From d06cb62e111be1ac3f09398ae559f99e4833b4bf Mon Sep 17 00:00:00 2001 From: dimitri staessens Date: Mon, 27 Feb 2017 17:04:40 +0100 Subject: lib: Split authentication from CACEP By removing authentication as part of CACEP, all policies disappear. CACEP becomes a policy-free connection establishment protocol between Application Entities. Authentication can later be added cleanly as a pure policy function when needed. --- src/ipcpd/normal/cdap_flow.c | 25 ++-- src/ipcpd/normal/cdap_flow.h | 8 +- src/ipcpd/normal/enroll.c | 42 +++---- src/ipcpd/normal/fmgr.c | 11 -- src/ipcpd/normal/gam.c | 87 ++++++-------- src/ipcpd/normal/main.c | 11 -- src/ipcpd/normal/pol/complete.c | 6 +- src/ipcpd/normal/ribmgr.c | 10 -- src/lib/CMakeLists.txt | 14 +-- src/lib/cacep.c | 152 ++++++++++++++---------- src/lib/cacep.proto | 33 ++++++ src/lib/pol/cacep_anonymous_auth.c | 209 --------------------------------- src/lib/pol/cacep_anonymous_auth.h | 35 ------ src/lib/pol/cacep_anonymous_auth.proto | 30 ----- src/lib/pol/cacep_proto.c | 52 -------- src/lib/pol/cacep_proto.h | 36 ------ src/lib/pol/cacep_proto.proto | 38 ------ src/lib/pol/cacep_simple_auth.c | 190 ------------------------------ src/lib/pol/cacep_simple_auth.h | 35 ------ src/lib/pol/cacep_simple_auth.proto | 32 ----- 20 files changed, 194 insertions(+), 862 deletions(-) create mode 100644 src/lib/cacep.proto delete mode 100644 src/lib/pol/cacep_anonymous_auth.c delete mode 100644 src/lib/pol/cacep_anonymous_auth.h delete mode 100644 src/lib/pol/cacep_anonymous_auth.proto delete mode 100644 src/lib/pol/cacep_proto.c delete mode 100644 src/lib/pol/cacep_proto.h delete mode 100644 src/lib/pol/cacep_proto.proto delete mode 100644 src/lib/pol/cacep_simple_auth.c delete mode 100644 src/lib/pol/cacep_simple_auth.h delete mode 100644 src/lib/pol/cacep_simple_auth.proto (limited to 'src') diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c index 3d1b2b22..d3d98884 100644 --- a/src/ipcpd/normal/cdap_flow.c +++ b/src/ipcpd/normal/cdap_flow.c @@ -29,6 +29,7 @@ #include "cdap_flow.h" #include +#include #include static void cdap_flow_destroy(struct cdap_flow * flow) @@ -37,20 +38,15 @@ static void cdap_flow_destroy(struct cdap_flow * flow) if (flow->ci != NULL) cdap_destroy(flow->ci); - if (flow->info != NULL) { - conn_info_fini(flow->info); - free(flow->info); - } free(flow); } -struct cdap_flow * cdap_flow_arr(int fd, +struct cdap_flow * cdap_flow_arr(int fd, int resp, - enum pol_cacep pc, const struct conn_info * info) { - struct cdap_flow * flow; + struct cdap_flow * flow; if (flow_alloc_resp(fd, resp) < 0) { log_err("Could not respond to new flow."); @@ -66,12 +62,13 @@ struct cdap_flow * cdap_flow_arr(int fd, return NULL; } + memset(&flow->info, 0, sizeof(flow->info)); + flow->fd = fd; flow->ci = NULL; - flow->info = cacep_auth_wait(fd, pc, info, NULL); - if (flow->info == NULL) { - log_err("Other side failed to authenticate."); + if (cacep_listen(fd, info, &flow->info)) { + log_err("Error establishing application connection."); cdap_flow_destroy(flow); return NULL; } @@ -88,7 +85,6 @@ struct cdap_flow * cdap_flow_arr(int fd, struct cdap_flow * cdap_flow_alloc(const char * dst_name, qosspec_t * qs, - enum pol_cacep pc, const struct conn_info * info) { struct cdap_flow * flow; @@ -119,12 +115,13 @@ struct cdap_flow * cdap_flow_alloc(const char * dst_name, return NULL; } + memset(&flow->info, 0, sizeof(flow->info)); + flow->fd = fd; flow->ci = NULL; - flow->info = cacep_auth(fd, pc, info, NULL); - if (flow->info == NULL) { - log_err("Failed to authenticate."); + if (cacep_connect(fd, info, &flow->info)) { + log_err("Failed to connect to application."); cdap_flow_dealloc(flow); return