diff options
author | dimitri staessens <[email protected]> | 2017-02-20 15:54:45 +0000 |
---|---|---|
committer | Sander Vrijders <[email protected]> | 2017-02-20 15:54:45 +0000 |
commit | bf27d8fec3c8051f0518420b4b0ef2957147a887 (patch) | |
tree | 3a821503a23a81354bf6f5a77ee4b9b977d26706 /src/ipcpd | |
parent | 16db00220f6fd1be618f4a38272888f6ac144d20 (diff) | |
parent | 354554c76cc2f9f30c7fd8edaeb2e3cc91c85332 (diff) | |
download | ouroboros-bf27d8fec3c8051f0518420b4b0ef2957147a887.tar.gz ouroboros-bf27d8fec3c8051f0518420b4b0ef2957147a887.zip |
Merged in dstaesse/ouroboros/be-cdap-flow (pull request #382)
ipcpd: Allocation of authenticated CDAP flows
Diffstat (limited to 'src/ipcpd')
-rw-r--r-- | src/ipcpd/normal/CMakeLists.txt | 4 | ||||
-rw-r--r-- | src/ipcpd/normal/cdap_flow.c | 153 | ||||
-rw-r--r-- | src/ipcpd/normal/cdap_flow.h | 49 | ||||
-rw-r--r-- | src/ipcpd/normal/enroll.c | 139 |
4 files changed, 254 insertions, 91 deletions
diff --git a/src/ipcpd/normal/CMakeLists.txt b/src/ipcpd/normal/CMakeLists.txt index f2e48cbc..7e10cc0d 100644 --- a/src/ipcpd/normal/CMakeLists.txt +++ b/src/ipcpd/normal/CMakeLists.txt @@ -14,12 +14,12 @@ include_directories(${CMAKE_BINARY_DIR}/include) set(IPCP_NORMAL_TARGET ipcpd-normal CACHE STRING "IPCP_NORMAL_TARGET") -protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS - flow_alloc.proto) +protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS flow_alloc.proto) set(SOURCE_FILES # Add source files here addr_auth.c + cdap_flow.c dir.c enroll.c fmgr.c diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c new file mode 100644 index 00000000..2895af0d --- /dev/null +++ b/src/ipcpd/normal/cdap_flow.c @@ -0,0 +1,153 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Normal IPC Process - Authenticated CDAP Flow Allocator + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define OUROBOROS_PREFIX "cdap-flow" + +#include <ouroboros/config.h> +#include <ouroboros/dev.h> +#include <ouroboros/logs.h> + +#include "cdap_flow.h" + +#include <stdlib.h> +#include <assert.h> + +static void cdap_flow_destroy(struct cdap_flow * flow) +{ + assert(flow); + + if (flow->ci != NULL) + cdap_destroy(flow->ci); + + if (flow->info != NULL) { + if (flow->info->name != NULL) + free(flow->info->name); + if (flow->info->data != NULL) + free(flow->info->data); + } + + free(flow); +} + +struct cdap_flow * cdap_flow_arr(int fd, + int resp, + enum pol_cacep pc, + const struct cacep_info * info) +{ + struct cdap_flow * flow; + + if (flow_alloc_resp(fd, resp) < 0) { + log_err("Could not respond to new flow."); + return NULL; + } + + if (resp) + return NULL; + + flow = malloc(sizeof(*flow)); + if (flow == NULL) { + log_err("Failed to malloc."); + return NULL; + } + + flow->fd = fd; + flow->ci = NULL; + + flow->info = cacep_auth_wait(fd, pc, info); + if (flow->info == NULL) { + log_err("Other side failed to authenticate."); + cdap_flow_destroy(flow); + return NULL; + } + + flow->ci = cdap_create(fd); + if (flow->ci == NULL) { + log_err("Failed to create CDAP instance."); + cdap_flow_destroy(flow); + return NULL; + } + + return flow; +} + +struct cdap_flow * cdap_flow_alloc(const char * dst_name, + const char * ae_name, + qosspec_t * qs, + enum pol_cacep pc, + const struct cacep_info * info) +{ + struct cdap_flow * flow; + int fd; + + log_dbg("Allocating flow to %s.", dst_name); + + if (dst_name == NULL || ae_name == NULL) { + log_err("Not enough info to establish flow."); + return NULL; + } + + fd = flow_alloc(dst_name, ae_name, qs); + if (fd < 0) { + log_err("Failed to allocate flow to %s.", dst_name); + return NULL; + } + + if (flow_alloc_res(fd)) { + log_err("Flow allocation to %s failed.", dst_name); + return NULL; + } + + flow = malloc(sizeof(*flow)); + if (flow == NULL) { + log_err("Failed to malloc."); + flow_dealloc(fd); + return NULL; + } + + flow->fd = fd; + flow->ci = NULL; + + flow->info = cacep_auth(fd, pc, info); + if (flow->info == NULL) { + log_err("Failed to authenticate."); + cdap_flow_dealloc(flow); + return NULL; + } + + flow->ci = cdap_create(fd); + if (flow->ci == NULL) { + log_err("Failed to create CDAP instance."); + cdap_flow_dealloc(flow); + return NULL; + } + + return flow; +} + +void cdap_flow_dealloc(struct cdap_flow * flow) +{ + int fd = flow->fd; + + cdap_flow_destroy(flow); + + flow_dealloc(fd); +} diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h new file mode 100644 index 00000000..c5ca2ab4 --- /dev/null +++ b/src/ipcpd/normal/cdap_flow.h @@ -0,0 +1,49 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Normal IPC Process - Authenticated CDAP Flow Allocator + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H +#define OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H + +#include <ouroboros/cacep.h> +#include <ouroboros/cdap.h> +#include <ouroboros/qos.h> + +struct cdap_flow { + int fd; + struct cdap * ci; + struct cacep_info * info; +}; + +struct cdap_flow * cdap_flow_arr(int