include/tid_internal.h
pkgdata_DATA=schema.sql
-nobase_dist_pkgdata_DATA=redhat/init redhat/sysconfig redhat/trusts.cfg redhat/tidc-wrapper redhat/trust_router-wrapper redhat/tr-test-main.cfg redhat/default-main.cfg
+nobase_dist_pkgdata_DATA=redhat/init redhat/sysconfig redhat/trusts.cfg redhat/tidc-wrapper redhat/trust_router-wrapper redhat/tr-test-main.cfg redhat/default-main.cfg redhat/tids-wrapper redhat/sysconfig.tids
if HAVE_SYSTEMD
systemdsystemunit_DATA = tids.service
endif
-EXTRA_DIST = trust_router.spec common/tests.json schema.sql tids.service
+EXTRA_DIST = trust_router.spec common/tests.json schema.sql tids.service \
+ tr/manual.cfg tr/portal.cfg \
+ redhat/tids.init
include/tid_internal.h
pkgdata_DATA = schema.sql
-nobase_dist_pkgdata_DATA = redhat/init redhat/sysconfig redhat/trusts.cfg redhat/tidc-wrapper redhat/trust_router-wrapper redhat/tr-test-main.cfg redhat/default-main.cfg
+nobase_dist_pkgdata_DATA = redhat/init redhat/sysconfig redhat/trusts.cfg redhat/tidc-wrapper redhat/trust_router-wrapper redhat/tr-test-main.cfg redhat/default-main.cfg redhat/tids-wrapper redhat/sysconfig.tids
@HAVE_SYSTEMD_TRUE@systemdsystemunit_DATA = tids.service
-EXTRA_DIST = trust_router.spec common/tests.json schema.sql tids.service
+EXTRA_DIST = trust_router.spec common/tests.json schema.sql tids.service \
+ tr/manual.cfg tr/portal.cfg \
+ redhat/tids.init
+
all: all-recursive
.SUFFIXES:
/* TBD -- support more than one filter entry per RP Client? */
if (NULL == (rp->filter = tr_cfg_parse_one_filter(trc, jfilt, rc))) {
fprintf(stderr, "tr_cfg_parse_one_rp_client: Error parsing filter.\n");
- free(rp);
*rc = TR_CFG_NOPARSE;
return NULL;
}
for (i = 0; i < json_array_size(jgns); i++) {
if (NULL == (rp->gss_names[i] = tr_new_name ((char *)json_string_value(json_array_get(jgns, i))))) {
fprintf(stderr, "tr_cfg_parse_one_rp_client: No memory for GSS Name.\n");
- free(rp);
*rc = TR_CFG_NOMEM;
return NULL;
}
(NULL == (jsrvrs = json_object_get(jidp, "aaa_servers"))) ||
(!json_is_array(jsrvrs))) {
fprintf(stderr, "tr_cfg_parse_one_idp_realm: Error parsing IDP realm configuration.\n");
- free(idp);
*rc = TR_CFG_NOPARSE;
return NULL;
}
}
if (NULL == (idp->realm_id = tr_new_name((char *)json_string_value(jrid)))) {
- free(idp);
fprintf(stderr, "tr_cfg_parse_one_idp_realm: No memory for realm id.\n");
*rc = TR_CFG_NOMEM;
return NULL;
if (NULL == (idp->aaa_servers = tr_cfg_parse_aaa_servers(trc, jsrvrs, rc))) {
fprintf(stderr, "tr_cfg_parse_one_idp_realm: Can't parse AAA servers for realm %s.\n", idp->realm_id->buf);
tr_free_name(idp->realm_id);
- free(idp);
return NULL;
}
fprintf(stderr, "tr_cfg_parse_one_idp_realm: Can't parse APCs for realm %s .\n", idp->realm_id->buf);
tr_free_name(idp->realm_id);
/* TBD -- free aaa_servers */;
- free(idp);
return NULL;
}
}
(NULL == (jrps = json_object_get(jcomm, "rp_realms"))) ||
(!json_is_array(jrps))) {
fprintf(stderr, "tr_cfg_parse_one_comm: Error parsing Communities configuration.\n");
- free(comm);
*rc = TR_CFG_NOPARSE;
return NULL;
}
if (NULL == (comm->id = tr_new_name((char *)json_string_value(jid)))) {
- free(comm);
fprintf(stderr, "tr_cfg_parse_one_comm: No memory for community id.\n");
*rc = TR_CFG_NOMEM;
return NULL;
