Ejemplo n.º 1
0
Archivo: remunge.c Proyecto: dun/munge
void
destroy_tdata (tdata_t tdata)
{
/*  Destroy the thread-specific data [tdata].
 */
    assert (tdata != NULL);

    if (tdata->conf->do_decode) {
        munge_ctx_destroy (tdata->dctx);
    }
    munge_ctx_destroy (tdata->ectx);
    free (tdata);
    return;
}
Ejemplo n.º 2
0
Archivo: ctx.c Proyecto: dun/munge
munge_ctx_t
munge_ctx_create (void)
{
    munge_ctx_t ctx;

    if (!(ctx = malloc (sizeof (*ctx)))) {
        return (NULL);
    }
    ctx->cipher = MUNGE_CIPHER_DEFAULT;
    ctx->mac = MUNGE_MAC_DEFAULT;
    ctx->zip = MUNGE_ZIP_DEFAULT;
    ctx->realm_str = NULL;
    ctx->ttl = MUNGE_TTL_DEFAULT;
    ctx->addr.s_addr = 0;
    ctx->time0 = 0;
    ctx->time1 = 0;
    ctx->auth_uid = MUNGE_UID_ANY;
    ctx->auth_gid = MUNGE_GID_ANY;
    ctx->socket_str = strdup (MUNGE_SOCKET_NAME);
    ctx->error_num = EMUNGE_SUCCESS;
    ctx->error_str = NULL;

    if (!ctx->socket_str) {
        munge_ctx_destroy (ctx);
        return (NULL);
    }
    return (ctx);
}
extern void *
crypto_read_public_key(const char *path)
{
	munge_ctx_t ctx;
	char *socket;
	int auth_ttl, rc;

	/*
	 * Get slurm user id once. We use it later to verify credentials.
	 */
	slurm_user = slurm_get_slurm_user_id();

	ctx = munge_ctx_create();

	socket = _auth_opts_to_socket();
	if (socket) {
		rc = munge_ctx_set(ctx, MUNGE_OPT_SOCKET, socket);
		xfree(socket);
		if (rc != EMUNGE_SUCCESS) {
			error("munge_ctx_set failure");
			munge_ctx_destroy(ctx);
			return NULL;
		}
	}

	auth_ttl = slurm_get_auth_ttl();
	if (auth_ttl)
		(void) munge_ctx_set(ctx, MUNGE_OPT_TTL, auth_ttl);

	return (void *) ctx;
}
Ejemplo n.º 4
0
/* This is called from libnpclient user space.
 * It drives the client end of authentication.
 */
int
diod_auth (Npcfid *afid, u32 uid)
{
    int ret = -1; 
#if HAVE_LIBMUNGE
    char *cred = NULL;
    munge_ctx_t ctx = NULL;

    if (!(ctx = munge_ctx_create ())) {
        np_uerror (ENOMEM);
        goto done;
    }
    if (munge_encode (&cred, ctx, NULL, 0) != EMUNGE_SUCCESS) {
        np_uerror (EPERM);
        goto done;
    }
    if (npc_puts (afid, cred) < 0) {
        goto done;
    }
    ret = 0;
done:
    if (ctx)
        munge_ctx_destroy (ctx);
#endif
    return ret;
}
Ejemplo n.º 5
0
extern void nonstop_free_config(void)
{
	int i;

	for (i = 0; i < hot_spare_info_cnt; i++)
		xfree(hot_spare_info[i].partition);
	hot_spare_info_cnt = 0;
	xfree(hot_spare_info);
	nonstop_comm_port = 0;
	nonstop_debug = 0;
	xfree(nonstop_control_addr);
	xfree(nonstop_backup_addr);
	xfree(hot_spare_count_str);
	max_spare_node_count = 0;
	time_limit_delay = 0;
	time_limit_drop = 0;
	time_limit_extend = 0;
	user_drain_allow_cnt = 0;
	xfree(user_drain_allow);
	xfree(user_drain_allow_str);
	user_drain_deny_cnt = 0;
	xfree(user_drain_deny);
	xfree(user_drain_deny_str);
	munge_ctx_destroy(ctx);
	ctx = NULL;
}
extern void *
crypto_read_private_key(const char *path)
{
	munge_ctx_t ctx;
	munge_err_t err;
	char *socket;
	int auth_ttl, rc;

	if ((ctx = munge_ctx_create()) == NULL) {
		error ("crypto_read_private_key: munge_ctx_create failed");
		return (NULL);
	}

	socket = _auth_opts_to_socket();
	if (socket) {
		rc = munge_ctx_set(ctx, MUNGE_OPT_SOCKET, socket);
		xfree(socket);
		if (rc != EMUNGE_SUCCESS) {
			error("munge_ctx_set failure");
			munge_ctx_destroy(ctx);
			return NULL;
		}
	}

	auth_ttl = slurm_get_auth_ttl();
	if (auth_ttl)
		(void) munge_ctx_set(ctx, MUNGE_OPT_TTL, auth_ttl);

	/*
	 *   Only allow slurmd_user (usually root) to decode job
	 *   credentials created by
	 *   slurmctld. This provides a slight layer of extra security,
	 *   as non-privileged users cannot get at the contents of job
	 *   credentials.
	 */
	err = munge_ctx_set(ctx, MUNGE_OPT_UID_RESTRICTION,
			    slurm_get_slurmd_user_id());

	if (err != EMUNGE_SUCCESS) {
		error("Unable to set uid restriction on munge credentials: %s",
		      munge_ctx_strerror (ctx));
		munge_ctx_destroy(ctx);
		return(NULL);
	}

	return ((void *) ctx);
}
Ejemplo n.º 7
0
/* Destroy implementation-specific auth state.
 */
static void
_da_destroy (da_t da)
{
    assert (da->magic == DIOD_AUTH_MAGIC);
    da->magic = 0;
    if (da->datastr)
        free (da->datastr);
#if HAVE_LIBMUNGE
    if (da->mungectx)
        munge_ctx_destroy (da->mungectx);
#endif
    free (da);
}
Ejemplo n.º 8
0
Archivo: ctx.c Proyecto: dun/munge
munge_ctx_t
munge_ctx_copy (munge_ctx_t src)
{
    munge_ctx_t dst;

