inline SessionHandle open_rw_session_with_user_login()
{
Flags session_flags = PKCS11::flags(Flag::SerialSession | Flag::RwSession);
SessionHandle handle = open_session(session_flags);
login(UserType::User, PIN_SECVEC);
return handle;
}
/**
* Open a number of sessions concurrently or sequentially
*
* @param cluster Cluster to use in order to create sessions
* @param sessions Session container for creating sessions
* @param num_of_sessions Number of sessions to create concurrently
* @param is_concurrently True if concurrent; false otherwise
*/
void open_sessions(SessionContainer* sessions, unsigned int num_of_sessions, bool is_concurrently = true) {
//Create session threads
std::vector<uv_thread_t> threads(num_of_sessions);
for (unsigned int n = 0; n < num_of_sessions; ++n) {
if (is_concurrently) {
uv_thread_create(&threads[n], open_session, sessions);
} else {
open_session(sessions);
}
}
//Ensure all threads have completed
if (is_concurrently) {
for (unsigned int n = 0; n < num_of_sessions; ++n) {
uv_thread_join(&threads[n]);
}
}
//TODO: Remove sleep and create a timed wait for log messages (no boost)
for (unsigned int n = 0; n < (SESSION_STRESS_NUMBER_OF_ITERATIONS * 20); ++n) {
if (static_cast<unsigned int>(test_utils::CassLog::message_count()) != num_of_sessions) {
boost::this_thread::sleep_for(boost::chrono::milliseconds(100));
} else {
break;
}
}
BOOST_TEST_MESSAGE("\t\tOpened: " << test_utils::CassLog::message_count());
}
void SessionProxy::on_failed() {
if (session_generation_ != get_link_token()) {
return;
}
close_session();
open_session();
}
static pam_handle_t *
perform_basic (void)
{
struct pam_conv conv = { pam_conv_func, };
pam_handle_t *pamh;
char *input = NULL;
char *password;
int res;
debug ("reading password from cockpit-ws");
/* The input should be a user:password */
input = read_auth_until_eof (NULL);
password = strchr (input, ':');
if (password == NULL || strchr (password + 1, '\n'))
{
debug ("bad basic auth input");
write_auth_begin (PAM_AUTH_ERR);
write_auth_end ();
exit (5);
}
*password = '******';
password++;
conv.appdata_ptr = &input;
res = pam_start ("cockpit", input, &conv, &pamh);
if (res != PAM_SUCCESS)
errx (EX, "couldn't start pam: %s", pam_strerror (NULL, res));
/* Move the password into place for use during auth */
memmove (input, password, strlen (password) + 1);
if (pam_set_item (pamh, PAM_RHOST, rhost) != PAM_SUCCESS ||
pam_get_item (pamh, PAM_USER, (const void **)&user) != PAM_SUCCESS)
errx (EX, "couldn't setup pam");
debug ("authenticating %s", user);
res = pam_authenticate (pamh, 0);
if (res == PAM_SUCCESS)
res = open_session (pamh, user);
write_auth_begin (res);
if (res == PAM_SUCCESS && user)
write_auth_string ("user", user);
write_auth_end ();
if (res != PAM_SUCCESS)
exit (5);
if (input)
{
memset (input, 0, strlen (input));
free (input);
}
return pamh;
}
void SessionProxy::update_main_flag(bool is_main) {
if (is_main_ == is_main) {
return;
}
LOG(INFO) << "Update " << get_name() << " is_main to " << is_main;
is_main_ = is_main;
close_session();
open_session();
}
void SessionProxy::send(NetQueryPtr query) {
if (query->auth_flag() == NetQuery::AuthFlag::On && auth_state_ != AuthState::OK) {
query->debug(PSTRING() << get_name() << ": wait for auth");
pending_queries_.emplace_back(std::move(query));
return;
}
if (session_.empty()) {
open_session(true);
}
query->debug(PSTRING() << get_name() << ": sent to session");
send_closure(session_, &Session::send, std::move(query));
}
void tvdemo() {
printf("This demo show how to handle TTreeViewer sessions\n");
