summaryrefslogtreecommitdiff
path: root/src/ipcpd
diff options
context:
space:
mode:
authordimitri staessens <dimitri.staessens@ugent.be>2017-02-27 17:04:40 +0100
committerdimitri staessens <dimitri.staessens@ugent.be>2017-02-27 18:30:55 +0100
commitd06cb62e111be1ac3f09398ae559f99e4833b4bf (patch)
tree6270bf43428fe4e33594a86245b68503a4cca756 /src/ipcpd
parent7baebbfc117e3b349f397d4675c49a582d13653a (diff)
downloadouroboros-d06cb62e111be1ac3f09398ae559f99e4833b4bf.tar.gz
ouroboros-d06cb62e111be1ac3f09398ae559f99e4833b4bf.zip
lib: Split authentication from CACEP
By removing authentication as part of CACEP, all policies disappear. CACEP becomes a policy-free connection establishment protocol between Application Entities. Authentication can later be added cleanly as a pure policy function when needed.
Diffstat (limited to 'src/ipcpd')
-rw-r--r--src/ipcpd/normal/cdap_flow.c25
-rw-r--r--src/ipcpd/normal/cdap_flow.h8
-rw-r--r--src/ipcpd/normal/enroll.c42
-rw-r--r--src/ipcpd/normal/fmgr.c11
-rw-r--r--src/ipcpd/normal/gam.c87
-rw-r--r--src/ipcpd/normal/main.c11
-rw-r--r--src/ipcpd/normal/pol/complete.c6
-rw-r--r--src/ipcpd/normal/ribmgr.c10
8 files changed, 69 insertions, 131 deletions
diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c
index 3d1b2b22..d3d98884 100644
--- a/src/ipcpd/normal/cdap_flow.c
+++ b/src/ipcpd/normal/cdap_flow.c
@@ -29,6 +29,7 @@
#include "cdap_flow.h"
#include <stdlib.h>
+#include <string.h>
#include <assert.h>
static void cdap_flow_destroy(struct cdap_flow * flow)
@@ -37,20 +38,15 @@ static void cdap_flow_destroy(struct cdap_flow * flow)
if (flow->ci != NULL)
cdap_destroy(flow->ci);
- if (flow->info != NULL) {
- conn_info_fini(flow->info);
- free(flow->info);
- }
free(flow);
}
-struct cdap_flow * cdap_flow_arr(int fd,
+struct cdap_flow * cdap_flow_arr(int fd,
int resp,
- enum pol_cacep pc,
const struct conn_info * info)
{
- struct cdap_flow * flow;
+ struct cdap_flow * flow;
if (flow_alloc_resp(fd, resp) < 0) {
log_err("Could not respond to new flow.");
@@ -66,12 +62,13 @@ struct cdap_flow * cdap_flow_arr(int fd,
return NULL;
}
+ memset(&flow->info, 0, sizeof(flow->info));
+
flow->fd = fd;
flow->ci = NULL;
- flow->info = cacep_auth_wait(fd, pc, info, NULL);
- if (flow->info == NULL) {
- log_err("Other side failed to authenticate.");
+ if (cacep_listen(fd, info, &flow->info)) {
+ log_err("Error establishing application connection.");
cdap_flow_destroy(flow);
return NULL;
}
@@ -88,7 +85,6 @@ struct cdap_flow * cdap_flow_arr(int fd,
struct cdap_flow * cdap_flow_alloc(const char * dst_name,
qosspec_t * qs,
- enum pol_cacep pc,
const struct conn_info * info)
{
struct cdap_flow * flow;
@@ -119,12 +115,13 @@ struct cdap_flow * cdap_flow_alloc(const char * dst_name,
return NULL;
}
+ memset(&flow->info, 0, sizeof(flow->info));
+
flow->fd = fd;
flow->ci = NULL;
- flow->info = cacep_auth(fd, pc, info, NULL);
- if (flow->info == NULL) {
- log_err("Failed to authenticate.");
+ if (cacep_connect(fd, info, &flow->info)) {
+ log_err("Failed to connect to application.");
cdap_flow_dealloc(flow);
return NULL;
}
diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h
index 8aa26dc0..761f3463 100644
--- a/src/ipcpd/normal/cdap_flow.h
+++ b/src/ipcpd/normal/cdap_flow.h
@@ -28,19 +28,17 @@
#include <ouroboros/qos.h>
struct cdap_flow {
- int fd;
- struct cdap * ci;
- struct conn_info * info;
+ int fd;
+ struct cdap * ci;
+ struct conn_info info;
};
