Pull in two additional fixes from Adam.
DISTCHECK_CONFIGURE_FLAGS = \
--with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
bin_PROGRAMS= tr/trust_router tid/example/tidc tid/example/tids common/dh_test/tr_dh_test
-AM_CPPFLAGS=-I$(srcdir)/include
-AM_CFLAGS = -Wall -Werror=missing-prototypes -Werror -Wno-parentheses
+AM_CPPFLAGS=-I$(srcdir)/include $(GLIB_CFLAGS)
+AM_CFLAGS = -Wall -Werror=missing-prototypes -Werror -Wno-parentheses $(GLIB_CFLAGS)
SUBDIRS = gsscon
common_srcs = common/tr_name.c \
common/tr_constraint.c \
common/tr_rp.c \
tr/tr.c
-tr_trust_router_LDADD = gsscon/libgsscon.la libtr_tid.la
+tr_trust_router_LDADD = gsscon/libgsscon.la libtr_tid.la $(GLIB_LIBS)
tid_example_tidc_SOURCES = tid/example/tidc_main.c
-tid_example_tidc_LDADD = gsscon/libgsscon.la libtr_tid.la
+tid_example_tidc_LDADD = gsscon/libgsscon.la libtr_tid.la $(GLIB_LIBS)
tid_example_tids_SOURCES = tid/example/tids_main.c
-tid_example_tids_LDADD = gsscon/libgsscon.la libtr_tid.la
+tid_example_tids_LDADD = gsscon/libgsscon.la libtr_tid.la $(GLIB_LIBS)
common_dh_test_tr_dh_test_SOURCES = common/tr_dh.c \
common/tr_debug.c \
$(common_srcs)
libtr_tid_la_CFLAGS = $(AM_CFLAGS) -fvisibility=hidden
-libtr_tid_la_LIBADD = gsscon/libgsscon.la
+libtr_tid_la_LIBADD = gsscon/libgsscon.la $(GLIB_LIBS)
libtr_tid_la_LDFLAGS = $(AM_LDFLAGS) -version-info 2 -no-undefined
pkginclude_HEADERS = include/trust_router/tid.h include/trust_router/tr_name.h \
return NULL;
}
- if (NULL == (comm = talloc(trc, TR_COMM))) {
- tr_debug("tr_cfg_parse_one_comm: Out of memory.");
+ if (NULL == (comm = talloc_zero(trc, TR_COMM))) {
+ tr_crit("tr_cfg_parse_one_comm: Out of memory.");
*rc = TR_CFG_NOMEM;
return NULL;
}
- memset(comm, 0, sizeof(TR_COMM));
if ((NULL == (jid = json_object_get(jcomm, "community_id"))) ||
(!json_is_string(jid)) ||
if (TR_CFG_SUCCESS != *rc) {
tr_debug("tr_cfg_parse_comm: Can't parse RP realms for comm %s .", comm->id->buf);
tr_free_name(comm->id);
- /* TBD -- free idps? */;
return NULL;
}
+ if (TR_COMM_APC == comm->type) {
+ json_t *jexpire = json_object_get(jcomm, "expiration_interval");
+ comm->expiration_interval = 43200; /*30 days*/
+ if (jexpire) {
+ if (!json_is_integer(jexpire)) {
+ fprintf(stderr, "tr_parse_comm: expirae_interval is not an integer\n");
+ return NULL;
+ }
+ comm->expiration_interval = json_integer_value(jexpire);
+ if (comm->expiration_interval <= 10)
+ comm->expiration_interval = 11; /* Freeradius waits 10 minutes between successful TR queries*/
+ if (comm->expiration_interval > 129600) /* 90 days*/
+ comm->expiration_interval = 129600;
+ }
+ }
+
return comm;
}
if (req->cons)
json_object_set(jreq, "constraints", (json_t *) req->cons);
+ if (req->path)
+ json_object_set(jreq, "path", req->path);
+ if (req->expiration_interval)
+ json_object_set_new(jreq, "expiration_interval",
+ json_integer(req->expiration_interval));
+
return jreq;
}
json_t *jcomm = NULL;
json_t *jorig_coi = NULL;
json_t *jdh = NULL;
+ json_t *jpath = NULL;
+ json_t *jexpire_interval = NULL;
if (!(treq =tid_req_new())) {
tr_crit("tr_msg_decode_tidreq(): Error allocating TID_REQ structure.");
if ((NULL == (jrp_realm = json_object_get(jreq, "rp_realm"))) ||
