From 09f63124bd2cf4f1816fc2fac25524542e1d07d0 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 9 Jul 2013 16:03:52 -0400 Subject: [PATCH] tid: implement GSS name callback --- include/trust_router/tid.h | 7 ++++++- tid/example/tids_main.c | 19 ++++++++++++++----- tid/tids.c | 17 ++++++++++------- 3 files changed, 30 insertions(+), 13 deletions(-) diff --git a/include/trust_router/tid.h b/include/trust_router/tid.h index aaadaf7..bf4d9c9 100644 --- a/include/trust_router/tid.h +++ b/include/trust_router/tid.h @@ -99,12 +99,15 @@ struct tidc_instance { }; typedef int (TIDS_REQ_FUNC)(TIDS_INSTANCE *, TID_REQ *, TID_RESP **, void *); +typedef int (tids_auth_func)(gss_name_t client_name, TR_NAME *display_name, void *cookie); + struct tids_instance { int req_count; char *priv_key; char *ipaddr; TIDS_REQ_FUNC *req_handler; + tids_auth_func *auth_handler; void *cookie; }; @@ -117,7 +120,9 @@ TR_EXPORT int tidc_fwd_request (TIDC_INSTANCE *tidc, TID_REQ *req, TIDC_RESP_FUN TR_EXPORT void tidc_destroy (TIDC_INSTANCE *tidc); TR_EXPORT TIDS_INSTANCE *tids_create (void); -TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler, void *cookie); +TR_EXPORT int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler, + tids_auth_func *auth_handler, + void *cookie); TR_EXPORT int tids_send_response (TIDS_INSTANCE *tids, TID_REQ *req, TID_RESP *resp); TR_EXPORT int tids_send_err_response (TIDS_INSTANCE *tids, TID_REQ *req, const char *err_msg); TR_EXPORT void tids_destroy (TIDS_INSTANCE *tids); diff --git a/tid/example/tids_main.c b/tid/example/tids_main.c index b57c4e3..f28a940 100644 --- a/tid/example/tids_main.c +++ b/tid/example/tids_main.c @@ -148,6 +148,13 @@ static int tids_req_handler (TIDS_INSTANCE * tids, return s_keylen; } +static int auth_handler(gss_name_t gss_name, TR_NAME *client, + void *expected_client) +{ + TR_NAME *expected_client_trname = (TR_NAME*) expected_client; + return tr_name_cmp(client, expected_client_trname); +} + int main (int argc, const char *argv[]) @@ -155,22 +162,24 @@ int main (int argc, TIDS_INSTANCE *tids; int rc = 0; char *ipaddr = NULL; + TR_NAME *gssname = NULL; /* Parse command-line arguments */ - if (argc > 3) - fprintf(stdout, "Usage: %s [ []]\n", argv[0]); + if (argc > 4) + fprintf(stdout, "Usage: %s [ []]\n", argv[0]); if (argc >= 2) { ipaddr = (char *)argv[1]; } else { ipaddr = "127.0.0.1"; } + gssname = tr_new_name((char *) argv[2]); /* TBD -- check that input is a valid IP address? */ /*If we have a database, open and prepare*/ - if (argc == 3) { - if (SQLITE_OK != sqlite3_open(argv[2], &db)) { + if (argc == 4) { + if (SQLITE_OK != sqlite3_open(argv[3], &db)) { fprintf(stdout, "Error opening database %s\n", argv[2]); exit(1); } @@ -187,7 +196,7 @@ int main (int argc, tids->ipaddr = ipaddr; /* Start-up the server, won't return unless there is an error. */ - rc = tids_start(tids, &tids_req_handler , NULL); + rc = tids_start(tids, &tids_req_handler , auth_handler, gssname); fprintf(stdout, "Error in tids_start(), rc = %d. Exiting.\n", rc); diff --git a/tid/tids.c b/tid/tids.c index b2b1a98..b3767bf 100644 --- a/tid/tids.c +++ b/tid/tids.c @@ -123,18 +123,19 @@ static int tids_listen (TIDS_INSTANCE *tids, int port) static int tids_auth_cb(gss_name_t clientName, gss_buffer_t displayName, void *data) { - assert(data == NULL); - assert (clientName != NULL); - assert(displayName->value != NULL); - return 0; + struct tids_instance *inst = (struct tids_instance *) data; + TR_NAME name ={(char *) displayName->value, + displayName->length}; + return inst->auth_handler(clientName, &name, inst->cookie); } -static int tids_auth_connection (int conn, gss_ctx_id_t *gssctx) +static int tids_auth_connection (struct tids_instance *inst, + int conn, gss_ctx_id_t *gssctx) { int rc = 0; int auth, autherr = 0; - if (rc = gsscon_passive_authenticate(conn, gssctx, tids_auth_cb, NULL)) { + if (rc = gsscon_passive_authenticate(conn, gssctx, tids_auth_cb, inst)) { fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc); return -1; } @@ -284,7 +285,7 @@ static void tids_handle_connection (TIDS_INSTANCE *tids, int conn) int rc = 0; gss_ctx_id_t gssctx = GSS_C_NO_CONTEXT; - if (tids_auth_connection(conn, &gssctx)) { + if (tids_auth_connection(tids, conn, &gssctx)) { fprintf(stderr, "tids_handle_connection: Error authorizing TID Server connection.\n"); close(conn); return; @@ -341,6 +342,7 @@ TIDS_INSTANCE *tids_create (void) int tids_start (TIDS_INSTANCE *tids, TIDS_REQ_FUNC *req_handler, + tids_auth_func *auth_handler, void *cookie) { int listen = -1; @@ -352,6 +354,7 @@ int tids_start (TIDS_INSTANCE *tids, /* store the caller's request handler & cookie */ tids->req_handler = req_handler; + tids->auth_handler = auth_handler; tids->cookie = cookie; while(1) { /* accept incoming conns until we are stopped */ -- 2.1.4