Beispiel #1
0
Condor_Auth_Base :: Condor_Auth_Base(ReliSock * sock, int mode) : 
	mySock_        ( sock  ),
	authenticated_ ( false ),
	mode_          ( mode  ),
	isDaemon_      ( false ),
	remoteUser_    ( NULL  ),
	remoteDomain_  ( NULL  ),
	remoteHost_    ( NULL  ),
	localDomain_   ( NULL  ),
	fqu_           ( NULL  ),
	authenticatedName_      ( NULL  )
{
    //if (mySock_->isClient()) {
        
        //------------------------------------------
        // There are two possible cases:
        // 1. This is a user who is calling authentication
        // 2. This is a daemon who is calling authentication
        // 
        // So, we first find out whether this is a daemon or user
        //------------------------------------------
        
        //if ((strncmp(username,
        //            STR_DEFAULT_CONDOR_USER,
        //             strlen(STR_DEFAULT_CONDOR_USER)) == 0) ||
        //    (strncmp(username, root, strlen(root)) == 0)) {
            // I am a daemon! This is a daemon-daemon authentication
        //    isDaemon_ = true;
            
        //dprintf(D_ALWAYS,"This is a daemon with Condor uid:%d; my uid:%d, user uid :%d , 
        // with username %s\n", get_condor_uid(), get_my_uid(), get_user_uid(), username);
        //}
        if (get_my_uid() == 0) {
            isDaemon_ = true;
        }
        //}

		// this will *always* succeed
	localDomain_ = param( "UID_DOMAIN" );

	setRemoteHost(mySock_->peer_addr().to_ip_string().Value());
		//setRemoteHost(inet_ntoa(mySock_->peer_addr()->sin_addr));
    // This is done for protocols such as fs, anonymous. Kerberos should
    // override this with the ip address from Kerbeos
}
Beispiel #2
0
void RemoteManager::addHost(RemoteHost *host)
{
  RDTreeWidgetItem *node = new RDTreeWidgetItem({host->Name(), lit("...")});

  node->setItalic(true);
  node->setIcon(0, Icons::hourglass());
  setRemoteHost(node, host);

  ui->hosts->addTopLevelItem(node);
  ui->hosts->setSelectedItem(node);

  ui->refreshOne->setEnabled(false);
  ui->refreshAll->setEnabled(false);

  m_Lookups.release();

  refreshHost(node);

  updateLookupsStatus();
}
//----------------------------------------------------------------------
// getRemoteHost -- retrieve remote host's address
//----------------------------------------------------------------------    
void Condor_Auth_Kerberos :: setRemoteAddress()
{
    krb5_error_code  code;
    krb5_address  ** localAddr  = NULL;
    krb5_address  ** remoteAddr = NULL;
    
    // Get remote host's address first
    
    if ((code = krb5_auth_con_getaddrs(krb_context_, 
                                      auth_context_, 
                                      localAddr, 
                                      remoteAddr))) {
        goto error;
    }
    
    if (remoteAddr) {
        struct in_addr in;
        memcpy(&(in.s_addr), (*remoteAddr)[0].contents, sizeof(in_addr));
        setRemoteHost(inet_ntoa(in));
    }
    
    if (localAddr) {
        krb5_free_addresses(krb_context_, localAddr);
    }
    
    if (remoteAddr) {
        krb5_free_addresses(krb_context_, remoteAddr);
    }
    
    dprintf(D_SECURITY, "Remote host is %s\n", getRemoteHost());

    return;

 error:
    dprintf( D_ALWAYS, "KERBEROS: Unable to obtain remote address: %s\n",
			 error_message(code) );
}
Beispiel #4
0
void AtDrv::startClient(uint8_t sock, const char *host, uint16_t port, uint8_t protMode)
{
	// if we enable CHECK_TCP_STATE feature, always call reConnect(), or we won't get right
	// tcp port status, since we disable tcp auto reconnect.
#ifndef CHECK_TCP_STATE
	bool needReConn = false;
#else
	bool needReConn = true;
#endif
	int curMode;
	char curHostBuf[MAX_HOST_NAME_BUF_SIZE];
	uint8_t curProtocol;
	uint16_t curPort;
	uint16_t curLocalPort;
	uint32_t curTimeout;
	bool curTcpAuto;