    if (!src) {
        return (NULL);
    }
    if (!(dst = malloc (sizeof (*dst)))) {
        return (NULL);
    }
    *dst = *src;
    /*
     *  Since struct assignment is a shallow copy, first reset all strings.
     *    This protects against calling munge_ctx_destroy (dst) on error.
     *    If any of these still referenced the src strings at that time,
     *    those strings would erroneously be free()d -- thereby corrupting
     *    the src ctx by mistake.
     */
    dst->realm_str = NULL;
    dst->socket_str = NULL;
    dst->error_str = NULL;
    /*
     *  Reset the error condition.
     */
    dst->error_num = EMUNGE_SUCCESS;
    /*
     *  Copy the src strings.
     */
    if ((src->realm_str) && !(dst->realm_str = strdup (src->realm_str))) {
        goto err;
    }
    if (!(dst->socket_str = strdup (src->socket_str))) {
        goto err;
    }
    return (dst);

err:
    munge_ctx_destroy (dst);
    return (NULL);
}
Ejemplo n.º 9
0
Archivo: remunge.c Proyecto: dun/munge
void
destroy_conf (conf_t conf)
{
/*  Destroys the configuration [conf].
 */
    assert (conf != NULL);

    if (conf->payload) {
        assert (conf->num_payload > 0);
        free (conf->payload);
    }
    if ((errno = pthread_cond_destroy (&conf->cond_done)) != 0) {
        log_errno (EMUNGE_SNAFU, LOG_ERR, "Failed to destroy condition");
    }
    if ((errno = pthread_mutex_destroy (&conf->mutex)) != 0) {
        log_errno (EMUNGE_SNAFU, LOG_ERR, "Failed to destroy mutex");
    }
    munge_ctx_destroy (conf->ctx);
    free (conf->tids);
    free (conf);
    return;
}
Ejemplo n.º 10
0
/*
 * Derived from the rcmd() libc call, with modified interface.
 * Is MT-safe if gethostbyname_r is defined.  
 * Connection can time out.
 *
 *	ahost (IN)		target hostname
 *      port (IN)               port to connect to
 *	remuser (IN)		remote username
 *	cmd (IN)		remote command to execute under shell
 *	fd2p (IN)		if non NULL, return stderr file descriptor here
 *	int (RETURN)		socket for I/O on success
 */
int 
mcmd(char **ahost, int port, char *remuser, char *cmd, int *fd2p, char *munge_socket)
{
    struct sockaddr m_socket;
    struct sockaddr_in *getp;
    struct sockaddr_in sin, from;
    struct sockaddr_storage ss;
    struct hostent *h_ent = NULL;
    struct in_addr m_in;
    unsigned int rand, randl;
    unsigned int randy = 0; 
    int s, s2, rv, mcount, lport;
    char c;
    char num[6] = {0};
    char *mptr;
    char *mbuf;
    char *tmbuf;
    char *m;
    char *mpvers;
    char num_seq[12] = {0};
    socklen_t len;
    sigset_t blockme;
    sigset_t oldset;
#ifdef HAVE_GETHOSTBYNAME_R_6
    struct hostent h_entry;
    int h_ent_bsize = HBUF_LEN;
    char h_ent_buf[HBUF_LEN] = {0};
#endif
    int h_ent_err = 0;
    unsigned char *hptr;
    char haddrdot[MAXHOSTNAMELEN + MRSH_LOCALHOST_KEYLEN + 1] = {0};
    munge_ctx_t ctx;

    sigemptyset(&blockme);
    sigaddset(&blockme, SIGURG);
    sigaddset(&blockme, SIGPIPE);
    SET_PTHREAD();

    if (fd2p != NULL) { 
        /*
         * Generate a random number to send in our package to the 
         * server.  We will see it again and compare it when the
         * server sets up the stderr socket and sends it to us.
         * We need to loop for the tiny possibility we read 0 :P
         */
        int rand_fd;
          
        if ((rand_fd = open ("/dev/urandom", O_RDONLY | O_NONBLOCK)) < 0) {
            perror("mcmd: Open of /dev/urandom failed");
            exit(1);
        }
	  
        do {
            if ((rv = read (rand_fd, &randy, sizeof(uint32_t))) < 0) {
                perror("mcmd: Read of /dev/urandom failed");
                close(rand_fd);
                exit(1);
            }
            if (rv < (int) (sizeof(uint32_t))) {
                perror("mcmd: Read returned too few bytes");
                close(rand_fd);
                exit(1);
            }
        } while (randy == 0);
        
        close(rand_fd);
    }

    /* Convert to decimal string, is 0 if we don't want stderr. */
    snprintf(num_seq, sizeof(num_seq),"%d",randy);

    /*
     * Start setup of the stdin/stdout socket...
     */
    lport = 0;
    len = sizeof(struct sockaddr_in);

    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        perror("mcmd: socket call stdout failed");
        exit(1);
    }

    memset (&ss, '\0', sizeof(ss));
    ss.ss_family = AF_INET;

    if (bind(s, (struct sockaddr *)&ss, len) < 0) { 
        perror("mcmd: bind failed");
        goto bad;
    }

    sin.sin_family = AF_INET;

#ifdef HAVE_GETHOSTBYNAME_R_6
    (void) gethostbyname_r(*ahost, &h_entry, &h_ent_buf[0], 
                           h_ent_bsize, &h_ent, &h_ent_err);
#else
    h_ent = gethostbyname(*ahost);
    h_ent_err = h_errno; 
#endif
    if (h_ent == NULL) {
        switch (h_ent_err) {
            case HOST_NOT_FOUND:
                fprintf(stderr,"mcmd: Hostname not found.\n");
                goto bad;
            case NO_ADDRESS:
                fprintf(stderr,"mcmd: Can't find IP address.\n");
                goto bad;
            case NO_RECOVERY:
                fprintf(stderr,"mcmd: A non-recoverable error.\n");
                goto bad;
            case TRY_AGAIN:
                fprintf(stderr,"mcmd: Error on name server.\n");
                goto bad;
            default:
                fprintf(stderr,"mcmd: Unknown error.\n");
                goto bad;
        }
    }

    memcpy(&sin.sin_addr.s_addr, *h_ent->h_addr_list, h_ent->h_length);
    sin.sin_port = port;
    if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
        perror("mcmd: connect failed");
        goto bad;
    }

