/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return -1;
}
+
/* Allocate a new server block */
if (NULL == (resp->servers = malloc(sizeof(TID_SRVR_BLK)))){
tr_crit("tids_req_handler(): malloc failed.");
}
if (0 != handle_authorizations(req, pub_digest, pub_digest_len))
return -1;
+ resp->servers->path = req->path;
+ if (req->expiration_interval < 1)
+ req->expiration_interval = 1;
+ g_get_current_time(&resp->servers->key_expiration);
+ resp->servers->key_expiration.tv_sec += req->expiration_interval;
+
if (NULL != insert_stmt) {
int sqlite3_result;
- sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
+ gchar *expiration_str = g_time_val_to_iso8601(&resp->servers->key_expiration);
+ sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT);
+ sqlite3_bind_text(insert_stmt, 3, expiration_str, -1, SQLITE_TRANSIENT);
sqlite3_result = sqlite3_step(insert_stmt);
if (SQLITE_DONE != sqlite3_result)
tr_crit("sqlite3: failed to write to database");
exit(1);
}
+ /* Use standalone logging */
+ tr_log_open();
+
/* set logging levels */
tr_log_threshold(LOG_CRIT);
tr_console_threshold(LOG_DEBUG);
exit(1);
}
sqlite3_busy_timeout( db, 1000);
- sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)",
+ sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)",
-1, &insert_stmt, NULL);
sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)",
-1, &authorization_insert, NULL);
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static int tr_tids_req_handler (TIDS_INSTANCE *tids,
TID_REQ *orig_req,
TID_RESP *resp,
- void *tr)
+ void *tr_in)
{
TIDC_INSTANCE *tidc = NULL;
TR_RESP_COOKIE resp_cookie;
TID_REQ *fwd_req = NULL;
TR_COMM *cfg_comm = NULL;
TR_COMM *cfg_apc = NULL;
+ TR_INSTANCE *tr = (TR_INSTANCE *) tr_in;
int oaction = TR_FILTER_ACTION_REJECT;
int rc = 0;
return -1;
}
- if (NULL == (cfg_comm = tr_comm_lookup((TR_INSTANCE *)tids->cookie, orig_req->comm))) {
+ if (NULL == (cfg_comm = tr_comm_lookup(tids->cookie, orig_req->comm))) {
tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", orig_req->comm->buf);
tids_send_err_response(tids, orig_req, "Unknown community");
return -1;
/* Check that the rp_realm matches the filter for the GSS name that
* was received. */
- if ((!((TR_INSTANCE *)tr)->rp_gss) ||
- (!((TR_INSTANCE *)tr)->rp_gss->filter)) {
+ if ((!(tr)->rp_gss) ||
+ (!(tr)->rp_gss->filter)) {
tr_notice("tr_tids_req_handler: No GSS name for incoming request.");
tids_send_err_response(tids, orig_req, "No GSS name for request");
return -1;
}
- if ((TR_FILTER_NO_MATCH == tr_filter_process_rp_permitted(orig_req->rp_realm, ((TR_INSTANCE *)tr)->rp_gss->filter, orig_req->cons, &fwd_req->cons, &oaction)) ||
+ if ((TR_FILTER_NO_MATCH == tr_filter_process_rp_permitted(orig_req->rp_realm, (tr)->rp_gss->filter, orig_req->cons, &fwd_req->cons, &oaction)) ||
(TR_FILTER_ACTION_REJECT == oaction)) {
tr_notice("tr_tids_req_handler: RP realm (%s) does not match RP Realm filter for GSS name", orig_req->rp_realm->buf);
tids_send_err_response(tids, orig_req, "RP Realm filter error");
apc = tr_dup_name(cfg_comm->apcs->id);
/* Check that the APC is configured */
- if (NULL == (cfg_apc = tr_comm_lookup((TR_INSTANCE *)tids->cookie, apc))) {
+ if (NULL == (cfg_apc = tr_comm_lookup(tids->cookie, apc))) {
tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", apc->buf);
tids_send_err_response(tids, orig_req, "Unknown APC");
return -1;
/* send a TID request to the AAA server(s), and get the answer(s) */
/* TBD -- Handle multiple servers */
+ if (cfg_apc)
+ fwd_req->expiration_interval = cfg_apc->expiration_interval;
+ else fwd_req->expiration_interval = cfg_comm->expiration_interval;
/* Create a TID client instance */
if (NULL == (tidc = tidc_create())) {
tr_crit("tr_tids_req_hander: Unable to allocate TIDC instance.");
tids_send_err_response(tids, orig_req, "Memory allocation failure");
return -1;
}
-
/* Use the DH parameters from the original request */
/* TBD -- this needs to be fixed when we handle more than one req per conn */
tidc->client_dh = orig_req->tidc_dh;
if (0 > (rc = tidc_fwd_request(tidc, fwd_req, &tr_tidc_resp_handler, (void *)&resp_cookie))) {
tr_notice("Error from tidc_fwd_request, rc = %d.", rc);
tids_send_err_response(tids, orig_req, "Can't forward request to next hop TIDS");
+ tid_req_free(orig_req);
return -1;
}
+ tid_req_free(orig_req);
return 0;
}
static int tr_tids_gss_handler(gss_name_t client_name, TR_NAME *gss_name,
- void *tr)
+ void *tr_in)
{
TR_RP_CLIENT *rp;
+ TR_INSTANCE *tr = (TR_INSTANCE *) tr_in;
if ((!client_name) || (!gss_name) || (!tr)) {
tr_debug("tr_tidc_gss_handler: Bad parameters.");
/* Store the rp client in the TR_INSTANCE structure for now...
* TBD -- fix me for new tasking model. */
- ((TR_INSTANCE *)tr)->rp_gss = rp;
+ (tr)->rp_gss = rp;
tr_debug("Client's GSS Name: %s", gss_name->buf);
+
return 0;
}
/* parse command-line arguments? -- TBD */
+ /* Use standalone logging */
+ tr_log_open();
+
/* create a Trust Router instance */
if (NULL == (tr = tr_create())) {
tr_crit("Unable to create Trust Router instance, exiting.");