From 86f4814245998f4b43e136101897557e4c2f5e54 Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Mon, 20 Feb 2017 14:42:43 +0100 Subject: lib: Revise CACEP Revises CACEP policies to stateless library calls. It provides two policies: an anonymous authentication policy that will generate random credentials for the peer, and a simple authentication policy that will return a name for the peer and an address. Changes the normal IPCP to use the updates API calls. --- src/ipcpd/normal/gam.c | 68 +++++++-------- src/ipcpd/normal/main.c | 2 +- src/lib/CMakeLists.txt | 10 ++- src/lib/cacep.c | 160 +++++++----------------------------- src/lib/cacep.proto | 29 ------- src/lib/pol/cacep_anonymous_auth.c | 81 ++++++++++++++++++ src/lib/pol/cacep_anonymous_auth.h | 33 ++++++++ src/lib/pol/cacep_simple_auth.c | 137 ++++++++++++++++++++++++++++++ src/lib/pol/cacep_simple_auth.h | 33 ++++++++ src/lib/pol/cacep_simple_auth.proto | 29 +++++++ 10 files changed, 380 insertions(+), 202 deletions(-) delete mode 100644 src/lib/cacep.proto create mode 100644 src/lib/pol/cacep_anonymous_auth.c create mode 100644 src/lib/pol/cacep_anonymous_auth.h create mode 100644 src/lib/pol/cacep_simple_auth.c create mode 100644 src/lib/pol/cacep_simple_auth.h create mode 100644 src/lib/pol/cacep_simple_auth.proto (limited to 'src') diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c index 9ee55261..bc71f0d8 100644 --- a/src/ipcpd/normal/gam.c +++ b/src/ipcpd/normal/gam.c @@ -178,8 +178,12 @@ int gam_flow_arr(struct gam * instance, int fd, qosspec_t qs) { - struct cacep * cacep; - struct cacep_info * info; + struct cacep_info * rcv_info; + struct cacep_info snd_info; + + snd_info.name = ipcpi.name; + snd_info.addr = ipcpi.address; + snd_info.data = NULL; if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o)) < 0) { @@ -187,32 +191,23 @@ int gam_flow_arr(struct gam * instance, return -1; } - cacep = cacep_create(fd, ipcpi.name, ipcpi.address); - if (cacep == NULL) { - log_err("Failed to create CACEP instance."); - return -1; - } - - info = cacep_auth_wait(cacep); - if (info == NULL) { + rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info); + if (rcv_info == NULL) { log_err("Other side failed to authenticate."); - cacep_destroy(cacep); return -1; } - cacep_destroy(cacep); - - if (instance->ops->accept_flow(instance->ops_o, qs, info)) { + if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - free(info->name); - free(info); + free(rcv_info->name); + free(rcv_info); return 0; } - if (add_ga(instance, fd, qs, info)) { + if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add ga to graph adjacency manager list."); - free(info->name); - free(info); + free(rcv_info->name); + free(rcv_info); return -1; } @@ -223,10 +218,14 @@ int gam_flow_alloc(struct gam * instance, char * dst_name, qosspec_t qs) { - struct cacep * cacep; - struct cacep_info * info; + struct cacep_info * rcv_info; + struct cacep_info snd_info; int fd; + snd_info.name = ipcpi.name; + snd_info.addr = ipcpi.address; + snd_info.data = NULL; + fd = flow_alloc(dst_name, instance->ae_name, NULL); if (fd < 0) { log_err("Failed to allocate flow to %s.", dst_name); @@ -239,32 +238,23 @@ int gam_flow_alloc(struct gam * instance, return -1; } - cacep = cacep_create(fd, ipcpi.name, ipcpi.address); - if (cacep == NULL) { - log_err("Failed to create CACEP instance."); - return -1; - } - - info = cacep_auth(cacep); - if (info == NULL) { - log_err("Failed to authenticate."); - cacep_destroy(cacep); + rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info); + if (rcv_info == NULL) { + log_err("Other side failed to authenticate."); return -1; } - cacep_destroy(cacep); - - if (instance->ops->accept_flow(instance->ops_o, qs, info)) { + if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - free(info->name); - free(info); + free(rcv_info->name); + free(rcv_info); return 0; } - if (add_ga(instance, fd, qs, info)) { + if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add GA to graph adjacency manager list."); - free(info->name); - free(info); + free(rcv_info->name); + free(rcv_info); return -1; } diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c index e3955ff2..74a74c5b 100644 --- a/src/ipcpd/normal/main.c +++ b/src/ipcpd/normal/main.c @@ -340,7 +340,7 @@ int normal_rib_init(void) static int normal_ipcp_bootstrap(struct dif_config * conf) { /* FIXME: get CACEP policies from conf */ - enum pol_cacep pol = NO_AUTH; + enum pol_cacep pol = SIMPLE_AUTH; (void) pol; diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 6af50782..f823b2d1 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -9,8 +9,9 @@ protobuf_generate_c(IPCP_PROTO_SRCS