    /* save address in buffer */
    if ((strcmp(*ahost, "localhost") == 0)
        || (strcmp(*ahost, "127.0.0.1") == 0)) {
        /* Special case for localhost  */

        char hostname[MAXHOSTNAMELEN+1];

        memset(hostname, '\0', MAXHOSTNAMELEN+1);
        if (gethostname(hostname, MAXHOSTNAMELEN) < 0) {
            perror("mcmd: gethostname call failed");
            exit(1);
        }

        strncpy(haddrdot, MRSH_LOCALHOST_KEY, MRSH_LOCALHOST_KEYLEN);
        strncat(haddrdot, hostname, MAXHOSTNAMELEN);
    }
    else {
        memcpy(&m_in.s_addr, *h_ent->h_addr_list, h_ent->h_length);
        hptr = (unsigned char *) &m_in;
        sprintf(haddrdot, "%u.%u.%u.%u", hptr[0], hptr[1], hptr[2], hptr[3]);
    }

    lport = 0;
    s2 = -1;
    if (fd2p != NULL) {
        /*
         * Start the socket setup for the stderr.
         */
        struct sockaddr_in sin2;

        if ((s2 = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
            perror("mcmd: socket call for stderr failed");
            goto bad;
        }

        memset (&sin2, 0, sizeof(sin2));
        sin2.sin_family = AF_INET;
        sin2.sin_addr.s_addr = htonl(INADDR_ANY);
        sin2.sin_port = 0;
        if (bind(s2, (struct sockaddr *)&sin2, sizeof(sin2)) < 0) {
            perror("mcmd: bind failed");
            close(s2);
            goto bad;
        }
		
        len = sizeof(struct sockaddr);

        /*
         * Retrieve our port number so we can hand it to the server
         * for the return (stderr) connection...
         */
        if (getsockname(s2,&m_socket,&len) < 0) {
            perror("mcmd: getsockname failed");
            close(s2);
            goto bad;
        }

        getp = (struct sockaddr_in *)&m_socket;
        lport = ntohs(getp->sin_port);

        if (listen(s2, 5) < 0) {
            perror("mcmd: listen() failed");
            close(s2);
            goto bad;
        }
    }

    /* put port in buffer. will be 0 if user didn't want stderr */
    snprintf(num,sizeof(num),"%d",lport);

    /*
     * We call munge_encode which will take what we write in and
     * return a pointer to an munged buffer.  What we get back is
     * a null terminated string of encrypted characters.
     * 
     * The format of the unmunged buffer is as follows (each a
     * string terminated with a '\0' (null):
     *
     * stderr_port_number & random_number are 0 if user did not
     * request stderr socket
     *
     *                                     SIZE            EXAMPLE
     *                                     ==========      =============
     * remote_user_name                    variable        "mhaskell"
     * '\0'
     * protocol version                    < 12 bytes      "1.2"
     * '\0'
     * IP address of requestor [1]         7-15 bytes      "134.9.11.155" 
     * '\0'
     * stderr_port_number                  4-8 bytes       "50111"
     * '\0'
     * random_number                       1-8 bytes       "1f79ca0e"
     * '\0'
     * users_command                       variable        "ls -al"
     * '\0' '\0'
     *
     * (The last extra null is accounted for in the following
     * line's last strlen() call.)
     *
     * [1] - With the exception when 127.0.0.1 or "localhost" are
     * input by the user. In that situation, the MRSH_LOCALHOST_KEY
     * and hostname are concatenated and the size may be much larger
     * than 7-15 bytes.
     */

    mpvers = MRSH_PROTOCOL_VERSION;
    
    mcount = ((strlen(remuser)+1) + (strlen(mpvers)+1) + 
              (strlen(haddrdot)+1) + (strlen(num)+1) + 
              (strlen(num_seq)+1) + strlen(cmd)+2);
    tmbuf = mbuf = malloc(mcount);
    if (tmbuf == NULL) {
        perror("mcmd: Error from malloc");
        close(s2);
        goto bad;
    }

    /*
     * The following memset() call takes the extra trailing null
     * as part of its count as well.
     */
    memset(mbuf,0,mcount);

    mptr = strcpy(mbuf, remuser);
    mptr += strlen(remuser)+1;
    mptr = strcpy(mptr, mpvers);
    mptr += strlen(mpvers)+1;
    mptr = strcpy(mptr, haddrdot);
    mptr += strlen(haddrdot)+1;
    mptr = strcpy(mptr, num);
    mptr += strlen(num)+1;
    mptr = strcpy(mptr, num_seq);
    mptr += strlen(num_seq)+1;
    mptr = strcpy(mptr, cmd);

    if ((ctx = munge_ctx_create()) == NULL) {
        fprintf(stderr, "munge_ctx_create: %s\n", strerror(errno));
        close(s2);
        free(tmbuf);
        goto bad;
    }

    if (munge_socket) {
        if ((rv = munge_ctx_set (ctx, 
                                 MUNGE_OPT_SOCKET, 
                                 munge_socket)) != EMUNGE_SUCCESS) {
            fprintf(stderr,"munge_ctx_set: %s\n", munge_ctx_strerror(ctx));
            munge_ctx_destroy(ctx);
            close(s2);
            free(tmbuf);
            goto bad;
        }
    }

    if ((rv = munge_encode(&m,ctx,mbuf,mcount)) != EMUNGE_SUCCESS) {
        fprintf(stderr,"munge_encode: %s\n", munge_ctx_strerror(ctx));
        munge_ctx_destroy(ctx);
        close(s2);
        free(tmbuf);
        goto bad;
    }
    
    munge_ctx_destroy(ctx);

    mcount = (strlen(m)+1);

    /*
     * Write stderr port in the clear in case we can't decode for
     * some reason (i.e. bad credentials).  May be 0 if user
     * doesn't want stderr.
     */
    if (fd2p != NULL) {
        rv = fd_write_n(s, num, strlen(num)+1);
        if (rv != (ssize_t)(strlen(num)+1)) {
            free(m);
            free(tmbuf);
            if (rv == -1) {
                if (errno == EPIPE)
                    perror("mcmd: Lost connection (EPIPE)");
                else
                    perror("mcmd: Write of stderr port");
            }
            else
                fprintf(stderr, "mcmd: write incorrect number of bytes.\n");
            close(s2);
            goto bad;
        }
    }
    else {
        write(s, "", 1);
        lport = 0;
    }
    