(NULL == (jrealm = json_object_get(jreq, "target_realm"))) ||
(NULL == (jcomm = json_object_get(jreq, "community")))) {
- tr_debug("tr_msg_decode(): Error parsing required fields.");
+ tr_notice("tr_msg_decode(): Error parsing required fields.");
tid_req_free(treq);
return NULL;
}
+ jpath = json_object_get(jreq, "path");
+ jexpire_interval = json_object_get(jreq, "expiration_interval");
+
treq->rp_realm = tr_new_name((char *)json_string_value(jrp_realm));
treq->realm = tr_new_name((char *)json_string_value(jrealm));
treq->comm = tr_new_name((char *)json_string_value(jcomm));
json_incref((json_t *) treq->cons);
tid_req_cleanup_json(treq, (json_t *) treq->cons);
}
+ if (jpath) {
+ json_incref(jpath);
+ treq->path = jpath;
+ tid_req_cleanup_json(treq, jpath);
+ }
+ if (jexpire_interval)
+ treq->expiration_interval = json_integer_value(jexpire_interval);
+
return treq;
}
{
json_t *jsrvr = NULL;
json_t *jstr = NULL;
+ gchar *time_str = g_time_val_to_iso8601(&srvr->key_expiration);
tr_debug("Encoding one server.");
jstr = json_string(inet_ntoa(srvr->aaa_server_addr));
json_object_set_new(jsrvr, "server_addr", jstr);
+ json_object_set_new(jsrvr,
+ "key_expiration", json_string(time_str));
+ g_free(time_str);
/* Server DH Block */
jstr = json_string(srvr->key_name->buf);
json_object_set_new(jsrvr, "key_name", jstr);
json_object_set_new(jsrvr, "server_dh", tr_msg_encode_dh(srvr->aaa_server_dh));
-
- // tr_debug("tr_msg_encode_one_server(): jsrvr contains:");
- // tr_debug("%s", json_dumps(jsrvr, 0));
+ if (srvr->path)
+ /* The path is owned by the srvr, so grab an extra ref*/
+ json_object_set(jsrvr, "path", srvr->path);
return jsrvr;
}
json_t *jsrvr_addr = NULL;
json_t *jsrvr_kn = NULL;
json_t *jsrvr_dh = NULL;
+ json_t *jsrvr_expire = NULL;
if (jsrvr == NULL)
return -1;
if ((NULL == (jsrvr_addr = json_object_get(jsrvr, "server_addr"))) ||
(NULL == (jsrvr_kn = json_object_get(jsrvr, "key_name"))) ||
(NULL == (jsrvr_dh = json_object_get(jsrvr, "server_dh")))) {
- tr_debug("tr_msg_decode_one_server(): Error parsing required fields.");
+ tr_notice("tr_msg_decode_one_server(): Error parsing required fields.");
return -1;
}
inet_aton(json_string_value(jsrvr_addr), &(srvr->aaa_server_addr));
srvr->key_name = tr_new_name((char *)json_string_value(jsrvr_kn));
srvr->aaa_server_dh = tr_msg_decode_dh(jsrvr_dh);
+ srvr->path = json_object_get(jsrvr, "path");
+ jsrvr_expire = json_object_get(jsrvr, "key_expiration");
+ if (jsrvr_expire && json_is_string(jsrvr_expire)) {
+ if (!g_time_val_from_iso8601(json_string_value(jsrvr_expire),
+ &srvr->key_expiration))
+ tr_notice("Key expiration %s cannot be parsed", json_string_value(jsrvr_expire));
+ }
+
return 0;
}
if (NULL == resp->servers) {
tr_debug("tr_msg_encode_tidresp(): No servers to encode.");
- return jresp;
}
- jservers = tr_msg_encode_servers(resp);
- json_object_set_new(jresp, "servers", jservers);
+ else {
+ jservers = tr_msg_encode_servers(resp);
+ json_object_set_new(jresp, "servers", jservers);
+ }
+ if (resp->error_path)
+ json_object_set(jresp, "error_path", resp->error_path);
+
return jresp;
}
AC_PREREQ(2.63)
-AC_INIT([trust_router],[1.4.1],
+AC_INIT([trust_router],[1.5]trus ,
