END_TEST START_TEST(test_validate_server) { char active_server_name[PBS_MAXHOSTNAME+1]; char *ssh_key = NULL; char *sign_key = NULL; int rc; int port = 16001; connect_success = true; getaddrinfo_success = true; socket_success = true; setsockopt_success = true; close_success = true; write_success = true; socket_read_success = true; socket_read_num_success = true; getsockopt_success = true; tcp_priv_success = true; socket_connect_success = true; DIS_success = true; strcpy(active_server_name, "localhost"); rc = validate_server(active_server_name, port, ssh_key, &sign_key); fail_unless(rc == PBSE_NONE, "validate_server success case failed", rc); }
int trq_main( int argc, char **argv, char **envp) { int rc = PBSE_NONE; char *trq_server_ip = NULL; char *the_key = NULL; char *sign_key = NULL; int trq_server_port = 0; int daemon_port = 0; void *(*process_method)(void *) = process_svr_conn; if (IamRoot() == 0) { printf("This program must be run as root!!!\n"); return(PBSE_IVALREQ); } parse_command_line(argc, argv); if ((rc = load_config(&trq_server_ip, &trq_server_port, &daemon_port)) != PBSE_NONE) { } else if ((rc = load_ssh_key(&the_key)) != PBSE_NONE) { } else if ((validate_server(trq_server_ip, trq_server_port, the_key, &sign_key)) != PBSE_NONE) { } else if ((rc = daemonize_trqauthd(AUTH_IP, daemon_port, process_method)) == PBSE_NONE) { } else { printf("Daemon exit requested\n"); } if (the_key != NULL) free(the_key); return rc; }
int build_active_server_response( std::string &message) { int rc = PBSE_NONE; int len = 0; len = strlen(active_pbs_server); if (len == 0) { validate_server(NULL, 0, NULL, NULL); len = strlen(active_pbs_server); } message = string_format("%d|%d|%s|%d|",0,len,active_pbs_server, active_pbs_server_port); return(rc); }
int authorize_socket( int local_socket, std::string &message, char *msg_buf, char **server_name_ptr, char **user_name_ptr, std::string &err_msg) { int rc; bool disconnect_svr = true; int server_port; int auth_type = 0; int svr_sock = -1; int user_pid = 0; int user_sock = 0; int trq_server_addr_len = 0; char *trq_server_addr = NULL; const char *className = "trqauthd"; /* incoming message format is: * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock| * message format to pbs_server is: * +2+22+492+user+sock+0 * format from pbs_server is: * +2+2+0+0+1 * outgoing message format is: * #|msg_len|message| * Send response to client here!! * Disconnect message to svr: * +2+22+592+{user_len}{user} * * msg to client in the case of success: * 0|0|| */ if ((rc = parse_request_client(local_socket, server_name_ptr, &server_port, &auth_type, user_name_ptr, &user_pid, &user_sock)) != PBSE_NONE) { if (*server_name_ptr != NULL) free(*server_name_ptr); if (*user_name_ptr != NULL) free(*user_name_ptr); return(rc); } else { int retries = 0; char *server_name = *server_name_ptr; while (retries < MAX_RETRIES) { rc = PBSE_NONE; disconnect_svr = true; if ((rc = validate_user(local_socket, *user_name_ptr, user_pid, msg_buf)) != PBSE_NONE) { log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); disconnect_svr = false; retries++; usleep(20000); continue; } else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE) { disconnect_svr = false; retries++; usleep(20000); continue; } else if ((svr_sock = socket_get_tcp_priv()) < 0) { rc = PBSE_SOCKET_FAULT; disconnect_svr = false; retries++; usleep(10000); continue; } else if ((rc = socket_connect(svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, err_msg)) != PBSE_NONE) { /* for now we only need ssh_key and sign_key as dummys */ char *ssh_key = NULL; char *sign_key = NULL; char log_buf[LOCAL_LOG_BUF_SIZE]; validate_server(server_name, server_port, ssh_key, &sign_key); sprintf(log_buf, "Active server is %s", active_pbs_server); log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf); disconnect_svr = false; socket_close(svr_sock); retries++; usleep(50000); continue; } else if ((rc = build_request_svr(auth_type, *user_name_ptr, user_sock, message)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = false; retries++; usleep(50000); continue; } else if (message.size() <= 0) { socket_close(svr_sock); disconnect_svr = false; rc = PBSE_INTERNAL; retries++; usleep(50000); continue; } else if ((rc = socket_write(svr_sock, message.c_str(), message.size())) != (int)message.size()) { socket_close(svr_sock); disconnect_svr = false; rc = PBSE_SOCKET_WRITE; retries++; usleep(50000); continue; } else if ((rc = parse_response_svr(svr_sock, err_msg)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = false; retries++; usleep(50000); continue; } else { /* Success case */ message = "0|0||"; if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock); } sprintf(msg_buf, "User %s at IP:port %s:%d logged in", *user_name_ptr, server_name, server_port); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } break; } } if (disconnect_svr == true) { send_svr_disconnect(svr_sock, *user_name_ptr); socket_close(svr_sock); } if (trq_server_addr != NULL) free(trq_server_addr); return(rc); } // END authorize_socket()
