int authorize_socket( int local_socket, std::string &message, char *msg_buf, char **server_name_ptr, char **user_name_ptr, std::string &err_msg) { int rc; bool disconnect_svr = true; int server_port; int auth_type = 0; int svr_sock = -1; int user_pid = 0; int user_sock = 0; int trq_server_addr_len = 0; char *trq_server_addr = NULL; const char *className = "trqauthd"; /* incoming message format is: * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock| * message format to pbs_server is: * +2+22+492+user+sock+0 * format from pbs_server is: * +2+2+0+0+1 * outgoing message format is: * #|msg_len|message| * Send response to client here!! * Disconnect message to svr: * +2+22+592+{user_len}{user} * * msg to client in the case of success: * 0|0|| */ if ((rc = parse_request_client(local_socket, server_name_ptr, &server_port, &auth_type, user_name_ptr, &user_pid, &user_sock)) != PBSE_NONE) { if (*server_name_ptr != NULL) free(*server_name_ptr); if (*user_name_ptr != NULL) free(*user_name_ptr); return(rc); } else { int retries = 0; char *server_name = *server_name_ptr; while (retries < MAX_RETRIES) { rc = PBSE_NONE; disconnect_svr = true; if ((rc = validate_user(local_socket, *user_name_ptr, user_pid, msg_buf)) != PBSE_NONE) { log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); disconnect_svr = false; retries++; usleep(20000); continue; } else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE) { disconnect_svr = false; retries++; usleep(20000); continue; } else if ((svr_sock = socket_get_tcp_priv()) < 0) { rc = PBSE_SOCKET_FAULT; disconnect_svr = false; retries++; usleep(10000); continue; } else if ((rc = socket_connect(svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, err_msg)) != PBSE_NONE) { /* for now we only need ssh_key and sign_key as dummys */ char *ssh_key = NULL; char *sign_key = NULL; char log_buf[LOCAL_LOG_BUF_SIZE]; validate_server(server_name, server_port, ssh_key, &sign_key); sprintf(log_buf, "Active server is %s", active_pbs_server); log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf); disconnect_svr = false; socket_close(svr_sock); retries++; usleep(50000); continue; } else if ((rc = build_request_svr(auth_type, *user_name_ptr, user_sock, message)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = false; retries++; usleep(50000); continue; } else if (message.size() <= 0) { socket_close(svr_sock); disconnect_svr = false; rc = PBSE_INTERNAL; retries++; usleep(50000); continue; } else if ((rc = socket_write(svr_sock, message.c_str(), message.size())) != (int)message.size()) { socket_close(svr_sock); disconnect_svr = false; rc = PBSE_SOCKET_WRITE; retries++; usleep(50000); continue; } else if ((rc = parse_response_svr(svr_sock, err_msg)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = false; retries++; usleep(50000); continue; } else { /* Success case */ message = "0|0||"; if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock); } sprintf(msg_buf, "User %s at IP:port %s:%d logged in", *user_name_ptr, server_name, server_port); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } break; } } if (disconnect_svr == true) { send_svr_disconnect(svr_sock, *user_name_ptr); socket_close(svr_sock); } if (trq_server_addr != NULL) free(trq_server_addr); return(rc); } // END authorize_socket()
void *process_svr_conn( void *sock) { char *className = "trqauthd"; int rc = PBSE_NONE; char *server_name = NULL; int server_port = 0; int auth_type = 0; char *user_name = NULL; int user_sock = 0; char *error_msg = NULL; char *send_message = NULL; int send_len = 0; char *trq_server_addr = NULL; int trq_server_addr_len = 0; int disconnect_svr = TRUE; int svr_sock = 0; int msg_len = 0; int debug_mark = 0; int local_socket = *(int *)sock; char msg_buf[1024]; /* incoming message format is: * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|psock| * message format to pbs_server is: * +2+22+492+user+sock+0 * format from pbs_server is: * +2+2+0+0+1 * outgoing message format is: * #|msg_len|message| * Send response to client here!! * Disconnect message to svr: * +2+22+592+{user_len}{user} * * msg to client in the case of success: * 0|0|| */ if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_sock)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 1; } else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 2; } else if ((svr_sock = socket_get_tcp_priv()) < 0) { rc = PBSE_SOCKET_FAULT; disconnect_svr = FALSE; debug_mark = 3; } else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 4; socket_close(svr_sock); } else if ((rc = build_request_svr(auth_type, user_name, user_sock, &send_message)) != PBSE_NONE) { socket_close(svr_sock); debug_mark = 5; } else if ((send_len = ((send_message == NULL)?0:strlen(send_message)) ) <= 0) { socket_close(svr_sock); rc = PBSE_INTERNAL; debug_mark = 6; } else if ((rc = socket_write(svr_sock, send_message, send_len)) != send_len) { socket_close(svr_sock); rc = PBSE_SOCKET_WRITE; debug_mark = 7; } else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE) { socket_close(svr_sock); debug_mark = 8; } else { /* Success case */ if (send_message != NULL) free(send_message); send_message = (char *)calloc(1, 6); if(send_message != NULL) strcat(send_message, "0|0||"); if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d logged in", user_name, server_name, server_port); log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } if (rc != PBSE_NONE) { /* Failure case */ if (send_message != NULL) free(send_message); msg_len = 6 + 1 + 6 + 1 + 1; if (error_msg == NULL) error_msg = strdup(pbse_to_txt(rc)); msg_len += strlen(error_msg); send_message = (char *)calloc(1, msg_len); if(send_message != NULL) snprintf(send_message, msg_len, "%d|%d|%s|", rc, (int)strlen(error_msg), error_msg); if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d login attempt failed --%s", user_name, server_name, server_port, error_msg); log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } if(send_message != NULL) rc = socket_write(local_socket, send_message, strlen(send_message)); if (TRUE == disconnect_svr) { send_svr_disconnect(svr_sock, user_name); socket_close(svr_sock); } if (trq_server_addr != NULL) free(trq_server_addr); if (server_name != NULL) free(server_name); if (user_name != NULL) free(user_name); if (error_msg != NULL) free(error_msg); if (send_message != NULL) free(send_message); socket_close(local_socket); free(sock); return(NULL); } /* END process_svr_conn() */
