return 0;
}
-void tr_dh_free(DH *dh)
+void tr_dh_free(unsigned char *dh_buf)
+{
+ free(dh_buf);
+}
+
+void tr_dh_destroy(DH *dh)
{
DH_free(dh);
}
(NULL == (jg = json_object_get(jdh, "dh_g"))) ||
(NULL == (jpub_key = json_object_get(jdh, "dh_pub_key")))) {
tr_debug("tr_msg_decode_dh(): Error parsing dh_info.");
- tr_dh_free(dh);
+ tr_dh_destroy(dh);
return NULL;
}
json_object_set_new(jsrvr, "server_dh", tr_msg_encode_dh(srvr->aaa_server_dh));
if (srvr->path)
/* The path is owned by the srvr, so grab an extra ref*/
- json_object_set(jsrvr, "path", srvr->path);
+ json_object_set(jsrvr, "path", (json_t *)(srvr->path));
return jsrvr;
}
srvr->aaa_server_addr=talloc_strdup(srvr, json_string_value(jsrvr_addr));
srvr->key_name = tr_new_name((char *)json_string_value(jsrvr_kn));
srvr->aaa_server_dh = tr_msg_decode_dh(jsrvr_dh);
- tid_srvr_blk_set_path(srvr, json_object_get(jsrvr, "path"));
+ tid_srvr_blk_set_path(srvr, (TID_PATH *) json_object_get(jsrvr, "path"));
jsrvr_expire = json_object_get(jsrvr, "key_expiration");
if (jsrvr_expire && json_is_string(jsrvr_expire)) {
if (!g_time_val_from_iso8601(json_string_value(jsrvr_expire),
#include <stdio.h>
#include <string.h>
#include <time.h>
-/*#include <trust_router/tr_dh.h>*/
+#include <trust_router/tr_dh.h>
#include <tr_util.h>
void tr_bin_to_hex(const unsigned char * bin, size_t bin_len,
TR_NAME *key_name;
DH *aaa_server_dh; /* AAA server's public dh information */
GTimeVal key_expiration; /**< absolute time at which key expires*/
- json_t *path;/**< Path of trust routers that the request traversed*/
+ TID_PATH *path;/**< Path of trust routers that the request traversed*/
};
struct tid_resp {
char *ipaddr;
const char *hostname;
TIDS_REQ_FUNC *req_handler;
- TIDS_AUTH_FUNC *auth_handler;
+ tids_auth_func *auth_handler;
void *cookie;
uint16_t tids_port;
struct tr_rp_client *rp_gss; /* Client matching GSS name */
TID_SRVR_BLK *tid_srvr_blk_dup(TALLOC_CTX *mem_ctx, TID_SRVR_BLK *srvr);
TID_SRVR_BLK *tid_srvr_blk_add_func(TID_SRVR_BLK *head, TID_SRVR_BLK *new);
#define tid_srvr_blk_add(head, new) ((head)=tid_srvr_blk_add_func((head),(new)))
-void tid_srvr_blk_set_path(TID_SRVR_BLK *block, json_t *path);
+void tid_srvr_blk_set_path(TID_SRVR_BLK *block, TID_PATH *path);
void tid_resp_set_cons(TID_RESP *resp, TR_CONSTRAINT_SET *cons);
void tid_resp_set_error_path(TID_RESP *resp, json_t *ep);
#include <trust_router/tr_versioning.h>
-TR_EXPORT void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
- char * hex_out, size_t hex_len);
TR_EXPORT int tr_cmp_timespec(struct timespec *ts1, struct timespec *ts2);
#endif /* TR_UTIL_H */
typedef struct _tr_constraint_set TR_CONSTRAINT_SET;
+typedef struct _tid_path TID_PATH;
typedef struct tid_resp TID_RESP;
typedef int (TIDS_REQ_FUNC)(TIDS_INSTANCE *, TID_REQ *, TID_RESP *, void *);
-typedef int (TIDS_AUTH_FUNC)(gss_name_t client_name, TR_NAME *display_name, void *cookie);
+typedef int (tids_auth_func)(gss_name_t client_name, TR_NAME *display_name, void *cookie);
void tid_req_set_resp_func(TID_REQ *req, TIDC_RESP_FUNC *resp_func);
