return NULL;
}
- for (idp = comm->idp_realms; NULL != idp; idp = idp->next) {
+ for (idp = comm->idp_realms; NULL != idp; idp = idp->comm_next) {
if (!tr_name_cmp (idp_realm, idp->realm_id)) {
- tr_debug("tr_find_comm_idp: Found %s.", idp_realm->buf);
+ tr_debug("tr_find_comm_idp: Found IdP %s in community %s.", idp_realm->buf, comm->id->buf);
return idp;
}
}
for (rp = comm->rp_realms; NULL != rp; rp = rp->next) {
if (!tr_name_cmp (rp_realm, rp->realm_name)) {
- tr_debug("tr_find_comm_idp: Found %s.", rp_realm->buf);
+ tr_debug("tr_find_comm_rp: Found RP %s in community %s.", rp_realm->buf, comm->id->buf);
return rp;
}
}
#include <tr_filter.h>
#include <trust_router/tr_constraint.h>
-void tr_print_config (FILE *stream, TR_CFG *cfg) {
- fprintf(stream, "tr_print_config: Not yet implemented.");
- return;
+void tr_print_config (TR_CFG *cfg) {
+ tr_notice("tr_print_config: Logging running trust router configuration.");
+ tr_print_comms(cfg->comms);
+}
+
+void tr_print_comms (TR_COMM *comm_list) {
+ TR_COMM *comm = NULL;
+
+ for (comm = comm_list; NULL != comm; comm = comm->next) {
+ tr_notice("tr_print_config: Community %s:", comm->id->buf);
+
+ tr_notice("tr_print_config: - Member IdPs:");
+ tr_print_comm_idps(comm->idp_realms);
+
+ tr_notice("tr_print_config: - Member RPs:");
+ tr_print_comm_rps(comm->rp_realms);
+ }
+}
+
+void tr_print_comm_idps (TR_IDP_REALM *idp_list) {
+ TR_IDP_REALM *idp = NULL;
+
+ for (idp = idp_list; NULL != idp; idp = idp->comm_next) {
+ tr_notice("tr_print_config: - @%s", idp->realm_id->buf);
+ }
+}
+
+void tr_print_comm_rps(TR_RP_REALM *rp_list) {
+ TR_RP_REALM *rp = NULL;
+
+ for (rp = rp_list; NULL != rp; rp = rp->next) {
+ tr_notice("tr_print_config: - %s", rp->realm_name->buf);
+ }
}
void tr_cfg_free (TR_CFG *cfg) {
static TR_IDP_REALM *tr_cfg_parse_comm_idps (TR_CFG *trc, json_t *jidps, TR_CFG_RC *rc)
{
TR_IDP_REALM *idp = NULL;
+ TR_IDP_REALM *found_idp = NULL;
TR_IDP_REALM *temp_idp = NULL;
int i = 0;
}
for (i = 0; i < json_array_size(jidps); i++) {
- if (NULL == (temp_idp = (tr_cfg_find_idp(trc,
+ if (NULL == (temp_idp = talloc(trc, TR_IDP_REALM))) {
+ tr_debug("tr_cfg_parse_comm_idps: Can't allocate memory for IdP Realm.");
+ if (rc)
+ *rc = TR_CFG_NOMEM;
+ return NULL;
+ }
+ memset (temp_idp, 0, sizeof(TR_IDP_REALM));
+
+ if (NULL == (found_idp = (tr_cfg_find_idp(trc,
tr_new_name((char *)json_string_value(json_array_get(jidps, i))),
rc)))) {
tr_debug("tr_cfg_parse_comm_idps: Unknown IDP %s.",
return NULL;
}
+ // We *MUST* do a dereferenced copy here or the second community will corrupt the linked list we create here.
