summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authordimitri staessens <[email protected]>2017-02-20 14:42:43 +0100
committerdimitri staessens <[email protected]>2017-02-20 15:23:30 +0100
commit86f4814245998f4b43e136101897557e4c2f5e54 (patch)
tree5a1f3d4aa8640d0e1e182d33923ec27b30cf7f3f /src/lib
parentee47a0c6478ab4e6478ad3b7fe5a35eb5775decb (diff)
downloadouroboros-86f4814245998f4b43e136101897557e4c2f5e54.tar.gz
ouroboros-86f4814245998f4b43e136101897557e4c2f5e54.zip
lib: Revise CACEP
Revises CACEP policies to stateless library calls. It provides two policies: an anonymous authentication policy that will generate random credentials for the peer, and a simple authentication policy that will return a name for the peer and an address. Changes the normal IPCP to use the updates API calls.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/CMakeLists.txt10
-rw-r--r--src/lib/cacep.c160
-rw-r--r--src/lib/pol/cacep_anonymous_auth.c81
-rw-r--r--src/lib/pol/cacep_anonymous_auth.h33
-rw-r--r--src/lib/pol/cacep_simple_auth.c137
-rw-r--r--src/lib/pol/cacep_simple_auth.h33
-rw-r--r--src/lib/pol/cacep_simple_auth.proto (renamed from src/lib/cacep.proto)12
7 files changed, 327 insertions, 139 deletions
diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
index 6af50782..f823b2d1 100644
--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
@@ -9,8 +9,9 @@ protobuf_generate_c(IPCP_PROTO_SRCS IPCP_PROTO_HDRS ipcpd_messages.proto)
protobuf_generate_c(DIF_CONFIG_PROTO_SRCS DIF_CONFIG_PROTO_HDRS
dif_config.proto)
protobuf_generate_c(CDAP_PROTO_SRCS CDAP_PROTO_HDRS cdap.proto)
-protobuf_generate_c(CACEP_PROTO_SRCS CACEP_PROTO_HDRS cacep.proto)
protobuf_generate_c(RO_PROTO_SRCS RO_PROTO_HDRS ro.proto)
+protobuf_generate_c(CACEP_SIMPLE_AUTH_PROTO_SRCS CACEP_SIMPLE_AUTH_PROTO_HDRS
+ pol/cacep_simple_auth.proto)
if(NOT APPLE)
find_library(LIBRT_LIBRARIES rt)
@@ -49,11 +50,14 @@ set(SOURCE_FILES
sockets.c
time_utils.c
utils.c
+ # Add policies last
+ pol/cacep_anonymous_auth.c
+ pol/cacep_simple_auth.c
)
add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS}
- ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS}
- ${CDAP_PROTO_SRCS} ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS})
+ ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS}
+ ${CACEP_SIMPLE_AUTH_PROTO_SRCS} ${RO_PROTO_SRCS})
target_link_libraries(ouroboros ${LIBRT_LIBRARIES}
${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY})
diff --git a/src/lib/cacep.c b/src/lib/cacep.c
index 00557444..3d556d8f 100644
--- a/src/lib/cacep.c
+++ b/src/lib/cacep.c
@@ -20,152 +20,52 @@
* 02110-1301 USA
*/
+#define OUROBOROS_PREFIX "cacep"
+
#include <ouroboros/config.h>
#include <ouroboros/cacep.h>
#include <ouroboros/dev.h>
#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+
+#include <pol/cacep_anonymous_auth.h>
+#include <pol/cacep_simple_auth.h>
#include <stdlib.h>
#include <string.h>
-#include "cacep.pb-c.h"
-typedef Cacep cacep_t;
-
#define BUF_SIZE 2048
-struct cacep {
- int fd;
- char * name;
- uint64_t address;
-};
-
-struct cacep * cacep_create(int fd,
- const char * name,
- uint64_t address)
+struct cacep_info * cacep_auth(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
{
- struct cacep * tmp;
-
- tmp = malloc(sizeof(*tmp));
- if (tmp == NULL)
- return NULL;
-
- tmp->fd = fd;
- tmp->address = address;
- tmp->name = strdup(name);
- if (tmp->name == NULL) {
- free(tmp);
+ switch (pc) {
+ case ANONYMOUS_AUTH:
+ return cacep_anonymous_auth(fd, info);
+ case SIMPLE_AUTH:
+ if (info == NULL)
+ return NULL;
+ return cacep_simple_auth_auth(fd, info);
+ default:
+ log_err("Unsupported CACEP policy.");
return NULL;
}
-
- return tmp;
-}
-