    /*
     * Write the munge_encoded blob to the socket.
     */
    if ((rv = fd_write_n(s, m, mcount)) != mcount) {
        free(m);
        free(tmbuf);
        if (rv == -1) {
            if (errno == EPIPE)
                perror("mcmd: Lost connection (EPIPE)");
            else
                perror("mcmd: Write of munge data");
        }
        else
            fprintf(stderr, "mcmd: write incorrect number of bytes.\n");
        close(s2);
        goto bad;
    }

    free(m);
    free(tmbuf);

    if (fd2p != NULL) {
        /* 
         * Wait for stderr connection from daemon.  
         */
        int maxfd, s3; 
        fd_set reads;
        
        errno = 0;
        FD_ZERO(&reads);
        FD_SET(s, &reads);
        FD_SET(s2, &reads);
        maxfd = (s > s2) ? s : s2;
        if (select(maxfd + 1, &reads, 0, 0, 0) < 1 || !FD_ISSET(s2, &reads)) {
            if (errno != 0)
                perror("mcmd: Select failed (setting up stderr)");
            else {
                char buf[100];
                int rv = read(s, buf, 100);
                if (rv == 0)
                    fprintf(stderr, "mcmd: Connection closed by remote host.\n");
                else if (rv > 0) 
                    fprintf(stderr, "mcmd: Protocol failure in circuit setup.\n");
                else /* rv < 0 */
                    fprintf(stderr, "mcmd: %s\n", strerror(errno));
            }
            close(s2);
            goto bad;
        }

        errno = 0;
        len = sizeof(from); /* arg to accept */
        
        if ((s3 = accept(s2, (struct sockaddr *)&from, &len)) < 0) {
            perror("mcmd: accept (stderr) failed");
            close(s2);
            goto bad;
        }

        if (from.sin_family != AF_INET) {
            fprintf(stderr, "mcmd: bad family type: %d\n", from.sin_family);
            goto bad2;      
        }

        close(s2);

        /*
         * The following fixes a race condition between the daemon
         * and the client.  The daemon is waiting for a null to
         * proceed.  We do this to make sure that we have our
         * socket is up prior to the daemon running the command.
         */
        if (write(s,"",1) != 1) { 
            perror("mcmd: Could not communicate to daemon to proceed");
            close(s3);
            goto bad;
        }

        /*
         * Read from our stderr.  The server should have placed
         * our random number we generated onto this socket.
         */
        rv = fd_read_n(s3, &rand, sizeof(rand));
        if (rv <= 0) {
            if (rv == 0)
                perror("mcmd: Connection closed by remote host");
            else
                perror("mcmd: Bad read of verification number");
            close(s3);
            goto bad;
        }

        randl = ntohl(rand);
        if (randl != randy) {
            char tmpbuf[LINEBUFSIZE] = {0};
            char *tptr = &tmpbuf[0];

            memcpy(tptr,(char *) &rand,sizeof(rand));
            tptr += sizeof(rand);
            if ((fd_read_line (s3, tptr, LINEBUFSIZE - sizeof(rand))) < 0) {
                perror("mcmd: Read error from remote host");
                close(s3);
                goto bad;
            }
            /* Legacy rsh may consider the first byte an error code,
             * so don't output this byte.
             */
            if (tmpbuf[0] == '\01')
              tptr = &tmpbuf[1];
            else
              tptr = &tmpbuf[0];
            fprintf(stderr,"mcmd error returned: %s\n", tptr);
            close(s3);
            goto bad;
        }

        /*
         * Set the stderr file descriptor for the user...
         */
        *fd2p = s3;
    }

    if ((rv = read(s, &c, 1)) < 0) {
        perror("mcmd: read: protocol failure"); 
        goto bad2;
    }

    if (rv != 1) {
        fprintf(stderr, "mcmd: read: protocol failure: invalid response.\n");
        goto bad2;
    }

    if (c != '\0') {
        /* retrieve error string from remote server */
        char tmpbuf[LINEBUFSIZE];
      
        if (fd_read_line (s, &tmpbuf[0], LINEBUFSIZE ) < 0) {
            perror("mcmd: Error from remote host");
            goto bad2;
        }
        fprintf(stderr,"mcmd error returned: %s\n",&tmpbuf[0]);
        goto bad2;
    }
    RESTORE_PTHREAD();
    return (s);

 bad2:
    if (lport)
        close(*fd2p);
 bad:
    close(s);
    RESTORE_PTHREAD();
    exit(1);
}
Ejemplo n.º 11
0
int PBSD_munge_authenticate(

  int psock,  /* I */
  int handle) /* I */

  {
  int                 rc;

  munge_ctx_t         mctx = NULL;
  munge_err_t         mret = EMUNGE_SNAFU;
  char               *mcred = NULL;

  /* user id and name stuff */
  struct passwd      *pwent;
  uid_t               myrealuid;
  struct batch_reply *reply;
  unsigned short      user_port = 0;
  struct sockaddr_in  sockname;
  socklen_t           socknamelen = sizeof(sockname);
  struct tcp_chan    *chan;

  if ((mctx = munge_ctx_create()) == NULL)
    {
    return(-1);
    }

  if ((mret = munge_encode (&mcred, mctx, NULL, 0)) != EMUNGE_SUCCESS)
    {
    const char *merrmsg = NULL;
    if (!(merrmsg = munge_ctx_strerror(mctx)))
      {
      merrmsg = munge_strerror(mret);
      }

    fprintf(stderr, "munge_encode failed: %s (%d)\n", merrmsg, mret);
    munge_ctx_destroy(mctx);
    return(PBSE_MUNGE_NOT_FOUND); /*TODO more fine-grained error codes? */
    }
  
  munge_ctx_destroy(mctx);