printf("Compile class Event from test directory before running this\n");
printf("- use arrow buttons from bottom to cycle records ...\n");
printf("- make new expressions and drag them to X, Y, Z or Cut items ...\n");
printf("- use the Draw button to check your current selection ...\n");
printf("- click the record button once you are happy with this ...\n");
printf("- open the TV context menu (right-click on the right panel)...\n");
printf(" Use : RemoveLastRecord() - to remove last record :-)\n");
printf(" SetRecordName() - to name current record\n");
printf(" UpdateRecord() - if you want to change a record from the list\n");
printf(" with your new X, Y, Z, Cut configuration.\n");
printf(" Best luck !\n");
open_session();
}
void SessionProxy::update_auth_state() {
auth_state_ = auth_data_->get_auth_state().first;
if (pending_queries_.empty() && !need_wait_for_key_) {
return;
}
if (auth_state_ != AuthState::OK) {
return;
}
if (session_.empty()) {
open_session(true);
}
for (auto &query : pending_queries_) {
query->debug(PSTRING() << get_name() << ": sent to session");
send_closure(session_, &Session::send, std::move(query));
}
pending_queries_.clear();
}
void SessionProxy::start_up() {
class Listener : public AuthDataShared::Listener {
public:
explicit Listener(ActorShared<SessionProxy> session_proxy) : session_proxy_(std::move(session_proxy)) {
}
bool notify() override {
if (!session_proxy_.is_alive()) {
return false;
}
send_closure(session_proxy_, &SessionProxy::update_auth_state);
return true;
}
private:
ActorShared<SessionProxy> session_proxy_;
};
auth_state_ = auth_data_->get_auth_state().first;
auth_data_->add_auth_key_listener(std::make_unique<Listener>(actor_shared(this)));
if (is_main_ && !need_wait_for_key_) {
open_session();
}
}
int run_client(t_info *info)
{
t_cmd cmd;
printf("[*] Waiting for Welcome message\n");
if (!open_session(info))
info->keep_connected = 0;
while (info->keep_connected)
{
memset(&cmd, 0, sizeof(cmd));
if (!prompt(&cmd))
info->keep_connected = 0;
else
{
run_cmd(info, &cmd);
free(cmd.cmd);
free(cmd.arg);
}
}
printf("[*] Disconnected from server\n");
return (1);
}
int main(int argc, char **argv)
{
int c, eflag = 0;
char *val;
while ( (c = getopt( argc, argv,"c:ef:x?")) != EOF )
switch(c) {
case 'c':
setenv("OPENHPI_CONF", optarg, 1);
break;
case 'e':
eflag = 1;
break;
case 'f':
open_file(optarg);
break;
case 'x':
debug_flag = 1;
break;
default:
printf("Usage: %s [-c <cfgfile>][-e][-f <file>]\n", argv[0]);
printf(" -c <cfgfile> - use passed file as configuration file\n");
printf(" -e - show short events, discover after subscribe\n");
printf(" -f <file> - execute command file\n");
return(1);
}
val = getenv("OPENHPI_THREADED");
if ((val == (char *)NULL) || (strcmp(val, "YES") != 0)) {
printf("Please, set OPENHPI_THREADED environment!\n");
};
domainlist = (GSList *)NULL;
if (open_session(eflag) == -1)
return(1);
cmd_shell();
close_session();
return 0;
}
int
main (int argc,
char *argv[])
{
GError *error = NULL;
g_setenv ("G_DEBUG", "fatal_criticals", FALSE);
g_log_set_always_fatal (G_LOG_LEVEL_CRITICAL);
manager = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
G_DBUS_PROXY_FLAGS_NONE,
NULL,
DBUS_NAME,
DBUS_MANAGER_OBJECT_PATH,
DBUS_MANAGER_INTERFACE,
NULL,
&error);
if (manager == NULL || error != NULL)
{
if (error != NULL) {
g_printerr ("Error creating manager proxy: %s\n", error->message);
g_clear_error (&error);
}
return FALSE;
}
print_proxy_info (manager);
open_session ();
get_sessions (NULL);
g_object_unref (manager);
return 0;
}
{
int method;
char *pref;
