DONE - Generate a real random number for DH (in common/tr_dh.c)
DONE - Read TR portal/manual config from files at start-up (non-dynamic)
DONE - Look-up code to find correct AAA Server for a Comm/Realm
-IN PROGRESS - TR TID request & response handlers
+DONE - TR TID request & response handlers
- Check gss_name on incoming TID request in TR (in TIDS, too?)
- Check rp_realm COI membership in TR
- Check idp_realm APC membership in TR
- Move to better tasking model for TR (needed for dyn cfg and TR protocol)
- Dynamically re-read TR configuration file at runtime
- Keep single connection open between AAA proxy & TR for TID requests
+- Handle multiple simultaneous TID requests in AAA proxy (reqs req ID in the protocol)
+- Add TR support for multiple AAA servers in an IDP
- Normalize/configure logging for info msgs, warnings and errors (log4c)
- Clean-up gsscon API and messages
- Figure out what to do about commented-out checks in gsscon_passive.c
unsigned char *buf = NULL;;
int rc = 0;
- if ((!buf) ||
+ if ((!pbuf) ||
(!pub_key) ||
(!priv_dh)) {
fprintf(stderr, "tr_compute_dh_key(): Invalid parameters.\n");
if (NULL == (srvr = malloc(sizeof(TID_SRVR_BLK))))
return NULL;
+ memset(srvr, 0, sizeof(TID_SRVR_BLK));
if ((NULL == (jsrvr_addr = json_object_get(jsrvr, "server_addr"))) ||
(NULL == (jsrvr_kn = json_object_get(jsrvr, "key_name"))) ||
{
assert(hex_len >= 2*bin_len);
while (bin_len >0) {
- snprintf(hex_out, hex_len, "%2x", bin[0]);
+ snprintf(hex_out, hex_len, "%.2x", bin[0]);
bin++, hex_out += 2;
bin_len--;
hex_len -= 2;
struct tidc_instance {
TID_REQ *req_list;
+ // TBD -- Do we still need a separate private key */
char *priv_key;
int priv_len;
DH *priv_dh; /* Client's DH struct with priv and pub keys */
#include <gsscon.h>
#include <trust_router/tid.h>
+#include <trust_router/tr_dh.h>
static int tidc_response_received = 0;
TID_RESP *resp,
void *cookie)
{
+ int c_keylen = 0;
+ unsigned char *c_keybuf = NULL;
+ int i;
+
printf ("Response received! Realm = %s, Community = %s.\n", resp->realm->buf, resp->comm->buf);
tidc_response_received = 1;
+ /* Generate the client key -- TBD, handle more than one server */
+ if (TID_SUCCESS != resp->result) {
+ fprintf(stderr, "tidc_resp_handler: Response is an error.\n");
+ return;
+ }
+
+ if (!resp->servers) {
+ fprintf(stderr, "tidc_resp_handler: Response does not contain server info.\n");
+ return;
+ }
+ if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf,
+ resp->servers->aaa_server_dh->pub_key,
+ req->tidc_dh))) {
+
+ printf("tidc_resp_handler: Error computing client key.\n");
+ return;
+ }
+
+ /* Print out the client key. */
+ printf("Client Key Generated (len = %d):\n", c_keylen);
+ for (i = 0; i < c_keylen; i++) {
+ printf("%x", c_keybuf[i]);
+ }
+ printf("\n");
+
return;
}
#include <stdio.h>
#include <stdlib.h>
#include <jansson.h>
-
#include <gsscon.h>
+
#include <trust_router/tr_dh.h>
#include <trust_router/tid.h>
#include <tr_msg.h>
else
return NULL;
+ // TBD -- Add a flag, so we don't do this for the trust router */
if (NULL == (tidc->priv_dh = tr_create_dh_params(NULL, 0))) {
free (tidc);
return NULL;
TR_MSG *msg = NULL;
TID_REQ *tid_req = NULL;
TR_MSG *resp_msg = NULL;
- int c_keylen = 0;
- unsigned char *c_keybuf = NULL;
- int i;
/* Create and populate a TID msg structure */
if ((!(msg = malloc(sizeof(TR_MSG)))) ||
(*tid_req->resp_func)(tidc, tid_req, resp_msg->tid_resp, cookie);
- /* Generate the client key -- TBD, handle more than one server */
- if (TID_SUCCESS != resp_msg->tid_resp->result) {
- fprintf(stderr, "Response is an error.\n");
- return -1;
- }
-
- if (!resp_msg->tid_resp->servers) {
- fprintf(stderr, "Response does not contain server info.\n");
- return -1;
- }
-
- if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf,
- resp_msg->tid_resp->servers->aaa_server_dh->pub_key,
- tid_req->tidc_dh))) {
-
- printf("Error computing client key.\n");
- return -1;
- }
-
- /* Print out the client key. */
- printf("Client Key Generated (len = %d):\n", c_keylen);
- for (i = 0; i < c_keylen; i++) {
- printf("%x", c_keybuf[i]);
- }
- printf("\n");
-
if (msg)
free(msg);
if (tid_req)