  /* We got the certificate. Now make the PBS_BATCH_AltAuthenUser request */
  myrealuid = getuid();
  pwent = getpwuid(myrealuid);
  
  rc = getsockname(psock, (struct sockaddr *)&sockname, &socknamelen);
  
  if (rc == -1)
    {
    fprintf(stderr, "getsockname failed: %d\n", errno);
    return(-1);
    }
  
  user_port = ntohs(sockname.sin_port);
  
  if ((chan = DIS_tcp_setup(psock)) == NULL)
    {
    }
  else if ((rc = encode_DIS_ReqHdr(chan, PBS_BATCH_AltAuthenUser, pwent->pw_name)) ||
           (rc = diswui(chan, user_port)) ||
           (rc = diswst(chan, mcred)) ||
           (rc = encode_DIS_ReqExtend(chan, NULL)) ||
           (rc = DIS_tcp_wflush(chan)))
    {
    PBSD_munge_cred_destroy(&mcred);
    /* ERROR */
    return(rc);
    }
  else
    {
    int local_err = PBSE_NONE;
    PBSD_munge_cred_destroy(&mcred);
    /* read the reply */
    if ((reply = PBSD_rdrpy(&local_err, handle)) != NULL)
      free(reply);
    
    return(PBSE_NONE);
    }

  return(-1);
  }
Ejemplo n.º 12
0
/*
 * Derived from the mcmd() libc call, with modified interface.
 * This version is MT-safe.  Errors are displayed in pdsh-compat format.
 * Connection can time out.
 *      ahost (IN)              target hostname
 *      addr (IN)               4 byte internet address
 *      locuser (IN)            local username
 *      remuser (IN)            remote username
 *      cmd (IN)                remote command to execute under shell
 *      rank (IN)               not used 
 *      fd2p (IN)               if non NULL, return stderr file descriptor here
 *      int (RETURN)            -1 on error, socket for I/O on success
 *
 * Originally by Mike Haskell for mrsh, modified slightly to work with pdsh by:
 * - making mcmd always thread safe
 * - using "err" function output errors.
 * - passing in address as addr intead of calling gethostbyname
 * - using default mshell port instead of calling getservbyname
 * 
 */
static int 
mcmd(char *ahost, char *addr, char *locuser, char *remuser, char *cmd, 
        int rank, int *fd2p, void **argp)
{
    struct sockaddr m_socket;
    struct sockaddr_in *getp;
    struct sockaddr_in sin, from;
    struct sockaddr_storage ss;
    struct in_addr m_in;
    unsigned int rand, randl;
    unsigned char *hptr;
    int s, s2, rv, mcount, lport;
    char c;
    char num[6] = {0};
    char *mptr;
    char *mbuf;
    char *tmbuf;
    char *m;
    char *mpvers;
    char num_seq[12] = {0};
    socklen_t len;
    sigset_t blockme;
    sigset_t oldset;
    char haddrdot[MAXHOSTNAMELEN + MRSH_LOCALHOST_KEYLEN + 1] = {0};
    munge_ctx_t ctx;
    struct xpollfd xpfds[2];

    memset (xpfds, 0, sizeof (xpfds));
    memset (&sin, 0, sizeof (sin));

    sigemptyset(&blockme);
    sigaddset(&blockme, SIGURG);
    sigaddset(&blockme, SIGPIPE);
    SET_PTHREAD();

    /* Convert randy to decimal string, 0 if we dont' want stderr */
    if (fd2p != NULL)
        snprintf(num_seq, sizeof(num_seq),"%d",randy);
    else
        snprintf(num_seq, sizeof(num_seq),"%d",0);

    /*
     * Start setup of the stdin/stdout socket...
     */
    lport = 0;
    len = sizeof(struct sockaddr_in);

    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        err("%p: %S: mcmd: socket call stdout failed: %m\n", ahost);
        EXIT_PTHREAD();
    }

    memset (&ss, '\0', sizeof(ss));
    ss.ss_family = AF_INET;

    if (bind(s, (struct sockaddr *)&ss, len) < 0) {
        err("%p: %S: mcmd: bind failed: %m\n", ahost);
        goto bad;
    }

    sin.sin_family = AF_INET;

    memcpy(&sin.sin_addr.s_addr, addr, IP_ADDR_LEN); 

    sin.sin_port = htons(MRSH_PORT);
    if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
        err("%p: %S: mcmd: connect failed: %m\n", ahost);
        goto bad;
    }

    lport = 0;
    s2 = -1;
    if (fd2p != NULL) {
        /*
         * Start the socket setup for the stderr.
         */
        struct sockaddr_in sin2;

        if ((s2 = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
            err("%p: %S: mcmd: socket call for stderr failed: %m\n", ahost);
            goto bad;
        }

        memset (&sin2, 0, sizeof(sin2));
        sin2.sin_family = AF_INET;
        sin2.sin_addr.s_addr = htonl(INADDR_ANY);
        sin2.sin_port = 0;
        if (bind(s2,(struct sockaddr *)&sin2, sizeof(sin2)) < 0) {
            err("%p: %S: mcmd: bind failed: %m\n", ahost);
            close(s2);
            goto bad;
        }

        len = sizeof(struct sockaddr);

        /*
         * Retrieve our port number so we can hand it to the server
         * for the return (stderr) connection...
         */

        /* getsockname is thread safe */
        if (getsockname(s2,&m_socket,&len) < 0) {
            err("%p: %S: mcmd: getsockname failed: %m\n", ahost);
            close(s2);
            goto bad;
        }

        getp = (struct sockaddr_in *)&m_socket;
        lport = ntohs(getp->sin_port);

        if (listen(s2, 5) < 0) {
            err("%p: %S: mcmd: listen() failed: %m\n", ahost);
            close(s2);
            goto bad;
        }
    }

    /* put port in buffer. will be 0 if user didn't want stderr */
    snprintf(num,sizeof(num),"%d",lport);

    /* 
     * Use special keyed string if target is localhost, otherwise,
     *  encode the IP addr string.
     */
    if (!encode_localhost_string (ahost, haddrdot, sizeof (haddrdot))) {
        /* inet_ntoa is not thread safe, so we use the following, 
         * which is more or less ripped from glibc
         */
        memcpy(&m_in.s_addr, addr, IP_ADDR_LEN);
        hptr = (unsigned char *)&m_in;
        sprintf(haddrdot, "%u.%u.%u.%u", hptr[0], hptr[1], hptr[2], hptr[3]);
    }