[bugs@project-moonshot.org])
AC_CONFIG_MACRO_DIR(m4)
AC_CONFIG_AUX_DIR(build-aux)
AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
fi
AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ])
+PKG_CHECK_MODULES([GLIB], [glib-2.0])
AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context])
AC_CHECK_LIB([com_err], [error_message])
/*
- * Copyright (c) 2012-2014, JANET(UK)
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of JANET(UK) nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012-2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifndef TID_INTERNAL_H
#define TID_INTERNAL_H
+#include <glib.h>
#include <trust_router/tid.h>
#include <jansson.h>
+
struct tid_srvr_blk {
struct in_addr aaa_server_addr;
TR_NAME *key_name;
DH *aaa_server_dh; /* AAA server's public dh information */
+ GTimeVal key_expiration; /**< absolute time at which key expires*/
+ json_t *path;/**< Path of trust routers that the request traversed*/
};
struct tid_resp {
TR_NAME *orig_coi;
TID_SRVR_BLK *servers; /* array of servers */
size_t num_servers;
- /* TBD -- Trust Path Used */
+ json_t *error_path; /**< Path that a request generating an error traveled*/
};
+
struct tid_req {
struct tid_req *next_req;
int resp_sent;
int conn;
+ int free_conn; /* free conn and gss ctx*/
gss_ctx_id_t gssctx;
int resp_rcvd;
TR_NAME *rp_realm;
DH *tidc_dh; /* Client's public dh information */
TIDC_RESP_FUNC *resp_func;
void *cookie;
- json_t *json_references; /** References to objects dereferenced on request destruction*/
+ time_t expiration_interval; /**< Time to key expire in minutes*/
+ json_t *json_references; /**< References to objects dereferenced on request destruction*/
+ json_t *path; /**< Path of systems this request has traversed; added by receiver*/
};
+
struct tidc_instance {
TID_REQ *req_list;
// TBD -- Do we still need a separate private key */
// int priv_len;
DH *client_dh; /* Client's DH struct with priv and pub keys */
};
+
struct tids_instance {
int req_count;
char *priv_key;
TIDS_REQ_FUNC *req_handler;
tids_auth_func *auth_handler;
void *cookie;
+ uint16_t tids_port;
};
reference they already hold to the TID_REQ.*/
void tid_req_cleanup_json(TID_REQ *, json_t *json);
+int tid_req_add_path(TID_REQ *, const char *this_system, unsigned port);
#endif
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
TR_APC *apcs;
TR_IDP_REALM *idp_realms;
TR_RP_REALM *rp_realms;
+ time_t expiration_interval; /*Minutes to key expiration; only valid for an APC*/
} TR_COMM;
TR_COMM *tr_comm_lookup(TR_INSTANCE *tr, TR_NAME *comm);
typedef struct _tr_constraint_set TR_CONSTRAINT_SET;
+typedef struct _tid_path TID_PATH;
typedef struct tid_resp TID_RESP;
void tid_resp_set_orig_coi(TID_RESP *resp, TR_NAME *orig_coi);
TR_EXPORT TID_SRVR_BLK *tid_resp_get_server(TID_RESP *resp, size_t index);
TR_EXPORT size_t tid_resp_get_num_servers(const TID_RESP *resp);
+TR_EXPORT const TID_PATH *tid_resp_get_error_path(const TID_RESP *);
+
+/** Get either the error_path or the path of the first server block for
+ * a successful response*/
+TR_EXPORT const TID_PATH *tid_resp_get_a_path(const TID_RESP *);
/* Server blocks*/
TR_EXPORT void tid_srvr_get_address(const TID_SRVR_BLK *,