+ *temp_idp = *found_idp;
+
temp_idp->comm_next = idp;
idp = temp_idp;
}
/* Reads configuration files in config_dir ("" or "./" will use the current directory) */
TR_CFG_RC tr_parse_config (TR_INSTANCE *tr, const char *config_dir, int n, struct dirent **cfg_files) {
json_t *jcfg;
+ json_t *jser;
json_error_t rc;
char *file_with_path;
}
talloc_free(file_with_path); /* done with filename */
+ // Look for serial number and log it if it exists
+ if (NULL != (jser = json_object_get(jcfg, "serial_number"))) {
+ if (json_is_number(jser)) {
+ tr_notice("tr_read_config: Attempting to load revision %i of %s.",
+ (int *) json_integer_value(jser),
+ cfg_files[n]->d_name);
+ }
+ }
+
if ((TR_CFG_SUCCESS != tr_cfg_parse_internal(tr->new_cfg, jcfg)) ||
(TR_CFG_SUCCESS != tr_cfg_parse_rp_clients(tr->new_cfg, jcfg)) ||
(TR_CFG_SUCCESS != tr_cfg_parse_idp_realms(tr->new_cfg, jcfg)) ||
free (name->buf);
name->buf = NULL;
}
-
+
free(name);
}
-TR_NAME *tr_new_name (char *name)
+TR_NAME *tr_new_name (const char *name)
{
TR_NAME *new;
- if (new = malloc(sizeof(TR_NAME))) {
+ if (new = malloc(sizeof(TR_NAME))) {
new->len = strlen(name);
if (new->buf = malloc((new->len)+1)) {
strcpy(new->buf, name);
return new;
}
-TR_NAME *tr_dup_name (TR_NAME *from)
+TR_NAME *tr_dup_name (TR_NAME *from)
{
TR_NAME *to;
return s;
}
-
+
TR_CFG_RC tr_apply_new_config (TR_INSTANCE *tr);
TR_CFG_RC tr_cfg_validate (TR_CFG *trc);
void tr_cfg_free(TR_CFG *cfg);
-void tr_print_config(FILE *stream, TR_CFG *cfg);
+
+void tr_print_config(TR_CFG *cfg);
+void tr_print_comms(TR_COMM *comm_list);
+void tr_print_comm_idps(TR_IDP_REALM *idp_list);
+void tr_print_comm_rps(TR_RP_REALM *rp_list);
TR_IDP_REALM *tr_cfg_find_idp (TR_CFG *tr_cfg, TR_NAME *idp_id, TR_CFG_RC *rc);
TR_RP_CLIENT *tr_cfg_find_rp (TR_CFG *tr_cfg, TR_NAME *rp_gss, TR_CFG_RC *rc);
/* TID Client functions, in tid/tidc.c */
TR_EXPORT TIDC_INSTANCE *tidc_create (void);
-TR_EXPORT int tidc_open_connection (TIDC_INSTANCE *tidc, char *server, unsigned int port, gss_ctx_id_t *gssctx);
-TR_EXPORT int tidc_send_request (TIDC_INSTANCE *tidc, int conn, gss_ctx_id_t gssctx, char *rp_realm, char *realm, char *coi, TIDC_RESP_FUNC *resp_handler, void *cookie);
+TR_EXPORT int tidc_open_connection (TIDC_INSTANCE *tidc, const char *server, unsigned int port, gss_ctx_id_t *gssctx);
+TR_EXPORT int tidc_send_request (TIDC_INSTANCE *tidc, int conn, gss_ctx_id_t gssctx, const char *rp_realm, const char *realm, const char *coi, TIDC_RESP_FUNC *resp_handler, void *cookie);
TR_EXPORT int tidc_fwd_request (TIDC_INSTANCE *tidc, TID_REQ *req, TIDC_RESP_FUNC *resp_handler, void *cookie);
TR_EXPORT DH *tidc_get_dh(TIDC_INSTANCE *);
TR_EXPORT DH *tidc_set_dh(TIDC_INSTANCE *, DH *);
/* TID Server functions, in tid/tids.c */
TR_EXPORT TIDS_INSTANCE *tids_create (void);
TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler,
- tids_auth_func *auth_handler, const char *hostname,
+ tids_auth_func *auth_handler, const char *hostname,
unsigned int port, void *cookie);
TR_EXPORT int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp);