NULL; } diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h index 8aa26dc0..761f3463 100644 --- a/src/ipcpd/normal/cdap_flow.h +++ b/src/ipcpd/normal/cdap_flow.h @@ -28,19 +28,17 @@ #include struct cdap_flow { - int fd; - struct cdap * ci; - struct conn_info * info; + int fd; + struct cdap * ci; + struct conn_info info; }; struct cdap_flow * cdap_flow_arr(int fd, int resp, - enum pol_cacep pc, const struct conn_info * info); struct cdap_flow * cdap_flow_alloc(const char * dst_name, qosspec_t * qs, - enum pol_cacep pc, const struct conn_info * info); void cdap_flow_dealloc(struct cdap_flow * flow); diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c index b420533e..5c7ebd7e 100644 --- a/src/ipcpd/normal/enroll.c +++ b/src/ipcpd/normal/enroll.c @@ -44,7 +44,7 @@ int enroll_handle(int fd) { struct cdap_flow * flow; - struct conn_info info; + struct conn_info info; cdap_key_t key; enum cdap_opcode oc; char * name; @@ -61,27 +61,20 @@ int enroll_handle(int fd) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - conn_info_init(&info); + memset(&info, 0, sizeof(info)); - info.proto.protocol = strdup(CDAP_PROTO); - if (info.proto.protocol == NULL) { - conn_info_fini(&info); - return -ENOMEM; - } - - info.proto.pref_version = 1; - info.proto.pref_syntax = PROTO_GPB; + strcpy(info.ae_name, ENROLL_AE); + strcpy(info.protocol, CDAP_PROTO); + info.pref_version = 1; + info.pref_syntax = PROTO_GPB; - flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, &info); + flow = cdap_flow_arr(fd, 0, &info); if (flow == NULL) { log_err("Failed to auth enrollment request."); - conn_info_fini(&info); flow_dealloc(fd); return -1; } - conn_info_fini(&info); - while (!(boot_r && members_r && dif_name_r)) { key = cdap_request_wait(flow->ci, &oc, &name, &data, (size_t *) &len , &flags); @@ -156,7 +149,7 @@ int enroll_handle(int fd) int enroll_boot(char * dst_name) { struct cdap_flow * flow; - struct conn_info info; + struct conn_info info; cdap_key_t key; uint8_t * data; size_t len; @@ -170,26 +163,19 @@ int enroll_boot(char * dst_name) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - conn_info_init(&info); + memset(&info, 0, sizeof(info)); - info.proto.protocol = strdup(CDAP_PROTO); - if (info.proto.protocol == NULL) { - conn_info_fini(&info); - return -ENOMEM; - } - - info.proto.pref_version = 1; - info.proto.pref_syntax = PROTO_GPB; + strcpy(info.ae_name, ENROLL_AE); + strcpy(info.protocol, CDAP_PROTO); + info.pref_version = 1; + info.pref_syntax = PROTO_GPB; - flow = cdap_flow_alloc(dst_name, NULL, ANONYMOUS_AUTH, &info); + flow = cdap_flow_alloc(dst_name, NULL, &info); if (flow == NULL) { log_err("Failed to allocate flow for enrollment request."); - conn_info_fini(&info); return -1; } - conn_info_fini(&info); - log_dbg("Getting boot information from %s.", dst_name); clock_gettime(CLOCK_REALTIME, &t0); diff --git a/src/ipcpd/normal/fmgr.c b/src/ipcpd/normal/fmgr.c index 071a895f..0c927fc7 100644 --- a/src/ipcpd/normal/fmgr.c +++ b/src/ipcpd/normal/fmgr.c @@ -249,7 +249,6 @@ static void fmgr_destroy_flows(void) int fmgr_init(void) { - enum pol_cacep pc; enum pol_gam pg; int i; @@ -292,15 +291,6 @@ int fmgr_init(void) return -1; } - if (rib_read(BOOT_PATH "/dt/gam/cacep", &pc, sizeof(pc)) - != sizeof(pc)) { - log_err("Failed to read CACEP policy for ribmgr gam."); - return -1; - } - - /* FIXME: Implement cacep policies */ - (void) pc; - fmgr.gam = gam_create(pg); if (fmgr.gam == NULL) { log_err("Failed to create graph adjacency manager."); @@ -345,7 +335,6 @@ void fmgr_fini() flow_dealloc(flow->fd); ipcp_flow_get_qoscube(flow->fd, &cube); flow_set_del(fmgr.nm1_set[cube], flow->fd); - free(flow->info->name); free(flow->info); free(flow); } diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c