const struct sockaddr **out_addr, size_t *out_sa_len);
TR_EXPORT DH *tid_srvr_get_dh(TID_SRVR_BLK *);
TR_EXPORT const TR_NAME *tid_srvr_get_key_name(const TID_SRVR_BLK *);
+TR_EXPORT const TID_PATH *tid_srvr_get_path(const TID_SRVR_BLK *);
+
#define tid_resp_servers_foreach(RESP, SERVER, INDEX) \
for (INDEX=0,SERVER=NULL; \
-create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20));
+create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20), key expiration timestamp);
create table if not exists authorizations( client_dh_pub raw(20), coi string, acceptor_realm string, hostname string, apc string);
create index if not exists authorizations_dhpub on authorizations( client_dh_pub);
CREATE VIEW if not exists authorizations_keys as select keyid, authorizations.* from psk_keys join authorizations on psk_keys.client_dh_pub = authorizations.client_dh_pub;
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return -1;
}
+
/* Allocate a new server block */
if (NULL == (resp->servers = malloc(sizeof(TID_SRVR_BLK)))){
tr_crit("tids_req_handler(): malloc failed.");
}
if (0 != handle_authorizations(req, pub_digest, pub_digest_len))
return -1;
+ resp->servers->path = req->path;
+ if (req->expiration_interval < 1)
+ req->expiration_interval = 1;
+ g_get_current_time(&resp->servers->key_expiration);
+ resp->servers->key_expiration.tv_sec += req->expiration_interval;
+
if (NULL != insert_stmt) {
int sqlite3_result;
- sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
+ gchar *expiration_str = g_time_val_to_iso8601(&resp->servers->key_expiration);
+ sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT);
+ sqlite3_bind_text(insert_stmt, 3, expiration_str, -1, SQLITE_TRANSIENT);
sqlite3_result = sqlite3_step(insert_stmt);
if (SQLITE_DONE != sqlite3_result)
tr_crit("sqlite3: failed to write to database");
exit(1);
}
sqlite3_busy_timeout( db, 1000);
- sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)",
+ sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)",
-1, &insert_stmt, NULL);
sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)",
-1, &authorization_insert, NULL);
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2014-2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
#include <stdio.h>
+#include <unistd.h>
#include <stdlib.h>
#include <assert.h>
#include <talloc.h>
{
if (req->json_references)
json_decref(req->json_references);
+ if (req->free_conn) {
+ if (req->conn)
+ close(req->conn);
+ if (req->gssctx) {
+ OM_uint32 minor;
+ gss_delete_sec_context( &minor, &req->gssctx, NULL);
+ }
+ }
return 0;
}
req->json_references = json_array();
assert(req->json_references);
req->conn = -1;
+ req->free_conn = 1;
return req;
}
{
TID_REQ *new_req = NULL;
- if (NULL == (new_req = malloc(sizeof(TID_REQ)))) {
+ if (NULL == (new_req = talloc_zero(orig_req, TID_REQ))) {
tr_crit("tid_dup_req: Can't allocated duplicate request.");
return NULL;
}
/* Memcpy for flat fields, not valid until names are duped. */
memcpy(new_req, orig_req, sizeof(TID_REQ));
json_incref(new_req->json_references);
+ new_req->free_conn = 0;
if ((NULL == (new_req->rp_realm = tr_dup_name(orig_req->rp_realm))) ||