if (NULL == (comm->apcs = tr_cfg_parse_apcs(trc, japcs, rc))) {
fprintf(stderr, "tr_cfg_parse_one_comm: Can't parse APCs for COI %s.\n", comm->id->buf);
tr_free_name(comm->id);
- free(comm);
return NULL;
}
} else {
fprintf(stderr, "tr_cfg_parse_one_comm: Invalid community type, comm = %s, type = %s\n", comm->id->buf, json_string_value(jtype));
tr_free_name(comm->id);
- free(comm);
*rc = TR_CFG_NOPARSE;
return NULL;
}
if (TR_CFG_SUCCESS != *rc) {
fprintf(stderr, "tr_cfg_parse_one_comm: Can't parse IDP realms for comm %s.\n", comm->id->buf);
tr_free_name(comm->id);
- free(comm);
return NULL;
}
fprintf(stderr, "tr_cfg_parse_comm: Can't parse RP realms for comm %s .\n", comm->id->buf);
tr_free_name(comm->id);
/* TBD -- free idps? */;
- free(comm);
return NULL;
}
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for trust_router 1.4.
+# Generated by GNU Autoconf 2.69 for trust_router 1.4.1.
#
# Report bugs to <bugs@project-moonshot.org>.
#
# Identity of this package.
PACKAGE_NAME='trust_router'
PACKAGE_TARNAME='trust_router'
-PACKAGE_VERSION='1.4'
-PACKAGE_STRING='trust_router 1.4'
+PACKAGE_VERSION='1.4.1'
+PACKAGE_STRING='trust_router 1.4.1'
PACKAGE_BUGREPORT='bugs@project-moonshot.org'
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures trust_router 1.4 to adapt to many kinds of systems.
+\`configure' configures trust_router 1.4.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of trust_router 1.4:";;
+ short | recursive ) echo "Configuration of trust_router 1.4.1:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-trust_router configure 1.4
+trust_router configure 1.4.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by trust_router $as_me 1.4, which was
+It was created by trust_router $as_me 1.4.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
# Define the identity of the package.
PACKAGE='trust_router'
- VERSION='1.4'
+ VERSION='1.4.1'
cat >>confdefs.h <<_ACEOF
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by trust_router $as_me 1.4, which was
+This file was extended by trust_router $as_me 1.4.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-trust_router config.status 1.4
+trust_router config.status 1.4.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
AC_PREREQ(2.63)
-AC_INIT([trust_router],[1.4],
+AC_INIT([trust_router],[1.4.1],
[bugs@project-moonshot.org])
AC_CONFIG_MACRO_DIR(m4)
AC_CONFIG_AUX_DIR(build-aux)
--- /dev/null
+## Define the variables needed to run TIDS
+##
+## /usr/bin/tids <ip-address> <gss-name> <hostname> <database-name>
+##
+
+TIDS_SERVER_IP="127.0.0.1" # IP address that the TIDS is reachable on
+TIDS_SERVER_NAME="localhost" # The host name that the TIDS is known as
+TIDS_USER="trustrouter" # The user that the TIDS is running as
+TIDS_GROUP="trustrouter" # The group that the TIDS is running as
+
+TIDS_GSS_NAME="trustrouter@apc.moonshot.ja.net" # The GSS service name for the TIDS APC
+KEYFILE="/var/lib/trust_router/keys" # The key file that the TIDS will store keys in
+
+## Static variables that you can also adjust
+
+TIDS_PIDDIR="/var/run/tids"
+TIDS_LOGDIR="/var/log/tids"
--- /dev/null
+#! /usr/bin/env bash
+
+PIDFILE=${1}
+LOGFILE=${2}
+shift 2
+
+unset DISPLAY
+/usr/bin/tids $@ >> ${LOGFILE} 2>&1 &
+BGPID=$!
