diff options
author | dimitri staessens <[email protected]> | 2017-02-27 17:04:40 +0100 |
---|---|---|
committer | dimitri staessens <[email protected]> | 2017-02-27 18:30:55 +0100 |
commit | d06cb62e111be1ac3f09398ae559f99e4833b4bf (patch) | |
tree | 6270bf43428fe4e33594a86245b68503a4cca756 /src/lib/pol | |
parent | 7baebbfc117e3b349f397d4675c49a582d13653a (diff) | |
download | ouroboros-d06cb62e111be1ac3f09398ae559f99e4833b4bf.tar.gz ouroboros-d06cb62e111be1ac3f09398ae559f99e4833b4bf.zip |
lib: Split authentication from CACEP
By removing authentication as part of CACEP, all policies
disappear. CACEP becomes a policy-free connection establishment
protocol between Application Entities. Authentication can later be
added cleanly as a pure policy function when needed.
Diffstat (limited to 'src/lib/pol')
-rw-r--r-- | src/lib/pol/cacep_anonymous_auth.c | 209 | ||||
-rw-r--r-- | src/lib/pol/cacep_anonymous_auth.h | 35 | ||||
-rw-r--r-- | src/lib/pol/cacep_anonymous_auth.proto | 30 | ||||
-rw-r--r-- | src/lib/pol/cacep_proto.c | 52 | ||||
-rw-r--r-- | src/lib/pol/cacep_proto.h | 36 | ||||
-rw-r--r-- | src/lib/pol/cacep_proto.proto | 38 | ||||
-rw-r--r-- | src/lib/pol/cacep_simple_auth.c | 190 | ||||
-rw-r--r-- | src/lib/pol/cacep_simple_auth.h | 35 | ||||
-rw-r--r-- | src/lib/pol/cacep_simple_auth.proto | 32 |
9 files changed, 0 insertions, 657 deletions
diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c deleted file mode 100644 index 44c7bd17..00000000 --- a/src/lib/pol/cacep_anonymous_auth.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Anonymous policy for CACEP - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include <ouroboros/config.h> -#include <ouroboros/cacep.h> -#include <ouroboros/time_utils.h> -#include <ouroboros/dev.h> -#include <ouroboros/errno.h> - -#include "cacep_proto.h" -#include "cacep_anonymous_auth.h" - -#include <stdlib.h> -#include <math.h> -#include <string.h> -#include <stdio.h> - -#include "cacep_anonymous_auth.pb-c.h" -typedef CacepAnonymousAuthMsg cacep_anonymous_auth_msg_t; -typedef CacepProtoMsg cacep_proto_msg_t; - -#define BUF_SIZE 2048 -#define NAME_LEN 8 - -/* this policy generates a hex string */ -static struct conn_info * anonymous_info(void) -{ - struct conn_info * info; - struct timespec t; - - info = malloc(sizeof(*info)); - if (info == NULL) - return NULL; - - conn_info_init(info); - - info->name = malloc(NAME_LEN + 1); - if (info->name == NULL) { - free(info); - return NULL; - } - - clock_gettime(CLOCK_REALTIME, &t); - srand(t.tv_nsec); - - sprintf(info->name, "%8x", - (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF)); - - info->addr = 0; - - return info; -} - -static struct conn_info * read_msg(int fd) -{ - struct conn_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_anonymous_auth_msg_t * msg; - ssize_t len; - - len = flow_read(fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep_anonymous_auth_msg__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = anonymous_info(); - if (tmp == NULL) { - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.protocol = strdup(msg->proto->protocol); - if (tmp->proto.protocol == NULL) { - free(tmp); - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.pref_version = msg->proto->pref_version; - tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); - if (tmp->proto.pref_syntax < 0) { - free(tmp->proto.protocol); - free(tmp); - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - cacep_anonymous_auth_msg__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(int fd, - const struct conn_info * info) -{ - cacep_anonymous_auth_msg_t msg = CACEP_ANONYMOUS_AUTH_MSG__INIT; - cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - cmsg.protocol = info->proto.protocol; - cmsg.pref_version = info->proto.pref_version; - cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); - if (cmsg.pref_syntax < 0) - return -1; - - msg.proto = &cmsg; - - len = cacep_anonymous_auth_msg__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep_anonymous_auth_msg__pack(&msg, data); - - if (flow_write(fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; -} - -struct conn_info * cacep_anonymous_auth(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - if (send_msg(fd, info)) - return NULL; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} - - -struct conn_info * cacep_anonymous_auth_wait(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (send_msg(fd, info)) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h deleted file mode 100644 index ca47b1b8..00000000 --- a/src/lib/pol/cacep_anonymous_auth.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Anonymous policy for CACEP - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H -#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H - -struct conn_info * cacep_anonymous_auth(int fd, - const struct conn_info * info, - const void * auth); - -struct conn_info * cacep_anonymous_auth_wait(int fd, - const struct conn_info * info, - const void * auth); - -#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */ diff --git a/src/lib/pol/cacep_anonymous_auth.proto b/src/lib/pol/cacep_anonymous_auth.proto deleted file mode 100644 index 79734e28..00000000 --- a/src/lib/pol/cacep_anonymous_auth.proto +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for no authentication CACEP policy - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -import "cacep_proto.proto"; - -message cacep_anonymous_auth_msg { - required cacep_proto_msg proto = 1; -}