void *process_svr_conn( void *sock) { const char *className = "trqauthd"; int rc = PBSE_NONE; char *server_name = NULL; int server_port = 0; int auth_type = 0; char *user_name = NULL; int user_pid = 0; int user_sock = 0; char *error_msg = NULL; std::string message; int send_len = 0; char *trq_server_addr = NULL; int trq_server_addr_len = 0; int svr_sock = -1; int msg_len = 0; int debug_mark = 0; int local_socket = *(int *)sock; char msg_buf[1024]; long long req_type; /* Type of request coming in */ rc = socket_read_num(local_socket, &req_type); if (rc == PBSE_NONE) { switch (req_type) { case TRQ_DOWN_TRQAUTHD: { rc = parse_terminate_request(local_socket, &user_name, &user_pid); if (rc != PBSE_NONE) break; /* root is the only user that can terminate trqauthd */ if (strcmp(user_name, "root")) { rc = PBSE_PERM; break; } rc = validate_user(local_socket, user_name, user_pid, msg_buf); if (rc == PBSE_NONE) { trqauthd_up = false; rc = build_active_server_response(message); } break; } case TRQ_PING_SERVER: case TRQ_GET_ACTIVE_SERVER: { /* rc will get evaluated after the switch statement. */ rc = build_active_server_response(message); break; } case TRQ_VALIDATE_ACTIVE_SERVER: { if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE) { break; } else if ((rc = build_active_server_response(message)) != PBSE_NONE) { break; } break; } case TRQ_AUTH_CONNECTION: { int disconnect_svr = TRUE; /* incoming message format is: * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock| * message format to pbs_server is: * +2+22+492+user+sock+0 * format from pbs_server is: * +2+2+0+0+1 * outgoing message format is: * #|msg_len|message| * Send response to client here!! * Disconnect message to svr: * +2+22+592+{user_len}{user} * * msg to client in the case of success: * 0|0|| */ if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_pid, &user_sock)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 1; } else { int retries = 0; while (retries < MAX_RETRIES) { rc = PBSE_NONE; disconnect_svr = TRUE; if ((rc = validate_user(local_socket, user_name, user_pid, msg_buf)) != PBSE_NONE) { log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); disconnect_svr = FALSE; debug_mark = 1; retries++; usleep(20000); continue; } else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 2; retries++; usleep(20000); continue; } else if ((svr_sock = socket_get_tcp_priv()) < 0) { rc = PBSE_SOCKET_FAULT; disconnect_svr = FALSE; debug_mark = 3; retries++; usleep(10000); continue; } else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE) { /* for now we only need ssh_key and sign_key as dummys */ char *ssh_key = NULL; char *sign_key = NULL; char log_buf[LOCAL_LOG_BUF_SIZE]; validate_server(server_name, server_port, ssh_key, &sign_key); sprintf(log_buf, "Active server is %s", active_pbs_server); log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf); disconnect_svr = FALSE; debug_mark = 4; socket_close(svr_sock); retries++; usleep(50000); continue; } else if ((rc = build_request_svr(auth_type, user_name, user_sock, message)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = FALSE; debug_mark = 5; retries++; usleep(50000); continue; } else if ((send_len = message.length()) <= 0) { socket_close(svr_sock); disconnect_svr = FALSE; rc = PBSE_INTERNAL; debug_mark = 6; retries++; usleep(50000); continue; } else if ((rc = socket_write(svr_sock, message.c_str(), send_len)) != send_len) { socket_close(svr_sock); disconnect_svr = FALSE; rc = PBSE_SOCKET_WRITE; debug_mark = 7; retries++; usleep(50000); continue; } else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = FALSE; debug_mark = 8; retries++; usleep(50000); continue; } else { /* Success case */ message = "0|0||"; if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d logged in", user_name, server_name, server_port); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } break; } } if (TRUE == disconnect_svr) { send_svr_disconnect(svr_sock, user_name); socket_close(svr_sock); } break; } default: rc = PBSE_IVALREQ; break; } } else { sprintf(msg_buf, "socket_read_num failed: %d", rc); log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); } #ifdef UNIT_TEST /* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c to discover the status of unit test calls to process_svr_conn */ process_svr_conn_rc = rc; #endif if (rc != PBSE_NONE) { /* Failure case */ msg_len = 6 + 1 + 6 + 1 + 1; if (error_msg == NULL) { char *tmp_err = pbse_to_txt(rc); if (tmp_err != NULL) error_msg = strdup(tmp_err); else error_msg = strdup(""); } msg_len += strlen(error_msg); message = string_format("%d|%d|%s|",rc,strlen(error_msg),error_msg); if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d login attempt failed --%s", (user_name) ? user_name : "null", (server_name) ? server_name : "null", server_port, (error_msg) ? error_msg : "null"); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } if (message.length() != 0) rc = socket_write(local_socket, message.c_str(), message.length()); if (trq_server_addr != NULL) free(trq_server_addr); if (server_name != NULL) free(server_name); if (user_name != NULL) free(user_name); if (error_msg != NULL) free(error_msg); socket_close(local_socket); free(sock); return(NULL); } /* END process_svr_conn() */