struct cdap_flow * cdap_flow_arr(int fd,
int resp,
- enum pol_cacep pc,
const struct conn_info * info);
struct cdap_flow * cdap_flow_alloc(const char * dst_name,
qosspec_t * qs,
- enum pol_cacep pc,
const struct conn_info * info);
void cdap_flow_dealloc(struct cdap_flow * flow);
diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c
index b420533e..5c7ebd7e 100644
--- a/src/ipcpd/normal/enroll.c
+++ b/src/ipcpd/normal/enroll.c
@@ -44,7 +44,7 @@
int enroll_handle(int fd)
{
struct cdap_flow * flow;
- struct conn_info info;
+ struct conn_info info;
cdap_key_t key;
enum cdap_opcode oc;
char * name;
@@ -61,27 +61,20 @@ int enroll_handle(int fd)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- conn_info_init(&info);
+ memset(&info, 0, sizeof(info));
- info.proto.protocol = strdup(CDAP_PROTO);
- if (info.proto.protocol == NULL) {
- conn_info_fini(&info);
- return -ENOMEM;
- }
-
- info.proto.pref_version = 1;
- info.proto.pref_syntax = PROTO_GPB;
+ strcpy(info.ae_name, ENROLL_AE);
+ strcpy(info.protocol, CDAP_PROTO);
+ info.pref_version = 1;
+ info.pref_syntax = PROTO_GPB;
- flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, &info);
+ flow = cdap_flow_arr(fd, 0, &info);
if (flow == NULL) {
log_err("Failed to auth enrollment request.");
- conn_info_fini(&info);
flow_dealloc(fd);
return -1;
}
- conn_info_fini(&info);
-
while (!(boot_r && members_r && dif_name_r)) {
key = cdap_request_wait(flow->ci, &oc, &name, &data,
(size_t *) &len , &flags);
@@ -156,7 +149,7 @@ int enroll_handle(int fd)
int enroll_boot(char * dst_name)
{
struct cdap_flow * flow;
- struct conn_info info;
+ struct conn_info info;
cdap_key_t key;
uint8_t * data;
size_t len;
@@ -170,26 +163,19 @@ int enroll_boot(char * dst_name)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- conn_info_init(&info);
+ memset(&info, 0, sizeof(info));
- info.proto.protocol = strdup(CDAP_PROTO);
- if (info.proto.protocol == NULL) {
- conn_info_fini(&info);
- return -ENOMEM;
- }
-
- info.proto.pref_version = 1;
- info.proto.pref_syntax = PROTO_GPB;
+ strcpy(info.ae_name, ENROLL_AE);
+ strcpy(info.protocol, CDAP_PROTO);
+ info.pref_version = 1;
+ info.pref_syntax = PROTO_GPB;
- flow = cdap_flow_alloc(dst_name, NULL, ANONYMOUS_AUTH, &info);
+ flow = cdap_flow_alloc(dst_name, NULL, &info);
if (flow == NULL) {
log_err("Failed to allocate flow for enrollment request.");
- conn_info_fini(&info);
return -1;
}
- conn_info_fini(&info);
-
log_dbg("Getting boot information from %s.", dst_name);
clock_gettime(CLOCK_REALTIME, &t0);
diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c
index 071a895f..0c927fc7 100644
--- a/src/ipcpd/normal/fmgr.c
+++ b/src/ipcpd/normal/fmgr.c
@@ -249,7 +249,6 @@ static void fmgr_destroy_flows(void)
int fmgr_init(void)
{
- enum pol_cacep pc;
enum pol_gam pg;
int i;
@@ -292,15 +291,6 @@ int fmgr_init(void)
return -1;
}
- if (rib_read(BOOT_PATH "/dt/gam/cacep", &pc, sizeof(pc))
- != sizeof(pc)) {
- log_err("Failed to read CACEP policy for ribmgr gam.");
- return -1;
- }
-
- /* FIXME: Implement cacep policies */
- (void) pc;
-
fmgr.gam = gam_create(pg);
if (fmgr.gam == NULL) {
log_err("Failed to create graph adjacency manager.");
@@ -345,7 +335,6 @@ void fmgr_fini()
flow_dealloc(flow->fd);
ipcp_flow_get_qoscube(flow->fd, &cube);
flow_set_del(fmgr.nm1_set[cube], flow->fd);
- free(flow->info->name);
free(flow->info);
free(flow);
}
diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c
