Example #1
0
int authorize_socket(

  int           local_socket,
  std::string  &message,
  char         *msg_buf,
  char        **server_name_ptr,
  char        **user_name_ptr,
  std::string  &err_msg)

  {
  int          rc;
  bool         disconnect_svr = true;
  int          server_port;
  int          auth_type = 0;
  int          svr_sock = -1;
  int          user_pid = 0;
  int          user_sock = 0;
  int          trq_server_addr_len = 0;
  char        *trq_server_addr = NULL;
  const char  *className = "trqauthd";

  /* incoming message format is:
   * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
   * message format to pbs_server is:
   * +2+22+492+user+sock+0
   * format from pbs_server is:
   * +2+2+0+0+1
   * outgoing message format is:
   * #|msg_len|message|
   * Send response to client here!!
   * Disconnect message to svr:
   * +2+22+592+{user_len}{user}
   *
   * msg to client in the case of success:
   * 0|0||
   */

  if ((rc = parse_request_client(local_socket, server_name_ptr, &server_port, &auth_type, user_name_ptr, &user_pid, &user_sock)) != PBSE_NONE)
    {
    if (*server_name_ptr != NULL)
      free(*server_name_ptr);

    if (*user_name_ptr != NULL)
      free(*user_name_ptr);

    return(rc);
    }
  else
    {
    int   retries = 0;
    char *server_name = *server_name_ptr;

    while (retries < MAX_RETRIES)
      {
      rc = PBSE_NONE;
      disconnect_svr = true;

      if ((rc = validate_user(local_socket, *user_name_ptr, user_pid, msg_buf)) != PBSE_NONE)
        {
        log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
        disconnect_svr = false;
        retries++;
        usleep(20000);
        continue;
        }
      else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
        {
        disconnect_svr = false;
        retries++;
        usleep(20000);
        continue;
        }
      else if ((svr_sock = socket_get_tcp_priv()) < 0)
        {
        rc = PBSE_SOCKET_FAULT;
        disconnect_svr = false;
        retries++;
        usleep(10000);
        continue;
        }
      else if ((rc = socket_connect(svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, err_msg)) != PBSE_NONE)
        {
        /* for now we only need ssh_key and sign_key as dummys */
        char *ssh_key = NULL;
        char *sign_key = NULL;
        char  log_buf[LOCAL_LOG_BUF_SIZE];

        validate_server(server_name, server_port, ssh_key, &sign_key);
        sprintf(log_buf, "Active server is %s", active_pbs_server);
        log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
        disconnect_svr = false;
        socket_close(svr_sock);
        retries++;
        usleep(50000);
        continue;
        }
      else if ((rc = build_request_svr(auth_type, *user_name_ptr, user_sock, message)) != PBSE_NONE)
        {
        socket_close(svr_sock);
        disconnect_svr = false;
        retries++;
        usleep(50000);
        continue;
        }
      else if (message.size() <= 0)
        {
        socket_close(svr_sock);
        disconnect_svr = false;
        rc = PBSE_INTERNAL;
        retries++;
        usleep(50000);
        continue;
        }
      else if ((rc = socket_write(svr_sock, message.c_str(), message.size())) != (int)message.size())
        {
        socket_close(svr_sock);
        disconnect_svr = false;
        rc = PBSE_SOCKET_WRITE;
        retries++;
        usleep(50000);
        continue;
        }
      else if ((rc = parse_response_svr(svr_sock, err_msg)) != PBSE_NONE)
        {
        socket_close(svr_sock);
        disconnect_svr = false;
        retries++;
        usleep(50000);
        continue;
        }
      else
        {
        /* Success case */
        message = "0|0||";
        if (debug_mode == TRUE)
          {
          fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
            server_name, server_port, user_sock);
          }

        sprintf(msg_buf,
          "User %s at IP:port %s:%d logged in", *user_name_ptr, server_name, server_port);
        log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
          className, msg_buf);
        }

      break;
      }
    }

  if (disconnect_svr == true)
    {
    send_svr_disconnect(svr_sock, *user_name_ptr);
    socket_close(svr_sock);
    }

  if (trq_server_addr != NULL)
    free(trq_server_addr);

  return(rc);
  } // END authorize_socket() 
Example #2
0
void *process_svr_conn(
    
  void *sock)