TR_EXPORT int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg);
int len;
} TR_NAME;
-TR_EXPORT TR_NAME *tr_new_name (char *name);
+TR_EXPORT TR_NAME *tr_new_name (const char *name);
TR_EXPORT TR_NAME *tr_dup_name (TR_NAME *from);
TR_EXPORT void tr_free_name (TR_NAME *name);
TR_EXPORT int tr_name_cmp (TR_NAME *one, TR_NAME *two);
{
TIDC_INSTANCE *tidc = NULL;
- if (NULL == (tidc = talloc_zero(NULL, TIDC_INSTANCE)))
+ if (NULL == (tidc = talloc_zero(NULL, TIDC_INSTANCE)))
return NULL;
return tidc;
}
int tidc_open_connection (TIDC_INSTANCE *tidc,
- char *server,
+ const char *server,
unsigned int port,
gss_ctx_id_t *gssctx)
{
if (0 == port)
use_port = TID_PORT;
- else
+ else
use_port = port;
err = gsscon_connect(server, use_port, "trustidentity", &conn, gssctx);
return -1;
}
-int tidc_send_request (TIDC_INSTANCE *tidc,
- int conn,
+int tidc_send_request (TIDC_INSTANCE *tidc,
+ int conn,
gss_ctx_id_t gssctx,
- char *rp_realm,
- char *realm,
- char *comm,
+ const char *rp_realm,
+ const char *realm,
+ const char *comm,
TIDC_RESP_FUNC *resp_handler,
void *cookie)
{
return rc;
}
-int tidc_fwd_request (TIDC_INSTANCE *tidc,
- TID_REQ *tid_req,
+int tidc_fwd_request (TIDC_INSTANCE *tidc,
+ TID_REQ *tid_req,
TIDC_RESP_FUNC *resp_handler,
void *cookie)
{
/* store the response function and cookie */
// tid_req->resp_func = resp_handler;
// tid_req->cookie = cookie;
-
+
/* Encode the request into a json string */
if (!(req_buf = tr_msg_encode(msg))) {
tr_debug( "%s\n", req_buf);
/* Send the request over the connection */
- if (err = gsscon_write_encrypted_token (tid_req->conn, tid_req->gssctx, req_buf,
+ if (err = gsscon_write_encrypted_token (tid_req->conn, tid_req->gssctx, req_buf,
strlen(req_buf))) {
tr_err( "tidc_fwd_request: Error sending request over connection.\n");
goto error;
tr_err( "tidc_fwd_request: Error, no response in the response!\n");
goto error;
}
-
+
if (resp_handler)
/* Call the caller's response function */
(*resp_handler)(tidc, tid_req, tr_msg_get_resp(resp_msg), cookie);
exit(1);
}
+ /* print the loaded configuration */
+ tr_print_config(tr->active_cfg);
+
/* initialize the trust path query server instance */
if (0 == (tr->tids = tids_create ())) {
tr_crit("Error initializing Trust Path Query Server instance.");
%global optflags %{optflags} -Wno-parentheses
Name: trust_router
-Version: 1.5.1
-Release: 2%{?dist}
+Version: 1.5.2
+Release: 1%{?dist}
Summary: Moonshot Trust Router
Group: System Environment/Libraries
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: krb5-devel , glib-devel
+BuildRequires: krb5-devel, glib2-devel
BuildRequires: jansson-devel >= 2.4
BuildRequires: sqlite-devel, openssl-devel, libtalloc-devel
+BuildRequires: systemd
Requires: moonshot-gss-eap >= 0.9.3, sqlite
%description
%doc README
%{_bindir}/*
%{_datadir}/trust_router/schema.sql
-#/lib/systemd/system/tids.service
%{_initrddir}/tids
%{_initrddir}/trust_router
+%{_unitdir}/tids.service
+
%config(noreplace) %{_sysconfdir}/sysconfig/tids
%config(noreplace) %{_sysconfdir}/sysconfig/trust_router