From: Sam Hartman Date: Tue, 10 Mar 2015 20:18:07 +0000 (-0400) Subject: Logic for expiration and path X-Git-Tag: 1.5~17 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=commitdiff_plain;h=c954e07d667f64b96777faec6ea2e7d424e599dd Logic for expiration and path * Add path as requests are received at a tids * Calculate expiration in tids * Insert expiration into database * Update schema * tids now requires glib --- diff --git a/Makefile.am b/Makefile.am index 1de53be..63d4e95 100644 --- a/Makefile.am +++ b/Makefile.am @@ -37,7 +37,7 @@ tid_example_tidc_LDADD = gsscon/libgsscon.la libtr_tid.la $(GLIB_LIBS) tid_example_tids_SOURCES = tid/example/tids_main.c -tid_example_tids_LDADD = gsscon/libgsscon.la libtr_tid.la +tid_example_tids_LDADD = gsscon/libgsscon.la libtr_tid.la $(GLIB_LIBS) common_dh_test_tr_dh_test_SOURCES = common/tr_dh.c \ common/tr_debug.c \ diff --git a/include/tid_internal.h b/include/tid_internal.h index 94faa23..525e671 100644 --- a/include/tid_internal.h +++ b/include/tid_internal.h @@ -95,6 +95,7 @@ struct tids_instance { TIDS_REQ_FUNC *req_handler; tids_auth_func *auth_handler; void *cookie; + uint16_t tids_port; }; diff --git a/schema.sql b/schema.sql index 6ae8690..f5acc4a 100644 --- a/schema.sql +++ b/schema.sql @@ -1,4 +1,4 @@ -create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20)); +create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20), key expiration timestamp); create table if not exists authorizations( client_dh_pub raw(20), coi string, acceptor_realm string, hostname string, apc string); create index if not exists authorizations_dhpub on authorizations( client_dh_pub); CREATE VIEW if not exists authorizations_keys as select keyid, authorizations.* from psk_keys join authorizations on psk_keys.client_dh_pub = authorizations.client_dh_pub; diff --git a/tid/example/tids_main.c b/tid/example/tids_main.c index b322de4..313e457 100644 --- a/tid/example/tids_main.c +++ b/tid/example/tids_main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, JANET(UK) + * Copyright (c) 2012, 2015, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -171,6 +171,7 @@ static int tids_req_handler (TIDS_INSTANCE *tids, return -1; } + /* Allocate a new server block */ if (NULL == (resp->servers = malloc(sizeof(TID_SRVR_BLK)))){ tr_crit("tids_req_handler(): malloc failed."); @@ -226,11 +227,19 @@ static int tids_req_handler (TIDS_INSTANCE *tids, } if (0 != handle_authorizations(req, pub_digest, pub_digest_len)) return -1; + resp->servers->path = req->path; + if (req->expiration_interval < 1) + req->expiration_interval = 1; + g_get_current_time(&resp->servers->key_expiration); + resp->servers->key_expiration.tv_sec += req->expiration_interval; + if (NULL != insert_stmt) { int sqlite3_result; - sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT); + gchar *expiration_str = g_time_val_to_iso8601(&resp->servers->key_expiration); + sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT); sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT); sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT); + sqlite3_bind_text(insert_stmt, 3, expiration_str, -1, SQLITE_TRANSIENT); sqlite3_result = sqlite3_step(insert_stmt); if (SQLITE_DONE != sqlite3_result) tr_crit("sqlite3: failed to write to database"); @@ -282,7 +291,7 @@ int main (int argc, exit(1); } sqlite3_busy_timeout( db, 1000); - sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)", + sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub, key_expiration) values(?, ?, ?, ?)", -1, &insert_stmt, NULL); sqlite3_prepare_v2(db, "insert into authorizations (client_dh_pub, coi, acceptor_realm, hostname, apc) values(?, ?, ?, ?, ?)", -1, &authorization_insert, NULL); diff --git a/tid/tidc.c b/tid/tidc.c index bd88671..f0f0cad 100644 --- a/tid/tidc.c +++ b/tid/tidc.c @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -46,9 +47,7 @@ TIDC_INSTANCE *tidc_create () { TIDC_INSTANCE *tidc = NULL; - if (tidc = malloc(sizeof(TIDC_INSTANCE))) - memset(tidc, 0, sizeof(TIDC_INSTANCE)); - else + if (NULL == (tidc = talloc_zero(NULL, TIDC_INSTANCE))) return NULL; return tidc; @@ -56,8 +55,7 @@ TIDC_INSTANCE *tidc_create () void tidc_destroy (TIDC_INSTANCE *tidc) { - if (tidc) - free(tidc); + talloc_free(tidc); } int tidc_open_connection (TIDC_INSTANCE *tidc, diff --git a/tid/tids.c b/tid/tids.c index ada82a6..925ff62 100644 --- a/tid/tids.c +++ b/tid/tids.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, JANET(UK) + * Copyright (c) 2012, 2015, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -209,6 +209,8 @@ static int tids_handle_request (TIDS_INSTANCE *tids, TR_MSG *mreq, TID_RESP *res return -1; } + tid_req_add_path(tr_msg_get_req(mreq), tids->hostname, tids->tids_port); + /* Call the caller's request handler */ /* TBD -- Handle different error returns/msgs */ if (0 > (rc = (*tids->req_handler)(tids, tr_msg_get_req(mreq), resp, tids->cookie))) { @@ -239,9 +241,11 @@ int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_m return -1; } + /* mark this as an error response, and include the error message */ resp->result = TID_ERROR; resp->err_msg = tr_new_name((char *)err_msg); + resp->error_path = req->path; rc = tids_send_response(tids, req, resp); @@ -370,6 +374,7 @@ int tids_start (TIDS_INSTANCE *tids, int conn = -1; pid_t pid; + tids->tids_port = port; if (0 > (listen = tids_listen(tids, port))) perror ("Error from tids_listen()"); diff --git a/tr/tr_main.c b/tr/tr_main.c index c10843e..e77d8aa 100644 --- a/tr/tr_main.c +++ b/tr/tr_main.c @@ -194,7 +194,6 @@ static int tr_tids_req_handler (TIDS_INSTANCE *tids, tids_send_err_response(tids, orig_req, "Memory allocation failure"); return -1; } - /* Use the DH parameters from the original request */ /* TBD -- this needs to be fixed when we handle more than one req per conn */ tidc->client_dh = orig_req->tidc_dh;