  {
  char *className = "trqauthd";
  int   rc = PBSE_NONE;
  char *server_name = NULL;
  int   server_port = 0;
  int   auth_type = 0;
  char *user_name = NULL;
  int   user_sock = 0;
  char *error_msg = NULL;
  char *send_message = NULL;
  int   send_len = 0;
  char *trq_server_addr = NULL;
  int   trq_server_addr_len = 0;
  int   disconnect_svr = TRUE;
  int   svr_sock = 0;
  int   msg_len = 0;
  int   debug_mark = 0;
  int   local_socket = *(int *)sock;
  char  msg_buf[1024];

  /* incoming message format is:
   * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|psock|
   * message format to pbs_server is:
   * +2+22+492+user+sock+0
   * format from pbs_server is:
   * +2+2+0+0+1
   * outgoing message format is:
   * #|msg_len|message|
   * Send response to client here!!
   * Disconnect message to svr:
   * +2+22+592+{user_len}{user}
   *
   * msg to client in the case of success:
   * 0|0||
   */

  if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_sock)) != PBSE_NONE)
    {
    disconnect_svr = FALSE;
    debug_mark = 1;
    }
  else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
    {
    disconnect_svr = FALSE;
    debug_mark = 2;
    }
  else if ((svr_sock = socket_get_tcp_priv()) < 0)
    {
    rc = PBSE_SOCKET_FAULT;
    disconnect_svr = FALSE;
    debug_mark = 3;
    }
  else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE)
    {
    disconnect_svr = FALSE;
    debug_mark = 4;
    socket_close(svr_sock);
    }
  else if ((rc = build_request_svr(auth_type, user_name, user_sock, &send_message)) != PBSE_NONE)
    {
    socket_close(svr_sock);
    debug_mark = 5;
    }
  else if ((send_len = ((send_message == NULL)?0:strlen(send_message)) ) <= 0)
    {
    socket_close(svr_sock);
    rc = PBSE_INTERNAL;
    debug_mark = 6;
    }
  else if ((rc = socket_write(svr_sock, send_message, send_len)) != send_len)
    {
    socket_close(svr_sock);
    rc = PBSE_SOCKET_WRITE;
    debug_mark = 7;
    }
  else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE)
    {
    socket_close(svr_sock);
    debug_mark = 8;
    }
  else
    {
    /* Success case */
    if (send_message != NULL)
      free(send_message);
    send_message = (char *)calloc(1, 6);
    if(send_message != NULL)
      strcat(send_message, "0|0||");
    if (debug_mode == TRUE)
      {
      fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock);
      }

    snprintf(msg_buf, sizeof(msg_buf),
      "User %s at IP:port %s:%d logged in", user_name, server_name, server_port);
    log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD,
      className, msg_buf);
    }

  if (rc != PBSE_NONE)
    {
    /* Failure case */
    if (send_message != NULL)
      free(send_message);
    msg_len = 6 + 1 + 6 + 1 + 1;
    if (error_msg == NULL)
      error_msg = strdup(pbse_to_txt(rc));
    msg_len += strlen(error_msg);
    send_message = (char *)calloc(1, msg_len);
    if(send_message != NULL)
      snprintf(send_message, msg_len, "%d|%d|%s|", rc, (int)strlen(error_msg), error_msg);
    if (debug_mode == TRUE)
      {
      fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc);
      }

    snprintf(msg_buf, sizeof(msg_buf),
      "User %s at IP:port %s:%d login attempt failed --%s", user_name, server_name, server_port, error_msg);
    log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD,
      className, msg_buf);
    }

