END_TEST
START_TEST(test_validate_server)
{
char active_server_name[PBS_MAXHOSTNAME+1];
char *ssh_key = NULL;
char *sign_key = NULL;
int rc;
int port = 16001;
connect_success = true;
getaddrinfo_success = true;
socket_success = true;
setsockopt_success = true;
close_success = true;
write_success = true;
socket_read_success = true;
socket_read_num_success = true;
getsockopt_success = true;
tcp_priv_success = true;
socket_connect_success = true;
DIS_success = true;
strcpy(active_server_name, "localhost");
rc = validate_server(active_server_name, port, ssh_key, &sign_key);
fail_unless(rc == PBSE_NONE, "validate_server success case failed", rc);
}
int trq_main(
int argc,
char **argv,
char **envp)
{
int rc = PBSE_NONE;
char *trq_server_ip = NULL;
char *the_key = NULL;
char *sign_key = NULL;
int trq_server_port = 0;
int daemon_port = 0;
void *(*process_method)(void *) = process_svr_conn;
if (IamRoot() == 0)
{
printf("This program must be run as root!!!\n");
return(PBSE_IVALREQ);
}
parse_command_line(argc, argv);
if ((rc = load_config(&trq_server_ip, &trq_server_port, &daemon_port)) != PBSE_NONE)
{
}
else if ((rc = load_ssh_key(&the_key)) != PBSE_NONE)
{
}
else if ((validate_server(trq_server_ip, trq_server_port, the_key, &sign_key)) != PBSE_NONE)
{
}
else if ((rc = daemonize_trqauthd(AUTH_IP, daemon_port, process_method)) == PBSE_NONE)
{
}
else
{
printf("Daemon exit requested\n");
}
if (the_key != NULL)
free(the_key);
return rc;
}
int build_active_server_response(
std::string &message)
{
int rc = PBSE_NONE;
int len = 0;
len = strlen(active_pbs_server);
if (len == 0)
{
validate_server(NULL, 0, NULL, NULL);
len = strlen(active_pbs_server);
}
message = string_format("%d|%d|%s|%d|",0,len,active_pbs_server, active_pbs_server_port);
return(rc);
}
int authorize_socket(
int local_socket,
std::string &message,
char *msg_buf,
char **server_name_ptr,
char **user_name_ptr,
std::string &err_msg)
{
int rc;
bool disconnect_svr = true;
int server_port;
int auth_type = 0;
int svr_sock = -1;
int user_pid = 0;
int user_sock = 0;
int trq_server_addr_len = 0;
char *trq_server_addr = NULL;
const char *className = "trqauthd";
/* incoming message format is:
* trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
* message format to pbs_server is:
* +2+22+492+user+sock+0
* format from pbs_server is:
* +2+2+0+0+1
* outgoing message format is:
* #|msg_len|message|
* Send response to client here!!
* Disconnect message to svr:
* +2+22+592+{user_len}{user}
*
* msg to client in the case of success:
* 0|0||
*/
if ((rc = parse_request_client(local_socket, server_name_ptr, &server_port, &auth_type, user_name_ptr, &user_pid, &user_sock)) != PBSE_NONE)
{
if (*server_name_ptr != NULL)
free(*server_name_ptr);
if (*user_name_ptr != NULL)
free(*user_name_ptr);
return(rc);
}
else
{
int retries = 0;
char *server_name = *server_name_ptr;
while (retries < MAX_RETRIES)
{
rc = PBSE_NONE;
disconnect_svr = true;
if ((rc = validate_user(local_socket, *user_name_ptr, user_pid, msg_buf)) != PBSE_NONE)
{
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
disconnect_svr = false;
retries++;
usleep(20000);
continue;
}
else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
{
disconnect_svr = false;
retries++;
usleep(20000);
continue;
}
else if ((svr_sock = socket_get_tcp_priv()) < 0)
{
rc = PBSE_SOCKET_FAULT;
disconnect_svr = false;
retries++;
usleep(10000);
continue;
}
else if ((rc = socket_connect(svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, err_msg)) != PBSE_NONE)
{
/* for now we only need ssh_key and sign_key as dummys */
char *ssh_key = NULL;
char *sign_key = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
validate_server(server_name, server_port, ssh_key, &sign_key);
sprintf(log_buf, "Active server is %s", active_pbs_server);
log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
disconnect_svr = false;
socket_close(svr_sock);
retries++;
usleep(50000);
continue;
}
else if ((rc = build_request_svr(auth_type, *user_name_ptr, user_sock, message)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = false;
retries++;
usleep(50000);
continue;
}
else if (message.size() <= 0)
{
socket_close(svr_sock);
disconnect_svr = false;
rc = PBSE_INTERNAL;
retries++;
usleep(50000);
continue;
}
else if ((rc = socket_write(svr_sock, message.c_str(), message.size())) != (int)message.size())
{
socket_close(svr_sock);
disconnect_svr = false;
rc = PBSE_SOCKET_WRITE;
retries++;
usleep(50000);
continue;
}
else if ((rc = parse_response_svr(svr_sock, err_msg)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = false;
retries++;
usleep(50000);
continue;
}
else
{
/* Success case */
message = "0|0||";
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