	// clear uart buffer first
	stopClient(sock);

	if(!isAtMode()) {
		if(!switchToAtMode()) {
			INFO1("Can't switch to at mode");
			goto end;
		}
	}
	
	if(!getMode(sock, &curMode) || curMode != MODE_CLIENT) {
		needReConn = true;
		INFO1("curMode != MODE_CLIENT");
		if(!setMode(sock, MODE_CLIENT)) {
			INFO1("Can't set mode");
			goto end;			
		}
	}

	if(!getRemoteHost(sock, curHostBuf) || (strcmp(curHostBuf,  host) != 0)) {
		needReConn = true;
		INFO1("curHostBuf != host");
		if(!setRemoteHost(sock, host)) {
			INFO1("Can't set host");
			goto end;	
		}
	}
	
	if(!getProtocol(sock, &curProtocol) || curProtocol != protMode) {
		needReConn = true;
		INFO1("curProtocol != protMode");
		if(!setProtocol(sock, protMode)) {
			INFO1("Can't set protocol");
			goto end;	
		}
	}
	
	if(!getRemotePort(sock, &curPort) || curPort != port) {
		needReConn = true;
		INFO1("curPort != port");
		if(!setPort(sock, port)) {
			INFO1("Can't set port");
			goto end;	
		}
	}
	
	if(!getTcpAuto(sock, &curTcpAuto) || curTcpAuto != false) {
		needReConn = true;
		INFO1("curTcpAuto != false");	
		if(!setTcpAuto(sock, false)) {
			INFO1("Can't set tcp auto");
			goto end;	
		}
	}	
	
	if(!getLocalPort(sock, &curLocalPort) || curLocalPort != localSockPort[sock]) {
		needReConn = true;
		INFO1("curLocalPort != port");
		if(!setLocalPort(sock, localSockPort[sock])) {
			INFO1("Can't set port");
			goto end;	
		}
	}	
	
	if(needReConn) {
		if(!reConnect()) {
			INFO1("Can't reconnect");
			goto end;	
		}
	}	

	sockPort[sock] = localSockPort[sock];
	sockConnected[sock] = true;

end:
	return;
}
Beispiel #5
0
int Cconfigurator::loadConfig(QByteArray path, QByteArray filename)
{
	int size;
	QSettings conf(path + filename, QSettings::IniFormat);

	conf.beginGroup("General");
    setBaseFile( conf.value("mapFile", "database/mume.pmf").toByteArray() );
	setWindowRect( conf.value("windowRect").toRect() );
	setAlwaysOnTop( conf.value("alwaysOnTop", true ).toBool() );
	setStartupMode( conf.value("startupMode", 1).toInt() );
    setLogFileEnabled( conf.value("isLogFileEnabled", false).toBool() );
	conf.endGroup();

	conf.beginGroup("Networking");
	setLocalPort( conf.value("localPort", 4242).toInt() );
	setRemoteHost( conf.value("remoteHost", "193.134.218.111").toByteArray() );
	setRemotePort( conf.value("remotePort", 443).toInt() );
	conf.endGroup();

	conf.beginGroup("OpenGL");
	setTextureVisibility( conf.value("texturesVisibility", 500).toInt() );
	setDetailsVisibility( conf.value("detailsVisibility", 300).toInt() );
	setVisibleLayers( conf.value("visibleLayers", 5).toInt() );
	setShowNotesRenderer( conf.value("showNotes", true).toBool() );
	setShowRegionsInfo( conf.value("showRegions", false). toBool() );
	setDisplayRegionsRenderer( conf.value("displayRegions", false).toBool() );
	setMultisampling( conf.value("multisampling", true).toBool() );
	setSelectOAnyLayer( conf.value("selectOnAnyLayer", true).toBool() );
    setRendererAngles(conf.value("angleX", 0).toFloat(), conf.value("angleY", 0).toFloat(), conf.value("angleZ", 0).toFloat());
    setRendererPosition(conf.value("userX", 0).toFloat(), conf.value("userY", 0).toFloat(), conf.value("userZ", 0).toFloat());
    setNoteColor( conf.value("noteColor", "#F28003").toByteArray() );
    setDrawPrespam(  conf.value("drawPrespam", true).toBool() );

	conf.endGroup();