\ No newline at end of file diff --git a/src/lib/pol/cacep_proto.c b/src/lib/pol/cacep_proto.c deleted file mode 100644 index 9990a05a..00000000 --- a/src/lib/pol/cacep_proto.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * CACEP - Read/Write Protocol info - * - * Sander Vrijders <[email protected]> - * Dimitri Staessens <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include "cacep_proto.h" - -enum proto_concrete_syntax code_to_syntax(int code) -{ - switch(code) { - case PROTO_CONCRETE_SYNTAX_CODE__GPB: - return PROTO_GPB; - case PROTO_CONCRETE_SYNTAX_CODE__ASN_1: - return PROTO_ASN_1; - case PROTO_CONCRETE_SYNTAX_CODE__FIXED: - return PROTO_FIXED; - default: - return -1; - } -} - -int syntax_to_code(enum proto_concrete_syntax stx) -{ - switch(stx) { - case PROTO_GPB: - return PROTO_CONCRETE_SYNTAX_CODE__GPB; - case PROTO_ASN_1: - return PROTO_CONCRETE_SYNTAX_CODE__ASN_1; - case PROTO_FIXED: - return PROTO_CONCRETE_SYNTAX_CODE__FIXED; - default: - return -1; - } -} diff --git a/src/lib/pol/cacep_proto.h b/src/lib/pol/cacep_proto.h deleted file mode 100644 index bfb1b247..00000000 --- a/src/lib/pol/cacep_proto.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * CACEP - Convert syntax to msg code and back - * - * Sander Vrijders <[email protected]> - * Dimitri Staessens <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_CDAP_H -#define OUROBOROS_LIB_CACEP_CDAP_H - -#include <ouroboros/cacep.h> -#include <ouroboros/irm_config.h> - -#include "cacep_proto.pb-c.h" - -enum proto_concrete_syntax code_to_syntax(int code); - -int syntax_to_code(enum proto_concrete_syntax stx); - -#endif /* OUROBOROS_LIB_CACEP_CDAP_H */ diff --git a/src/lib/pol/cacep_proto.proto b/src/lib/pol/cacep_proto.proto deleted file mode 100644 index f313bfc1..00000000 --- a/src/lib/pol/cacep_proto.proto +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for setting Protocol information in CACEP - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -enum proto_concrete_syntax_code { - GPB = 1; - ASN_1 = 2; - FIXED = 3; -} - -message cacep_proto_msg { - required string protocol = 1; - required int32 pref_version = 2; - repeated int32 supp_version = 3; - required proto_concrete_syntax_code pref_syntax = 4; - repeated proto_concrete_syntax_code supp_syntax = 5; -} diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c deleted file mode 100644 index 69189114..00000000 --- a/src/lib/pol/cacep_simple_auth.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Simple authentication policy for CACEP - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#include <ouroboros/config.h> -#include <ouroboros/cacep.h> -#include <ouroboros/dev.h> -#include <ouroboros/errno.h> - -#include "cacep_proto.h" -#include "cacep_simple_auth.h" - -#include <stdlib.h> -#include <string.h> - -#include "cacep_simple_auth.pb-c.h" -typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t; -typedef CacepProtoMsg cacep_proto_msg_t; - -#define BUF_SIZE 2048 - -static struct conn_info * read_msg(int fd) -{ - struct conn_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_simple_auth_msg_t * msg; - ssize_t len; - - len = flow_read(fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep_simple_auth_msg__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) { - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - conn_info_init(tmp); - - tmp->addr = msg->addr; - tmp->name = strdup(msg->name); - if (tmp->name == NULL) { - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.protocol = strdup(msg->proto->protocol); - if (tmp->proto.protocol == NULL) { - conn_info_fini(tmp); - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - tmp->proto.pref_version = msg->proto->pref_version; - tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); - if (tmp->proto.pref_syntax < 0) { - conn_info_fini(tmp); - free(tmp); - cacep_simple_auth_msg__free_unpacked(msg, NULL); - return NULL; - } - - cacep_simple_auth_msg__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(int fd, - const struct conn_info * info) -{ - cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; - cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - cmsg.protocol = info->proto.protocol; - cmsg.pref_version = info->proto.pref_version; - cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); - if (cmsg.pref_syntax < 0) - return -1; - - msg.proto = &cmsg; - msg.name = info->name; - msg.addr = info->addr; - - len = cacep_simple_auth_msg__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep_simple_auth_msg__pack(&msg, data); - - if (flow_write(fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; -} - -struct conn_info * cacep_simple_auth_auth(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - /* This policy does not need info to authenticate */ - (void) auth; - - if (send_msg(fd, info)) - return NULL; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} - - -struct conn_info * cacep_simple_auth_auth_wait(int fd, - const struct conn_info * info, - const void * auth) -{ - struct conn_info * tmp; - - assert(info); - - (void) auth; - - tmp = read_msg(fd); - if (tmp == NULL) - return NULL; - - if (send_msg(fd, info)) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - if (strcmp(info->proto.protocol, tmp->proto.protocol) || - info->proto.pref_version != tmp->proto.pref_version || - info->proto.pref_syntax != tmp->proto.pref_syntax) { - conn_info_fini(tmp); - free(tmp); - return NULL; - } - - return tmp; -} diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h deleted file mode 100644 index 31398a68..00000000 --- a/src/lib/pol/cacep_simple_auth.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Simple authentication policy for CACEP - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H -#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H - -struct conn_info * cacep_simple_auth_auth(int fd, - const struct conn_info * info, - const void * auth); - -struct conn_info * cacep_simple_auth_auth_wait(int fd, - const struct conn_info * info, - const void * auth); - -#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */ diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto deleted file mode 100644 index 1a1e7ea8..00000000 --- a/src/lib/pol/cacep_simple_auth.proto +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2017 - * - * Message for no authentication CACEP policy - * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -syntax = "proto2"; - -import "cacep_proto.proto"; - -message cacep_simple_auth_msg { - required cacep_proto_msg proto = 1; - required string name = 2; - required uint64 addr = 3; -} |