void *process_svr_conn( void *sock) { const char *className = "trqauthd"; int rc = PBSE_NONE; char *server_name = NULL; int server_port = 0; char *user_name = NULL; int user_pid = 0; int user_sock = 0; std::string error_string; std::string message; int msg_len = 0; int local_socket = *(int *)sock; char msg_buf[1024]; long long req_type; /* Type of request coming in */ rc = socket_read_num(local_socket, &req_type); if (rc == PBSE_NONE) { switch (req_type) { case TRQ_DOWN_TRQAUTHD: { rc = parse_terminate_request(local_socket, &user_name, &user_pid); if (rc != PBSE_NONE) break; /* root is the only user that can terminate trqauthd */ if (strcmp(user_name, "root")) { rc = PBSE_PERM; break; } rc = validate_user(local_socket, user_name, user_pid, msg_buf); if (rc == PBSE_NONE) { trqauthd_up = false; rc = build_active_server_response(message); } break; } case TRQ_PING_SERVER: case TRQ_GET_ACTIVE_SERVER: { /* rc will get evaluated after the switch statement. */ rc = build_active_server_response(message); break; } case TRQ_VALIDATE_ACTIVE_SERVER: { if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE) { break; } else if ((rc = build_active_server_response(message)) != PBSE_NONE) { break; } break; } case TRQ_AUTH_CONNECTION: { rc = authorize_socket(local_socket, message, msg_buf, &server_name, &user_name, error_string); break; } default: rc = PBSE_IVALREQ; break; } } else { sprintf(msg_buf, "socket_read_num failed: %d", rc); log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); } #ifdef UNIT_TEST /* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c to discover the status of unit test calls to process_svr_conn */ process_svr_conn_rc = rc; #endif if (rc != PBSE_NONE) { /* Failure case */ msg_len = 6 + 1 + 6 + 1 + 1; if (error_string.size() == 0) { char *err = pbse_to_txt(rc); if (err != NULL) error_string = err; } msg_len += error_string.size(); message = string_format("%d|%d|%s|",rc, error_string.size(), error_string.c_str()); if (debug_mode == TRUE) { if (server_name != NULL) fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (Err Num %d)\n", server_name, server_port, user_sock, rc); } if (error_string.size() == 0) { if (server_name != NULL) snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d login attempt failed --no message", (user_name) ? user_name : "null", server_name, server_port); } else { snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d login attempt failed --%s", (user_name) ? user_name : "null", (server_name) ? server_name : "null", server_port, error_string.c_str()); } log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } if (message.length() != 0) rc = socket_write(local_socket, message.c_str(), message.length()); if (server_name != NULL) free(server_name); if (user_name != NULL) free(user_name); socket_close(local_socket); free(sock); return(NULL); } /* END process_svr_conn() */
int trq_main( int argc, char **argv, char ** UNUSED(envp)) { int rc = PBSE_NONE; char *the_key = NULL; char *sign_key = NULL; int trq_server_port = 0; char *daemon_port = NULL; void *(*process_method)(void *) = process_svr_conn; parse_command_line(argc, argv); if (IamRoot() == 0) { printf("This program must be run as root!!!\n"); return(PBSE_IVALREQ); } rc = set_trqauthd_addr(); if (rc != PBSE_NONE) return(rc); if (down_server == true) { rc = terminate_trqauthd(); return(rc); } if ((rc = load_trqauthd_config(&active_pbs_server, &trq_server_port, &daemon_port)) != PBSE_NONE) { fprintf(stderr, "Failed to load configuration. Make sure the $TORQUE_HOME/server_name file exists\n"); } else if ((rc = check_trqauthd_unix_domain_port(daemon_port)) != PBSE_NONE) { fprintf(stderr, "trqauthd unix domain file %s already bound.\n trqauthd may already be running \n", daemon_port); } else if ((rc = load_ssh_key(&the_key)) != PBSE_NONE) { } else if ((rc = init_trqauth_log(daemon_port)) != PBSE_NONE) { fprintf(stderr, "ERROR: Failed to initialize trqauthd log\n"); } else if ((rc = validate_server(active_pbs_server, trq_server_port, the_key, &sign_key)) != PBSE_NONE) { } else if ((rc = daemonize_trqauthd(AUTH_IP, daemon_port, process_method)) == PBSE_NONE) { } else { printf("Daemon exit requested\n"); } if (the_key != NULL) free(the_key); if (daemon_port != NULL) free(daemon_port); return rc; }