index 2479fa62..bdfc8cb9 100644 --- a/src/ipcpd/normal/gam.c +++ b/src/ipcpd/normal/gam.c @@ -120,7 +120,6 @@ void gam_destroy(struct gam * instance) list_for_each_safe(p, n, &instance->gas) { struct ga * e = list_entry(p, struct ga, next); list_del(&e->next); - free(e->info->name); free(e->info); free(e); } @@ -156,7 +155,7 @@ static int add_ga(struct gam * instance, pthread_cond_signal(&instance->gas_cond); pthread_mutex_unlock(&instance->gas_lock); - log_info("Added flow to %s.", info->name); + log_info("Added flow."); return 0; } @@ -166,7 +165,7 @@ int gam_flow_arr(struct gam * instance, qosspec_t qs) { struct conn_info * rcv_info; - struct conn_info snd_info; + struct conn_info snd_info; if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o)) < 0) { @@ -174,34 +173,29 @@ int gam_flow_arr(struct gam * instance, return -1; } - conn_info_init(&snd_info); - snd_info.proto.protocol = strdup(CDAP_PROTO); - if (snd_info.proto.protocol == NULL) { - conn_info_fini(&snd_info); + rcv_info = malloc(sizeof(*rcv_info)); + if (rcv_info == NULL) return -ENOMEM; - } - snd_info.proto.pref_version = 1; - snd_info.proto.pref_syntax = PROTO_GPB; - snd_info.addr = ipcpi.address; - snd_info.name = strdup(ipcpi.name); - if (snd_info.name == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + memset(&snd_info, 0, sizeof(snd_info)); + memset(rcv_info, 0, sizeof(*rcv_info)); + + /* FIXME: send correct AE */ + strcpy(snd_info.ae_name, "FIXME:CORRECT_AE"); + strcpy(snd_info.protocol, CDAP_PROTO); + snd_info.pref_version = 1; + snd_info.pref_syntax = PROTO_GPB; + snd_info.ae.addr = ipcpi.address; - rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info, NULL); - if (rcv_info == NULL) { - log_err("Other side failed to authenticate."); - conn_info_fini(&snd_info); + if (cacep_listen(fd, &snd_info, rcv_info)) { + log_err("Failed to create application connection."); + flow_dealloc(fd); + free(rcv_info); return -1; } - conn_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return 0; } @@ -209,7 +203,6 @@ int gam_flow_arr(struct gam * instance, if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add ga to graph adjacency manager list."); flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return -1; } @@ -222,11 +215,15 @@ int gam_flow_alloc(struct gam * instance, qosspec_t qs) { struct conn_info * rcv_info; - struct conn_info snd_info; + struct conn_info snd_info; int fd; log_dbg("Allocating flow to %s.", dst_name); + rcv_info = malloc(sizeof(*rcv_info)); + if (rcv_info == NULL) + return -ENOMEM; + fd = flow_alloc(dst_name, NULL); if (fd < 0) { log_err("Failed to allocate flow to %s.", dst_name); @@ -239,34 +236,25 @@ int gam_flow_alloc(struct gam * instance, return -1; } - conn_info_init(&snd_info); - snd_info.proto.protocol = strdup(CDAP_PROTO); - if (snd_info.proto.protocol == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + memset(&snd_info, 0, sizeof(snd_info)); + memset(rcv_info, 0, sizeof(*rcv_info)); - snd_info.proto.pref_version = 1; - snd_info.proto.pref_syntax = PROTO_GPB; - snd_info.addr = ipcpi.address; - snd_info.name = strdup(ipcpi.name); - if (snd_info.name == NULL) { - conn_info_fini(&snd_info); - return -ENOMEM; - } + /* FIXME: send correct AE */ + strcpy(snd_info.ae_name, "FIXME:CORRECT_AE"); + strcpy(snd_info.protocol, CDAP_PROTO); + snd_info.pref_version = 1; + snd_info.pref_syntax = PROTO_GPB; + snd_info.ae.addr = ipcpi.address; - rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info, NULL); - if (rcv_info == NULL) { - log_err("Other side failed to authenticate."); - conn_info_fini(&snd_info); + if (cacep_connect(fd, &snd_info, rcv_info)) { + log_err("Failed to create application connection."); + flow_dealloc(fd); + free(rcv_info); return -1; } - conn_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return 0; } @@ -274,7 +262,6 @@ int gam_flow_alloc(struct gam * instance, if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add GA to graph adjacency manager list."); flow_dealloc(fd); - conn_info_fini(rcv_info); free(rcv_info); return -1; } @@ -282,10 +269,10 @@ int gam_flow_alloc(struct gam * instance, return 0; } -int gam_flow_wait(struct gam * instance, - int * fd, +int gam_flow_wait(struct gam * instance, + int * fd, struct conn_info ** info, - qosspec_t * qs) + qosspec_t * qs) { struct ga * ga; diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c index 939544c3..c75a74d6 100644 --- a/src/ipcpd/normal/main.c +++ b/src/ipcpd/normal/main.c @@ -336,11 +336,6 @@ int normal_rib_init(void) static int normal_ipcp_bootstrap(struct dif_config * conf) { - /* FIXME: get CACEP policies from conf */ - enum pol_cacep pol = SIMPLE_AUTH; - - (void) pol; - assert(conf); assert(conf->type == THIS_TYPE); @@ -388,12 +383,6 @@ static int normal_ipcp_bootstrap(struct dif_config * conf) rib_write(BOOT_PATH "/rm/gam/type", &conf->rm_gam_type, sizeof(conf->rm_gam_type)) || - rib_write(BOOT_PATH "/rm/gam/cacep", - &pol, - sizeof(pol)) || - rib_write(BOOT_PATH "/dt/gam/cacep", - &pol, - sizeof(pol)) || rib_write(BOOT_PATH "/addr_auth/type", &conf->addr_auth_type, sizeof(conf->addr_auth_type))) { diff --git a/src/ipcpd/normal/pol/complete.c b/src/ipcpd/normal/pol/complete.c index 1d4811d2..68f43e81 100644 --- a/src/ipcpd/normal/pol/complete.c +++ b/src/ipcpd/normal/pol/complete.c @@ -167,7 +167,8 @@ int complete_accept_flow(void * o, list_for_each(pos, &complete->neighbors) { struct neighbor * e = list_entry(pos, struct neighbor, next); - if (strcmp(e->neighbor, info->name) == 0) { + /* FIXME: figure out union type and check name or address */ + if (strcmp(e->neighbor, info->ae.name) == 0) { pthread_mutex_unlock(&complete->neighbors_lock); return -1; } @@ -185,7 +186,8 @@ int complete_accept_flow(void * o, list_head_init(&n->next); - n->neighbor = strdup(info->name); + /* FIXME: figure out union type and check name or address */ + n->neighbor = strdup(info->ae.name); if (n->neighbor == NULL) { pthread_mutex_unlock(&complete->neighbors_lock); free(n); diff --git a/src/ipcpd/normal/ribmgr.c b/src/ipcpd/normal/ribmgr.c index 1436a7d4..25f1687e 100644 --- a/src/ipcpd/normal/ribmgr.c +++ b/src/ipcpd/normal/ribmgr.c @@ -53,7 +53,6 @@ struct { int ribmgr_init(void) { - enum pol_cacep pc; enum pol_gam pg; if (rib_read(BOOT_PATH "/rm/gam/type", &pg, sizeof(pg)) @@ -62,15 +61,6 @@ int ribmgr_init(void) return -1; } - if (rib_read(BOOT_PATH "/rm/gam/cacep", &pc, sizeof(pc)) - != sizeof(pc)) { - log_err("Failed to read CACEP policy for ribmgr gam."); - return -1; - } - - /* FIXME: Implement cacep policies */ - (void) pc; - ribmgr.gam = gam_create(pg); if (ribmgr.gam == NULL) { log_err("Failed to create gam."); diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index fcea0fb2..03452705 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -10,12 +10,7 @@ protobuf_generate_c(DIF_CONFIG_PROTO_SRCS DIF_CONFIG_PROTO_HDRS dif_config.proto) protobuf_generate_c(CDAP_PROTO_SRCS CDAP_PROTO_HDRS cdap.proto) protobuf_generate_c(RO_PROTO_SRCS RO_PROTO_HDRS ro.proto) -protobuf_generate_c(CACEP_PROTO_PROTO_SRCS CACEP_CDAP_PROTO_HDRS - pol/cacep_proto.proto) -protobuf_generate_c(CACEP_ANONYMOUS_AUTH_PROTO_SRCS - CACEP_ANONYMOUS_AUTH_PROTO_HDRS pol/cacep_anonymous_auth.proto) -protobuf_generate_c(CACEP_SIMPLE_AUTH_PROTO_SRCS CACEP_SIMPLE_AUTH_PROTO_HDRS - pol/cacep_simple_auth.proto) +protobuf_generate_c(CACEP_PROTO_SRCS CACEP_PROTO_HDRS cacep.proto) if(NOT APPLE) find_library(LIBRT_LIBRARIES rt) @@ -54,16 +49,11 @@ set(SOURCE_FILES sockets.c time_utils.c utils.c - # Add policies last - pol/cacep_proto.c - pol/cacep_anonymous_auth.c - pol/cacep_simple_auth.c ) add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS} ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS} - ${CACEP_PROTO_PROTO_SRCS} ${CACEP_ANONYMOUS_AUTH_PROTO_SRCS} - ${CACEP_SIMPLE_AUTH_PROTO_SRCS} ${RO_PROTO_SRCS}) + ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS}) target_link_libraries(ouroboros ${LIBRT_LIBRARIES} ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY}) diff --git a/src/lib/cacep.c b/src/lib/cacep.c index 89bd05e7..badeccc0 100644 --- a/src/lib/cacep.c +++ b/src/lib/cacep.c @@ -1,9 +1,10 @@ /* * Ouroboros - Copyright (C) 2016 - 2017 * - * The Common Application Connection Establishment Phase + * The Common Application Connection Establishment Protocol * - * Sander Vrijders + * Dimitri Staessens + * Sander Vrijders * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -20,91 +21,118 @@ * 02110-1301 USA */ -#define OUROBOROS_PREFIX "cacep" - #include #include #include #include -#include - -#include "pol/cacep_anonymous_auth.h" -#include "pol/cacep_simple_auth.h" #include #include -#define BUF_SIZE 2048 +#include "cacep.pb-c.h" +typedef CacepMsg cacep_msg_t; -int conn_info_init(struct conn_info * info) +#define BUF_SIZE 64 + +int read_msg(int fd, + struct conn_info * info) { - if (info == NULL) - return -EINVAL; + uint8_t buf[BUF_SIZE]; + cacep_msg_t * msg; + ssize_t len; + + len = flow_read(fd, buf, BUF_SIZE); + if (len < 0) + return -1; + + msg = cacep_msg__unpack(NULL, len, buf); + if (msg == NULL) + return -1; + + strcpy(info->protocol, msg->protocol); + + info->pref_version = msg->pref_version; + info->pref_syntax = msg->pref_syntax; - info->proto.protocol = NULL; - info->name = NULL; + cacep_msg__free_unpacked(msg, NULL); return 0; } -void conn_info_fini(struct conn_info * info) +static int send_msg(int fd, + const struct conn_info * info) { - if (info == NULL) - return; + cacep_msg_t msg = CACEP_MSG__INIT; + uint8_t * data = NULL; + size_t len = 0; - if (info->proto.protocol != NULL) { - free(info->proto.protocol); - info->proto.protocol = NULL; - } + msg.ae_name = (char *) info->ae_name; + msg.protocol = (char *) info->protocol; + msg.pref_version = info->pref_version; + msg.pref_syntax = info->pref_syntax; + if (msg.pref_syntax < 0) + return -1; + + len = cacep_msg__get_packed_size(&msg); + if (len == 0) + return -1; + + data = malloc(len); + if (data == NULL) + return -ENOMEM; + + cacep_msg__pack(&msg, data); - if (info->name != NULL) { - free(info->name); - info->name = NULL; + if (flow_write(fd, data, len) < 0) { + free(data); + return -1; } + + free(data); + + return 0; } -struct conn_info * cacep_auth(int fd, - enum pol_cacep pc, - const struct conn_info * info, - const void * auth) +int cacep_connect(int fd, + const struct conn_info * in, + struct conn_info * out) { - if (info == NULL) { - log_err("No info provided."); - return NULL; - } + if (in == NULL || out == NULL) + return -EINVAL; - switch (pc) { - case ANONYMOUS_AUTH: - return cacep_anonymous_auth(fd, info, auth); - case SIMPLE_AUTH: - if (info == NULL) - return NULL; - return cacep_simple_auth_auth(fd, info, auth); - default: - log_err("Unsupported CACEP policy."); - return NULL; - } + if (send_msg(fd, in)) + return -1; + + if (read_msg(fd, out)) + return -1; + + if (strcmp(in->ae_name, out->ae_name) || + strcmp(in->protocol, out->protocol) || + in->pref_version != out->pref_version || + in->pref_syntax != out->pref_syntax) + return -EPROTO; + + return 0; } -struct conn_info * cacep_auth_wait(int fd, - enum pol_cacep pc, - const struct conn_info * info, - const void * auth) +int