/* This function will now accept a argument sock_port and will pass it to
* PBSD_authenticate, which will invoke pbs_iff passing this port as a command
* line argument. (both on unix and windows)
* This change is done because getsockname() fails sometimes on Windows.
*/
static int
engage_authentication(int sd,
char *server_name,
int server_port,
struct sockaddr_in *clnt_paddr)
{
int ret;
char errbuf[ERR_BUF_SIZE];
char ebuf[PBS_MAXHOSTNAME + PBS_MAXPORTNUM + 128] = {'\0'};
if ((sd < 0) || (clnt_paddr == NULL)) {
cs_logerr(-1, __func__, "Bad arguments, unable to authenticate.");
return (-1);
}
switch (pbs_conf.auth_method) {
case AUTH_MUNGE:
if ((ret = engage_external_authentication(sd, AUTH_MUNGE, 0, errbuf, sizeof(errbuf))) != 0)
cs_logerr(-1, __func__, errbuf);
return (ret);
case AUTH_RESV_PORT:
if ((ret = CS_client_auth(sd)) == CS_SUCCESS)
return (0);
if ((ret == CS_AUTH_USE_IFF)) {
/* CS_client_auth that got called was the one for STD security */
/*sock_port needs to be passed only for Windows.*/
if (PBSD_authenticate(sd, server_name, server_port, clnt_paddr) == 0)
return (0);
}
break;
default:
cs_logerr(-1, __func__, "Unrecognized authentication method");
return (-1);
}
sprintf(ebuf, "Unable to authenticate connection (%s:%d)", server_name, server_port);
cs_logerr(-1, __func__, ebuf);
/* Remove any associated per-connection security context
* remark: when using pbs_iff security there is none
*/
if (CS_close_socket(sd) != CS_SUCCESS) {
sprintf(ebuf, "Problem closing context (%s:%d)", server_name, server_port);
cs_logerr(-1, __func__, ebuf);
}
return (-1);
}
static int
engage_authentication(int sd, struct in_addr addr, int port, int authport_flags)
{
int ret;
int mode;
char ebuf[128];
char errbuf[1024];
#if !defined(WIN32) && !defined(__hpux)
char dst[INET_ADDRSTRLEN+1]; /* for inet_ntop */
#endif
if (sd < 0) {
cs_logerr(-1, __func__, "Bad arguments, unable to authenticate.");
return (-1);
}
mode = (authport_flags & B_SVR) ? CS_MODE_SERVER:CS_MODE_CLIENT;
if (authport_flags & B_EXTERNAL) {
if ((ret = engage_external_authentication(sd, pbs_conf.auth_method, mode, errbuf, sizeof(errbuf))) != 0)
cs_logerr(-1, __func__, errbuf);
return (ret);
} else {
if (mode == CS_MODE_SERVER) {
ret = CS_server_auth(sd);
if (ret == CS_SUCCESS || ret == CS_AUTH_CHECK_PORT)
return (0);
} else if (mode == CS_MODE_CLIENT) {
ret = CS_client_auth(sd);
if (ret == CS_SUCCESS || ret == CS_AUTH_USE_IFF) {
/*
* For authentication via iff CS_client_auth
* temporarily returning CS_AUTH_USE_IFF until such
* time as iff becomes a part of CS_client_auth
*/
return (0);
}
}
}
#if defined(WIN32) || defined(__hpux)
/*inet_ntoa is thread-safe on windows & hpux*/
sprintf(ebuf,
"Unable to authenticate with (%s:%d)",
inet_ntoa(addr), port);
#else
sprintf(ebuf,
"Unable to authenticate with (%s:%d)",
inet_ntop(AF_INET, (void *) &addr, dst,
INET_ADDRSTRLEN), port);
#endif
cs_logerr(-1, __func__, ebuf);
if ((ret = CS_close_socket(sd)) != CS_SUCCESS) {
#if defined(WIN32) || defined(__hpux)
sprintf(ebuf, "Problem closing context (%s:%d)",
inet_ntoa(addr), port);
#else
sprintf(ebuf,
"Problem closing context (%s:%d)",
inet_ntop(AF_INET, (void *) &addr, dst,
INET_ADDRSTRLEN), port);
#endif
cs_logerr(-1, __func__, ebuf);
}
return (-1);
}