    /*
     * We call munge_encode which will take what we write in and return a
     * pointer to an munged buffer.  What we get back is a null terminated
     * string of encrypted characters.
     * 
     * The format of the unmunged buffer is as follows (each a string terminated 
     * with a '\0' (null):
     *
     * stderr_port_number & /dev/urandom_client_produce_number are 0
     * if user did not request stderr socket
     *                                            SIZE            EXAMPLE
     *                                            ==========      =============
     * remote_user_name                           variable        "mhaskell"
     * '\0'
     * protocol version                           < 12 bytes      "1.2"
     * '\0'
     * dotted_decimal_address_of_this_server      7-15 bytes      "134.9.11.155"
     * '\0'
     * stderr_port_number                         4-8 bytes       "50111"
     * '\0'
     * /dev/urandom_client_produced_number        1-8 bytes       "1f79ca0e"
     * '\0'
     * users_command                              variable        "ls -al"
     * '\0' '\0'
     *
     * (The last extra null is accounted for in the following line's 
     *  last strlen() call.)
     *
     */

    mpvers = MRSH_PROTOCOL_VERSION;

    mcount = ((strlen(remuser)+1) + (strlen(mpvers)+1) + 
              (strlen(haddrdot)+1) + (strlen(num)+1) + 
              (strlen(num_seq)+1) + strlen(cmd)+2);

    tmbuf = mbuf = malloc(mcount);
    if (tmbuf == NULL) {
        err("%p: %S: mcmd: Error from malloc\n", ahost);
        close(s2);
        goto bad;
    }

    /*
     * The following memset() call takes the extra trailing null as
     * part of its count as well.
     */
    memset(mbuf,0,mcount);

    mptr = strcpy(mbuf, remuser);
    mptr += strlen(remuser)+1;
    mptr = strcpy(mptr, mpvers);
    mptr += strlen(mpvers)+1;
    mptr = strcpy(mptr, haddrdot);
    mptr += strlen(haddrdot)+1;
    mptr = strcpy(mptr, num);
    mptr += strlen(num)+1;
    mptr = strcpy(mptr, num_seq);
    mptr += strlen(num_seq)+1;
    mptr = strcpy(mptr, cmd);

    ctx = munge_ctx_create();

    if ((rv = munge_encode(&m,ctx,mbuf,mcount)) != EMUNGE_SUCCESS) {
        err("%p: %S: mcmd: munge_encode: %s\n", ahost, munge_ctx_strerror(ctx));
        munge_ctx_destroy(ctx);
        if (s2 >= 0) 
            close(s2);
        free(tmbuf);
        goto bad;
    }

    munge_ctx_destroy(ctx);

    mcount = (strlen(m)+1);

    /*
     * Write stderr port in the clear in case we can't decode for
     * some reason (i.e. bad credentials).  May be 0 if user 
     * doesn't want stderr
     */
    if (fd2p != NULL) {
        rv = fd_write_n(s, num, strlen(num)+1);
        if (rv != (strlen(num) + 1)) {
            free(m);
            free(tmbuf);
            if (errno == EPIPE)
                err("%p: %S: mcmd: Lost connection (EPIPE): %m", ahost);
            else
                err("%p: %S: mcmd: Write of stderr port failed: %m\n", ahost);
            close(s2);
            goto bad;
        }
    } else {
        write(s, "", 1);
        lport = 0;
    }

    /*
     * Write the munge_encoded blob to the socket.
     */
    rv = fd_write_n(s, m, mcount);
    if (rv != mcount) {
        free(m);
        free(tmbuf);
        if (errno == EPIPE)
            err("%p: %S: mcmd: Lost connection: %m\n", ahost);
        else
            err("%p: %S: mcmd: Write to socket failed: %m\n", ahost);
        close(s2);
        goto bad;
    }

    free(m);
    free(tmbuf);

    if (fd2p != NULL) {
        /*
         * Wait for stderr connection from daemon.
         */
        int s3;

        errno = 0;
        xpfds[0].fd = s;
        xpfds[1].fd = s2;
        xpfds[0].events = xpfds[1].events = XPOLLREAD;
        if (  ((rv = xpoll(xpfds, 2, -1)) < 0) 
            || rv != 1 
            || (xpfds[0].revents > 0)) {
            if (errno != 0)
                err("%p: %S: mcmd: xpoll (setting up stderr): %m\n", ahost);
            else
                err("%p: %S: mcmd: xpoll: protocol failure in circuit setup\n",
                     ahost);
            (void) close(s2);
            goto bad;
        }

        errno = 0;
        len = sizeof(from); /* arg to accept */

        if ((s3 = accept(s2, (struct sockaddr *)&from, &len)) < 0) {
            err("%p: %S: mcmd: accept (stderr) failed: %m\n", ahost);
            close(s2);
            goto bad;
        }

        if (from.sin_family != AF_INET) {
            err("%p: %S: mcmd: bad family type: %d\n", ahost, from.sin_family);
            goto bad2;
        }

        close(s2);

        /*
         * The following fixes a race condition between the daemon
         * and the client.  The daemon is waiting for a null to
         * proceed.  We do this to make sure that we have our
         * socket is up prior to the daemon running the command.
         */
        if (write(s,"",1) < 0) {
            err("%p: %S: mcmd: Could not communicate to daemon to proceed: %m\n", ahost);
            close(s3);
            goto bad;
        }

        /*
         * Read from our stderr.  The server should have placed our
         * random number we generated onto this socket.
         */
        rv = fd_read_n(s3, &rand, sizeof(rand));
        if (rv != (ssize_t) (sizeof(rand))) {
            err("%p: %S: mcmd: Bad read of expected verification "
                    "number off of stderr socket: %m\n", ahost);
            close(s3);
            goto bad;
        }

        randl = ntohl(rand);
        if (randl != randy) {
            char tmpbuf[LINEBUFSIZE] = {0};
            char *tptr = &tmpbuf[0];

            memcpy(tptr,(char *) &rand,sizeof(rand));
            tptr += sizeof(rand);
            if (fd_read_line (s3, tptr, LINEBUFSIZE) < 0)
                err("%p: %S: mcmd: Read error from remote host: %m\n", ahost);
            else
                err("%p: %S: mcmd: Error: %s\n", ahost, &tmpbuf[0]);
            close(s3);
            goto bad;
        }