+RET=$?
+
+echo "${BGPID}" > "${PIDFILE}"
+
+exit "${RET}"
--- /dev/null
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides: tids
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: radiusd
+# Should-Start: $network
+# Short-Description: Starts Moonshot TIDS
+# Description: Starts the Moonshot Temporary ID Service
+### END INIT INFO
+# chkconfig: - 89 11
+#
+# description: Starts the Moonshot Temporary ID Service
+#
+# Source function library.
+. /etc/init.d/functions
+
+[ -z "$HOME" ] && export HOME=/
+
+usage() {
+ echo "Usage: $0 {start|stop|status}"
+}
+
+# Load the configuration
+[ -f /etc/sysconfig/tids ] || exit 6
+. /etc/sysconfig/tids
+
+# Create the PID and LOG directories
+[ -d ${TIDS_PIDDIR} ] || mkdir -p ${TIDS_PIDDIR} && chown ${TIDS_USER}:${TIDS_GROUP} ${TIDS_PIDDIR}
+[ -d ${TIDS_LOGDIR} ] || mkdir -p ${TIDS_LOGDIR} && chown ${TIDS_USER}:${TIDS_GROUP} ${TIDS_LOGDIR}
+
+# Some variables
+prog=/usr/bin/tids-wrapper
+PIDFILE="${TIDS_PIDDIR}/tids.pid"
+LOGFILE="${TIDS_LOGDIR}/tids.log"
+
+# Does the trust router and wrapper exist
+[ -x /usr/bin/tids ] || exit 5
+[ -x /usr/bin/tids-wrapper ] || exit 5
+
+[ -f ${LOGFILE} ] || touch ${LOGFILE} && chown ${TIDS_USER}:${TIDS_GROUP} ${LOGFILE}
+
+OPTIONS="${PIDFILE} ${LOGFILE} ${TIDS_SERVER_IP} ${TIDS_GSS_NAME} ${TIDS_SERVER_NAME} ${KEYFILE}"
+
+case "$1" in
+ start)
+ if [ -f ${PIDFILE} ] ;
+ then
+ OLD_PID=$(cat "${PIDFILE}")
+
+ if [ -d "/proc/${OLD_PID}" ] ;
+ then
+ echo "Error: TIDS already running" ; exit 1
+ else
+ rm ${PIDFILE}
+ fi
+ fi
+
+ timestamp=$(date)
+ echo "${timestamp} Starting TIDS..." >> ${LOGFILE}
+ echo -n "Starting TIDS..."
+ daemon --user="${TIDS_USER}" --pidfile="${PIDFILE}" "${prog}" "${OPTIONS}"
+ echo
+
+ exit $?
+ ;;
+ stop)
+ timestamp=$(date)
+ echo "${timestamp} Stopping TIDS..." >> ${LOGFILE}
+ echo -n "Stopping TIDS..."
+ if [ -f "${PIDFILE}" ] ;
+ then
+ killproc -p "${PIDFILE}" "${prog}"
+ echo
+ else
+ echo "TIDS does not appear to be running"
+ fi
+ exit $?
