From d06cb62e111be1ac3f09398ae559f99e4833b4bf Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Mon, 27 Feb 2017 17:04:40 +0100 Subject: lib: Split authentication from CACEP By removing authentication as part of CACEP, all policies disappear. CACEP becomes a policy-free connection establishment protocol between Application Entities. Authentication can later be added cleanly as a pure policy function when needed. --- src/ipcpd/normal/cdap_flow.c | 25 ++++++------ src/ipcpd/normal/cdap_flow.h | 8 ++-- src/ipcpd/normal/enroll.c | 42 +++++++------------- src/ipcpd/normal/fmgr.c | 11 ------ src/ipcpd/normal/gam.c | 87 ++++++++++++++++++----------------------- src/ipcpd/normal/main.c | 11 ------ src/ipcpd/normal/pol/complete.c | 6 ++- src/ipcpd/normal/ribmgr.c | 10 ----- 8 files changed, 69 insertions(+), 131 deletions(-) (limited to 'src/ipcpd/normal') diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c index 3d1b2b22..d3d98884 100644 --- a/src/ipcpd/normal/cdap_flow.c +++ b/src/ipcpd/normal/cdap_flow.c @@ -29,6 +29,7 @@ #include "cdap_flow.h" #include +#include #include static void cdap_flow_destroy(struct cdap_flow * flow) @@ -37,20 +38,15 @@ static void cdap_flow_destroy(struct cdap_flow * flow) if (flow->ci != NULL) cdap_destroy(flow->ci); - if (flow->info != NULL) { - conn_info_fini(flow->info); - free(flow->info); - } free(flow); } -struct cdap_flow * cdap_flow_arr(int fd, +struct cdap_flow * cdap_flow_arr(int fd, int resp, - enum pol_cacep pc, const struct conn_info * info) { - struct cdap_flow * flow; + struct cdap_flow * flow; if (flow_alloc_resp(fd, resp) < 0) { log_err("Could not respond to new flow."); @@ -66,12 +62,13 @@ struct cdap_flow * cdap_flow_arr(int fd, return NULL; } + memset(&flow->info, 0, sizeof(flow->info)); + flow->fd = fd; flow->ci = NULL; - flow->info = cacep_auth_wait(fd, pc, info, NULL); - if (flow->info == NULL) { - log_err("Other side failed to authenticate."); + if (cacep_listen(fd, info, &flow->info)) { + log_err("Error establishing application connection."); cdap_flow_destroy(flow); return NULL; } @@ -88,7 +85,6 @@ struct cdap_flow * cdap_flow_arr(int fd, struct cdap_flow * cdap_flow_alloc(const char * dst_name, qosspec_t * qs, - enum pol_cacep pc, const struct conn_info * info) { struct cdap_flow * flow; @@ -119,12 +115,13 @@ struct cdap_flow * cdap_flow_alloc(const char * dst_name, return NULL; } + memset(&flow->info, 0, sizeof(flow->info)); + flow->fd = fd; flow->ci = NULL; - flow->info = cacep_auth(fd, pc, info, NULL); - if (flow->info == NULL) { - log_err("Failed to authenticate."); + if (cacep_connect(fd, info, &flow->info)) { + log_err("Failed to connect to application."); cdap_flow_dealloc(flow); return NULL; } diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h index 8aa26dc0..761f3463 100644 --- a/src/ipcpd/normal/cdap_flow.h +++ b/src/ipcpd/normal/cdap_flow.h @@ -28,19 +28,17 @@ #include struct cdap_flow { - int fd; - struct cdap * ci; - struct conn_info * info; + int fd; + struct cdap * ci; + struct conn_info info; }; struct cdap_flow * cdap_flow_arr(int fd, int resp, - enum pol_cacep pc, const struct conn_info * info); struct cdap_flow * cdap_flow_alloc(const char * dst_name, qosspec_t * qs, - enum pol_cacep pc, const struct conn_info * info); void