IPCP_PROTO_HDRS ipcpd_messages.proto) protobuf_generate_c(DIF_CONFIG_PROTO_SRCS DIF_CONFIG_PROTO_HDRS dif_config.proto) protobuf_generate_c(CDAP_PROTO_SRCS CDAP_PROTO_HDRS cdap.proto) -protobuf_generate_c(CACEP_PROTO_SRCS CACEP_PROTO_HDRS cacep.proto) protobuf_generate_c(RO_PROTO_SRCS RO_PROTO_HDRS ro.proto) +protobuf_generate_c(CACEP_SIMPLE_AUTH_PROTO_SRCS CACEP_SIMPLE_AUTH_PROTO_HDRS + pol/cacep_simple_auth.proto) if(NOT APPLE) find_library(LIBRT_LIBRARIES rt) @@ -49,11 +50,14 @@ set(SOURCE_FILES sockets.c time_utils.c utils.c + # Add policies last + pol/cacep_anonymous_auth.c + pol/cacep_simple_auth.c ) add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS} - ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} - ${CDAP_PROTO_SRCS} ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS}) + ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS} + ${CACEP_SIMPLE_AUTH_PROTO_SRCS} ${RO_PROTO_SRCS}) target_link_libraries(ouroboros ${LIBRT_LIBRARIES} ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY}) diff --git a/src/lib/cacep.c b/src/lib/cacep.c index 00557444..3d556d8f 100644 --- a/src/lib/cacep.c +++ b/src/lib/cacep.c @@ -20,152 +20,52 @@ * 02110-1301 USA */ +#define OUROBOROS_PREFIX "cacep" + #include #include #include #include +#include + +#include +#include #include #include -#include "cacep.pb-c.h" -typedef Cacep cacep_t; - #define BUF_SIZE 2048 -struct cacep { - int fd; - char * name; - uint64_t address; -}; - -struct cacep * cacep_create(int fd, - const char * name, - uint64_t address) +struct cacep_info * cacep_auth(int fd, + enum pol_cacep pc, + const struct cacep_info * info) { - struct cacep * tmp; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) - return NULL; - - tmp->fd = fd; - tmp->address = address; - tmp->name = strdup(name); - if (tmp->name == NULL) { - free(tmp); + switch (pc) { + case ANONYMOUS_AUTH: + return cacep_anonymous_auth(fd, info); + case SIMPLE_AUTH: + if (info == NULL) + return NULL; + return cacep_simple_auth_auth(fd, info); + default: + log_err("Unsupported CACEP policy."); return NULL; } - - return tmp; -} - -int cacep_destroy(struct cacep * instance) -{ - if (instance == NULL) - return 0; - - free(instance->name); - free(instance); - - return 0; -} - -static struct cacep_info * read_msg(struct cacep * instance) -{ - struct cacep_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_t * msg; - ssize_t len; - - len = flow_read(instance->fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) { - cacep__free_unpacked(msg, NULL); - return NULL; - } - - tmp->addr = msg->address; - tmp->name = strdup(msg->name); - if (tmp->name == NULL) { - free(tmp); - cacep__free_unpacked(msg, NULL); - return NULL; - } - - cacep__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(struct cacep * instance) -{ - cacep_t msg = CACEP__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - msg.name = instance->name; - msg.address = instance->address; - - len = cacep__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep__pack(&msg, data); - - if (flow_write(instance->fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; } -struct cacep_info * cacep_auth(struct cacep * instance) +struct cacep_info * cacep_auth_wait(int fd, + enum pol_cacep pc, + const struct cacep_info * info) { - struct cacep_info * tmp; - - if (instance == NULL) - return NULL; - - if (send_msg(instance)) - return NULL; - - tmp = read_msg(instance); - if (tmp == NULL) - return NULL; - - return tmp; -} - -struct cacep_info * cacep_auth_wait(struct cacep * instance) -{ - struct cacep_info * tmp; - - if (instance == NULL) - return NULL; - - tmp = read_msg(instance); - if (tmp == NULL) - return NULL; - - if (send_msg(instance)) { - free(tmp->name); - free(tmp); + switch (pc) { + case ANONYMOUS_AUTH: + return cacep_anonymous_auth_wait(fd, info); + case SIMPLE_AUTH: + if (info == NULL) + return NULL; + return cacep_simple_auth_auth_wait(fd, info); + default: + log_err("Unsupported CACEP policy."); return NULL; } - - return tmp; } diff --git a/src/lib/cacep.proto b/src/lib/cacep.proto deleted file mode 100644 index 603b095d..00000000 --- a/src/lib/cacep.proto +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * CACEP message - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -message cacep { - required string name = 1; - required uint64 address = 2; -} diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c new file mode 100644 index 00000000..d450fdc5 --- /dev/null +++ b/src/lib/pol/cacep_anonymous_auth.c @@ -0,0 +1,81 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Anonymous policy for CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include +#include +#include + +#include "cacep_anonymous_auth.h" + +#include +#include +#include +#include + +#define NAME_LEN 8 + +/* this policy generates a hex string */ +static struct cacep_info * anonymous_info(void) +{ + struct cacep_info * info; + struct timespec t; + + info = malloc(sizeof(*info)); + if (info == NULL) + return NULL; + + info->name = malloc(NAME_LEN + 1); + if (info->name == NULL) { + free(info); + return NULL; + } + + clock_gettime(CLOCK_REALTIME, &t); + srand(t.tv_nsec); + + sprintf(info->name, "%8x", + (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF)); + + info->addr = 0; + + return info; +} + +struct cacep_info * cacep_anonymous_auth(int fd, + const struct cacep_info * info) +{ + (void) fd; + (void) info; + + return anonymous_info(); +} + + +struct cacep_info * cacep_anonymous_auth_wait(int fd, + const struct cacep_info * info) +{ + (void) fd; + (void) info; + + return anonymous_info(); +} diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h new file mode 100644 index 00000000..d0229b05 --- /dev/null +++ b/src/lib/pol/cacep_anonymous_auth.h @@ -0,0 +1,33 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Anonymous policy for CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H +#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H + +struct cacep_info * cacep_anonymous_auth(int fd, + const struct cacep_info * info); + +struct cacep_info * cacep_anonymous_auth_wait(int fd, + const struct cacep_info * info); + +#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */ diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c new file mode 100644 index 00000000..1e052f3d --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.c @@ -0,0 +1,137 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Simple authentication policy for CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include +#include +#include +#include + +#include "cacep_simple_auth.h" + +#include +#include + +#include "cacep_simple_auth.pb-c.h" +typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t; + +#define BUF_SIZE 2048 + +static struct cacep_info * read_msg(int fd) +{ + struct cacep_info * tmp; + uint8_t buf[BUF_SIZE]; + cacep_simple_auth_msg_t * msg; + ssize_t len; + + len = flow_read(fd, buf, BUF_SIZE); + if (len < 0) + return NULL; + + msg = cacep_simple_auth_msg__unpack(NULL, len, buf); + if (msg == NULL) + return NULL; + + tmp = malloc(sizeof(*tmp)); + if (tmp == NULL) { + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->addr = msg->addr; + tmp->name = strdup(msg->name); + if (tmp->name == NULL) { + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + cacep_simple_auth_msg__free_unpacked(msg, NULL); + + return tmp; +} + +static int send_msg(int fd, + const struct cacep_info * info) +{ + cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; + int ret = 0; + uint8_t * data = NULL; + size_t len = 0; + + msg.name = info->name; + msg.addr = info->addr; + + len = cacep_simple_auth_msg__get_packed_size(&msg); + if (len == 0) + return -1; + + data = malloc(len); + if (data == NULL) + return -ENOMEM; + + cacep_simple_auth_msg__pack(&msg, data); + + if (flow_write(fd, data, len) < 0) + ret = -1; + + free(data); + + return ret; +} + +struct cacep_info * cacep_simple_auth_auth(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + if (send_msg(fd, info)) + return NULL; + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + return tmp; +} + + +struct cacep_info * cacep_simple_auth_auth_wait(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (send_msg(fd, info)) { + free(tmp); + return NULL; + } + + return tmp; +} diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h new file mode 100644 index 00000000..bbdbe9b9 --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.h @@ -0,0 +1,33 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Simple authentication policy for CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H +#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H + +struct cacep_info * cacep_simple_auth_auth(int fd, + const struct cacep_info * info); + +struct cacep_info * cacep_simple_auth_auth_wait(int fd, + const struct cacep_info * info); + +#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */ diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto new file mode 100644 index 00000000..d20f8780 --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.proto @@ -0,0 +1,29 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for no authentication CACEP policy + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +message cacep_simple_auth_msg { + required string name = 1; + required uint64 addr = 2; +} -- cgit v1.2.3