+ ;;
+ status)
+ if [ -f ${PIDFILE} ] ;
+ then
+ PID=$(cat "${PIDFILE}")
+
+ if [ -d "/proc/${PID}" ] ;
+ then
+ echo "TIDS is running (pid ${PID})"
+ else
+ if [ -e ${PIDFILE} ] ; then
+ echo "TIDS appears to be dead but its PID file exists"
+ else
+ echo "TIDS appears to be stopped"
+ fi
+ fi
+ else
+ echo "TIDS appears to be stopped"
+ fi
+ exit 0
+ ;;
+ reload | force-reload | condrestart | try-restart)
+ usage
+ exit 3
+ ;;
+ *)
+ usage
+ exit 2
+ ;;
+esac
fprintf(stdout, "Error opening database %s\n", argv[4]);
exit(1);
}
+ sqlite3_busy_timeout( db, 1000);
sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)",
-1, &insert_stmt, NULL);
sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)",
--- /dev/null
+{"tr_internal":{"max_tree_depth": 4,
+ "hostname":"margaret-moonshot3.local"}}
\ No newline at end of file
--- /dev/null
+{
+ "communities": [
+ {
+ "apcs": [
+ ],
+ "community_id": "apc.painless-security.com",
+ "idp_realms": [
+ ],
+ "rp_realms": [
+ "margaret-2.painless-security.com"
+ ],
+ "type": "apc"
+ }
+ ],
+ "idp_realms": [
+ {
+ "aaa_servers": [
+ "127.0.0.1"
+ ],
+ "apcs": [
+ "pci-community.ja.net"
+ ],
+ "realm_id": "idr1.offcenter.org",
+ "shared_config": "yes"
+ },
+ {
+ "aaa_servers": [
+ "127.0.0.1"
+ ],
+ "apcs": [
+ "pci-community.ja.net"
+ ],
+ "realm_id": "idr2.offcenter.org",
+ "shared_config": "no"
+ },
+ {
+ "aaa_servers": [
+ "10.1.10.90"
+ ],
+ "apcs": [
+ "pci-community.ja.net"
+ ],
+ "realm_id": "ja.net",
+ "shared_config": "no"
+ },
+ {
+ "aaa_servers": [
+ "127.0.0.1"
+ ],
+ "apcs": [
+ "pci-community.ja.net"
+ ],
+ "realm_id": "no-longer-untitled.offcenter.org",
+ "shared_config": "yes"
+ }
+ ],
+ "rp_clients": [
+ {
+ "filter": {
+ "filter_lines": [
+ {
+ "action": "accept",
+ "domain_constraints": ["*.painless-security.com"],
+ "filter_specs": [
+ {
+ "field": "rp_realm",
+ "match": "margaret-2.painless-security.com"
+ },
+ {
+ "field": "rp_realm",
+ "match": "*.margaret-2.painless-security.com"
+ }
+ ],
+ "realm_constraints": ["*.painless-security.com", "a.com"]
+ }
+ ],
+ "type": "rp_permitted"
+ },
+ "gss_names": [
+ "4b95cd61-616f-48f2-9713-7d2cbe19ce69@apc.painless-security.com"
+ ]
+ }
+ ]
+}
}
} else {
/* if we aren't defaulting, check idp coi and apc membership */
- if (NULL == (tr_find_comm_idp(cfg_comm, fwd_req->orig_coi))) {
- fprintf(stderr, "tr_tids_req_hander: IDP Realm (%s) not member of APC (%s).\n", orig_req->realm->buf, orig_req->comm->buf);
- tids_send_err_response(tids, orig_req, "IDP COI membership error");
+ if (NULL == (tr_find_comm_idp(cfg_comm, fwd_req->realm))) {
+ fprintf(stderr, "tr_tids_req_handler: IDP Realm (%s) not member of community (%s).\n", orig_req->realm->buf, orig_req->comm->buf);
+ tids_send_err_response(tids, orig_req, "IDP community membership error");
return -1;
}
- if (NULL == (tr_find_comm_idp(cfg_apc, fwd_req->comm))) {
- fprintf(stderr, "tr_tids_req_hander: IDP Realm (%s) not member of APC (%s).\n", orig_req->realm->buf, orig_req->comm->buf);
+ if ( cfg_apc && (NULL == (tr_find_comm_idp(cfg_apc, fwd_req->realm)))) {
+ fprintf(stderr, "tr_tids_req_handler: IDP Realm (%s) not member of APC (%s).\n", orig_req->realm->buf, orig_req->comm->buf);
tids_send_err_response(tids, orig_req, "IDP APC membership error");
return -1;
}
install -D -m 640 redhat/tr-test-main.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/tr-test/main.cfg
install -D -m 640 redhat/sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/trust_router
install -D -m 640 redhat/sysconfig.tids $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/tids
-install -D -m 755 tids.initd $RPM_BUILD_ROOT/%{_initrddir}/tids
+install -D -m 755 redhat/tids.init $RPM_BUILD_ROOT/%{_initrddir}/tids
# Link shared config
ln -s ../../trusts.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/default/trusts.cfg