-int cacep_destroy(struct cacep * instance)
-{
- if (instance == NULL)
- return 0;
-
- free(instance->name);
- free(instance);
-
- return 0;
-}
-
-static struct cacep_info * read_msg(struct cacep * instance)
-{
- struct cacep_info * tmp;
- uint8_t buf[BUF_SIZE];
- cacep_t * msg;
- ssize_t len;
-
- len = flow_read(instance->fd, buf, BUF_SIZE);
- if (len < 0)
- return NULL;
-
- msg = cacep__unpack(NULL, len, buf);
- if (msg == NULL)
- return NULL;
-
- tmp = malloc(sizeof(*tmp));
- if (tmp == NULL) {
- cacep__free_unpacked(msg, NULL);
- return NULL;
- }
-
- tmp->addr = msg->address;
- tmp->name = strdup(msg->name);
- if (tmp->name == NULL) {
- free(tmp);
- cacep__free_unpacked(msg, NULL);
- return NULL;
- }
-
- cacep__free_unpacked(msg, NULL);
-
- return tmp;
-}
-
-static int send_msg(struct cacep * instance)
-{
- cacep_t msg = CACEP__INIT;
- int ret = 0;
- uint8_t * data = NULL;
- size_t len = 0;
-
- msg.name = instance->name;
- msg.address = instance->address;
-
- len = cacep__get_packed_size(&msg);
- if (len == 0)
- return -1;
-
- data = malloc(len);
- if (data == NULL)
- return -ENOMEM;
-
- cacep__pack(&msg, data);
-
- if (flow_write(instance->fd, data, len) < 0)
- ret = -1;
-
- free(data);
-
- return ret;
}
-struct cacep_info * cacep_auth(struct cacep * instance)
+struct cacep_info * cacep_auth_wait(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
{
- struct cacep_info * tmp;
-
- if (instance == NULL)
- return NULL;
-
- if (send_msg(instance))
- return NULL;
-
- tmp = read_msg(instance);
- if (tmp == NULL)
- return NULL;
-
- return tmp;
-}
-
-struct cacep_info * cacep_auth_wait(struct cacep * instance)
-{
- struct cacep_info * tmp;
-
- if (instance == NULL)
- return NULL;
-
- tmp = read_msg(instance);
- if (tmp == NULL)
- return NULL;
-
- if (send_msg(instance)) {
- free(tmp->name);
- free(tmp);
+ switch (pc) {
+ case ANONYMOUS_AUTH:
+ return cacep_anonymous_auth_wait(fd, info);
+ case SIMPLE_AUTH:
+ if (info == NULL)
+ return NULL;
+ return cacep_simple_auth_auth_wait(fd, info);
+ default:
+ log_err("Unsupported CACEP policy.");
return NULL;
}
-
- return tmp;
}
diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c
new file mode 100644
index 00000000..d450fdc5
--- /dev/null
+++ b/src/lib/pol/cacep_anonymous_auth.c
@@ -0,0 +1,81 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Anonymous policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <ouroboros/config.h>
+#include <ouroboros/cacep.h>
+#include <ouroboros/time_utils.h>
+
+#include "cacep_anonymous_auth.h"
+
+#include <stdlib.h>
+#include <math.h>
+#include <string.h>
+#include <stdio.h>
+
+#define NAME_LEN 8
+
+/* this policy generates a hex string */
+static struct cacep_info * anonymous_info(void)
+{
+ struct cacep_info * info;
+ struct timespec t;
+
+ info = malloc(sizeof(*info));
+ if (info == NULL)
+ return NULL;
+
+ info->name = malloc(NAME_LEN + 1);
+ if (info->name == NULL) {
+ free(info);
+ return NULL;
+ }
+
+ clock_gettime(CLOCK_REALTIME, &t);
+ srand(t.tv_nsec);
+
+ sprintf(info->name, "%8x",
+ (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF));
+
+ info->addr = 0;
+
+ return info;
+}
+
+struct cacep_info * cacep_anonymous_auth(int fd,
+ const struct cacep_info * info)
+{
+ (void) fd;
+ (void) info;
+
+ return anonymous_info();
+}
+
+
+struct cacep_info * cacep_anonymous_auth_wait(int fd,
+ const struct cacep_info * info)
+{
+ (void) fd;
+ (void) info;
+
+ return anonymous_info();
+}
diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h
new file mode 100644
index 00000000..d0229b05
--- /dev/null
+++ b/src/lib/pol/cacep_anonymous_auth.h
@@ -0,0 +1,33 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Anonymous policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H
