int authorize_socket(
int local_socket,
std::string &message,
char *msg_buf,
char **server_name_ptr,
char **user_name_ptr,
std::string &err_msg)
{
int rc;
bool disconnect_svr = true;
int server_port;
int auth_type = 0;
int svr_sock = -1;
int user_pid = 0;
int user_sock = 0;
int trq_server_addr_len = 0;
char *trq_server_addr = NULL;
const char *className = "trqauthd";
/* incoming message format is:
* trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
* message format to pbs_server is:
* +2+22+492+user+sock+0
* format from pbs_server is:
* +2+2+0+0+1
* outgoing message format is:
* #|msg_len|message|
* Send response to client here!!
* Disconnect message to svr:
* +2+22+592+{user_len}{user}
*
* msg to client in the case of success:
* 0|0||
*/
if ((rc = parse_request_client(local_socket, server_name_ptr, &server_port, &auth_type, user_name_ptr, &user_pid, &user_sock)) != PBSE_NONE)
{
if (*server_name_ptr != NULL)
free(*server_name_ptr);
if (*user_name_ptr != NULL)
free(*user_name_ptr);
return(rc);
}
else
{
int retries = 0;
char *server_name = *server_name_ptr;
while (retries < MAX_RETRIES)
{
rc = PBSE_NONE;
disconnect_svr = true;
if ((rc = validate_user(local_socket, *user_name_ptr, user_pid, msg_buf)) != PBSE_NONE)
{
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
disconnect_svr = false;
retries++;
usleep(20000);
continue;
}
else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
{
disconnect_svr = false;
retries++;
usleep(20000);
continue;
}
else if ((svr_sock = socket_get_tcp_priv()) < 0)
{
rc = PBSE_SOCKET_FAULT;
disconnect_svr = false;
retries++;
usleep(10000);
continue;
}
else if ((rc = socket_connect(svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, err_msg)) != PBSE_NONE)
{
/* for now we only need ssh_key and sign_key as dummys */
char *ssh_key = NULL;
char *sign_key = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
validate_server(server_name, server_port, ssh_key, &sign_key);
sprintf(log_buf, "Active server is %s", active_pbs_server);
log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
disconnect_svr = false;
socket_close(svr_sock);
retries++;
usleep(50000);
continue;
}
else if ((rc = build_request_svr(auth_type, *user_name_ptr, user_sock, message)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = false;
retries++;
usleep(50000);
continue;
}
else if (message.size() <= 0)
{
socket_close(svr_sock);
disconnect_svr = false;
rc = PBSE_INTERNAL;
retries++;
usleep(50000);
continue;
}
else if ((rc = socket_write(svr_sock, message.c_str(), message.size())) != (int)message.size())
{
socket_close(svr_sock);
disconnect_svr = false;
rc = PBSE_SOCKET_WRITE;
retries++;
usleep(50000);
continue;
}
else if ((rc = parse_response_svr(svr_sock, err_msg)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = false;
retries++;
usleep(50000);
continue;
}
else
{
/* Success case */
message = "0|0||";
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
server_name, server_port, user_sock);
}
sprintf(msg_buf,
"User %s at IP:port %s:%d logged in", *user_name_ptr, server_name, server_port);
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
break;
}
}
if (disconnect_svr == true)
{
send_svr_disconnect(svr_sock, *user_name_ptr);
socket_close(svr_sock);
}
if (trq_server_addr != NULL)
free(trq_server_addr);
return(rc);
} // END authorize_socket()
void *process_svr_conn(
void *sock)
{
char *className = "trqauthd";
int rc = PBSE_NONE;
char *server_name = NULL;
int server_port = 0;
int auth_type = 0;
char *user_name = NULL;
int user_sock = 0;
char *error_msg = NULL;
char *send_message = NULL;
int send_len = 0;
char *trq_server_addr = NULL;
int trq_server_addr_len = 0;
int disconnect_svr = TRUE;
int svr_sock = 0;
int msg_len = 0;
int debug_mark = 0;
int local_socket = *(int *)sock;
char msg_buf[1024];
/* incoming message format is:
* trq_system_len|trq_system|trq_port|Validation_type|user_len|user|psock|
* message format to pbs_server is:
* +2+22+492+user+sock+0
* format from pbs_server is:
* +2+2+0+0+1
* outgoing message format is:
* #|msg_len|message|
* Send response to client here!!