index 2479fa62..bdfc8cb9 100644
--- a/src/ipcpd/normal/gam.c
+++ b/src/ipcpd/normal/gam.c
@@ -120,7 +120,6 @@ void gam_destroy(struct gam * instance)
list_for_each_safe(p, n, &instance->gas) {
struct ga * e = list_entry(p, struct ga, next);
list_del(&e->next);
- free(e->info->name);
free(e->info);
free(e);
}
@@ -156,7 +155,7 @@ static int add_ga(struct gam * instance,
pthread_cond_signal(&instance->gas_cond);
pthread_mutex_unlock(&instance->gas_lock);
- log_info("Added flow to %s.", info->name);
+ log_info("Added flow.");
return 0;
}
@@ -166,7 +165,7 @@ int gam_flow_arr(struct gam * instance,
qosspec_t qs)
{
struct conn_info * rcv_info;
- struct conn_info snd_info;
+ struct conn_info snd_info;
if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o))
< 0) {
@@ -174,34 +173,29 @@ int gam_flow_arr(struct gam * instance,
return -1;
}
- conn_info_init(&snd_info);
- snd_info.proto.protocol = strdup(CDAP_PROTO);
- if (snd_info.proto.protocol == NULL) {
- conn_info_fini(&snd_info);
+ rcv_info = malloc(sizeof(*rcv_info));
+ if (rcv_info == NULL)
return -ENOMEM;
- }
- snd_info.proto.pref_version = 1;
- snd_info.proto.pref_syntax = PROTO_GPB;
- snd_info.addr = ipcpi.address;
- snd_info.name = strdup(ipcpi.name);
- if (snd_info.name == NULL) {
- conn_info_fini(&snd_info);
- return -ENOMEM;
- }
+ memset(&snd_info, 0, sizeof(snd_info));
+ memset(rcv_info, 0, sizeof(*rcv_info));
+
+ /* FIXME: send correct AE */
+ strcpy(snd_info.ae_name, "FIXME:CORRECT_AE");
+ strcpy(snd_info.protocol, CDAP_PROTO);
+ snd_info.pref_version = 1;
+ snd_info.pref_syntax = PROTO_GPB;
+ snd_info.ae.addr = ipcpi.address;
- rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info, NULL);
- if (rcv_info == NULL) {
- log_err("Other side failed to authenticate.");
- conn_info_fini(&snd_info);
+ if (cacep_listen(fd, &snd_info, rcv_info)) {
+ log_err("Failed to create application connection.");
+ flow_dealloc(fd);
+ free(rcv_info);
return -1;
}
- conn_info_fini(&snd_info);
-
if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) {
flow_dealloc(fd);
- conn_info_fini(rcv_info);
free(rcv_info);
return 0;
}
@@ -209,7 +203,6 @@ int gam_flow_arr(struct gam * instance,
if (add_ga(instance, fd, qs, rcv_info)) {
log_err("Failed to add ga to graph adjacency manager list.");
flow_dealloc(fd);
- conn_info_fini(rcv_info);
free(rcv_info);
return -1;
}
@@ -222,11 +215,15 @@ int gam_flow_alloc(struct gam * instance,
qosspec_t qs)
{
struct conn_info * rcv_info;
- struct conn_info snd_info;
+ struct conn_info snd_info;
int fd;
log_dbg("Allocating flow to %s.", dst_name);
+ rcv_info = malloc(sizeof(*rcv_info));
+ if (rcv_info == NULL)
+ return -ENOMEM;
+
fd = flow_alloc(dst_name, NULL);
if (fd < 0) {
log_err("Failed to allocate flow to %s.", dst_name);
@@ -239,34 +236,25 @@ int gam_flow_alloc(struct gam * instance,
return -1;
}
- conn_info_init(&snd_info);
- snd_info.proto.protocol = strdup(CDAP_PROTO);
- if (snd_info.proto.protocol == NULL) {
- conn_info_fini(&snd_info);
- return -ENOMEM;
- }
+ memset(&snd_info, 0, sizeof(snd_info));
+ memset(rcv_info, 0, sizeof(*rcv_info));
- snd_info.proto.pref_version = 1;
- snd_info.proto.pref_syntax = PROTO_GPB;
- snd_info.addr = ipcpi.address;
- snd_info.name = strdup(ipcpi.name);
- if (snd_info.name == NULL) {
- conn_info_fini(&snd_info);
- return -ENOMEM;
- }
+ /* FIXME: send correct AE */
+ strcpy(snd_info.ae_name, "FIXME:CORRECT_AE");
+ strcpy(snd_info.protocol, CDAP_PROTO);