	conf.beginGroup("Engine");
	setExitsCheck( conf.value("checkExits", false).toBool() );
	setTerrainCheck( conf.value("checkTerrain", true).toBool() );
	setBriefMode( conf.value("briefmode", true ).toBool() );
	setAutomerge( conf.value("autoMerge", true ).toBool() );
	setAngrylinker( conf.value("angryLinker", true ).toBool() );
	setDuallinker( conf.value("dualLinker", false ).toBool() );
	setAutorefresh( conf.value("autoRefresh", true ).toBool() );
	setNameQuote( conf.value("roomNameQuote", 10 ).toInt() );
	setDescQuote( conf.value("descQuote", 10 ).toInt() );
	setRegionsAutoReplace( conf.value("regionsAutoReplace", false ).toBool() );
	setRegionsAutoSet( conf.value("regionsAutoSet", false ).toBool() );
	setMactionUsesPrespam( conf.value("mactionUsesPrespam", true).toBool() );
	setPrespamTTL( conf.value("prespamTTL", 5000).toInt() );

	conf.endGroup();

    conf.beginGroup("Patterns");
    setExitsPattern( conf.value("exitsPattern", "Exits: ").toByteArray() );
    spells_pattern = conf.value("spellsEffectPattern", "Affected by:").toByteArray();
    setScorePattern( conf.value("scorePattern", "[0-9]*/* hits, */* mana, and */* moves.").toByteArray()  );
    setShortScorePattern( conf.value("scorePatternShort", "[0-9]*/* hits and */* moves.").toByteArray() );
	conf.endGroup();


	conf.beginGroup("GroupManager");
	setGroupManagerHost( conf.value("remoteHost", "localhost").toByteArray() );
	setGroupManagerRemotePort( conf.value("remotePort", 4243 ).toInt() );
	setGroupManagerLocalPort( conf.value("localServerPort", 4243 ).toInt() );
	setGroupManagerCharName( conf.value("charName", "Charname" ).toByteArray() );
	setGroupManagerColor( QColor( conf.value("charColor", "#F28003").toString() ) );
	setGroupManagerShowSelf( conf.value("showSelf", false ).toBool() );
	setGroupManagerNotifyArmour( conf.value("notifyArm", true ).toBool() );
	setGroupManagerNotifySanc( conf.value("notifySanc", true ).toBool() );
	setGroupManagerNotifyBash( conf.value("notifyBash", true ).toBool() );
	setGroupManagerShowManager( conf.value("showGroupManager", true ).toBool() );
	setGroupManagerRect( conf.value("windowRect").toRect() );
	conf.endGroup();


	size = conf.beginReadArray("Spells");
	for (int i = 0; i < size; ++i) {
	  conf.setArrayIndex(i);
	  TSpell spell;

      spell.up = false;
      spell.silently_up = false;
	  spell.addon = conf.value("addon", 0).toBool();
	  spell.name = conf.value("name").toByteArray();
	  spell.up_mes = conf.value("upMessage").toByteArray();
	  spell.refresh_mes = conf.value("refreshMessage").toByteArray();
	  spell.down_mes = conf.value("downMessage").toByteArray();

      addSpell(spell);
	}
	conf.endArray();


	conf.beginGroup("Movement tracking");
	size = conf.beginReadArray("Cancel Patterns");
	for (int i = 0; i < size; ++i) {
	  conf.setArrayIndex(i);
	  moveCancelPatterns.append( conf.value("pattern").toByteArray() );
	}
	conf.endArray();
	size = conf.beginReadArray("Force Patterns");
	for (int i = 0; i < size; ++i) {
	  conf.setArrayIndex(i);
	  moveForcePatterns.append( conf.value("pattern").toByteArray() );
	}
	conf.endArray();
	conf.endGroup();

	size = conf.beginReadArray("Debug Settings");
	for (int i = 0; i < size; ++i) {
	  conf.setArrayIndex(i);

      QString s = conf.value("name").toString();

	  unsigned int z = 0;
      while (debug_data[z].name != NULL) {
          if (debug_data[z].name == s)
              break;
          z++;
      }
      if (debug_data[z].name == NULL) {
          print_debug(DEBUG_CONFIG, "Warning, %s is a wrong debug descriptor/name!", qPrintable(s));
          continue;
      }

      debug_data[i].state = conf.value("state", 0 ).toInt();
	}
	conf.endArray();

	configFile = filename;
	configPath = path;

	setConfigModified(false);
	return true;
}
int Condor_Auth_Kerberos :: authenticate_server_kerberos()
{
    krb5_error_code   code;
    krb5_flags        flags = 0;
    krb5_data         request, reply;
    priv_state        priv;
    krb5_keytab       keytab = 0;
    int               message, rc = FALSE;
    krb5_ticket *     ticket = NULL;

    request.data = 0;
    reply.data   = 0;
    
    keytabName_ = param(STR_KERBEROS_SERVER_KEYTAB);