* Disconnect message to svr:
* +2+22+592+{user_len}{user}
*
* msg to client in the case of success:
* 0|0||
*/
if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_sock)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 1;
}
else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 2;
}
else if ((svr_sock = socket_get_tcp_priv()) < 0)
{
rc = PBSE_SOCKET_FAULT;
disconnect_svr = FALSE;
debug_mark = 3;
}
else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 4;
socket_close(svr_sock);
}
else if ((rc = build_request_svr(auth_type, user_name, user_sock, &send_message)) != PBSE_NONE)
{
socket_close(svr_sock);
debug_mark = 5;
}
else if ((send_len = ((send_message == NULL)?0:strlen(send_message)) ) <= 0)
{
socket_close(svr_sock);
rc = PBSE_INTERNAL;
debug_mark = 6;
}
else if ((rc = socket_write(svr_sock, send_message, send_len)) != send_len)
{
socket_close(svr_sock);
rc = PBSE_SOCKET_WRITE;
debug_mark = 7;
}
else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE)
{
socket_close(svr_sock);
debug_mark = 8;
}
else
{
/* Success case */
if (send_message != NULL)
free(send_message);
send_message = (char *)calloc(1, 6);
if(send_message != NULL)
strcat(send_message, "0|0||");
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d logged in", user_name, server_name, server_port);
log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
if (rc != PBSE_NONE)
{
/* Failure case */
if (send_message != NULL)
free(send_message);
msg_len = 6 + 1 + 6 + 1 + 1;
if (error_msg == NULL)
error_msg = strdup(pbse_to_txt(rc));
msg_len += strlen(error_msg);
send_message = (char *)calloc(1, msg_len);
if(send_message != NULL)
snprintf(send_message, msg_len, "%d|%d|%s|", rc, (int)strlen(error_msg), error_msg);
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d login attempt failed --%s", user_name, server_name, server_port, error_msg);
log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
if(send_message != NULL)
rc = socket_write(local_socket, send_message, strlen(send_message));
if (TRUE == disconnect_svr)
{
send_svr_disconnect(svr_sock, user_name);
socket_close(svr_sock);
}
if (trq_server_addr != NULL)
free(trq_server_addr);
if (server_name != NULL)
free(server_name);
if (user_name != NULL)
free(user_name);
if (error_msg != NULL)
free(error_msg);
if (send_message != NULL)
free(send_message);
socket_close(local_socket);
free(sock);
return(NULL);
} /* END process_svr_conn() */
void *process_svr_conn(
void *sock)
{
const char *className = "trqauthd";
int rc = PBSE_NONE;
char *server_name = NULL;
int server_port = 0;
int auth_type = 0;
char *user_name = NULL;
int user_pid = 0;
int user_sock = 0;
char *error_msg = NULL;
std::string message;
int send_len = 0;
char *trq_server_addr = NULL;
int trq_server_addr_len = 0;
int svr_sock = -1;
int msg_len = 0;
int debug_mark = 0;
int local_socket = *(int *)sock;
char msg_buf[1024];
long long req_type; /* Type of request coming in */
rc = socket_read_num(local_socket, &req_type);
if (rc == PBSE_NONE)
{
switch (req_type)
{
case TRQ_DOWN_TRQAUTHD:
{
rc = parse_terminate_request(local_socket, &user_name, &user_pid);
if (rc != PBSE_NONE)
break;
/* root is the only user that can terminate trqauthd */
if (strcmp(user_name, "root"))
{
rc = PBSE_PERM;
break;
}
rc = validate_user(local_socket, user_name, user_pid, msg_buf);
if (rc == PBSE_NONE)
{
trqauthd_up = false;
rc = build_active_server_response(message);
}
break;
}
case TRQ_PING_SERVER:
case TRQ_GET_ACTIVE_SERVER:
{
/* rc will get evaluated after the switch statement. */
rc = build_active_server_response(message);
break;
}
case TRQ_VALIDATE_ACTIVE_SERVER:
{
if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE)
{
break;
}
else if ((rc = build_active_server_response(message)) != PBSE_NONE)
{
break;
}
break;
}
case TRQ_AUTH_CONNECTION:
{
int disconnect_svr = TRUE;
/* incoming message format is:
* trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
* message format to pbs_server is:
* +2+22+492+user+sock+0
* format from pbs_server is:
* +2+2+0+0+1
* outgoing message format is:
* #|msg_len|message|
* Send response to client here!!