TR_EXPORT void *tid_req_get_cookie(TID_REQ *req);
void tid_req_set_cookie(TID_REQ *req, void *cookie);
-TR_EXPORT TID_REQ *tid_dup_req (TALLOC_CTX *mem_ctx, TID_REQ *orig_req);
+TR_EXPORT TID_REQ *tid_dup_req (TID_REQ *orig_req);
TR_EXPORT void tid_req_free( TID_REQ *req);
/* Utility functions for TID_RESP structure, in tid/tid_resp.c */
void tid_resp_set_orig_coi(TID_RESP *resp, TR_NAME *orig_coi);
TR_EXPORT TID_SRVR_BLK *tid_resp_get_server(TID_RESP *resp, size_t index);
TR_EXPORT size_t tid_resp_get_num_servers(const TID_RESP *resp);
-TR_EXPORT json_t *tid_resp_get_error_path(const TID_RESP *);
+TR_EXPORT const TID_PATH *tid_resp_get_error_path(const TID_RESP *);
/** Get either the error_path or the path of the first server block for
* a successful response*/
-TR_EXPORT json_t *tid_resp_get_a_path(const TID_RESP *);
+TR_EXPORT const TID_PATH *tid_resp_get_a_path(const TID_RESP *);
/* Server blocks*/
TR_EXPORT void tid_srvr_get_address(const TID_SRVR_BLK *,
const struct sockaddr **out_addr, size_t *out_sa_len);
TR_EXPORT DH *tid_srvr_get_dh(TID_SRVR_BLK *);
TR_EXPORT const TR_NAME *tid_srvr_get_key_name(const TID_SRVR_BLK *);
-TR_EXPORT const json_t *tid_srvr_get_path(const TID_SRVR_BLK *);
+TR_EXPORT const TID_PATH *tid_srvr_get_path(const TID_SRVR_BLK *);
#define tid_resp_servers_foreach(RESP, SERVER, INDEX) \
/* TID Client functions, in tid/tidc.c */
-TR_EXPORT TIDC_INSTANCE *tidc_create (TALLOC_CTX *mem_ctx);
+TR_EXPORT TIDC_INSTANCE *tidc_create (void);
TR_EXPORT int tidc_open_connection (TIDC_INSTANCE *tidc, const char *server, unsigned int port, gss_ctx_id_t *gssctx);
TR_EXPORT int tidc_send_request (TIDC_INSTANCE *tidc, int conn, gss_ctx_id_t gssctx, const char *rp_realm, const char *realm, const char *coi, TIDC_RESP_FUNC *resp_handler, void *cookie);
TR_EXPORT int tidc_fwd_request (TIDC_INSTANCE *tidc, TID_REQ *req, TIDC_RESP_FUNC *resp_handler, void *cookie);
TR_EXPORT DH *tidc_get_dh(TIDC_INSTANCE *);
TR_EXPORT DH *tidc_set_dh(TIDC_INSTANCE *, DH *);
-TR_EXPORT void tidc_free(TIDC_INSTANCE *tidc);
+TR_EXPORT void tidc_destroy(TIDC_INSTANCE *tidc);
/* TID Server functions, in tid/tids.c */
-TR_EXPORT TIDS_INSTANCE *tids_create (TALLOC_CTX *mem_ctx);
+TR_EXPORT TIDS_INSTANCE *tids_create (void);
+TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler, const char *hostname,
+ unsigned int port, void *cookie);
TR_EXPORT int tids_get_listener (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler,
- TIDS_AUTH_FUNC *auth_handler, const char *hostname,
+ tids_auth_func *auth_handler, const char *hostname,
unsigned int port, void *cookie, int *fd_out, size_t max_fd);
TR_EXPORT int tids_accept(TIDS_INSTANCE *tids, int listen);
TR_EXPORT int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp);
#include <trust_router/tid.h>
TR_EXPORT DH *tr_dh_new(void);
-TR_EXPORT void tr_dh_free(DH *dh);
+TR_EXPORT void tr_dh_destroy(DH *dh); /* called destroy because free is already used */
TR_EXPORT DH *tr_create_dh_params(unsigned char *key, size_t len);
TR_EXPORT DH *tr_create_matching_dh(unsigned char *key, size_t len, DH *in_dh);
