bool verify_and_process_request(InputRqParsingOutput& data)
{
  processing_error_occured = false;
  error_code = ERROR_NONE;

  return verify_request(data) && process_request(data);
}
Ejemplo n.º 2
0
static void
client_recv_cb(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf) {
    struct client_context *client = stream->data;
    struct remote_context *remote = client->remote;
    int clen;

    if (nread > 0) {
        reset_timer(remote);
        uv_read_stop(&client->handle.stream);

        switch (client->stage) {
        case XSTAGE_HANDSHAKE:
            if (verify_methods(buf->base, nread)) {
                handshake(client);
            } else {
                logger_log(LOG_ERR, "invalid method packet");
                close_client(client);
                close_remote(remote);
            }

            break;

        case XSTAGE_REQUEST:
            if (verify_request(buf->base, nread)) {
                request_start(client, buf->base);
            } else {
                logger_log(LOG_ERR, "invalid request packet");
                close_client(client);
                close_remote(remote);
            }

            break;

        case XSTAGE_FORWARD:
            clen = nread + PRIMITIVE_BYTES;
            uint8_t *c = client->buf + HEADER_BYTES;
            int rc = crypto_encrypt(c, (uint8_t*)buf->base, nread);
            if (rc) {
                logger_log(LOG_ERR, "encrypt failed");
                close_client(client);
                close_remote(remote);
            }
            forward_to_remote(remote, c, clen);

            break;

        default:
            break;
        }

    } else if (nread < 0) {
        if (nread != UV_EOF) {
            char addrbuf[INET6_ADDRSTRLEN + 1] = {0};
            uint16_t port = ip_name(&client->addr, addrbuf, sizeof addrbuf);
            logger_log(LOG_ERR, "receive from %s:%d failed: %s", addrbuf, port, uv_strerror(nread));
        }
        close_client(client);
        close_remote(remote);
    }
}
Ejemplo n.º 3
0
//##############################################################################
//##############################################################################
bool
RequestQueueClient::request(const Request& req, Ack& ack)
{
    RANGE_LOG_TIMED_FUNCTION();
    if (! verify_request(req)) {
        throw MqueueException("invalid request");
    }

    ack_queue.flush(); /* Ensure ack queue is empty; ack_queue is specific for this thread
                          so we should be the only consumer; any garbage left in the 
                          ack_queue is from a previously expired request */

    if (! sending_queue.send(req.SerializeAsString())) {
        return false;
    }
    std::string ack_payload = ack_queue.receive();
    if (ack_payload.size() > 0) {
        if(! ack.ParseFromString(ack_payload)) {
            return false;
        }
        if(ack.request_id() != req.request_id()) {
            return false;
        }
        if(ack.client_id() != req.client_id()) {
            return false;
        }
        return true;
    }
    return false;
}
bool verify_and_process_request(InputRqParsingOutput& data)
{
  error_code = ERROR_NONE;

  bool ok = verify_request(data) && process_request(data);
  
  return ok;
}
Ejemplo n.º 5
0
//##############################################################################
//##############################################################################
bool
RequestQueueListener::receive(Request& req)
{
    //BOOST_LOG_FUNCTION();
    std::string msg = receiving_queue.receive();
    if (msg.size() > 0) {
        if (! req.ParseFromString(msg)) {
            return false;
        }
        if (! verify_request(req)) {
            return false;
        }
        return true;
    }
    return false;
}
Ejemplo n.º 6
0
static int
vsock_dispatch(listener_context_t c, struct timeval *timeout)
{
	vsock_info *info;
	fence_req_t data;
	fd_set rfds;
	int n;
	int client_fd;
    int ret;
	struct timeval tv;

    if (timeout != NULL)
    	memcpy(&tv, timeout, sizeof(tv));
    else {
        tv.tv_sec = 1;
        tv.tv_usec = 0;
    }

	info = (vsock_info *) c;
	VALIDATE(info);

	FD_ZERO(&rfds);
	FD_SET(info->listen_sock, &rfds);

	n = select(info->listen_sock + 1, &rfds, NULL, NULL, timeout);
	if (n <= 0) {
		if (errno == EINTR || errno == EAGAIN)
			n = 0;
		else
			dbg_printf(2, "select: %s\n", strerror(errno));
		return n;
	}

	
	client_fd = accept(info->listen_sock, NULL, NULL);
	if (client_fd < 0) {
		perror("accept");
		return -1;
	}

	dbg_printf(3, "Accepted vsock client...\n");

	ret = _read_retry(client_fd, &data, sizeof(data), &tv);
	if (ret != sizeof(data)) {
		dbg_printf(3, "Invalid request (read %d bytes)\n", ret);
		close(client_fd);
		return 0;
	}

	swab_fence_req_t(&data);

	if (!verify_request(&data, info->args.hash, info->key, info->key_len)) {
		printf("Key mismatch; dropping client\n");
        close(client_fd);
		return 0;
	}