if (!PyArg_ParseTuple(args, "is:session_method_pref", &method, &pref)) {
return NULL;
}
return PyInt_FromLong(libssh2_session_method_pref(self->session, method, pref)==0?1:0);
}
/* }}} */
/* {{{ PYLIBSSH2_Session_open_session
*/
static char PYLIBSSH2_Session_open_session_doc[] = "\n\
open_session() -> libssh2.Channel\n\
\n\
Allocates a new channel for the current session.\n\
\n\
@return new channel opened\n\
@rtype libssh2.Channel";
static PyObject *
PYLIBSSH2_Session_open_session(PYLIBSSH2_SESSION *self, PyObject *args)
{
int dealloc = 1;
LIBSSH2_CHANNEL *channel;
if (!PyArg_ParseTuple(args, "|i:open_session", &dealloc)) {
return NULL;
}
std::shared_ptr<session> sqldb::open_session(const std::string &uristr)
{
db::uri uri(uristr);
return open_session(uri);
}
session connection::open_session() {
return open_session(session_options());
}
static pam_handle_t *
perform_gssapi (void)
{
struct pam_conv conv = { pam_conv_func, };
OM_uint32 major, minor;
gss_cred_id_t server = GSS_C_NO_CREDENTIAL;
gss_cred_id_t client = GSS_C_NO_CREDENTIAL;
gss_buffer_desc input = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output = GSS_C_EMPTY_BUFFER;
gss_buffer_desc local = GSS_C_EMPTY_BUFFER;
gss_buffer_desc display = GSS_C_EMPTY_BUFFER;
gss_name_t name = GSS_C_NO_NAME;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_OID mech_type = GSS_C_NO_OID;
pam_handle_t *pamh = NULL;
OM_uint32 flags = 0;
char *str = NULL;
OM_uint32 caps = 0;
int res;
server = GSS_C_NO_CREDENTIAL;
res = PAM_AUTH_ERR;
/* We shouldn't be writing to kerberos caches here */
setenv ("KRB5CCNAME", "FILE:/dev/null", 1);
debug ("reading kerberos auth from cockpit-ws");
input.value = read_auth_until_eof (&input.length);
major = gss_accept_sec_context (&minor, &context, server, &input,
GSS_C_NO_CHANNEL_BINDINGS, &name, &mech_type,
&output, &flags, &caps, &client);
if (GSS_ERROR (major))
{
warnx ("gssapi auth failed: %s", gssapi_strerror (major, minor));
goto out;
}
/*
* In general gssapi mechanisms can require multiple challenge response
* iterations keeping &context between each, however Kerberos doesn't
* require this, so we don't care :O
*
* If we ever want this to work with something other than Kerberos, then
* we'll have to have some sorta session that holds the context.
*/
if (major & GSS_S_CONTINUE_NEEDED)
goto out;
major = gss_localname (&minor, name, mech_type, &local);
if (major == GSS_S_COMPLETE)
{
minor = 0;
str = dup_string (local.value, local.length);
debug ("mapped gssapi name to local user '%s'", str);
if (getpwnam (str))
{
res = pam_start ("cockpit", str, &conv, &pamh);
}
else
{
/* If the local user doesn't exist, pretend gss_localname() failed */
free (str);
str = NULL;
major = GSS_S_FAILURE;
minor = KRB5_NO_LOCALNAME;
}
}
if (major != GSS_S_COMPLETE)
{
if (minor == (OM_uint32)KRB5_NO_LOCALNAME || minor == (OM_uint32)KRB5_LNAME_NOTRANS)
{
major = gss_display_name (&minor, name, &display, NULL);
if (GSS_ERROR (major))
{
warnx ("couldn't get gssapi display name: %s", gssapi_strerror (major, minor));
goto out;
}
str = dup_string (display.value, display.length);
debug ("no local user mapping for gssapi name '%s'", str);
res = pam_start ("cockpit", str, &conv, &pamh);
}
else
{
warnx ("couldn't map gssapi name to local user: %s", gssapi_strerror (major, minor));
goto out;
}
}
if (res != PAM_SUCCESS)
errx (EX, "couldn't start pam: %s", pam_strerror (NULL, res));
if (pam_set_item (pamh, PAM_RHOST, rhost) != PAM_SUCCESS ||
pam_get_item (pamh, PAM_USER, (const void **)&user) != PAM_SUCCESS)
errx (EX, "couldn't setup pam");