+#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H
+
+struct cacep_info * cacep_anonymous_auth(int fd,
+ const struct cacep_info * info);
+
+struct cacep_info * cacep_anonymous_auth_wait(int fd,
+ const struct cacep_info * info);
+
+#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */
diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c
new file mode 100644
index 00000000..1e052f3d
--- /dev/null
+++ b/src/lib/pol/cacep_simple_auth.c
@@ -0,0 +1,137 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Simple authentication policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <ouroboros/config.h>
+#include <ouroboros/cacep.h>
+#include <ouroboros/dev.h>
+#include <ouroboros/errno.h>
+
+#include "cacep_simple_auth.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "cacep_simple_auth.pb-c.h"
+typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t;
+
+#define BUF_SIZE 2048
+
+static struct cacep_info * read_msg(int fd)
+{
+ struct cacep_info * tmp;
+ uint8_t buf[BUF_SIZE];
+ cacep_simple_auth_msg_t * msg;
+ ssize_t len;
+
+ len = flow_read(fd, buf, BUF_SIZE);
+ if (len < 0)
+ return NULL;
+
+ msg = cacep_simple_auth_msg__unpack(NULL, len, buf);
+ if (msg == NULL)
+ return NULL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (tmp == NULL) {
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ tmp->addr = msg->addr;
+ tmp->name = strdup(msg->name);
+ if (tmp->name == NULL) {
+ free(tmp);
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+
+ return tmp;
+}
+
+static int send_msg(int fd,
+ const struct cacep_info * info)
+{
+ cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT;
+ int ret = 0;
+ uint8_t * data = NULL;
+ size_t len = 0;
+
+ msg.name = info->name;
+ msg.addr = info->addr;
+
+ len = cacep_simple_auth_msg__get_packed_size(&msg);
+ if (len == 0)
+ return -1;
+
+ data = malloc(len);
+ if (data == NULL)
+ return -ENOMEM;
+
+ cacep_simple_auth_msg__pack(&msg, data);
+
+ if (flow_write(fd, data, len) < 0)
+ ret = -1;
+
+ free(data);
+
+ return ret;
+}
+
+struct cacep_info * cacep_simple_auth_auth(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ if (send_msg(fd, info))
+ return NULL;
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ return tmp;
+}
+
+
+struct cacep_info * cacep_simple_auth_auth_wait(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ if (send_msg(fd, info)) {
+ free(tmp);
+ return NULL;
+ }
+
+ return tmp;
+}
diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h
new file mode 100644
index 00000000..bbdbe9b9
--- /dev/null
+++ b/src/lib/pol/cacep_simple_auth.h
@@ -0,0 +1,33 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Simple authentication policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H
+#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H
+
+struct cacep_info * cacep_simple_auth_auth(int fd,
+ const struct cacep_info * info);
+
+struct cacep_info * cacep_simple_auth_auth_wait(int fd,
+ const struct cacep_info * info);
+
+#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */
diff --git a/src/lib/cacep.proto b/src/lib/pol/cacep_simple_auth.proto
index 603b095d..d20f8780 100644
--- a/src/lib/cacep.proto
+++ b/src/lib/pol/cacep_simple_auth.proto
@@ -1,10 +1,10 @@
/*
* Ouroboros - Copyright (C) 2016 - 2017
*
- * CACEP message
+ * Message for no authentication CACEP policy
*
- * Dimitri Staessens <[email protected]>
- * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
@@ -23,7 +23,7 @@
syntax = "proto2";
-message cacep {
- required string name = 1;
- required uint64 address = 2;
+message cacep_simple_auth_msg {
+ required string name = 1;
+ required uint64 addr = 2;
}