TR_EXPORT void tr_destroy_dh_params(DH *dh);
TR_EXPORT DH *tr_dh_dup(DH *in);
TR_EXPORT int tr_compute_dh_key(unsigned char **pbuf, BIGNUM *pub_key, DH *priv_dh);
+TR_EXPORT void tr_dh_free(unsigned char *dh_buf);
int TR_EXPORT tr_dh_pub_hash(TID_REQ *request,
unsigned char **out_digest,
size_t *out_llen);
+TR_EXPORT void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
+ char * hex_out, size_t hex_len);
+
#endif
printf("TIDC Client:\nServer = %s, rp_realm = %s, target_realm = %s, community = %s, port = %i\n", opts.server, opts.rp_realm, opts.target_realm, opts.community, opts.port);
/* Create a TID client instance & the client DH */
- tidc = tidc_create(NULL);
+ tidc = tidc_create();
if (NULL == (tidc->client_dh = tr_create_dh_params(NULL, 0))) {
printf("Error creating client DH params.\n");
return 1;
}
/* Clean-up the TID client instance, and exit */
- tidc_free(tidc);
+ tidc_destroy(tidc);
return 0;
}
}
if (0 != handle_authorizations(req, pub_digest, pub_digest_len))
return -1;
- tid_srvr_blk_set_path(resp->servers, req->path);
+ tid_srvr_blk_set_path(resp->servers, (TID_PATH *)(req->path));
if (req->expiration_interval < 1)
req->expiration_interval = 1;
TIDS_INSTANCE *tids;
TR_NAME *gssname = NULL;
struct cmdline_args opts={NULL};
-#define MAX_SOCKETS 10
- int tids_socket[MAX_SOCKETS];
- size_t n_sockets;
- struct pollfd poll_fds[MAX_SOCKETS];
- size_t ii=0;
/* parse the command line*/
argp_parse(&argp, argc, argv, 0, 0, &opts);
-1, &authorization_insert, NULL);
/* Create a TID server instance */
- if (NULL == (tids = tids_create(NULL))) {
+ if (NULL == (tids = tids_create())) {
tr_crit("Unable to create TIDS instance, exiting.");
return 1;
}
tids->ipaddr = opts.ip_address;
-
- /* get listener for tids port */
- n_sockets = tids_get_listener(tids, &tids_req_handler, auth_handler, opts.hostname, TID_PORT, gssname,
- tids_socket, MAX_SOCKETS);
-
- for (ii=0; ii<n_sockets; ii++) {
- poll_fds[ii].fd=tids_socket[ii];
- poll_fds[ii].events=POLLIN; /* poll on ready for reading */
- poll_fds[ii].revents=0;
- }
-
- /* main event loop */
- while (1) {
- /* wait up to 100 ms for an event, then handle any idle work */
- if(poll(poll_fds, n_sockets, 100) > 0) {
- for (ii=0; ii<n_sockets; ii++) {
- if (poll_fds[ii].revents & POLLIN) {
- if (0 != tids_accept(tids, tids_socket[ii])) {
- tr_err("Error handling tids request.");
- }
- }
- }
- }
- /* idle loop stuff here */
- }
+ (void) tids_start(tids, &tids_req_handler, auth_handler, opts.hostname, TID_PORT, gssname);
/* Clean-up the TID server instance */
tids_destroy(tids);
req->cookie = cookie;
}
-TID_REQ *tid_dup_req (TALLOC_CTX *mem_ctx, TID_REQ *orig_req)
+/* struct is allocated in talloc null context */
+TID_REQ *tid_dup_req (TID_REQ *orig_req)
{
TID_REQ *new_req = NULL;
- if (NULL == (new_req = talloc_zero(mem_ctx, TID_REQ))) {
+ if (NULL == (new_req = talloc_zero(NULL, TID_REQ))) {
tr_crit("tid_dup_req: Can't allocated duplicate request.");
return NULL;
}
if (srvr->aaa_server_dh!=NULL)
tr_destroy_dh_params(srvr->aaa_server_dh);
if (srvr->path!=NULL)