+ snd_info.pref_version = 1;
+ snd_info.pref_syntax = PROTO_GPB;
+ snd_info.ae.addr = ipcpi.address;
- rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info, NULL);
- if (rcv_info == NULL) {
- log_err("Other side failed to authenticate.");
- conn_info_fini(&snd_info);
+ if (cacep_connect(fd, &snd_info, rcv_info)) {
+ log_err("Failed to create application connection.");
+ flow_dealloc(fd);
+ free(rcv_info);
return -1;
}
- conn_info_fini(&snd_info);
-
if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) {
flow_dealloc(fd);
- conn_info_fini(rcv_info);
free(rcv_info);
return 0;
}
@@ -274,7 +262,6 @@ int gam_flow_alloc(struct gam * instance,
if (add_ga(instance, fd, qs, rcv_info)) {
log_err("Failed to add GA to graph adjacency manager list.");
flow_dealloc(fd);
- conn_info_fini(rcv_info);
free(rcv_info);
return -1;
}
@@ -282,10 +269,10 @@ int gam_flow_alloc(struct gam * instance,
return 0;
}
-int gam_flow_wait(struct gam * instance,
- int * fd,
+int gam_flow_wait(struct gam * instance,
+ int * fd,
struct conn_info ** info,
- qosspec_t * qs)
+ qosspec_t * qs)
{
struct ga * ga;
diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c
index 939544c3..c75a74d6 100644
--- a/src/ipcpd/normal/main.c
+++ b/src/ipcpd/normal/main.c
@@ -336,11 +336,6 @@ int normal_rib_init(void)
static int normal_ipcp_bootstrap(struct dif_config * conf)
{
- /* FIXME: get CACEP policies from conf */
- enum pol_cacep pol = SIMPLE_AUTH;
-
- (void) pol;
-
assert(conf);
assert(conf->type == THIS_TYPE);
@@ -388,12 +383,6 @@ static int normal_ipcp_bootstrap(struct dif_config * conf)
rib_write(BOOT_PATH "/rm/gam/type",
&conf->rm_gam_type,
sizeof(conf->rm_gam_type)) ||
- rib_write(BOOT_PATH "/rm/gam/cacep",
- &pol,
- sizeof(pol)) ||
- rib_write(BOOT_PATH "/dt/gam/cacep",
- &pol,
- sizeof(pol)) ||
rib_write(BOOT_PATH "/addr_auth/type",
&conf->addr_auth_type,
sizeof(conf->addr_auth_type))) {
diff --git a/src/ipcpd/normal/pol/complete.c b/src/ipcpd/normal/pol/complete.c
index 1d4811d2..68f43e81 100644
--- a/src/ipcpd/normal/pol/complete.c
+++ b/src/ipcpd/normal/pol/complete.c
@@ -167,7 +167,8 @@ int complete_accept_flow(void * o,
list_for_each(pos, &complete->neighbors) {
struct neighbor * e = list_entry(pos, struct neighbor, next);
- if (strcmp(e->neighbor, info->name) == 0) {
+ /* FIXME: figure out union type and check name or address */
+ if (strcmp(e->neighbor, info->ae.name) == 0) {
pthread_mutex_unlock(&complete->neighbors_lock);
return -1;
}
@@ -185,7 +186,8 @@ int complete_accept_flow(void * o,
list_head_init(&n->next);
- n->neighbor = strdup(info->name);
+ /* FIXME: figure out union type and check name or address */
+ n->neighbor = strdup(info->ae.name);
if (n->neighbor == NULL) {
pthread_mutex_unlock(&complete->neighbors_lock);
free(n);
diff --git a/src/ipcpd/normal/ribmgr.c b/src/ipcpd/normal/ribmgr.c
index 1436a7d4..25f1687e 100644
--- a/src/ipcpd/normal/ribmgr.c
+++ b/src/ipcpd/normal/ribmgr.c
@@ -53,7 +53,6 @@ struct {
int ribmgr_init(void)
{
- enum pol_cacep pc;
enum pol_gam pg;
if (rib_read(BOOT_PATH "/rm/gam/type", &pg, sizeof(pg))
@@ -62,15 +61,6 @@ int ribmgr_init(void)
return -1;
}
- if (rib_read(BOOT_PATH "/rm/gam/cacep", &pc, sizeof(pc))
- != sizeof(pc)) {
- log_err("Failed to read CACEP policy for ribmgr gam.");
- return -1;
- }
-
- /* FIXME: Implement cacep policies */
- (void) pc;
-
ribmgr.gam = gam_create(pg);
if (ribmgr.gam == NULL) {
log_err("Failed to create gam.");