    //------------------------------------------
    // Getting keytab info
    //------------------------------------------
    if (keytabName_) {
        code = krb5_kt_resolve(krb_context_, keytabName_, &keytab);
    }
    else {
        code = krb5_kt_default(krb_context_, &keytab);
    }
    
    if (code) {
        dprintf( D_ALWAYS, "1: Kerberos server authentication error:%s\n",
				 error_message(code) );
        goto error;
    }
    
    //------------------------------------------
    // Get te KRB_AP_REQ message
    //------------------------------------------
    if(read_request(&request) == FALSE) {
        dprintf( D_ALWAYS, "KERBEROS: Server is unable to read request\n" );
        goto error;
    }
    
	dprintf( D_SECURITY, "Reading kerberos request object (krb5_rd_req)\n");

	dprintf_krb5_principal( D_FULLDEBUG, "KERBEROS: krb_principal_ is '%s'\n", krb_principal_);

 priv = set_root_priv();   // Get the old privilige
    
    if ((code = krb5_rd_req(krb_context_,
                           &auth_context_,
                           &request,
                           //krb_principal_,
						   NULL,
                           keytab,
                           &flags,
                           &ticket))) {
        set_priv(priv);   // Reset
        dprintf( D_ALWAYS, "2: Kerberos server authentication error:%s\n",
				 error_message(code) );
        goto error;
    }
    set_priv(priv);   // Reset
    
	dprintf ( D_FULLDEBUG, "KERBEROS: krb5_rd_req done.\n");

    //------------------------------------------
    // See if mutual authentication is required
    //------------------------------------------
    if (flags & AP_OPTS_MUTUAL_REQUIRED) {
        if ((code = krb5_mk_rep(krb_context_, auth_context_, &reply))) {
            dprintf( D_ALWAYS, "3: Kerberos server authentication error:%s\n",
					 error_message(code) );
            goto error;
        }

        mySock_->encode();
        message = KERBEROS_MUTUAL;
        if (!mySock_->code(message) || !mySock_->end_of_message()) {
            goto error;
        }

        // send the message
        if (send_request(&reply) != KERBEROS_GRANT) {
            goto cleanup;
        }
    }
    
    //------------------------------------------
    // extract client addresses
    //------------------------------------------
    if (ticket->enc_part2->caddrs) {
        struct in_addr in;
        memcpy(&(in.s_addr), ticket->enc_part2->caddrs[0]->contents, sizeof(in_addr));
        
        setRemoteHost(inet_ntoa(in));
    
        dprintf(D_SECURITY, "Client address is %s\n", getRemoteHost());
    }    

    // First, map the name, this has to take place before receive_tgt_creds!
    if (!map_kerberos_name(&(ticket->enc_part2->client))) {
        dprintf(D_SECURITY, "Unable to map Kerberos name\n");
        goto error;
    }

    // copy the session key
    if ((code = krb5_copy_keyblock(krb_context_, 
                                  ticket->enc_part2->session, 
                                  &sessionKey_))){
        dprintf(D_SECURITY, "4: Kerberos server authentication error:%s\n", error_message(code));
        goto error;
    }
    
    // Next, see if we need client to forward the credential as well
    if (receive_tgt_creds(ticket)) {
        goto cleanup;
    }
    
    //------------------------------------------
    // We are now authenticated!
    //------------------------------------------
    dprintf(D_SECURITY, "User %s is now authenticated!\n", getRemoteUser());
    
    rc = TRUE;
    
    goto cleanup;
    
 error:
    message = KERBEROS_DENY;
    
    mySock_->encode();
    if ((!mySock_->code(message)) || (!mySock_->end_of_message())) {
        dprintf( D_ALWAYS, "KERBEROS: Failed to send response message!\n" );
    }
    
 cleanup:
    
    //------------------------------------------
    // Free up some stuff
    //------------------------------------------
    if (ticket) {
        krb5_free_ticket(krb_context_, ticket);
    }
    
    if (keytab) {
        krb5_kt_close(krb_context_, keytab);
    }
    //------------------------------------------
    // Free it for now, in the future, we might 
    // need this for future secure transctions.
    //------------------------------------------
    if (request.data) {
        free(request.data);
    }
    
    if (reply.data) {
        free(reply.data);
    }

    return rc;
}