cdap_flow_dealloc(struct cdap_flow * flow); diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c index b420533e..5c7ebd7e 100644 --- a/src/ipcpd/normal/enroll.c +++ b/src/ipcpd/normal/enroll.c @@ -44,7 +44,7 @@ int enroll_handle(int fd) { struct cdap_flow * flow; - struct conn_info info; + struct conn_info info; cdap_key_t key; enum cdap_opcode oc; char * name; @@ -61,27 +61,20 @@ int enroll_handle(int fd) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - conn_info_init(&info); + memset(&info, 0, sizeof(info)); - info.proto.protocol = strdup(CDAP_PROTO); - if (info.proto.protocol == NULL) { - conn_info_fini(&info); - return -ENOMEM; - } - - info.proto.pref_version = 1; - info.proto.pref_syntax = PROTO_GPB; + strcpy(info.ae_name, ENROLL_AE); + strcpy(info.protocol, CDAP_PROTO); + info.pref_version = 1; + info.pref_syntax = PROTO_GPB; - flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, &info); + flow = cdap_flow_arr(fd, 0, &info); if (flow == NULL) { log_err("Failed to auth enrollment request."); - conn_info_fini(&info); flow_dealloc(fd); return -1; } - conn_info_fini(&info); - while (!(boot_r && members_r && dif_name_r)) { key = cdap_request_wait(flow->ci, &oc, &name, &data, (size_t *) &len , &flags); @@ -156,7 +149,7 @@ int enroll_handle(int fd) int enroll_boot(char * dst_name) { struct cdap_flow * flow; - struct conn_info info; + struct conn_info info; cdap_key_t key; uint8_t * data; size_t len; @@ -170,26 +163,19 @@ int enroll_boot(char * dst_name) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - conn_info_init(&info); + memset(&info, 0, sizeof(info)); - info.proto.protocol = strdup(CDAP_PROTO); - if (info.proto.protocol == NULL) { - conn_info_fini(&info); - return -ENOMEM; - } - - info.proto.pref_version = 1; - info.proto.pref_syntax = PROTO_GPB; + strcpy(info.ae_name, ENROLL_AE); + strcpy(info.protocol, CDAP_PROTO); + info.pref_version = 1; + info.pref_syntax = PROTO_GPB; - flow = cdap_flow_alloc(dst_name, NULL, ANONYMOUS_AUTH, &info); + flow = cdap_flow_alloc(dst_name, NULL, &info); if (flow == NULL) { log_err("Failed to allocate flow for enrollment request."); - conn_info_fini(&info); return -1; } - conn_info_fini(&info); - log_dbg("Getting boot information from %s.", dst_name); clock_gettime(CLOCK_REALTIME, &t0); diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c index 071a895f..0c927fc7 100644 --- a/src/ipcpd/normal/fmgr.c +++ b/src/ipcpd/normal/fmgr.c @@ -249,7 +249,6 @@ static void fmgr_destroy_flows(void) int fmgr_init(void) { - enum pol_cacep pc; enum pol_gam pg; int i; @@ -292,15 +291,6 @@ int fmgr_init(void) return -1; } - if (rib_read(BOOT_PATH "/dt/gam/cacep", &pc, sizeof(pc)) - != sizeof(pc)) { - log_err("Failed to read CACEP policy for ribmgr gam."); - return -1; - } - - /* FIXME: Implement cacep policies */ - (void) pc; - fmgr.gam = gam_create(pg); if (fmgr.gam == NULL) { log_err("Failed to create graph adjacency manager."); @@ -345,7 +335,6 @@ void fmgr_fini() flow_dealloc(flow->fd); ipcp_flow_get_qoscube(flow->fd, &cube); flow_set_del(fmgr.nm1_set[cube], flow->fd); - free(flow->info->name); free(flow->info); free(flow); } diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c index 2479fa62..bdfc8cb9 100644 --- a/src/ipcpd/normal/gam.c +++ b/src/ipcpd/normal/gam.c @@ -120,7 +120,6 @@ void gam_destroy(struct gam * instance) list_for_each_safe(p, n, &instance->gas) { struct ga * e = list_entry(p, struct ga, next); list_del(&e->next); - free(e->info->name); free(e->info); free(e); } @@ -156,7 +155,7 @@ static int add_ga(struct gam * instance, pthread_cond_signal(&instance->gas_cond); pthread_mutex_unlock(&instance->gas_lock); - log_info("Added flow to %s.", info->name); + log_info("Added flow."); return 0; } @@ -166,7 +165,7 @@ int gam_flow_arr(struct gam * instance, qosspec_t qs) { struct conn_info * rcv_info; - struct conn_info snd_info; + struct conn_info snd_info; if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o)) < 0) { @@ -174,34 +173,29 @@ int gam_flow_arr(struct gam * instance, return -1; } - conn_info_init(&snd_info); - snd_info.proto.protocol = strdup(CDAP_PROTO); - if (snd_info.proto.protocol == NULL) { - conn_info_fini(&snd_info); + rcv_info = malloc(sizeof(*rcv_info)); + if (rcv_info == NULL) return -ENOMEM; - } - snd_info.proto.pref_version = 1; - snd_info.proto.pref_syntax = PROTO_GPB; - snd_info.addr = ipcpi.address; - snd_info.name = strdup(ipcpi.name); - if (snd_info.name == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + memset(&snd_info, 0, sizeof(snd_info)); + memset(rcv_info, 0, sizeof(*rcv_info)); + + /* FIXME: send correct AE */ + strcpy(snd_info.ae_name, "FIXME:CORRECT_AE"); + strcpy(snd_info.protocol, CDAP_PROTO); + snd_info.pref_version = 1; + snd_info.pref_syntax = PROTO_GPB; + snd_info.ae.addr = ipcpi.address; - rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info, NULL); - if (rcv_info == NULL) { - log_err("Other side failed to authenticate."); - conn_info_fini(&snd_info); + if (cacep_listen(fd, &snd_info, rcv_info)) { + log_err("Failed to create application connection."); + flow_dealloc(fd); + free(rcv_info); return -1; } - conn_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return 0; } @@ -209,7 +203,6 @@ int gam_flow_arr(struct gam * instance, if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add ga to graph adjacency manager list."); flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return -1; } @@ -222,11 +215,15 @@ int gam_flow_alloc(struct gam * instance, qosspec_t qs) { struct conn_info * rcv_info; - struct conn_info snd_info; + struct conn_info snd_info; int fd; log_dbg("Allocating flow to %s.", dst_name); + rcv_info = malloc(sizeof(*rcv_info)); + if (rcv_info == NULL) + return -ENOMEM; + fd = flow_alloc(dst_name, NULL); if (fd < 0) { log_err("Failed to allocate flow to %s.", dst_name); @@ -239,34 +236,25 @@ int gam_flow_alloc(struct gam * instance, return -1; } - conn_info_init(&snd_info); - snd_info.proto.protocol = strdup(CDAP_PROTO); - if (snd_info.proto.protocol == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + memset(&snd_info, 0, sizeof(snd_info)); + memset(rcv_info, 0, sizeof(*rcv_info)); - snd_info.proto.pref_version = 1; - snd_info.proto.pref_syntax = PROTO_GPB; - snd_info.addr = ipcpi.address; - snd_info.name = strdup(ipcpi.name); - if (snd_info.name == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + /* FIXME: send correct AE */ + strcpy(snd_info.ae_name, "FIXME:CORRECT_AE"); + strcpy(snd_info.protocol, CDAP_PROTO); + snd_info.pref_version = 1; + snd_info.pref_syntax = PROTO_GPB; + snd_info.ae.addr = ipcpi.address; - rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info, NULL); - if (rcv_info == NULL) { - log_err("Other side failed to authenticate."); - conn_info_fini(&snd_info); + if (cacep_connect(fd, &snd_info, rcv_info)) { + log_err("Failed to create application connection."); + flow_dealloc(fd); + free(rcv_info); return -1; } - conn_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return 0; } @@ -274,7 +262,6 @@ int gam_flow_alloc(struct gam * instance, if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add GA to graph adjacency manager list."); flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return -1; } @@ -282,10 +269,10 @@ int gam_flow_alloc(struct gam * instance, return 0; } -int gam_flow_wait(struct gam * instance, - int * fd, +int gam_flow_wait(struct gam * instance, + int * fd, struct conn_info ** info, - qosspec_t * qs) + qosspec_t * qs) { struct ga * ga; diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c index 939544c3..c75a74d6 100644 --- a/src/ipcpd/normal/main.c +++ b/src/ipcpd/normal/main.c @@ -336,11 +336,6 @@ int normal_rib_init(void) static int normal_ipcp_bootstrap(struct dif_config * conf) { - /* FIXME: get CACEP policies from conf */ - enum pol_cacep pol = SIMPLE_AUTH; - - (void) pol; - assert(conf); assert(conf->type == THIS_TYPE); @@ -388,12 +383,6 @@ static int normal_ipcp_bootstrap(struct dif_config * conf) rib_write(BOOT_PATH "/rm/gam/type", &conf->rm_gam_type, sizeof(conf->rm_gam_type)) || - rib_write(BOOT_PATH "/rm/gam/cacep", - &pol, - sizeof(pol)) || - rib_write(BOOT_PATH "/dt/gam/cacep", - &pol, - sizeof(pol)) || rib_write(BOOT_PATH "/addr_auth/type", &conf->addr_auth_type, sizeof(conf->addr_auth_type))) { diff --git a/src/ipcpd/normal/pol/complete.c b/src/ipcpd/normal/pol/complete.c index 1d4811d2..68f43e81 100644 --- a/src/ipcpd/normal/pol/complete.c +++ b/src/ipcpd/normal/pol/complete.c @@ -167,7 +167,8 @@ int complete_accept_flow(void * o, list_for_each(pos, &complete->neighbors) { struct neighbor * e = list_entry(pos, struct neighbor, next); - if (strcmp(e->neighbor, info->name) == 0) { + /* FIXME: figure out union type and check name or address */ + if (strcmp(e->neighbor, info->ae.name) == 0) { pthread_mutex_unlock(&complete->neighbors_lock); return -1; } @@ -185,7 +186,8 @@ int complete_accept_flow(void * o, list_head_init(&n->next); - n->neighbor = strdup(info->name); + /* FIXME: figure out union type and check name or address */ + n->neighbor = strdup(info->ae.name); if (n->neighbor == NULL) { pthread_mutex_unlock(&complete->neighbors_lock); free(n); diff --git a/src/ipcpd/normal/ribmgr.c b/src/ipcpd/normal/ribmgr.c index 1436a7d4..25f1687e 100644 --- a/src/ipcpd/normal/ribmgr.c +++ b/src/ipcpd/normal/ribmgr.c @@ -53,7 +53,6 @@ struct { int ribmgr_init(void) { - enum pol_cacep pc; enum pol_gam pg; if (rib_read(BOOT_PATH "/rm/gam/type", &pg, sizeof(pg)) @@ -62,15 +61,6 @@ int ribmgr_init(void) return -1; } - if (rib_read(BOOT_PATH "/rm/gam/cacep", &pc, sizeof(pc)) - != sizeof(pc)) { - log_err("Failed to read CACEP policy for ribmgr gam."); - return -1; - } - - /* FIXME: Implement cacep policies */ - (void) pc; - ribmgr.gam = gam_create(pg); if (ribmgr.gam == NULL) { log_err("Failed to create gam."); -- cgit v1.2.3