        /*
         * Set the stderr file descriptor for the user...
         */
        *fd2p = s3;
    }

    if ((rv = read(s, &c, 1)) < 0) {
        err("%p: %S: mcmd: read: protocol failure: %m\n", ahost);
        goto bad2;
    }

    if (rv != 1) {
        err("%p: %S: mcmd: read: protocol failure: invalid response\n", ahost);
        goto bad2;
    }

    if (c != '\0') {
        /* retrieve error string from remote server */
        char tmpbuf[LINEBUFSIZE];

        if (fd_read_line (s, &tmpbuf[0], LINEBUFSIZE) < 0)
            err("%p: %S: mcmd: Error from remote host\n", ahost);
        else
            err("%p: %S: mcmd: Error: %s\n", ahost, tmpbuf);
        goto bad2;
    }
    RESTORE_PTHREAD();

    return (s);

bad2:
    if (lport)
        close(*fd2p);
bad:
    close(s);
    EXIT_PTHREAD();
}
extern void
crypto_destroy_key(void *key)
{
	munge_ctx_destroy((munge_ctx_t) key);
	return;
}
Ejemplo n.º 14
0
/*
 * Decode the munge encoded credential `m_str' placing results, if validated,
 * into slurm credential `c'
 */
static int
_decode_cred(slurm_auth_credential_t *c, char *socket)
{
	int retry = 2;
	munge_err_t e;
	munge_ctx_t ctx;

	if (c == NULL)
		return SLURM_ERROR;

	xassert(c->magic == MUNGE_MAGIC);

	if (c->verified)
		return SLURM_SUCCESS;

	if ((ctx = munge_ctx_create()) == NULL) {
		error("munge_ctx_create failure");
		return SLURM_ERROR;
	}
	if (socket &&
	    (munge_ctx_set(ctx, MUNGE_OPT_SOCKET, socket) != EMUNGE_SUCCESS)) {
		error("munge_ctx_set failure");
		munge_ctx_destroy(ctx);
		return SLURM_ERROR;
	}

    again:
	c->buf = NULL;
	e = munge_decode(c->m_str, ctx, &c->buf, &c->len, &c->uid, &c->gid);
	if (e != EMUNGE_SUCCESS) {
		if (c->buf) {
			free(c->buf);
			c->buf = NULL;
		}
		if ((e == EMUNGE_SOCKET) && retry--) {
			error ("Munge decode failed: %s (retrying ...)",
				munge_ctx_strerror(ctx));
#ifdef MULTIPLE_SLURMD
			sleep(1);
#endif
			goto again;
		}
#ifdef MULTIPLE_SLURMD
		/* In multple slurmd mode this will happen all the
		 * time since we are authenticating with the same
		 * munged.
		 */
		if (e != EMUNGE_CRED_REPLAYED) {
#endif
			/*
			 *  Print any valid credential data
			 */
			error ("Munge decode failed: %s",
			       munge_ctx_strerror(ctx));
			_print_cred(ctx);
			if (e == EMUNGE_CRED_REWOUND)
				error("Check for out of sync clocks");

			c->cr_errno = e + MUNGE_ERRNO_OFFSET;
#ifdef MULTIPLE_SLURMD
		} else {
			debug2("We had a replayed cred, "
			       "but this is expected in multiple "
			       "slurmd mode.");
			e = 0;
		}
#endif
		goto done;
	}

	c->verified = true;

     done:
	munge_ctx_destroy(ctx);
	return e ? SLURM_ERROR : SLURM_SUCCESS;
}
Ejemplo n.º 15
0
/*
 * Allocate a credential.  This function should return NULL if it cannot
 * allocate a credential.  Whether the credential is populated with useful
 * data at this time is implementation-dependent.
 */
slurm_auth_credential_t *
slurm_auth_create( void *argv[], char *socket )
{
	int retry = 2;
	slurm_auth_credential_t *cred = NULL;
	munge_err_t e = EMUNGE_SUCCESS;
	munge_ctx_t ctx = munge_ctx_create();
	SigFunc *ohandler;

	if (ctx == NULL) {
		error("munge_ctx_create failure");
		return NULL;
	}

#if 0
	/* This logic can be used to determine what socket is used by default.
	 * A typical name is "/var/run/munge/munge.socket.2" */
{
	char *old_socket;
	if (munge_ctx_get(ctx, MUNGE_OPT_SOCKET, &old_socket) != EMUNGE_SUCCESS)
		error("munge_ctx_get failure");
	else
		info("Default Munge socket is %s", old_socket);
}
#endif
	if (socket &&
	    (munge_ctx_set(ctx, MUNGE_OPT_SOCKET, socket) != EMUNGE_SUCCESS)) {
		error("munge_ctx_set failure");
		munge_ctx_destroy(ctx);
		return NULL;
	}

	cred = xmalloc(sizeof(*cred));
	cred->verified = false;
	cred->m_str    = NULL;
	cred->buf      = NULL;
	cred->len      = 0;
	cred->cr_errno = SLURM_SUCCESS;

	xassert(cred->magic = MUNGE_MAGIC);

	/*
	 *  Temporarily block SIGALARM to avoid misleading
	 *    "Munged communication error" from libmunge if we
	 *    happen to time out the connection in this secion of
	 *    code.
	 */
	ohandler = xsignal(SIGALRM, SIG_BLOCK);

    again:
	e = munge_encode(&cred->m_str, ctx, cred->buf, cred->len);
	if (e != EMUNGE_SUCCESS) {
		if ((e == EMUNGE_SOCKET) && retry--) {
			error ("Munge encode failed: %s (retrying ...)",
				munge_ctx_strerror(ctx));
#ifdef MULTIPLE_SLURMD
			sleep(1);
#endif
			goto again;
		}

		error("Munge encode failed: %s", munge_ctx_strerror(ctx));
		xfree( cred );
		cred = NULL;
		plugin_errno = e + MUNGE_ERRNO_OFFSET;
	}

	xsignal(SIGALRM, ohandler);

	munge_ctx_destroy(ctx);

	return cred;
}
Ejemplo n.º 16
0
ImageGwState *queryGateway(char *baseUrl, char *type, char *tag, struct options *config, UdiRootConfig *udiConfig) {
    const char *modeStr = NULL;
    if (config->mode == MODE_LOOKUP) {
        modeStr = "lookup";
    } else if (config->mode == MODE_PULL || config->mode == MODE_PULL_NONBLOCK) {
        modeStr = "pull";
    } else if (config->mode == MODE_IMAGES) {
        modeStr = "list";
    } else {
        modeStr = "invalid";
    }
    const char *url = NULL;
    if (tag != NULL) {
        url = alloc_strgenf("%s/api/%s/%s/%s/%s/", baseUrl, modeStr, udiConfig->system, type, tag);
    } else {
        url = alloc_strgenf("%s/api/%s/%s/", baseUrl, modeStr, udiConfig->system);
    }
    CURL *curl = NULL;
    CURLcode err;
    char *cred = NULL;
    struct curl_slist *headers = NULL;
    char *authstr = NULL;
    ImageGwState *imageGw = (ImageGwState *) malloc(sizeof(ImageGwState));
    memset(imageGw, 0, sizeof(ImageGwState));

    curl = curl_easy_init();
    curl_easy_setopt(curl, CURLOPT_URL, url);

    munge_ctx_t ctx = munge_ctx_create();
    munge_encode(&cred, ctx, "", 0); 
    authstr = alloc_strgenf("authentication:%s", cred);
    if (authstr == NULL) {
        exit(1);
    }
    free(cred);
    munge_ctx_destroy(ctx);

    headers = curl_slist_append(headers, authstr);
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);