	dbg_printf(3, "Request %d seqno %d domain %s\n",
		data.request, data.seqno, data.domain);

	if (history_check(info->history, &data) == 1) {
		printf("We just did this request; dropping client\n");
        close(client_fd);
		return 0;
	}
		
	switch(info->args.auth) {
	case AUTH_NONE:
	case AUTH_SHA1:
	case AUTH_SHA256:
	case AUTH_SHA512:
		printf("VSOCK request\n");
		do_fence_request_vsock(client_fd, &data, info);
		break;
	default:
		printf("XXX Unhandled authentication\n");
	}

	return 0;
}
Ejemplo n.º 7
0
OCEntityHandlerResult entity_handler(OCEntityHandlerFlag flag, OCEntityHandlerRequest *entity_handler_request, void *callback)
{
	THINGS_LOG_V(TAG, THINGS_FUNC_ENTRY);
	OCEntityHandlerResult eh_result = OC_EH_ERROR;

	// Validate pointer
	if (!entity_handler_request) {
		THINGS_LOG_E(TAG, "Invalid request pointer");
		return eh_result;
	}

	const char *uri = OCGetResourceUri(entity_handler_request->resource);

	// Observe Request Handling
	if (flag & OC_OBSERVE_FLAG) {
		if (OC_OBSERVE_REGISTER == entity_handler_request->obsInfo.action) {
			THINGS_LOG_V(TAG, "Observe Requset on : %s ", uri);
			// 1. Check whether it's Observe request on the Collection Resource
			if (NULL != strstr(uri, URI_DEVICE_COL)) {
				//2. Check whether the query carriese the if=oic.if.b
				if ((strstr(entity_handler_request->query, OIC_INTERFACE_BATCH) == NULL)) {
					//3. If not batch then error
					THINGS_LOG_E(TAG, "Collection Resource Requires BATCH for Observing : %s", entity_handler_request->query);
					eh_result = OC_EH_BAD_REQ;
					goto RESPONSE_ERROR;
				} else {
					THINGS_LOG_E(TAG, "Receiving Observe Request Collection Resource");
				}
			}
		} else if (OC_OBSERVE_DEREGISTER == entity_handler_request->obsInfo.action) {
			THINGS_LOG_V(TAG, "CancelObserve Request on : %s", uri);
		}
	}
	// Get/Post Request Handling
	if (flag & OC_REQUEST_FLAG) {
		if (things_get_reset_mask(RST_CONTROL_MODULE_DISABLE) == true) {
			THINGS_LOG_V(TAG, "Control Module Disable.");
			eh_result = OC_EH_NOT_ACCEPTABLE;
		} else if ((OC_REST_GET == entity_handler_request->method)
				   || (OC_REST_POST == entity_handler_request->method)) {
			THINGS_LOG_V(TAG, "Request Handle : %x, Resource Handle : %x", entity_handler_request->requestHandle, entity_handler_request->resource);
			if (verify_request(entity_handler_request, uri, (int)entity_handler_request->method) > 0) {
				//  IoTivity Stack Destroy the payload after receving result from this function
				//       Therefore, we need to copy/clone the payload for the later use..
				things_resource_s *resource = things_create_resource_inst(entity_handler_request->requestHandle,
											  entity_handler_request->resource,
											  entity_handler_request->query,
											  entity_handler_request->payload);
				resource->things_set_dev_addr(resource, &(entity_handler_request->devAddr));
				resource->req_type = entity_handler_request->method;

				eh_result = handle_message(resource);
			} else {
				THINGS_LOG_E(TAG, "Invalid Query in the Request : %s", entity_handler_request->query);
			}
		} else if (OC_REST_DELETE == entity_handler_request->method || OC_REST_PUT == entity_handler_request->method) {
			THINGS_LOG_E(TAG, "Delete/PUT Req. Handling is not supported Yet");
		} else {
			THINGS_LOG_D(TAG, "Received unsupported method from client");
		}

	}

RESPONSE_ERROR:

	if (eh_result != OC_EH_SLOW && eh_result != OC_EH_OK) {
		//  If the result is OC_EH_ERROR, the stack will remove the
		//       received request in the stack.
		//       If the reusult is OC_EH_SLOW, then the request will be
		//       stored in the stack till the response goes out
		eh_result = send_response(entity_handler_request->requestHandle, entity_handler_request->resource, eh_result, uri, NULL);
		// Currently this code will not do anything...
		//      Need to refactor later..
	}

	THINGS_LOG_D(TAG, THINGS_FUNC_EXIT);

	return eh_result;
}
Ejemplo n.º 8
0
int 
main(int argc, char **argv) {
    xmlSecKeysMngrPtr mngr;
#ifndef XMLSEC_NO_XSLT
    xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
        
    /* start response */
    fprintf(stdout, "Content-type: text/plain\n");
    fprintf(stdout, "\n");
    