cacep_listen(int fd, + const struct conn_info * in, + struct conn_info * out) { - if (info == NULL) { - log_err("No info provided."); - return NULL; - } + if (in == NULL || out == NULL) + return -EINVAL; - switch (pc) { - case ANONYMOUS_AUTH: - return cacep_anonymous_auth_wait(fd, info, auth); - case SIMPLE_AUTH: - if (info == NULL) - return NULL; - return cacep_simple_auth_auth_wait(fd, info, auth); - default: - log_err("Unsupported CACEP policy."); - return NULL; - } + if (send_msg(fd, in)) + return -1; + + if (read_msg(fd, out)) + return -1; + + if (strcmp(in->ae_name, out->ae_name) || + strcmp(in->protocol, out->protocol) || + in->pref_version != out->pref_version || + in->pref_syntax != out->pref_syntax) + return -EPROTO; + + return 0; } diff --git a/src/lib/cacep.proto b/src/lib/cacep.proto new file mode 100644 index 00000000..3e1291f6 --- /dev/null +++ b/src/lib/cacep.proto @@ -0,0 +1,33 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for Connection Information in CACEP + * + * Dimitri Staessens + * Sander Vrijders + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +message cacep_msg { + required string ae_name = 1; + required string protocol = 2; + required int32 pref_version = 3; + repeated int32 supp_version = 4; + required int32 pref_syntax = 5; + repeated int32 supp_syntax = 6; +} \ No newline at end of file diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c deleted file mode 100644 index 44c7bd17..00000000 --- a/src/lib/pol/cacep_anonymous_auth.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Anonymous policy for CACEP - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include -#include -#include -#include -#include - -#include "cacep_proto.h" -#include "cacep_anonymous_auth.h" - -#include -#include -#include -#include - -#include "cacep_anonymous_auth.pb-c.h" -typedef CacepAnonymousAuthMsg cacep_anonymous_auth_msg_t; -typedef CacepProtoMsg cacep_proto_msg_t; - -#define BUF_SIZE 2048 -#define NAME_LEN 8 - -/* this policy generates a hex string */ -static struct conn_info * anonymous_info(void) -{ - struct conn_info * info; - struct timespec t; - - info = malloc(sizeof(*info)); - if (info == NULL) - return NULL; - - conn_info_init(info); - - info->name = malloc(NAME_LEN + 1); - if (info->name == NULL) { - free(info); - return NULL; - } - - clock_gettime(CLOCK_REALTIME, &t); - srand(t.tv_nsec); - - sprintf(info->name, "%8x", - (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF)); - - info->addr = 0; - - return info; -} - -static struct conn_info * read_msg(int fd) -{ - struct conn_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_anonymous_auth_msg_t * msg; - ssize_t len; - - len = flow_read(fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep_anonymous_auth_msg__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = anonymous_info(); - if (tmp == NULL) { - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.protocol = strdup(msg->proto->protocol); - if (tmp->proto.protocol == NULL) { - free(tmp); - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.pref_version = msg->proto->pref_version; - tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); - if (tmp->proto.pref_syntax < 0) { - free(tmp->proto.protocol); - free(tmp); - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(int fd, - const struct conn_info * info) -{ - cacep_anonymous_auth_msg_t msg = CACEP_ANONYMOUS_AUTH_MSG__INIT; - cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - cmsg.protocol = info->proto.protocol; - cmsg.pref_version = info->proto.pref_version; - cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); - if (cmsg.pref_syntax < 0) - return -1; - - msg.proto = &cmsg; - - len = cacep_anonymous_auth_msg__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep_anonymous_auth_msg__pack(&msg, data); - - if (flow_write(fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; -} - -struct conn_info * cacep_anonymous_auth(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - if (send_msg(fd, info)) - return NULL; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} - - -struct conn_info * cacep_anonymous_auth_wait(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (send_msg(fd, info)) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h deleted file mode 100644 index ca47b1b8..00000000 --- a/src/lib/pol/cacep_anonymous_auth.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Anonymous policy for CACEP - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H -#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H - -struct conn_info * cacep_anonymous_auth(int fd, - const struct conn_info * info, - const void * auth); - -struct conn_info * cacep_anonymous_auth_wait(int fd, - const struct conn_info * info, - const void * auth); - -#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */ diff --git a/src/lib/pol/cacep_anonymous_auth.proto b/src/lib/pol/cacep_anonymous_auth.proto deleted file mode 100644 index 79734e28..00000000 --- a/src/lib/pol/cacep_anonymous_auth.proto +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for no authentication CACEP policy - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -import "cacep_proto.proto"; - -message cacep_anonymous_auth_msg { - required cacep_proto_msg proto = 1; -} \ No newline at end of file diff --git a/src/lib/pol/cacep_proto.c b/src/lib/pol/cacep_proto.c deleted file mode 100644 index 9990a05a..00000000 --- a/src/lib/pol/cacep_proto.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * CACEP - Read/Write Protocol info - * - * Sander Vrijders - * Dimitri Staessens - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include "cacep_proto.h" - -enum proto_concrete_syntax code_to_syntax(int code) -{ - switch(code) { - case PROTO_CONCRETE_SYNTAX_CODE__GPB: - return PROTO_GPB; - case PROTO_CONCRETE_SYNTAX_CODE__ASN_1: - return PROTO_ASN_1; - case PROTO_CONCRETE_SYNTAX_CODE__FIXED: - return PROTO_FIXED; - default: - return -1; - } -} - -int syntax_to_code(enum proto_concrete_syntax stx) -{ - switch(stx) { - case PROTO_GPB: - return PROTO_CONCRETE_SYNTAX_CODE__GPB; - case PROTO_ASN_1: - return PROTO_CONCRETE_SYNTAX_CODE__ASN_1; - case PROTO_FIXED: - return PROTO_CONCRETE_SYNTAX_CODE__FIXED; - default: - return -1; - } -} diff --git a/src/lib/pol/cacep_proto.h b/src/lib/pol/cacep_proto.h deleted file mode 100644 index bfb1b247..00000000 --- a/src/lib/pol/cacep_proto.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * CACEP - Convert syntax to msg code and back - * - * Sander Vrijders - * Dimitri Staessens - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_CDAP_H -#define OUROBOROS_LIB_CACEP_CDAP_H - -#include -#include - -#include "cacep_proto.pb-c.h" - -enum proto_concrete_syntax code_to_syntax(int code); - -int syntax_to_code(enum proto_concrete_syntax stx); - -#endif /* OUROBOROS_LIB_CACEP_CDAP_H */ diff --git a/src/lib/pol/cacep_proto.proto b/src/lib/pol/cacep_proto.proto deleted file mode 100644 index f313bfc1..00000000 --- a/src/lib/pol/cacep_proto.proto +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for setting Protocol information in CACEP - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -enum proto_concrete_syntax_code { - GPB = 1; - ASN_1 = 2; - FIXED = 3; -} - -message cacep_proto_msg { - required string protocol = 1; - required int32 pref_version = 2; - repeated int32 supp_version = 3; - required proto_concrete_syntax_code pref_syntax = 4; - repeated proto_concrete_syntax_code supp_syntax = 5; -} diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c deleted file mode 100644 index 69189114..00000000 --- a/src/lib/pol/cacep_simple_auth.