* Disconnect message to svr:
* +2+22+592+{user_len}{user}
*
* msg to client in the case of success:
* 0|0||
*/
if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_pid, &user_sock)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 1;
}
else
{
int retries = 0;
while (retries < MAX_RETRIES)
{
rc = PBSE_NONE;
disconnect_svr = TRUE;
if ((rc = validate_user(local_socket, user_name, user_pid, msg_buf)) != PBSE_NONE)
{
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
disconnect_svr = FALSE;
debug_mark = 1;
retries++;
usleep(20000);
continue;
}
else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 2;
retries++;
usleep(20000);
continue;
}
else if ((svr_sock = socket_get_tcp_priv()) < 0)
{
rc = PBSE_SOCKET_FAULT;
disconnect_svr = FALSE;
debug_mark = 3;
retries++;
usleep(10000);
continue;
}
else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE)
{
/* for now we only need ssh_key and sign_key as dummys */
char *ssh_key = NULL;
char *sign_key = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
validate_server(server_name, server_port, ssh_key, &sign_key);
sprintf(log_buf, "Active server is %s", active_pbs_server);
log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
disconnect_svr = FALSE;
debug_mark = 4;
socket_close(svr_sock);
retries++;
usleep(50000);
continue;
}
else if ((rc = build_request_svr(auth_type, user_name, user_sock, message)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
debug_mark = 5;
retries++;
usleep(50000);
continue;
}
else if ((send_len = message.length()) <= 0)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
rc = PBSE_INTERNAL;
debug_mark = 6;
retries++;
usleep(50000);
continue;
}
else if ((rc = socket_write(svr_sock, message.c_str(), send_len)) != send_len)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
rc = PBSE_SOCKET_WRITE;
debug_mark = 7;
retries++;
usleep(50000);
continue;
}
else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
debug_mark = 8;
retries++;
usleep(50000);
continue;
}
else
{
/* Success case */
message = "0|0||";
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
server_name, server_port, user_sock);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d logged in", user_name, server_name, server_port);
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
break;
}
}
if (TRUE == disconnect_svr)
{
send_svr_disconnect(svr_sock, user_name);
socket_close(svr_sock);
}
break;
}
default:
rc = PBSE_IVALREQ;
break;
}
}
else
{
sprintf(msg_buf, "socket_read_num failed: %d", rc);
log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
}
#ifdef UNIT_TEST
/* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c
to discover the status of unit test calls to process_svr_conn
*/
process_svr_conn_rc = rc;
#endif
if (rc != PBSE_NONE)
{
/* Failure case */
msg_len = 6 + 1 + 6 + 1 + 1;
if (error_msg == NULL)
{
char *tmp_err = pbse_to_txt(rc);
if (tmp_err != NULL)
error_msg = strdup(tmp_err);
else
error_msg = strdup("");
}
msg_len += strlen(error_msg);
message = string_format("%d|%d|%s|",rc,strlen(error_msg),error_msg);
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d login attempt failed --%s",
(user_name) ? user_name : "null",
(server_name) ? server_name : "null", server_port,
(error_msg) ? error_msg : "null");
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
if (message.length() != 0)
rc = socket_write(local_socket, message.c_str(), message.length());
if (trq_server_addr != NULL)
free(trq_server_addr);
if (server_name != NULL)
free(server_name);
if (user_name != NULL)
free(user_name);
if (error_msg != NULL)
free(error_msg);
socket_close(local_socket);
free(sock);
return(NULL);
} /* END process_svr_conn() */