    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, handleResponseHeader);
    curl_easy_setopt(curl, CURLOPT_HEADERDATA, imageGw);

    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, handleResponseData);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, imageGw);

    if (config->mode == MODE_PULL || config->mode == MODE_PULL_NONBLOCK) {
        curl_easy_setopt(curl, CURLOPT_POST, 1);
        curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "");
    }

    if (udiConfig->gatewayTimeout > 0) {
        curl_easy_setopt(curl, CURLOPT_TIMEOUT, udiConfig->gatewayTimeout);
    }

    err = curl_easy_perform(curl);
    if (err) {
        printf("err %d\n", err);
        return NULL;
    }
    long http_code = 0;
    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
    curl_easy_cleanup(curl);

    if (http_code == 200) {
        if (imageGw->messageComplete) {
            if (config->verbose) {
                printf("Message: %s\n", imageGw->message);
            }
            if (config->mode == MODE_LOOKUP) {
                ImageGwImageRec *image = parseLookupResponse(imageGw);
                if (image != NULL) {
                    printf("%s\n", image->identifier);
                }
                free_ImageGwImageRec(image, 1);
            } else if (config->mode == MODE_PULL_NONBLOCK) {
                time_t curr_timet = time(NULL);
                struct tm *curr = localtime(&curr_timet);
                char timebuf[128];
                strftime(timebuf, 128, "%Y-%m-%dT%H:%M:%S", curr);
                ImageGwImageRec *image = parsePullResponse(imageGw);
                if (image != NULL) {

                    printf("%s%s Pulling Image: %s:%s, status: %s%s",
                            config->verbose ? "" : "\r\x1b[2K",
                            timebuf, config->rawtype, config->rawtag, image->status,
                            config->verbose ? "\n" : "");
                    fflush(stdout);
                    if (strcmp(image->status, "MISSING") == 0 ||
                        strcmp(image->status, "INIT") == 0 ||
                        strcmp(image->status, "PENDING") == 0 ||
                        strcmp(image->status, "PULLING") == 0 ||
                        strcmp(image->status, "EXAMINATION") == 0 ||
                        strcmp(image->status, "CONVERSION") == 0 || 
                        strcmp(image->status, "TRANSFER") == 0) {
                        free_ImageGwImageRec(image, 1);
                        return imageGw;
                    } else {
                        printf("\n");
                        free_ImageGwImageRec(image, 1);
                        free_ImageGwState(imageGw);
                        return NULL;
                    }
                } else {
                    free_ImageGwState(imageGw);
                    return NULL;
                }
            } else if (config->mode == MODE_PULL) {
                ImageGwImageRec *image = parsePullResponse(imageGw);
                if (image != NULL) {
                    for ( ; ; ) {
                        usleep(500000);
                        config->mode = MODE_PULL_NONBLOCK;
                        /* query again */
                        ImageGwState *gwState = queryGateway(baseUrl, type, tag, config, udiConfig);
                        if (gwState == NULL) break;
                        free_ImageGwState(gwState);
                        config->mode = MODE_PULL;
                    }
                }
            } else if (config->mode == MODE_IMAGES) {
                ImageGwImageRec **images = parseImagesResponse(imageGw);
                if (images != NULL && *images != NULL) {
                    size_t count = 0;
                    size_t lidx = 0;
                    ImageGwImageRec **ptr = images;
                    for (ptr = images; ptr != NULL && *ptr != NULL; ptr++) {
                        ImageGwImageRec *image = *ptr;
                        char **tagPtr = image->tag;
                        while (tagPtr && *tagPtr) {
                            count++;
                            tagPtr++;
                        }
                    }
                    ImageGwImageRec *limages = (ImageGwImageRec *) malloc(sizeof(ImageGwImageRec) * count);
                    for (ptr = images; ptr != NULL && *ptr != NULL; ptr++) {
                        ImageGwImageRec *image = *ptr;
                        char **tagPtr = image->tag;
                        while (tagPtr && *tagPtr) {
                            memcpy(&(limages[lidx]), image, sizeof(ImageGwImageRec));
                            limages[lidx].tag = (char **) malloc(sizeof(char *) * 1);
                            limages[lidx].tag[0] = *tagPtr;
                            lidx++;
                            tagPtr++;
                        }
                    }
                    qsort(limages, count, sizeof(ImageGwImageRec), imgCompare);
                    for (lidx = 0; lidx < count; lidx++) {
                        ImageGwImageRec *image = &(limages[lidx]);
                        char *tag = image->tag[0];
                        time_t pull_time = image->last_pull;
                        struct tm time_struct;
                        char time_str[100];
                        memset(&time_struct, 0, sizeof(struct tm));
                        if (localtime_r(&pull_time, &time_struct) == NULL) {
                            /* if above generated an error, re-zero so we display obvious nonsense */
                            memset(&time_struct, 0, sizeof(struct tm));
                        }
                        strftime(time_str, 100, "%Y-%m-%dT%H:%M:%S", &time_struct);

                        printf("%-10s %-10s %-8s %-.10s   %s %-30s\n", image->system, image->type, image->status, image->identifier, time_str, tag);
                    }
                }
                if (images != NULL) {
                    free(images);
                }
            }
        }
    } else {
        if (config->verbose) {
            printf("Got response: %ld\nMessage: %s\n", http_code, imageGw->message);
        }
        free_ImageGwState(imageGw);
        return NULL;
    }

    return imageGw;
}