(NULL == (new_req->realm = tr_dup_name(orig_req->realm))) ||
talloc_free(req);
}
+int tid_req_add_path(TID_REQ *req,
+ const char *this_system, unsigned port)
+{
+ char *path_element = talloc_asprintf(req, "%s:%u",
+ this_system, port);
+ if (!req->path) {
+ req->path = json_array();
+ if (!req->path)
+ return -1;
+ tid_req_cleanup_json(req, req->path);
+ }
+ return json_array_append( req->path, json_string(path_element));
+}
+
+
void tid_srvr_get_address(const TID_SRVR_BLK *blk,
const struct sockaddr **out_addr,
return resp->num_servers;
}
+
+const TID_PATH *tid_srvr_get_path( const TID_SRVR_BLK *block)
+{
+ if (!block)
+ return NULL;
+ return (const TID_PATH *) block->path;
+}
+
+const TID_PATH *tid_resp_get_error_path( const TID_RESP *resp)
+{
+ if (!resp)
+ return NULL;
+ return (const TID_PATH *) resp->error_path;
+}
+
+const TID_PATH *tid_resp_get_a_path( const TID_RESP *const_resp)
+{
+ size_t index;
+ TID_SRVR_BLK *server;
+ TID_RESP *resp = (TID_RESP *) const_resp;
+ if (!resp)
+ return NULL;
+
+
+ if (resp->error_path)
+ return (const TID_PATH *) resp->error_path;
+ tid_resp_servers_foreach( resp, server, index) {
+ if (server->path)
+ return (const TID_PATH *) server->path;
+ }
+ return NULL;
+
+}
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2014-2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <stdio.h>
#include <jansson.h>
+#include <talloc.h>
#include <trust_router/tr_dh.h>
#include <tid_internal.h>
#include <tr_msg.h>
#include <gsscon.h>
+#include <tr_debug.h>
+
int tmp_len = 32;
{
TIDC_INSTANCE *tidc = NULL;
- if (tidc = malloc(sizeof(TIDC_INSTANCE)))
- memset(tidc, 0, sizeof(TIDC_INSTANCE));
- else
+ if (NULL == (tidc = talloc_zero(NULL, TIDC_INSTANCE)))
return NULL;
return tidc;
void tidc_destroy (TIDC_INSTANCE *tidc)
{
- if (tidc)
- free(tidc);
+ talloc_free(tidc);
}
int tidc_open_connection (TIDC_INSTANCE *tidc,
char *comm,
TIDC_RESP_FUNC *resp_handler,
void *cookie)
-
{
TID_REQ *tid_req = NULL;
+ int rc;
/* Create and populate a TID req structure */
if (!(tid_req = tid_req_new()))
if ((NULL == (tid_req->rp_realm = tr_new_name(rp_realm))) ||
(NULL == (tid_req->realm = tr_new_name(realm))) ||
(NULL == (tid_req->comm = tr_new_name(comm)))) {
- fprintf (stderr, "tidc_send_request: Error duplicating names.\n");
- return -1;
+ tr_err ( "tidc_send_request: Error duplicating names.\n");
+ goto error;
}
tid_req->tidc_dh = tidc->client_dh;
- return (tidc_fwd_request(tidc, tid_req, resp_handler, cookie));
+ rc = tidc_fwd_request(tidc, tid_req, resp_handler, cookie);
+ goto cleanup;
+ error:
+ rc = -1;
+ cleanup:
+ tid_req_free(tid_req);
+ return rc;
}
int tidc_fwd_request (TIDC_INSTANCE *tidc,
TID_REQ *tid_req,
TIDC_RESP_FUNC *resp_handler,
void *cookie)
-
{
char *req_buf = NULL;
char *resp_buf = NULL;
TR_MSG *msg = NULL;
TR_MSG *resp_msg = NULL;
int err;
+ int rc = 0;
/* Create and populate a TID msg structure */
- if (!(msg = malloc(sizeof(TR_MSG))))
- return -1;
+ if (!(msg = talloc_zero(tid_req, TR_MSG)))
+ goto error;
msg->msg_type = TID_REQUEST;
tr_msg_set_req(msg, tid_req);
/* Encode the request into a json string */
if (!(req_buf = tr_msg_encode(msg))) {
- fprintf(stderr, "tidc_fwd_request: Error encoding TID request.\n");