    /* Init libxml and libxslt libraries */
    xmlInitParser();
    LIBXML_TEST_VERSION
    xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
    xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
    xmlIndentTreeOutput = 1; 
#endif /* XMLSEC_NO_XSLT */
    
    /* make sure that we print out everything to stdout */
    xmlGenericErrorContext = stdout;

    /* Init libxslt */
#ifndef XMLSEC_NO_XSLT
    /* disable everything */
    xsltSecPrefs = xsltNewSecurityPrefs(); 
    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_FILE,        xsltSecurityForbid);
    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_FILE,       xsltSecurityForbid);
    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_NETWORK,     xsltSecurityForbid);
    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_NETWORK,    xsltSecurityForbid);
    xsltSetDefaultSecurityPrefs(xsltSecPrefs); 
#endif /* XMLSEC_NO_XSLT */
                
    /* Init xmlsec library */
    if(xmlSecInit() < 0) {
        fprintf(stdout, "Error: xmlsec initialization failed.\n");
        return(-1);
    }

    /* Check loaded library version */
    if(xmlSecCheckVersion() != 1) {
        fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n");
        return(-1);
    }

    /* Load default crypto engine if we are supporting dynamic
     * loading for xmlsec-crypto libraries. Use the crypto library
     * name ("openssl", "nss", etc.) to load corresponding 
     * xmlsec-crypto library.
     */
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
    if(xmlSecCryptoDLLoadLibrary(NULL) < 0) {
        fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n"
                        "that you have it installed and check shared libraries path\n"
                        "(LD_LIBRARY_PATH) envornment variable.\n");
        return(-1);     
    }
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */

    /* Init crypto library */
    if(xmlSecCryptoAppInit(XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER) < 0) {
        fprintf(stdout, "Error: crypto initialization failed.\n");
        return(-1);
    }

    /* Init xmlsec-crypto library */
    if(xmlSecCryptoInit() < 0) {
        fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n");
        return(-1);
    }

    /* create keys manager */
    mngr = xmlSecKeysMngrCreate();
    if(mngr == NULL) {
        fprintf(stdout, "Error: failed to create keys manager.\n");
        return(-1);
    }
    if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
        fprintf(stdout, "Error: failed to initialize keys manager.\n");
        return(-1);
    }    

    if(load_keys(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
        xmlSecKeysMngrDestroy(mngr);
        return(-1);
    }
    
    if(load_trusted_certs(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
        xmlSecKeysMngrDestroy(mngr);
        return(-1);
    }

    if(verify_request(mngr) < 0) {
        xmlSecKeysMngrDestroy(mngr);
        return(-1);
    }    

    /* Destroy keys manager */
    xmlSecKeysMngrDestroy(mngr);
        
    /* Shutdown xmlsec-crypto library */
    xmlSecCryptoShutdown();
    
    /* Shutdown crypto library */
    xmlSecCryptoAppShutdown();
    
    /* Shutdown xmlsec library */
    xmlSecShutdown();

    /* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
    xsltFreeSecurityPrefs(xsltSecPrefs);
    xsltCleanupGlobals();            
#endif /* XMLSEC_NO_XSLT */

    xmlCleanupParser();
    
    return(0);
}
Ejemplo n.º 9
0
static int
mcast_dispatch(listener_context_t c, struct timeval *timeout)
{
	mcast_info *info;
	fence_req_t data;
	fd_set rfds;
	struct sockaddr_in sin;
	int len;
	int n;
	socklen_t slen;

	info = (mcast_info *)c;
	VALIDATE(info);

	FD_ZERO(&rfds);
	FD_SET(info->mc_sock, &rfds);

	n = select((info->mc_sock)+1, &rfds, NULL, NULL, timeout);
	if (n < 0)
		return n;
	
	/* 
	 * If no requests, we're done 
	 */
	if (n == 0)
		return 0;

	slen = sizeof(sin);
	len = recvfrom(info->mc_sock, &data, sizeof(data), 0,
		       (struct sockaddr *)&sin, &slen);
		
	if (len <= 0) {
		perror("recvfrom");
		return len;
	}

	swab_fence_req_t(&data);

	if (!verify_request(&data, info->args.hash, info->key,
			    info->key_len)) {
		printf("Key mismatch; dropping packet\n");
		return 0;
	}

	printf("Request %d seqno %d domain %s\n", data.request, data.seqno,
	       data.domain);

	if (history_check(info->history, &data) == 1) {
		printf("We just did this request; dropping packet\n");
		return 0;
	}
		
	switch(info->args.auth) {
	case AUTH_NONE:
	case AUTH_SHA1:
	case AUTH_SHA256:
	case AUTH_SHA512:
		printf("Plain TCP request\n");
		do_fence_request_tcp(&data, info);
		break;
	default:
		printf("XXX Unhandled authentication\n");
	}

	return 0;
}