- json_decref(srvr->path);
+ json_decref((json_t *)(srvr->path));
return 0;
}
return head;
}
-TR_EXPORT void tid_srvr_blk_set_path(TID_SRVR_BLK *block, json_t *path)
+TR_EXPORT void tid_srvr_blk_set_path(TID_SRVR_BLK *block, TID_PATH *path)
{
if (block->path!=NULL)
- json_decref(block->path);
+ json_decref((json_t *)(block->path));
block->path=path;
if (block->path!=NULL)
- json_incref(block->path);
+ json_incref((json_t *)(block->path));
}
-TR_EXPORT const json_t *tid_srvr_get_path( const TID_SRVR_BLK *block)
+TR_EXPORT const TID_PATH *tid_srvr_get_path( const TID_SRVR_BLK *block)
{
if (!block)
return NULL;
json_incref(resp->error_path);
}
-TR_EXPORT json_t *tid_resp_get_error_path(const TID_RESP *resp)
+TR_EXPORT const TID_PATH *tid_resp_get_error_path(const TID_RESP *resp)
{
if (!resp)
return NULL;
- return resp->error_path;
+ return (const TID_PATH *)(resp->error_path);
}
-TR_EXPORT json_t *tid_resp_get_a_path(const TID_RESP *const_resp)
+TR_EXPORT const TID_PATH *tid_resp_get_a_path(const TID_RESP *const_resp)
{
size_t index;
TID_SRVR_BLK *server;
if (!resp)
return NULL;
-
if (resp->error_path)
- return resp->error_path;
+ return (const TID_PATH *)(resp->error_path);
tid_resp_servers_foreach( resp, server, index) {
if (server->path)
return server->path;
return 0;
}
-TIDC_INSTANCE *tidc_create(TALLOC_CTX *mem_ctx)
+/* creates struct in talloc null context */
+TIDC_INSTANCE *tidc_create(void)
{
- TIDC_INSTANCE *tidc=talloc(mem_ctx, TIDC_INSTANCE);
+ TIDC_INSTANCE *tidc=talloc(NULL, TIDC_INSTANCE);
if (tidc!=NULL) {
tidc->client_dh=NULL;
talloc_set_destructor((void *)tidc, tidc_destructor);
return tidc;
}
-void tidc_free(TIDC_INSTANCE *tidc)
+void tidc_destroy(TIDC_INSTANCE *tidc)
{
talloc_free(tidc);
}
#include <netinet/in.h>
#include <jansson.h>
#include <talloc.h>
+#include <poll.h>
#include <tid_internal.h>
#include <gsscon.h>
#include <tr_debug.h>
tr_crit("tids_send_err_response: Can't create response.");
return -1;
}
-
/* mark this as an error response, and include the error message */
resp->result = TID_ERROR;
}
}
-TIDS_INSTANCE *tids_create (TALLOC_CTX *mem_ctx)
+TIDS_INSTANCE *tids_create (void)
{
- return talloc_zero(mem_ctx, TIDS_INSTANCE);
+ return talloc_zero(NULL, TIDS_INSTANCE);
}
/* Get a listener for tids requests, returns its socket fd. Accept
* connections with tids_accept() */
int tids_get_listener(TIDS_INSTANCE *tids,
TIDS_REQ_FUNC *req_handler,
- TIDS_AUTH_FUNC *auth_handler,
+ tids_auth_func *auth_handler,
const char *hostname,
unsigned int port,
void *cookie,
tids->tids_port = port;
n_fd=tids_listen(tids, port, fd_out, max_fd);
- if (n_fd==0)
+ if (n_fd<=0)
tr_debug("tids_get_listener: Error opening port %d");
else {
/* opening port succeeded */
return 0;
}
+/* Process tids requests forever. Should not return except on error. */
+#define MAX_SOCKETS 10
+int tids_start (TIDS_INSTANCE *tids,
+ TIDS_REQ_FUNC *req_handler,
+ tids_auth_func *auth_handler,
+ const char *hostname,
+ unsigned int port,
+ void *cookie)
+{
+ int fd[MAX_SOCKETS]={0};
+ size_t n_fd=0;
+ struct pollfd poll_fd[MAX_SOCKETS]={{0}};