- return -1;
+ tr_err("tidc_fwd_request: Error encoding TID request.\n");
+ goto error;
}
- fprintf (stderr, "tidc_fwd_request: Sending TID request:\n");
- fprintf (stderr, "%s\n", req_buf);
+ tr_debug( "tidc_fwd_request: Sending TID request:\n");
+ tr_debug( "%s\n", req_buf);
/* Send the request over the connection */
if (err = gsscon_write_encrypted_token (tid_req->conn, tid_req->gssctx, req_buf,
strlen(req_buf))) {
- fprintf(stderr, "tidc_fwd_request: Error sending request over connection.\n");
- return -1;
+ tr_err( "tidc_fwd_request: Error sending request over connection.\n");
+ goto error;
}
/* TBD -- queue request on instance, read resps in separate thread */
if (err = gsscon_read_encrypted_token(tid_req->conn, tid_req->gssctx, &resp_buf, &resp_buflen)) {
if (resp_buf)
free(resp_buf);
- return -1;
+ goto error;
}
- fprintf(stdout, "tidc_fwd_request: Response Received (%u bytes).\n", (unsigned) resp_buflen);
- fprintf(stdout, "%s\n", resp_buf);
+ tr_debug( "tidc_fwd_request: Response Received (%u bytes).\n", (unsigned) resp_buflen);
+ tr_debug( "%s\n", resp_buf);
if (NULL == (resp_msg = tr_msg_decode(resp_buf, resp_buflen))) {
- fprintf(stderr, "tidc_fwd_request: Error decoding response.\n");
- return -1;
+ tr_err( "tidc_fwd_request: Error decoding response.\n");
+ goto error;
}
/* TBD -- Check if this is actually a valid response */
if (TID_RESPONSE != tr_msg_get_msg_type(resp_msg)) {
- fprintf(stderr, "tidc_fwd_request: Error, no response in the response!\n");
- return -1;
+ tr_err( "tidc_fwd_request: Error, no response in the response!\n");
+ goto error;
}
if (resp_handler)
/* Call the caller's response function */
(*resp_handler)(tidc, tid_req, tr_msg_get_resp(resp_msg), cookie);
- else
- fprintf(stderr, "tidc_fwd_request: NULL response function.\n");
+ goto cleanup;
+ error:
+ rc = -1;
+ cleanup:
if (msg)
- free(msg);
- if (tid_req)
- tid_req_free(tid_req);
+ talloc_free(msg);
if (req_buf)
free(req_buf);
if (resp_buf)
/* TBD -- free the decoded response */
- return 0;
+ return rc;
}
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return -1;
}
+ tid_req_add_path(tr_msg_get_req(mreq), tids->hostname, tids->tids_port);
+
/* Call the caller's request handler */
/* TBD -- Handle different error returns/msgs */
if (0 > (rc = (*tids->req_handler)(tids, tr_msg_get_req(mreq), resp, tids->cookie))) {
return -1;
}
+
/* mark this as an error response, and include the error message */
resp->result = TID_ERROR;
resp->err_msg = tr_new_name((char *)err_msg);
+ resp->error_path = req->path;
rc = tids_send_response(tids, req, resp);
int conn = -1;
pid_t pid;
+ tids->tids_port = port;
if (0 > (listen = tids_listen(tids, port)))
perror ("Error from tids_listen()");
/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2015, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static int tr_tids_req_handler (TIDS_INSTANCE *tids,
TID_REQ *orig_req,
TID_RESP *resp,
- void *tr)
+ void *tr_in)
{
TIDC_INSTANCE *tidc = NULL;
TR_RESP_COOKIE resp_cookie;
TID_REQ *fwd_req = NULL;
TR_COMM *cfg_comm = NULL;
TR_COMM *cfg_apc = NULL;
+ TR_INSTANCE *tr = (TR_INSTANCE *) tr_in;
int oaction = TR_FILTER_ACTION_REJECT;
int rc = 0;