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Simple authentication policy for CACEP - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include -#include -#include -#include - -#include "cacep_proto.h" -#include "cacep_simple_auth.h" - -#include -#include - -#include "cacep_simple_auth.pb-c.h" -typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t; -typedef CacepProtoMsg cacep_proto_msg_t; - -#define BUF_SIZE 2048 - -static struct conn_info * read_msg(int fd) -{ - struct conn_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_simple_auth_msg_t * msg; - ssize_t len; - - len = flow_read(fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep_simple_auth_msg__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) { - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - conn_info_init(tmp); - - tmp->addr = msg->addr; - tmp->name = strdup(msg->name); - if (tmp->name == NULL) { - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.protocol = strdup(msg->proto->protocol); - if (tmp->proto.protocol == NULL) { - conn_info_fini(tmp); - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.pref_version = msg->proto->pref_version; - tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); - if (tmp->proto.pref_syntax < 0) { - conn_info_fini(tmp); - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - cacep_simple_auth_msg__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(int fd, - const struct conn_info * info) -{ - cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; - cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - cmsg.protocol = info->proto.protocol; - cmsg.pref_version = info->proto.pref_version; - cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); - if (cmsg.pref_syntax < 0) - return -1; - - msg.proto = &cmsg; - msg.name = info->name; - msg.addr = info->addr; - - len = cacep_simple_auth_msg__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep_simple_auth_msg__pack(&msg, data); - - if (flow_write(fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; -} - -struct conn_info * cacep_simple_auth_auth(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - /* This policy does not need info to authenticate */ - (void) auth; - - if (send_msg(fd, info)) - return NULL; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} - - -struct conn_info * cacep_simple_auth_auth_wait(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (send_msg(fd, info)) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h deleted file mode 100644 index 31398a68..00000000 --- a/src/lib/pol/cacep_simple_auth.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Simple authentication policy for CACEP - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H -#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H - -struct conn_info * cacep_simple_auth_auth(int fd, - const struct conn_info * info, - const void * auth); - -struct conn_info * cacep_simple_auth_auth_wait(int fd, - const struct conn_info * info, - const void * auth); - -#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */ diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto deleted file mode 100644 index 1a1e7ea8..00000000 --- a/src/lib/pol/cacep_simple_auth.proto +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for no authentication CACEP policy - * - * Dimitri Staessens - * Sander Vrijders - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -import "cacep_proto.proto"; - -message cacep_simple_auth_msg { - required cacep_proto_msg proto = 1; - required string name = 2; - required uint64 addr = 3; -} -- cgit v1.2.3