = (char *)argv[1];
- } else {
- ipaddr = "127.0.0.1";
+ if (argc != 5) {
+ fprintf(stdout, "Usage: %s <ip-address> <gss-name> <hostname> <database-name>\n", argv[0]);
+ exit(1);
}
+ ipaddr = (char *)argv[1];
gssname = tr_new_name((char *) argv[2]);
-
- /* TBD -- check that input is a valid IP address? */
-
- /*If we have a database, open and prepare*/
- if (argc == 4) {
- if (SQLITE_OK != sqlite3_open(argv[3], &db)) {
- fprintf(stdout, "Error opening database %s\n", argv[2]);
- exit(1);
- }
- sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key) values(?, ?)",
- -1, &insert_stmt, NULL);
+ hostname = argv[3];
+ if (SQLITE_OK != sqlite3_open(argv[4], &db)) {
+ fprintf(stdout, "Error opening database %s\n", argv[4]);
+ exit(1);
}
+ sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key) values(?, ?)",
+ -1, &insert_stmt, NULL);
/* Create a TID server instance */
if (NULL == (tids = tids_create())) {
- fprintf(stdout, "Unable to create TIDS instance,exiting.\n");
+ fprintf(stdout, "Unable to create TIDS instance, exiting.\n");
return 1;
}
tids->ipaddr = ipaddr;
/* Start-up the server, won't return unless there is an error. */
- rc = tids_start(tids, &tids_req_handler , auth_handler, gssname);
+ rc = tids_start(tids, &tids_req_handler , auth_handler, hostname, gssname);
fprintf(stdout, "Error in tids_start(), rc = %d. Exiting.\n", rc);
{
int rc = 0;
int auth, autherr = 0;
- gss_buffer_desc nameBuffer = {NULL, 0};
-
+ gss_buffer_desc nameBuffer = {0, NULL};
+ char *name = 0;
+ int nameLen = 0;
+ nameLen = sprintf(name, "trustidentity@%s", inst->hostname);
+ nameBuffer.length = nameLen;
+ nameBuffer.value = name;
+
if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, tids_auth_cb, inst)) {
fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc);
return -1;
int tids_start (TIDS_INSTANCE *tids,
TIDS_REQ_FUNC *req_handler,
tids_auth_func *auth_handler,
+ const char *hostname,
void *cookie)
{
int listen = -1;
/* store the caller's request handler & cookie */
tids->req_handler = req_handler;
tids->auth_handler = auth_handler;
+ tids->hostname = hostname;
tids->cookie = cookie;
while(1) { /* accept incoming conns until we are stopped */
-{"tr_internal":{"max_tree_depth": 4}}
\ No newline at end of file
+{"tr_internal":{"max_tree_depth": 4,
+ "hostname":"tr.painless-security.com"}}
\ No newline at end of file
}
/* start the trust path query server, won't return unless fatal error. */
- if (0 != (err = tids_start(tr->tids, &tr_tids_req_handler, &tr_tids_gss_handler, (void *)tr))) {
+ if (0 != (err = tids_start(tr->tids, &tr_tids_req_handler, &tr_tids_gss_handler, tr->active_cfg->internal->hostname, (void *)tr))) {
fprintf (stderr, "Error from Trust Path Query Server, err = %d.\n", err);
exit(err);
}