void NetworkSocket::reapplyRemoteAddress() {
if(m_type == NST_UDP || m_type == NST_UDPBROADCAST)
// TODO: comment this, why we need that in some cases
setRemoteAddress(remoteAddress());
else
errors << "NetworkSocket::reapplyRemoteAddress cannot be done as " << TypeStr(m_type) << endl;
}
bool UTPSocket::connectSuccesFull()
{
Connection::Ptr ptr = conn.toStrongRef();
if (ptr && ptr->connectionState() == CS_CONNECTED)
{
setRemoteAddress(ptr->remoteAddress());
m_state = CONNECTED;
return true;
}
else
return false;
}
UTPSocket::UTPSocket(Connection::WPtr conn)
: net::SocketDevice(bt::UTP),
conn(conn),
blocking(true),
polled_for_reading(false),
polled_for_writing(false)
{
Connection::Ptr ptr = conn.toStrongRef();
if (ptr)
{
setRemoteAddress(ptr->remoteAddress());
ptr->setBlocking(blocking);
m_state = CONNECTED;
}
}
int Socket::activate(string remoteIpAddress, unsigned short port){
string message = "Activating socket with address: ";
message += message + remoteIpAddress + " port: " + Utils::intToString((int) port);
Colors::writeout(message, BLUE);
this->port = port;
unsigned long int remoteIpAddressCSize = sizeof(remoteIpAddress.c_str());
const char *ipstr = remoteIpAddress.c_str();
struct in_addr ip;
struct hostent *remote_info;
if (!inet_aton(ipstr, &ip))
notifyErrorOn("inet_aton");
if ((remote_info = gethostbyaddr((const void *)&ip, sizeof ip, AF_INET)) == NULL){
notifyErrorOn("gethostbyaddr");
return -2;
}
setRemoteAddress(port, remote_info);
if ((socketFd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
notifyErrorOn("socket");
return -1;
}
if (connect(socketFd, (struct sockaddr *) &remoteAddress, sizeof (remoteAddress)) < 0){
notifyErrorOn("connect");
return -1;
}
socklen_t size = sizeof (localAddress);
bzero(&localAddress, size);
if (getsockname(socketFd, (struct sockaddr*) &localAddress, &size) < 0){
notifyErrorOn("getsockname");
return -1;
}
return 0;
}
int FSocketDomain::connect(struct addrinfo *res)
{
int ret = 0;
do
{
ret = createSocket(res->ai_protocol);
if (ret != 0)
break;
ret = ::connect(this->m_socketfd, res->ai_addr, res->ai_addrlen);
if (ret != 0)
{
ELOGM_PRINTLN_ERR("connect error", FUtil::getErrCode(), FUtil::getErrStr());
break;
}
setRemoteAddress(res->ai_addr);
} while (false);
return ret == 0 ? 0 : -1;
}
int Condor_Auth_Kerberos :: authenticate_client_kerberos()
{
krb5_error_code code;
krb5_flags flags;
krb5_data request;
int reply, rc = FALSE;
request.data = 0;
request.length = 0;
//------------------------------------------
// Set up the flags
//------------------------------------------
flags = AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY;
//------------------------------------------
// Load local addresses
//------------------------------------------
assert(creds_);
if (creds_->addresses == NULL) {
dprintf ( D_SECURITY, "KERBEROS: creds_->addresses == NULL\n");
if ((code = krb5_os_localaddr(krb_context_, &(creds_->addresses)))) {
goto error;
}
}
dprintf_krb5_principal ( D_FULLDEBUG, "KERBEROS: creds_->client is '%s'\n", creds_->client);
dprintf_krb5_principal ( D_FULLDEBUG, "KERBEROS: creds_->server is '%s'\n", creds_->server);
//------------------------------------------
// Let's create the KRB_AP_REQ message
//------------------------------------------
if ((code = krb5_mk_req_extended(krb_context_,
&auth_context_,
flags,
0,
creds_,
&request))) {
goto error;
}
// Send out the request
if ((reply = send_request(&request)) != KERBEROS_MUTUAL) {
dprintf( D_ALWAYS, "KERBEROS: Could not authenticate!\n" );
return FALSE;
}
//------------------------------------------
// Now, mutual authenticate
//------------------------------------------
reply = client_mutual_authenticate();
switch (reply)
{
case KERBEROS_DENY:
dprintf( D_ALWAYS, "KERBEROS: Authentication failed\n" );
return FALSE;
break; // unreachable
case KERBEROS_FORWARD:
// We need to forward the credentials
// We could do a fast forwarding (i.e stashing, if client/server
// are located on the same machine. However, I want to keep the
// forwarding mechanism clean, so, we use krb5_fwd_tgt_creds
// regardless of where client/server are located
// This is an implict GRANT
//if (forward_tgt_creds(creds_, 0)) {
// dprintf(D_ALWAYS,"KERBEROS: Unable to forward credentials\n");
//return FALSE;
// }
case KERBEROS_GRANT:
break;
default:
dprintf( D_ALWAYS, "KERBEROS: Response is invalid\n" );
break;
}
//------------------------------------------
// Success, do some cleanup
//------------------------------------------
setRemoteAddress();
//------------------------------------------
// Store the session key for encryption
//------------------------------------------
if ((code = krb5_copy_keyblock(krb_context_, &(creds_->keyblock), &sessionKey_))) {
goto error;
}
rc = TRUE;
goto cleanup;
error:
dprintf( D_ALWAYS, "KERBEROS: %s\n", error_message(code) );
// Abort
mySock_->encode();
reply = KERBEROS_ABORT;
if (!mySock_->code(reply) || !mySock_->end_of_message()) {
dprintf( D_ALWAYS, "KERBEROS: Failed to send ABORT message.\n");
}
rc = FALSE;
cleanup:
if (creds_) {
krb5_free_creds(krb_context_, creds_);
}
if (request.data) {
free(request.data);
}
return rc;
}