  if(send_message != NULL)
    rc = socket_write(local_socket, send_message, strlen(send_message));

  if (TRUE == disconnect_svr)
    {
    send_svr_disconnect(svr_sock, user_name);
    socket_close(svr_sock);
    }

  if (trq_server_addr != NULL)
    free(trq_server_addr);

  if (server_name != NULL)
    free(server_name);

  if (user_name != NULL)
    free(user_name);

  if (error_msg != NULL)
    free(error_msg);

  if (send_message != NULL)
    free(send_message);

  socket_close(local_socket);
  free(sock);

  return(NULL);
  } /* END process_svr_conn() */
Example #3
0
void *process_svr_conn(
    
  void *sock)

  {
  const char *className = "trqauthd";
  int         rc = PBSE_NONE;
  char       *server_name = NULL;
  int         server_port = 0;
  int         auth_type = 0;
  char       *user_name = NULL;
  int                user_pid = 0;
  int                user_sock = 0;
  char              *error_msg = NULL;
  std::string  message;
  int         send_len = 0;
  char       *trq_server_addr = NULL;
  int         trq_server_addr_len = 0;
  int         svr_sock = -1;
  int         msg_len = 0;
  int         debug_mark = 0;
  int         local_socket = *(int *)sock;
  char        msg_buf[1024];
  long long   req_type;  /* Type of request coming in */

  rc = socket_read_num(local_socket, &req_type);
  if (rc == PBSE_NONE)
    {
    switch (req_type)
      {
      case TRQ_DOWN_TRQAUTHD:
        {
        rc = parse_terminate_request(local_socket, &user_name, &user_pid);
        if (rc != PBSE_NONE)
          break;

        /* root is the only user that can terminate trqauthd */
        if (strcmp(user_name, "root"))
          {
          rc = PBSE_PERM;
          break;
          }

        rc = validate_user(local_socket, user_name, user_pid, msg_buf);
        if (rc == PBSE_NONE)
          {
          trqauthd_up = false;
          rc = build_active_server_response(message);
          }
        break;
        }

      case TRQ_PING_SERVER:
      case TRQ_GET_ACTIVE_SERVER:
        {
        /* rc will get evaluated after the switch statement. */
        rc = build_active_server_response(message);
        break;
        }

      case TRQ_VALIDATE_ACTIVE_SERVER:
        {
        if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE)
          {
          break;
          }
        else if ((rc = build_active_server_response(message)) != PBSE_NONE)
          {
          break;
          }

        break;
        }

      case TRQ_AUTH_CONNECTION:
        {

        int         disconnect_svr = TRUE;
        /* incoming message format is:
         * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
         * message format to pbs_server is:
         * +2+22+492+user+sock+0
         * format from pbs_server is:
         * +2+2+0+0+1
         * outgoing message format is:
         * #|msg_len|message|
         * Send response to client here!!
         * Disconnect message to svr:
         * +2+22+592+{user_len}{user}
         *
         * msg to client in the case of success:
         * 0|0||
         */

        if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_pid, &user_sock)) != PBSE_NONE)
          {
          disconnect_svr = FALSE;
          debug_mark = 1;
          }
        else
          {
          int retries = 0;
          while (retries < MAX_RETRIES)
            {
            rc = PBSE_NONE;
            disconnect_svr = TRUE;


            if ((rc = validate_user(local_socket, user_name, user_pid, msg_buf)) != PBSE_NONE)
              {
              log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
              disconnect_svr = FALSE;
              debug_mark = 1;
              retries++;
              usleep(20000);
              continue;
              }
            else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
              {
              disconnect_svr = FALSE;
              debug_mark = 2;
              retries++;
              usleep(20000);
              continue;
              }
            else if ((svr_sock = socket_get_tcp_priv()) < 0)
              {
              rc = PBSE_SOCKET_FAULT;
              disconnect_svr = FALSE;
              debug_mark = 3;
              retries++;
              usleep(10000);
              continue;
              }
            else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE)
              {
              /* for now we only need ssh_key and sign_key as dummys */
              char *ssh_key = NULL;
              char *sign_key = NULL;
              char  log_buf[LOCAL_LOG_BUF_SIZE];