+ int ii=0;
+
+ n_fd=tids_get_listener(tids, req_handler, auth_handler, hostname, port, cookie, fd, MAX_SOCKETS);
+ if (n_fd <= 0) {
+ perror ("Error from tids_listen()");
+ return 1;
+ }
+
+ tr_info("Trust Path Query Server starting on host %s:%d.", hostname, port);
+
+ /* set up the poll structs */
+ for (ii=0; ii<n_fd; ii++) {
+ poll_fd[ii].fd=fd[ii];
+ poll_fd[ii].events=POLLIN;
+ }
+
+ while(1) { /* accept incoming conns until we are stopped */
+ /* clear out events from previous iteration */
+ for (ii=0; ii<n_fd; ii++)
+ poll_fd[ii].revents=0;
+
+ /* wait indefinitely for a connection */
+ if (poll(poll_fd, n_fd, -1) < 0) {
+ perror("Error from poll()");
+ return 1;
+ }
+
+ /* fork handlers for any sockets that have data */
+ for (ii=0; ii<n_fd; ii++) {
+ if (poll_fd[ii].revents == 0)
+ continue;
+
+ if ((poll_fd[ii].revents & POLLERR) || (poll_fd[ii].revents & POLLNVAL)) {
+ perror("Error polling fd");
+ continue;
+ }
+
+ if (poll_fd[ii].revents & POLLIN) {
+ if (tids_accept(tids, poll_fd[ii].fd))
+ tr_err("tids_start: error in tids_accept().");
+ }
+ }
+ }
+
+ return 1; /* should never get here, loops "forever" */
+}
+#undef MAX_SOCKETS
+
void tids_destroy (TIDS_INSTANCE *tids)
{
/* clean up logfiles */
}
/***** initialize the trust path query server instance *****/
- if (NULL == (tr->tids = tids_create (tr))) {
+ if (NULL == (tr->tids = tids_create())) {
tr_crit("Error initializing Trust Path Query Server instance.");
return 1;
}
+ talloc_steal(tr, tr->tids);
/***** initialize the trust router protocol server instance *****/
if (NULL == (tr->trps = trps_new(tr))) {
{
TALLOC_CTX *tmp_ctx=talloc_new(NULL);
struct tr_tids_fwd_cookie *args=talloc_get_type_abort(arg, struct tr_tids_fwd_cookie);
- TIDC_INSTANCE *tidc=tidc_create(tmp_ctx);
+ TIDC_INSTANCE *tidc=tidc_create();
TR_MQ_MSG *msg=NULL;
TR_RESP_COOKIE *cookie=NULL;
int rc=0;
talloc_steal(tmp_ctx, args); /* take responsibility for the cookie */
+ if (tidc!=NULL)
+ talloc_steal(tmp_ctx, tidc);
+
/* create the cookie we will use for our response */
cookie=talloc(tmp_ctx, TR_RESP_COOKIE);
if (cookie==NULL) {
tids->req_count++;
/* Duplicate the request, so we can modify and forward it */
- if (NULL == (fwd_req=tid_dup_req(tmp_ctx, orig_req))) {
+ if (NULL == (fwd_req=tid_dup_req(orig_req))) {
tr_debug("tr_tids_req_handler: Unable to duplicate request.");
retval=-1;
goto cleanup;
}
+ talloc_steal(tmp_ctx, fwd_req);
if (NULL == (cfg_comm=tr_comm_table_find_comm(cfg_mgr->active->ctable, orig_req->comm))) {
tr_notice("tr_tids_req_hander: Request for unknown comm: %s.", orig_req->comm->buf);
aaa_cookie[n_aaa]->mq=mq;
aaa_cookie[n_aaa]->aaa_hostname=tr_dup_name(this_aaa->hostname);
aaa_cookie[n_aaa]->dh_params=tr_dh_dup(orig_req->tidc_dh);
- aaa_cookie[n_aaa]->fwd_req=tid_dup_req(aaa_cookie[n_aaa], fwd_req);
+ aaa_cookie[n_aaa]->fwd_req=tid_dup_req(fwd_req);
+ talloc_steal(aaa_cookie[n_aaa], aaa_cookie[n_aaa]->fwd_req);
tr_debug("tr_tids_req_handler: cookie %d initialized.", n_aaa);
/* Take the cookie out of tmp_ctx before starting thread. If thread starts, it becomes