return -1;
}
- if (NULL == (cfg_comm = tr_comm_lookup((TR_INSTANCE *)tids->cookie, orig_req->comm))) {
+ if (NULL == (cfg_comm = tr_comm_lookup(tids->cookie, orig_req->comm))) {
tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", orig_req->comm->buf);
tids_send_err_response(tids, orig_req, "Unknown community");
return -1;
/* Check that the rp_realm matches the filter for the GSS name that
* was received. */
- if ((!((TR_INSTANCE *)tr)->rp_gss) ||
- (!((TR_INSTANCE *)tr)->rp_gss->filter)) {
+ if ((!(tr)->rp_gss) ||
+ (!(tr)->rp_gss->filter)) {
tr_notice("tr_tids_req_handler: No GSS name for incoming request.");
tids_send_err_response(tids, orig_req, "No GSS name for request");
return -1;
}
- if ((TR_FILTER_NO_MATCH == tr_filter_process_rp_permitted(orig_req->rp_realm, ((TR_INSTANCE *)tr)->rp_gss->filter, orig_req->cons, &fwd_req->cons, &oaction)) ||
+ if ((TR_FILTER_NO_MATCH == tr_filter_process_rp_permitted(orig_req->rp_realm, (tr)->rp_gss->filter, orig_req->cons, &fwd_req->cons, &oaction)) ||
(TR_FILTER_ACTION_REJECT == oaction)) {
tr_notice("tr_tids_req_handler: RP realm (%s) does not match RP Realm filter for GSS name", orig_req->rp_realm->buf);
tids_send_err_response(tids, orig_req, "RP Realm filter error");
apc = tr_dup_name(cfg_comm->apcs->id);
/* Check that the APC is configured */
- if (NULL == (cfg_apc = tr_comm_lookup((TR_INSTANCE *)tids->cookie, apc))) {
+ if (NULL == (cfg_apc = tr_comm_lookup(tids->cookie, apc))) {
tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", apc->buf);
tids_send_err_response(tids, orig_req, "Unknown APC");
return -1;
/* send a TID request to the AAA server(s), and get the answer(s) */
/* TBD -- Handle multiple servers */
+ if (cfg_apc)
+ fwd_req->expiration_interval = cfg_apc->expiration_interval;
+ else fwd_req->expiration_interval = cfg_comm->expiration_interval;
/* Create a TID client instance */
if (NULL == (tidc = tidc_create())) {
tr_crit("tr_tids_req_hander: Unable to allocate TIDC instance.");
tids_send_err_response(tids, orig_req, "Memory allocation failure");
return -1;
}
-
/* Use the DH parameters from the original request */
/* TBD -- this needs to be fixed when we handle more than one req per conn */
tidc->client_dh = orig_req->tidc_dh;
if (0 > (rc = tidc_fwd_request(tidc, fwd_req, &tr_tidc_resp_handler, (void *)&resp_cookie))) {
tr_notice("Error from tidc_fwd_request, rc = %d.", rc);
tids_send_err_response(tids, orig_req, "Can't forward request to next hop TIDS");
+ tid_req_free(orig_req);
return -1;
}
+ tid_req_free(orig_req);
return 0;
}
static int tr_tids_gss_handler(gss_name_t client_name, TR_NAME *gss_name,
- void *tr)
+ void *tr_in)
{
TR_RP_CLIENT *rp;
+ TR_INSTANCE *tr = (TR_INSTANCE *) tr_in;
if ((!client_name) || (!gss_name) || (!tr)) {
tr_debug("tr_tidc_gss_handler: Bad parameters.");
/* Store the rp client in the TR_INSTANCE structure for now...
* TBD -- fix me for new tasking model. */
- ((TR_INSTANCE *)tr)->rp_gss = rp;
+ (tr)->rp_gss = rp;
tr_debug("Client's GSS Name: %s", gss_name->buf);
+
return 0;
}
%global optflags %{optflags} -Wno-parentheses
Name: trust_router
-Version: 1.4.2
+Version: 1.5
Release: 1%{?dist}
Summary: Moonshot Trust Router