              validate_server(server_name, server_port, ssh_key, &sign_key);
              sprintf(log_buf, "Active server is %s", active_pbs_server);
              log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
              disconnect_svr = FALSE;
              debug_mark = 4;
              socket_close(svr_sock);
              retries++;
              usleep(50000);
              continue;
              }
            else if ((rc = build_request_svr(auth_type, user_name, user_sock, message)) != PBSE_NONE)
              {
              socket_close(svr_sock);
              disconnect_svr = FALSE;
              debug_mark = 5;
              retries++;
              usleep(50000);
              continue;
              }
            else if ((send_len = message.length()) <= 0)
              {
              socket_close(svr_sock);
              disconnect_svr = FALSE;
              rc = PBSE_INTERNAL;
              debug_mark = 6;
              retries++;
              usleep(50000);
              continue;
              }
            else if ((rc = socket_write(svr_sock, message.c_str(), send_len)) != send_len)
              {
              socket_close(svr_sock);
              disconnect_svr = FALSE;
              rc = PBSE_SOCKET_WRITE;
              debug_mark = 7;
              retries++;
              usleep(50000);
              continue;
              }
            else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE)
              {
              socket_close(svr_sock);
              disconnect_svr = FALSE;
              debug_mark = 8;
              retries++;
              usleep(50000);
              continue;
              }
            else
              {
              /* Success case */
              message = "0|0||";
              if (debug_mode == TRUE)
                {
                fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
                  server_name, server_port, user_sock);
                }

              snprintf(msg_buf, sizeof(msg_buf),
                "User %s at IP:port %s:%d logged in", user_name, server_name, server_port);
              log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
                className, msg_buf);
              }
            break;
            }
          }

        if (TRUE == disconnect_svr)
          {
          send_svr_disconnect(svr_sock, user_name);
          socket_close(svr_sock);
          }
        break;
        }
      default:
        rc = PBSE_IVALREQ;
        break;
      }
    }
  else
    {
    sprintf(msg_buf, "socket_read_num failed: %d", rc);
    log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
    }

#ifdef UNIT_TEST
  /* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c
     to discover the status of unit test calls to process_svr_conn
   */ 
  process_svr_conn_rc = rc;
#endif

  if (rc != PBSE_NONE)
    {
    /* Failure case */
    msg_len = 6 + 1 + 6 + 1 + 1;
    
    if (error_msg == NULL)
      {
      char *tmp_err = pbse_to_txt(rc);
      if (tmp_err != NULL)
        error_msg = strdup(tmp_err);
      else
        error_msg = strdup("");
      }

    msg_len += strlen(error_msg);

    message = string_format("%d|%d|%s|",rc,strlen(error_msg),error_msg);
    
    if (debug_mode == TRUE)
      {
      fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc);
      }

    snprintf(msg_buf, sizeof(msg_buf),
      "User %s at IP:port %s:%d login attempt failed --%s", 
        (user_name) ? user_name : "null",
        (server_name) ? server_name : "null", server_port, 
        (error_msg) ? error_msg : "null");
    log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
      className, msg_buf);
    }

  if (message.length() != 0)
    rc = socket_write(local_socket, message.c_str(), message.length());

  if (trq_server_addr != NULL)
    free(trq_server_addr);

  if (server_name != NULL)
    free(server_name);

  if (user_name != NULL)
    free(user_name);

  if (error_msg != NULL)
    free(error_msg);

  socket_close(local_socket);
  free(sock);

  return(NULL);
  } /* END process_svr_conn() */