void *process_svr_conn( void *sock) { const char *className = "trqauthd"; int rc = PBSE_NONE; char *server_name = NULL; int server_port = 0; int auth_type = 0; char *user_name = NULL; int user_pid = 0; int user_sock = 0; char *error_msg = NULL; std::string message; int send_len = 0; char *trq_server_addr = NULL; int trq_server_addr_len = 0; int svr_sock = -1; int msg_len = 0; int debug_mark = 0; int local_socket = *(int *)sock; char msg_buf[1024]; long long req_type; /* Type of request coming in */ rc = socket_read_num(local_socket, &req_type); if (rc == PBSE_NONE) { switch (req_type) { case TRQ_DOWN_TRQAUTHD: { rc = parse_terminate_request(local_socket, &user_name, &user_pid); if (rc != PBSE_NONE) break; /* root is the only user that can terminate trqauthd */ if (strcmp(user_name, "root")) { rc = PBSE_PERM; break; } rc = validate_user(local_socket, user_name, user_pid, msg_buf); if (rc == PBSE_NONE) { trqauthd_up = false; rc = build_active_server_response(message); } break; } case TRQ_PING_SERVER: case TRQ_GET_ACTIVE_SERVER: { /* rc will get evaluated after the switch statement. */ rc = build_active_server_response(message); break; } case TRQ_VALIDATE_ACTIVE_SERVER: { if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE) { break; } else if ((rc = build_active_server_response(message)) != PBSE_NONE) { break; } break; } case TRQ_AUTH_CONNECTION: { int disconnect_svr = TRUE; /* incoming message format is: * trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock| * message format to pbs_server is: * +2+22+492+user+sock+0 * format from pbs_server is: * +2+2+0+0+1 * outgoing message format is: * #|msg_len|message| * Send response to client here!! * Disconnect message to svr: * +2+22+592+{user_len}{user} * * msg to client in the case of success: * 0|0|| */ if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_pid, &user_sock)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 1; } else { int retries = 0; while (retries < MAX_RETRIES) { rc = PBSE_NONE; disconnect_svr = TRUE; if ((rc = validate_user(local_socket, user_name, user_pid, msg_buf)) != PBSE_NONE) { log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); disconnect_svr = FALSE; debug_mark = 1; retries++; usleep(20000); continue; } else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE) { disconnect_svr = FALSE; debug_mark = 2; retries++; usleep(20000); continue; } else if ((svr_sock = socket_get_tcp_priv()) < 0) { rc = PBSE_SOCKET_FAULT; disconnect_svr = FALSE; debug_mark = 3; retries++; usleep(10000); continue; } else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE) { /* for now we only need ssh_key and sign_key as dummys */ char *ssh_key = NULL; char *sign_key = NULL; char log_buf[LOCAL_LOG_BUF_SIZE]; validate_server(server_name, server_port, ssh_key, &sign_key); sprintf(log_buf, "Active server is %s", active_pbs_server); log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf); disconnect_svr = FALSE; debug_mark = 4; socket_close(svr_sock); retries++; usleep(50000); continue; } else if ((rc = build_request_svr(auth_type, user_name, user_sock, message)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = FALSE; debug_mark = 5; retries++; usleep(50000); continue; } else if ((send_len = message.length()) <= 0) { socket_close(svr_sock); disconnect_svr = FALSE; rc = PBSE_INTERNAL; debug_mark = 6; retries++; usleep(50000); continue; } else if ((rc = socket_write(svr_sock, message.c_str(), send_len)) != send_len) { socket_close(svr_sock); disconnect_svr = FALSE; rc = PBSE_SOCKET_WRITE; debug_mark = 7; retries++; usleep(50000); continue; } else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE) { socket_close(svr_sock); disconnect_svr = FALSE; debug_mark = 8; retries++; usleep(50000); continue; } else { /* Success case */ message = "0|0||"; if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n", server_name, server_port, user_sock); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d logged in", user_name, server_name, server_port); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } break; } } if (TRUE == disconnect_svr) { send_svr_disconnect(svr_sock, user_name); socket_close(svr_sock); } break; } default: rc = PBSE_IVALREQ; break; } } else { sprintf(msg_buf, "socket_read_num failed: %d", rc); log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf); } #ifdef UNIT_TEST /* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c to discover the status of unit test calls to process_svr_conn */ process_svr_conn_rc = rc; #endif if (rc != PBSE_NONE) { /* Failure case */ msg_len = 6 + 1 + 6 + 1 + 1; if (error_msg == NULL) { char *tmp_err = pbse_to_txt(rc); if (tmp_err != NULL) error_msg = strdup(tmp_err); else error_msg = strdup(""); } msg_len += strlen(error_msg); message = string_format("%d|%d|%s|",rc,strlen(error_msg),error_msg); if (debug_mode == TRUE) { fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc); } snprintf(msg_buf, sizeof(msg_buf), "User %s at IP:port %s:%d login attempt failed --%s", (user_name) ? user_name : "null", (server_name) ? server_name : "null", server_port, (error_msg) ? error_msg : "null"); log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, className, msg_buf); } if (message.length() != 0) rc = socket_write(local_socket, message.c_str(), message.length()); if (trq_server_addr != NULL) free(trq_server_addr); if (server_name != NULL) free(server_name); if (user_name != NULL) free(user_name); if (error_msg != NULL) free(error_msg); socket_close(local_socket); free(sock); return(NULL); } /* END process_svr_conn() */