fd, + int resp, + enum pol_cacep pc, + const struct cacep_info * info); + +struct cdap_flow * cdap_flow_alloc(const char * dst_name, + const char * ae_name, + qosspec_t * qs, + enum pol_cacep pc, + const struct cacep_info * info); + +void cdap_flow_dealloc(struct cdap_flow * flow); + +#endif /* OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H */ diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c index bc5d2a20..e8c085a8 100644 --- a/src/ipcpd/normal/enroll.c +++ b/src/ipcpd/normal/enroll.c @@ -23,12 +23,12 @@ #include <ouroboros/config.h> #include <ouroboros/endian.h> #include <ouroboros/time_utils.h> -#include <ouroboros/cdap.h> #include <ouroboros/dev.h> #include <ouroboros/logs.h> #include <ouroboros/rib.h> #include "ae.h" +#include "cdap_flow.h" #include "ribconfig.h" #include <assert.h> @@ -42,14 +42,14 @@ int enroll_handle(int fd) { - struct cdap * ci; - cdap_key_t key; - enum cdap_opcode oc; - char * name; - uint8_t * buf; - uint8_t * data; - ssize_t len; - uint32_t flags; + struct cdap_flow * flow; + cdap_key_t key; + enum cdap_opcode oc; + char * name; + uint8_t * buf; + uint8_t * data; + ssize_t len; + uint32_t flags; bool boot_r = false; bool members_r = false; @@ -59,21 +59,15 @@ int enroll_handle(int fd) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - if (flow_alloc_resp(fd, 0) < 0) { + flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, NULL); + if (flow == NULL) { + log_err("Failed to auth enrollment request."); flow_dealloc(fd); - log_err("Could not respond to request."); - return -1; - } - - ci = cdap_create(fd); - if (ci == NULL) { - flow_dealloc(fd); - log_err("Failed to create CDAP instance."); return -1; } while (!(boot_r && members_r && dif_name_r)) { - key = cdap_request_wait(ci, &oc, &name, &data, + key = cdap_request_wait(flow->ci, &oc, &name, &data, (size_t *) &len , &flags); assert(key >= 0); assert(name); @@ -85,9 +79,8 @@ int enroll_handle(int fd) if (oc != CDAP_READ) { log_warn("Invalid request."); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -104,14 +97,13 @@ int enroll_handle(int fd) clock_gettime(CLOCK_REALTIME, &t); buf[0] = hton64(t.tv_sec); buf[1] = hton64(t.tv_nsec); - cdap_reply_send(ci, key, 0, buf, sizeof(buf)); + cdap_reply_send(flow->ci, key, 0, buf, sizeof(buf)); free(name); continue; } else { log_warn("Illegal read: %s.", name); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -119,9 +111,8 @@ int enroll_handle(int fd) len = rib_pack(name, &buf, PACK_HASH_ROOT); if (len < 0) { log_err("Failed to pack %s.", name); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -130,10 +121,9 @@ int enroll_handle(int fd) free(name); - if (cdap_reply_send(ci, key, 0, buf, len)) { + if (cdap_reply_send(flow->ci, key, 0, buf, len)) { log_err("Failed to send CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -142,20 +132,17 @@ int enroll_handle(int fd) log_dbg("Sent boot info to new member."); - cdap_destroy(ci); - - flow_dealloc(fd); + cdap_flow_dealloc(flow); return 0; } int enroll_boot(char * dst_name) { - struct cdap * ci; - cdap_key_t key; - uint8_t * data; - size_t len; - int fd; + struct cdap_flow * flow; + cdap_key_t key; + uint8_t * data; + size_t len; struct timespec t0; struct timespec rtt; @@ -166,22 +153,9 @@ int enroll_boot(char * dst_name) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - fd = flow_alloc(dst_name, ENROLL_AE, NULL); - if (fd < 0) { - log_err("Failed to allocate flow."); - return -1; - } - - if (flow_alloc_res(fd)) { - log_err("Flow allocation failed."); - flow_dealloc(fd); - return -1; - } - - ci = cdap_create(fd); - if (ci == NULL) { - log_err("Failed to create CDAP instance."); - flow_dealloc(fd); + flow = cdap_flow_alloc(dst_name, ENROLL_AE, NULL, ANONYMOUS_AUTH, NULL); + if (flow == NULL) { + log_err("Failed to allocate flow for enrollment request."); return -1; } @@ -189,18 +163,16 @@ int enroll_boot(char * dst_name) clock_gettime(CLOCK_REALTIME, &t0); - key = cdap_request_send(ci, CDAP_READ, TIME_PATH, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, TIME_PATH, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -218,18 +190,16 @@ int enroll_boot(char * dst_name) free(data); - key = cdap_request_send(ci, CDAP_READ, boot_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, boot_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -239,25 +209,22 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - key = cdap_request_send(ci, CDAP_READ, members_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, members_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -267,25 +234,22 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - key = cdap_request_send(ci, CDAP_READ, dif_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, dif_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -295,16 +259,13 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - cdap_destroy(ci); - - flow_dealloc(fd); + cdap_flow_dealloc(flow); return 0; } |