From 87d94c3feb021949ed2400ac291a9bd2e45d46ed Mon Sep 17 00:00:00 2001 From: Margaret Wasserman Date: Wed, 22 Jan 2014 09:37:22 -0500 Subject: [PATCH] Changes to add realm name (from config) to end of service name for passive authentication. --- common/tr_config.c | 34 +++++++++++++++++++++++++--------- gsscon/gsscon_passive.c | 14 ++++++-------- include/tr_config.h | 1 + tid/tids.c | 4 +++- 4 files changed, 35 insertions(+), 18 deletions(-) diff --git a/common/tr_config.c b/common/tr_config.c index 9324134..1caa911 100644 --- a/common/tr_config.c +++ b/common/tr_config.c @@ -75,20 +75,36 @@ static TR_CFG_RC tr_cfg_parse_internal (TR_INSTANCE *tr, json_t *jcfg) { memset(tr->new_cfg->internal, 0, sizeof(TR_CFG_INTERNAL)); - if ((NULL != (jint = json_object_get(jcfg, "tr_internal"))) && - (NULL != (jmtd = json_object_get(jint, "max_tree_depth")))) { - if (json_is_number(jmtd)) { - tr->new_cfg->internal->max_tree_depth = json_integer_value(jmtd); + if (NULL != (jint = json_object_get(jcfg, "tr_internal"))) { + if (NULL != (jmtd = json_object_get(jint, "max_tree_depth"))) { + if (json_is_number(jmtd)) { + tr->new_cfg->internal->max_tree_depth = json_integer_value(jmtd); + } else { + fprintf(stderr,"tr_cfg_parse_internal: Parsing error, max_tree_depth is not a number.\n"); + return TR_CFG_NOPARSE; + } } else { - fprintf(stderr,"tr_cfg_parse_internal: Parsing error, max_tree_depth is not a number.\n"); + /* If not configured, use the default */ + tr->new_cfg->internal->max_tree_depth = TR_DEFAULT_MAX_TREE_DEPTH; + } + if (NULL != (jrname = json_object_get(jint, "realm_name"))) { + if (json_is_string(jrname)) { + tr->new_cfg->internal->realm_name = json_integer_value(jrname); + } else { + fprintf(stderr,"tr_cfg_parse_internal: Parsing error, realm_name is not a string.\n"); + return TR_CFG_NOPARSE; + } + } + else { + fprintf(stderr, "tr_cfg_parse_internal: Parsing error, realm_name is not found.\n"); return TR_CFG_NOPARSE; } - } else { - /* If not configured, use the default */ - tr->new_cfg->internal->max_tree_depth = TR_DEFAULT_MAX_TREE_DEPTH; - } fprintf(stderr, "tr_cfg_parse_internal: Internal config parsed.\n"); return TR_CFG_SUCCESS; + } + else { + fprintf(stderr, "tr_cfg_parse_internal: Parsing error, tr_internal configuration section not found.\n"); + return TR_CFG_NOPARSE; } static TR_FILTER *tr_cfg_parse_one_filter (TR_INSTANCE *tr, json_t *jfilt, TR_CFG_RC *rc) diff --git a/gsscon/gsscon_passive.c b/gsscon/gsscon_passive.c index 907153c..262a768 100755 --- a/gsscon/gsscon_passive.c +++ b/gsscon/gsscon_passive.c @@ -57,6 +57,8 @@ const char *gServiceName = NULL; int gsscon_passive_authenticate (int inSocket, + gss_buffer_desc inNameBuffer, + gss_name_t inServiceName, gss_ctx_id_t *outGSSContext, client_cb_fn clientCb, void *clientCbData) @@ -65,29 +67,25 @@ int gsscon_passive_authenticate (int inSocket, OM_uint32 majorStatus; OM_uint32 minorStatus = 0; gss_ctx_id_t gssContext = GSS_C_NO_CONTEXT; - gss_name_t clientName = GSS_C_NO_NAME, serviceName = GSS_C_NO_NAME; + gss_name_t clientName = GSS_C_NO_NAME; gss_cred_id_t acceptorCredentials = NULL; gss_buffer_desc clientDisplayName = {0, NULL}; - gss_buffer_desc nameBuffer = {0, "trustidentity"}; - char *inputTokenBuffer = NULL; size_t inputTokenBufferLength = 0; gss_buffer_desc inputToken; /* buffer received from the server */ - - nameBuffer.length = strlen(nameBuffer.value); if (inSocket < 0 ) { err = EINVAL; } if (!outGSSContext) { err = EINVAL; } if (!err) - majorStatus = gss_import_name (&minorStatus, &nameBuffer, (gss_OID) GSS_KRB5_NT_PRINCIPAL_NAME, &serviceName); + majorStatus = gss_import_name (&minorStatus, &inNameBuffer, (gss_OID) GSS_KRB5_NT_PRINCIPAL_NAME, &inServiceName); if (majorStatus != GSS_S_COMPLETE) { gsscon_print_gss_errors ("gss_import_name(inServiceName)", majorStatus, minorStatus); err = minorStatus ? minorStatus : majorStatus; } if (!err) { - majorStatus = gss_acquire_cred ( &minorStatus, serviceName, + majorStatus = gss_acquire_cred ( &minorStatus, inServiceName, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &acceptorCredentials, NULL /*mechs out*/, NULL /*time out*/); @@ -184,7 +182,7 @@ if (clientName != GSS_C_NO_NAME) gss_release_name(&minorStatus, &clientName); if (clientDisplayName.value != NULL) gss_release_buffer(&minorStatus, &clientDisplayName); - gss_release_name( &minorStatus, &serviceName); + gss_release_name( &minorStatus, &inServiceName); gss_release_cred( &minorStatus, &acceptorCredentials); return err; diff --git a/include/tr_config.h b/include/tr_config.h index 2418380..3855dad 100644 --- a/include/tr_config.h +++ b/include/tr_config.h @@ -56,6 +56,7 @@ typedef enum tr_cfg_rc { typedef struct tr_cfg_internal { unsigned int max_tree_depth; + char *realm_name; } TR_CFG_INTERNAL; typedef struct tr_cfg { diff --git a/tid/tids.c b/tid/tids.c index b8cd576..b16e380 100644 --- a/tid/tids.c +++ b/tid/tids.c @@ -134,8 +134,10 @@ static int tids_auth_connection (struct tids_instance *inst, { int rc = 0; int auth, autherr = 0; + gss_buffer_desc nameBuffer = {NULL, 0}; - if (rc = gsscon_passive_authenticate(conn, gssctx, tids_auth_cb, inst)) { + + if (rc = gsscon_passive_authenticate(conn, nameBuffer, gssctx, tids_auth_cb, inst)) { fprintf(stderr, "tids_auth_connection: Error from gsscon_passive_authenticate(), rc = %d.\n", rc); return -1; } -- 2.1.4