assert (user != NULL);
res = open_session (pamh, user);
out:
write_auth_begin (res);
if (user)
write_auth_string ("user", user);
if (output.value)
write_auth_hex ("gssapi-output", output.value, output.length);
if (output.value)
gss_release_buffer (&minor, &output);
output.value = NULL;
output.length = 0;
if (caps & GSS_C_DELEG_FLAG && client != GSS_C_NO_CREDENTIAL)
{
#ifdef HAVE_GSS_IMPORT_CRED
major = gss_export_cred (&minor, client, &output);
if (GSS_ERROR (major))
warnx ("couldn't export gssapi credentials: %s", gssapi_strerror (major, minor));
else if (output.value)
write_auth_hex ("gssapi-creds", output.value, output.length);
#else
/* cockpit-ws will complain for us, if they're ever used */
write_auth_hex ("gssapi-creds", (void *)"", 0);
#endif
}
write_auth_end ();
if (display.value)
gss_release_buffer (&minor, &display);
if (output.value)
gss_release_buffer (&minor, &output);
if (local.value)
gss_release_buffer (&minor, &local);
if (client != GSS_C_NO_CREDENTIAL)
gss_release_cred (&minor, &client);
if (server != GSS_C_NO_CREDENTIAL)
gss_release_cred (&minor, &server);
if (name != GSS_C_NO_NAME)
gss_release_name (&minor, &name);
if (context != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&minor, &context, GSS_C_NO_BUFFER);
free (input.value);
free (str);
unsetenv ("KRB5CCNAME");
if (res != PAM_SUCCESS)
exit (5);
return pamh;
}
/* This program must be able to operate in any of three modes:
*
* (1) As a "fast filter" for the UNIX System V "lp" subsystem;
* (2) As a "printer-interface" agent for the UNIX BSD4 "lpr" subsystem;
* (3) As a standalone program.
*
* In cases (1) and (2) above, we assume that our stdout is already connected
* to the required serial-port, but that the port is in an unknown state (in
* the POSIX 1003.1 "termios" sense). We also assume that the port may have
* open()-ed in write-only mode, which is OK for some printers, but not for
* the SLP protocol, which requires a full-duplex channel. Thus we may have
* to use fcntl() to make it both readable and writable.
*/
INT main(UINT ac, CHAR **av)
{
FILE *file;
SHORT numcopies = 1;
CHAR *face = "areal-10";
CHAR *target = "-"; /* DO NOT CHANGE THIS INITIALISER! */
CHAR *p;
BOOL identify = NO;
FONT *font;
CHAR *modelname = "auto";
CHAR *medianame = "std";
BOOL portrait = NO;
BOOL squeeze = NO;
LONG maxbaudval = 0;
SHORT baud_mapping_scheme = BAUDMAP_POSIX;
SESSION *sd;
getflags(&ac, &av, "b##,c#,f*,l,m*,o*,portrait,p*,s,version,x#",
"[files]",
&maxbaudval, &numcopies, &face, &lp_messages, &medianame,
&target, &portrait, &modelname, &squeeze, &identify,
&baud_mapping_scheme);
if (identify)
{
identity();
exit (EXIT_FAILURE);
}
if (!set_baud_mapping(baud_mapping_scheme))
Error("invalid baud-rate mapping scheme (-x%h)",
baud_mapping_scheme);
#ifndef PATH_MAX
set_path_max();
#endif
assert(target);
sd = open_session(target, modelname, medianame, portrait, maxbaudval);
p = (sd->drv.hres(sd->opd) > 7.0) ? "pro" : "plus";
if (!(font = locate_font(face, p)))
{
Error("cannot locate font: %s.%s", face, p);
}
if (!ac || !*av)
{
CHAR buf[BUFSIZ];
if (!(file = tmpfile()))
Warning("cannot create temporary file");
else
{
while (fgets(buf, BUFSIZ, stdin))
fputs(buf, file);
rewind(file);
render(sd, file, numcopies, font, portrait, squeeze, NO);
fclose(file); /* which also removes it */
}
}
for ( ; ac && *av; --ac, ++av)
{
if (!(file = fopen(*av, "r")))
Warning("cannot read input file: %s", *av);
else
{
render(sd, file, numcopies, font, portrait, squeeze, NO);
fclose(file);
}
}
dropfont(font);
close_session(sd);
return (EXIT_SUCCESS);
}
