From: Margaret Wasserman <margaret@moonshot-proxy>
Date: Tue, 9 Jul 2013 20:08:28 +0000 (-0400)
Subject: Add code to do gss_name check in trust router.
X-Git-Tag: 1.0~8
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=commitdiff_plain;h=0b81b5ed655201051db99eb63136e3aeb1ae708b

Add code to do gss_name check in trust router.
---

diff --git a/common/tr_rp.c b/common/tr_rp.c
new file mode 100644
index 0000000..c879aca
--- /dev/null
+++ b/common/tr_rp.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2012, JANET(UK)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of JANET(UK) nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <trust_router/tr_name.h>
+#include <tr_rp.h>
+#include <tr_config.h>
+#include <tr.h>
+
+TR_RP_CLIENT *tr_rp_client_lookup(TR_INSTANCE *tr, TR_NAME *gss_name) {
+  TR_RP_CLIENT *rp = NULL;
+  int i = 0;
+
+  if ((!tr) || (!tr->active_cfg) || (!gss_name)) {
+    fprintf(stderr, "tr_rp_client_lookup: Bad parameters.\n");
+    return NULL;
+  }
+
+  for (rp = tr->active_cfg->rp_clients; NULL != rp; rp = rp->next) {
+    for (i = 0; i < TR_MAX_GSS_NAMES; i++) {
+      if (!strcmp(gss_name->buf, rp->gss_names[i]->buf)) {
+	return rp;
+      }
+    }
+  } 
+  return NULL;
+ }
diff --git a/tr/tr_main.c b/tr/tr_main.c
index 2670f60..e141bd0 100644
--- a/tr/tr_main.c
+++ b/tr/tr_main.c
@@ -47,6 +47,7 @@ typedef struct tr_resp_cookie {
   TID_REQ *orig_req;
 } TR_RESP_COOKIE;
 
+
 static void tr_tidc_resp_handler (TIDC_INSTANCE *tidc, 
 			TID_REQ *req,
 			TID_RESP *resp, 
@@ -191,6 +192,33 @@ static int tr_tids_req_handler (TIDS_INSTANCE * tids,
   return 0;
 }
 
+static int tr_tidc_gss_handler(gss_name_t *clientName, TR_NAME *displayName,
+			void *tr)
+{
+  RP_CLIENT *rp;
+
+  if ((!client_name) || (!display_name) || (!tr)) {
+    fprintf(stderr, "tr_tidc_gss_handler: Bad parameters.\n");
+    return -1;
+  }
+  
+  /* look up the RP client matching the GSS name */
+  if ((NULL == (rp = tr_rp_client_lookup(tr, gss_name)))) {
+    fprintf(stderr, "tr_tids_gss_handler: Unknown GSS name %s", gss_name->buf);
+    return -1;
+  }
+
+  /* check if the gss name matches the filter in the rp realm */
+  if (!tr_prefix_wildcard_match(gss_name->buf, rp->rp_match->buf)) {
+    fprintf(stderr, "tr_tids_gss_handler: RP realm does not match, realm %s, math %s\n", gss_name_buf, rp->rp_match->buf);
+    return -1;
+  }
+
+  /* Otherwise, all is well... */
+  return 0;
+}
+
+
 int main (int argc, const char *argv[])
 {
   TR_INSTANCE *tr = NULL;
@@ -236,7 +264,7 @@ int main (int argc, const char *argv[])
   }
 
   /* start the trust path query server, won't return unless fatal error. */
-  if (0 != (err = tids_start(tr->tids, &tr_tids_req_handler, (void *)tr))) {
+  if (0 != (err = tids_start(tr->tids, &tr_tids_req_handler, &tr_tids_gss_handler, (void *)tr))) {
     fprintf (stderr, "Error from Trust Path Query Server, err = %d.\n", err);
     exit(err);
   }