From adc6766221327f99ab484d66f6f92050ec9e62d7 Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Tue, 21 Feb 2017 08:02:37 +0100 Subject: lib: Exchange protocol info during CACEP This exchanges a protocol name, a protocol version and concrete syntax for the protocol upon CACEP. For CDAP, only version 1 and GPB are supported. No lists for other supported versions or syntaxes are exchanged (but the proto file supports it). CACEP fails if there is a mismatch between the protocol names, version and syntax specified by the communicating parties. --- src/lib/pol/cacep_anonymous_auth.c | 129 +++++++++++++++++++++++++++++++-- src/lib/pol/cacep_anonymous_auth.proto | 30 ++++++++ src/lib/pol/cacep_proto.c | 52 +++++++++++++ src/lib/pol/cacep_proto.h | 36 +++++++++ src/lib/pol/cacep_proto.proto | 38 ++++++++++ src/lib/pol/cacep_simple_auth.c | 52 +++++++++++-- src/lib/pol/cacep_simple_auth.proto | 7 +- 7 files changed, 331 insertions(+), 13 deletions(-) create mode 100644 src/lib/pol/cacep_anonymous_auth.proto create mode 100644 src/lib/pol/cacep_proto.c create mode 100644 src/lib/pol/cacep_proto.h create mode 100644 src/lib/pol/cacep_proto.proto (limited to 'src/lib/pol') diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c index d450fdc5..1ad8a533 100644 --- a/src/lib/pol/cacep_anonymous_auth.c +++ b/src/lib/pol/cacep_anonymous_auth.c @@ -24,7 +24,10 @@ #include #include #include +#include +#include +#include "cacep_proto.h" #include "cacep_anonymous_auth.h" #include @@ -32,6 +35,11 @@ #include #include +#include "cacep_anonymous_auth.pb-c.h" +typedef CacepAnonymousAuthMsg cacep_anonymous_auth_msg_t; +typedef CacepProtoMsg cacep_proto_msg_t; + +#define BUF_SIZE 2048 #define NAME_LEN 8 /* this policy generates a hex string */ @@ -61,21 +69,130 @@ static struct cacep_info * anonymous_info(void) return info; } +static struct cacep_info * read_msg(int fd) +{ + struct cacep_info * tmp; + uint8_t buf[BUF_SIZE]; + cacep_anonymous_auth_msg_t * msg; + ssize_t len; + + len = flow_read(fd, buf, BUF_SIZE); + if (len < 0) + return NULL; + + msg = cacep_anonymous_auth_msg__unpack(NULL, len, buf); + if (msg == NULL) + return NULL; + + tmp = anonymous_info(); + if (tmp == NULL) { + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.protocol = strdup(msg->proto->protocol); + if (tmp->proto.protocol == NULL) { + free(tmp); + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.pref_version = msg->proto->pref_version; + tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); + if (tmp->proto.pref_syntax < 0) { + free(tmp->proto.protocol); + free(tmp); + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + + return tmp; +} + +static int send_msg(int fd, + const struct cacep_info * info) +{ + cacep_anonymous_auth_msg_t msg = CACEP_ANONYMOUS_AUTH_MSG__INIT; + cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; + int ret = 0; + uint8_t * data = NULL; + size_t len = 0; + + cmsg.protocol = info->proto.protocol; + cmsg.pref_version = info->proto.pref_version; + cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); + if (cmsg.pref_syntax < 0) + return -1; + + msg.proto = &cmsg; + + len = cacep_anonymous_auth_msg__get_packed_size(&msg); + if (len == 0) + return -1; + + data = malloc(len); + if (data == NULL) + return -ENOMEM; + + cacep_anonymous_auth_msg__pack(&msg, data); + + if (flow_write(fd, data, len) < 0) + ret = -1; + + free(data); + + return ret; +} + struct cacep_info * cacep_anonymous_auth(int fd, const struct cacep_info * info) { - (void) fd; - (void) info; + struct cacep_info * tmp; - return anonymous_info(); + if (send_msg(fd, info)) + return NULL; + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + free(tmp); + return NULL; + } + + tmp->data = NULL; + + return tmp; } struct cacep_info * cacep_anonymous_auth_wait(int fd, const struct cacep_info * info) { - (void) fd; - (void) info; + struct cacep_info * tmp; + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (send_msg(fd, info)) { + free(tmp); + return NULL; + } + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + free(tmp); + return NULL; + } + + tmp->data = NULL; - return anonymous_info(); + return tmp; } diff --git a/src/lib/pol/cacep_anonymous_auth.proto b/src/lib/pol/cacep_anonymous_auth.proto new file mode 100644 index 00000000..79734e28 --- /dev/null +++ b/src/lib/pol/cacep_anonymous_auth.proto @@ -0,0 +1,30 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for no authentication CACEP policy + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +import "cacep_proto.proto"; + +message cacep_anonymous_auth_msg { + required cacep_proto_msg proto = 1; +} \ No newline at end of file diff --git a/src/lib/pol/cacep_proto.c b/src/lib/pol/cacep_proto.c new file mode 100644 index 00000000..9990a05a --- /dev/null +++ b/src/lib/pol/cacep_proto.c @@ -0,0 +1,52 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * CACEP - Read/Write Protocol info + * + * Sander Vrijders + * Dimitri Staessens + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include "cacep_proto.h" + +enum proto_concrete_syntax code_to_syntax(int code) +{ + switch(code) { + case PROTO_CONCRETE_SYNTAX_CODE__GPB: + return PROTO_GPB; + case PROTO_CONCRETE_SYNTAX_CODE__ASN_1: + return PROTO_ASN_1; + case PROTO_CONCRETE_SYNTAX_CODE__FIXED: + return PROTO_FIXED; + default: + return -1; + } +} + +int syntax_to_code(enum proto_concrete_syntax stx) +{ + switch(stx) { + case PROTO_GPB: + return PROTO_CONCRETE_SYNTAX_CODE__GPB; + case PROTO_ASN_1: + return PROTO_CONCRETE_SYNTAX_CODE__ASN_1; + case PROTO_FIXED: + return PROTO_CONCRETE_SYNTAX_CODE__FIXED; + default: + return -1; + } +} diff --git a/src/lib/pol/cacep_proto.h b/src/lib/pol/cacep_proto.h new file mode 100644 index 00000000..bfb1b247 --- /dev/null +++ b/src/lib/pol/cacep_proto.h @@ -0,0 +1,36 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * CACEP - Convert syntax to msg code and back + * + * Sander Vrijders + * Dimitri Staessens + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_CDAP_H +#define OUROBOROS_LIB_CACEP_CDAP_H + +#include +#include + +#include "cacep_proto.pb-c.h" + +enum proto_concrete_syntax code_to_syntax(int code); + +int syntax_to_code(enum proto_concrete_syntax stx); + +#endif /* OUROBOROS_LIB_CACEP_CDAP_H */ diff --git a/src/lib/pol/cacep_proto.proto b/src/lib/pol/cacep_proto.proto new file mode 100644 index 00000000..f313bfc1 --- /dev/null +++ b/src/lib/pol/cacep_proto.proto @@ -0,0 +1,38 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for setting Protocol information in CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +enum proto_concrete_syntax_code { + GPB = 1; + ASN_1 = 2; + FIXED = 3; +} + +message cacep_proto_msg { + required string protocol = 1; + required int32 pref_version = 2; + repeated int32 supp_version = 3; + required proto_concrete_syntax_code pref_syntax = 4; + repeated proto_concrete_syntax_code supp_syntax = 5; +} diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c index 1e052f3d..b24a818b 100644 --- a/src/lib/pol/cacep_simple_auth.c +++ b/src/lib/pol/cacep_simple_auth.c @@ -26,6 +26,7 @@ #include #include +#include "cacep_proto.h" #include "cacep_simple_auth.h" #include @@ -33,6 +34,7 @@ #include "cacep_simple_auth.pb-c.h" typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t; +typedef CacepProtoMsg cacep_proto_msg_t; #define BUF_SIZE 2048 @@ -65,6 +67,24 @@ static struct cacep_info * read_msg(int fd) return NULL; } + tmp->proto.protocol = strdup(msg->proto->protocol); + if (tmp->proto.protocol == NULL) { + free(tmp->name); + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.pref_version = msg->proto->pref_version; + tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); + if (tmp->proto.pref_syntax < 0) { + free(tmp->proto.protocol); + free(tmp->name); + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + cacep_simple_auth_msg__free_unpacked(msg, NULL); return tmp; @@ -73,13 +93,21 @@ static struct cacep_info * read_msg(int fd) static int send_msg(int fd, const struct cacep_info * info) { - cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; - int ret = 0; + cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; + cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; + int ret = 0; uint8_t * data = NULL; - size_t len = 0; + size_t len = 0; - msg.name = info->name; - msg.addr = info->addr; + cmsg.protocol = info->proto.protocol; + cmsg.pref_version = info->proto.pref_version; + cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); + if (cmsg.pref_syntax < 0) + return -1; + + msg.proto = &cmsg; + msg.name = info->name; + msg.addr = info->addr; len = cacep_simple_auth_msg__get_packed_size(&msg); if (len == 0) @@ -113,6 +141,13 @@ struct cacep_info * cacep_simple_auth_auth(int fd, if (tmp == NULL) return NULL; + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + free(tmp); + return NULL; + } + return tmp; } @@ -133,5 +168,12 @@ struct cacep_info * cacep_simple_auth_auth_wait(int fd, return NULL; } + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + free(tmp); + return NULL; + } + return tmp; } diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto index d20f8780..1a1e7ea8 100644 --- a/src/lib/pol/cacep_simple_auth.proto +++ b/src/lib/pol/cacep_simple_auth.proto @@ -23,7 +23,10 @@ syntax = "proto2"; +import "cacep_proto.proto"; + message cacep_simple_auth_msg { - required string name = 1; - required uint64 addr = 2; + required cacep_proto_msg proto = 1; + required string name = 2; + required uint64 addr = 3; } -- cgit v1.2.3