static void on_secure(netc_t *netc) { struct session *session; session = netc->ext_ptr; if (session->state == SESSION_STATE_WAIT_STEPUP) { /* Set the session as authenticated */ session->state = SESSION_STATE_AUTHED; /* Send a message to acknowledge the client */ DNDSMessage_t *msg = NULL; DNDSMessage_new(&msg); DNDSMessage_set_channel(msg, 0); DNDSMessage_set_pdu(msg, pdu_PR_dnm); DNMessage_set_seqNumber(msg, 1); DNMessage_set_ackNumber(msg, 0); DNMessage_set_operation(msg, dnop_PR_authResponse); AuthResponse_set_result(msg, DNDSResult_success); net_send_msg(session->netc, msg); DNDSMessage_del(msg); context_add_session(session->context, session); jlog(L_DEBUG, "session id: %d", session->id); } }
void test_AuthResponse() { /// Building an AuthResponse /// DNDSMessage_t *msg; // a DNDS Message DNDSMessage_new(&msg); DNDSMessage_set_channel(msg, 0); DNDSMessage_set_pdu(msg, pdu_PR_dsm); // Directory Service Message DSMessage_set_seqNumber(msg, 0); DSMessage_set_ackNumber(msg, 100); DSMessage_set_operation(msg, dnop_PR_authResponse); AuthResponse_set_result(msg, DNDSResult_success); /// Encoding part asn_enc_rval_t ec; // Encoder return value FILE *fp = fopen("dnds.ber", "wb"); // BER output ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp); fclose(fp); xer_fprint(stdout, &asn_DEF_DNDSMessage, msg); DNDSMessage_del(msg); }
/* Authentication Request from the node */ int authRequest(struct session *session, DNDSMessage_t *req_msg) { char *certName = NULL; size_t length = 0; struct session *old_session = NULL; if (session->state != SESSION_STATE_NOT_AUTHED) { jlog(L_WARNING, "authRequest duplicate"); return -1; } DNDSMessage_t *msg = NULL; DNDSMessage_new(&msg); DNDSMessage_set_channel(msg, 0); DNDSMessage_set_pdu(msg, pdu_PR_dnm); DNMessage_set_seqNumber(msg, 1); DNMessage_set_ackNumber(msg, 0); DNMessage_set_operation(msg, dnop_PR_authResponse); AuthRequest_get_certName(req_msg, &certName, &length); jlog(L_DEBUG, "URI:%s", certName); session->node_info = cn2node_info(certName); if (session->node_info == NULL) { jlog(L_WARNING, "cn2node_info failed"); DNDSMessage_del(msg); return -1; } // jlog(L_DEBUG, "type: %s", session->node_info->type); jlog(L_DEBUG, "uuid: %s", session->node_info->uuid); jlog(L_DEBUG, "network_uuid: %s", session->node_info->network_uuid); jlog(L_DEBUG, "network_id: %s", session->node_info->network_id); jlog(L_DEBUG, "v: %d", session->node_info->v); if (session->node_info->v == 1) { session->vnetwork = vnetwork_lookup_id(session->node_info->network_id); if (session->vnetwork != NULL) { strncpy(session->node_info->network_uuid, session->vnetwork->uuid, 36); session->node_info->network_uuid[36] = '\0'; } } else session->vnetwork = vnetwork_lookup(session->node_info->network_uuid); if (session->vnetwork == NULL) { AuthResponse_set_result(msg, DNDSResult_noRight); net_send_msg(session->netc, msg); DNDSMessage_del(msg); return -1; } /* check if the node's uuid is known if (ctable_find(session->context->atable, session->node_info->uuid) == NULL) { AuthResponse_set_result(msg, DNDSResult_noRight); net_send_msg(session->netc, msg); DNDSMessage_del(msg); jlog(L_ERROR, "authentication failed, invalid certificate"); return -1; } */ /* check if the node is already connected */ old_session = ctable_find(session->vnetwork->ctable, session->node_info->uuid); // if (old_session == NULL) { ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session); /* } else { // that node is already connected, if the new session is from the same IP // disconnect the old session, and let this one connect if (old_session->ip == NULL) { net_disconnect(old_session->netc); ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session); } else if (strcmp(old_session->ip, session->ip) == 0) { net_disconnect(old_session->netc); ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session); } } */ session->cert_name = strdup(certName); if (session->netc->security_level == NET_UNSECURE) { AuthResponse_set_result(msg, DNDSResult_success); net_send_msg(session->netc, msg); session->state = SESSION_STATE_AUTHED; session->netc->on_secure(session->netc); } else { AuthResponse_set_result(msg, DNDSResult_secureStepUp); net_send_msg(session->netc, msg); krypt_add_passport(session->netc->kconn, session->vnetwork->passport); session->state = SESSION_STATE_WAIT_STEPUP; net_step_up(session->netc); } DNDSMessage_del(msg); return 0; }