server_name, server_port, user_sock);
}
sprintf(msg_buf,
"User %s at IP:port %s:%d logged in", *user_name_ptr, server_name, server_port);
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
break;
}
}
if (disconnect_svr == true)
{
send_svr_disconnect(svr_sock, *user_name_ptr);
socket_close(svr_sock);
}
if (trq_server_addr != NULL)
free(trq_server_addr);
return(rc);
} // END authorize_socket()
void *process_svr_conn(
void *sock)
{
const char *className = "trqauthd";
int rc = PBSE_NONE;
char *server_name = NULL;
int server_port = 0;
char *user_name = NULL;
int user_pid = 0;
int user_sock = 0;
std::string error_string;
std::string message;
int msg_len = 0;
int local_socket = *(int *)sock;
char msg_buf[1024];
long long req_type; /* Type of request coming in */
rc = socket_read_num(local_socket, &req_type);
if (rc == PBSE_NONE)
{
switch (req_type)
{
case TRQ_DOWN_TRQAUTHD:
{
rc = parse_terminate_request(local_socket, &user_name, &user_pid);
if (rc != PBSE_NONE)
break;
/* root is the only user that can terminate trqauthd */
if (strcmp(user_name, "root"))
{
rc = PBSE_PERM;
break;
}
rc = validate_user(local_socket, user_name, user_pid, msg_buf);
if (rc == PBSE_NONE)
{
trqauthd_up = false;
rc = build_active_server_response(message);
}
break;
}
case TRQ_PING_SERVER:
case TRQ_GET_ACTIVE_SERVER:
{
/* rc will get evaluated after the switch statement. */
rc = build_active_server_response(message);
break;
}
case TRQ_VALIDATE_ACTIVE_SERVER:
{
if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE)
{
break;
}
else if ((rc = build_active_server_response(message)) != PBSE_NONE)
{
break;
}
break;
}
case TRQ_AUTH_CONNECTION:
{
rc = authorize_socket(local_socket, message, msg_buf, &server_name, &user_name, error_string);
break;
}
default:
rc = PBSE_IVALREQ;
break;
}
}
else
{
sprintf(msg_buf, "socket_read_num failed: %d", rc);
log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
}
#ifdef UNIT_TEST
/* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c
to discover the status of unit test calls to process_svr_conn
*/
process_svr_conn_rc = rc;
#endif
if (rc != PBSE_NONE)
{
/* Failure case */
msg_len = 6 + 1 + 6 + 1 + 1;
if (error_string.size() == 0)
{
char *err = pbse_to_txt(rc);
if (err != NULL)
error_string = err;
}
msg_len += error_string.size();
message = string_format("%d|%d|%s|",rc, error_string.size(), error_string.c_str());
if (debug_mode == TRUE)
{
if (server_name != NULL)
fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (Err Num %d)\n",
server_name, server_port, user_sock, rc);
}
if (error_string.size() == 0)
{
if (server_name != NULL)
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d login attempt failed --no message",
(user_name) ? user_name : "null",
server_name, server_port);
}
else
{
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d login attempt failed --%s",
(user_name) ? user_name : "null",
(server_name) ? server_name : "null", server_port,
error_string.c_str());
}
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
if (message.length() != 0)
rc = socket_write(local_socket, message.c_str(), message.length());
if (server_name != NULL)
free(server_name);
if (user_name != NULL)
free(user_name);
socket_close(local_socket);
free(sock);
return(NULL);
} /* END process_svr_conn() */
int trq_main(
int argc,
char **argv,
char ** UNUSED(envp))
{
int rc = PBSE_NONE;
char *the_key = NULL;
char *sign_key = NULL;
int trq_server_port = 0;
char *daemon_port = NULL;
void *(*process_method)(void *) = process_svr_conn;
parse_command_line(argc, argv);
if (IamRoot() == 0)
{
printf("This program must be run as root!!!\n");
return(PBSE_IVALREQ);
}
rc = set_trqauthd_addr();
if (rc != PBSE_NONE)
return(rc);
if (down_server == true)
{
rc = terminate_trqauthd();
return(rc);
}
if ((rc = load_trqauthd_config(&active_pbs_server, &trq_server_port, &daemon_port)) != PBSE_NONE)
{
fprintf(stderr, "Failed to load configuration. Make sure the $TORQUE_HOME/server_name file exists\n");
}
else if ((rc = check_trqauthd_unix_domain_port(daemon_port)) != PBSE_NONE)
{
fprintf(stderr, "trqauthd unix domain file %s already bound.\n trqauthd may already be running \n", daemon_port);
}
else if ((rc = load_ssh_key(&the_key)) != PBSE_NONE)
{
}
else if ((rc = init_trqauth_log(daemon_port)) != PBSE_NONE)
{
fprintf(stderr, "ERROR: Failed to initialize trqauthd log\n");
}
else if ((rc = validate_server(active_pbs_server, trq_server_port, the_key, &sign_key)) != PBSE_NONE)
{
}
else if ((rc = daemonize_trqauthd(AUTH_IP, daemon_port, process_method)) == PBSE_NONE)
{
}
else
{
printf("Daemon exit requested\n");
}
if (the_key != NULL)
free(the_key);
if (daemon_port != NULL)
free(daemon_port);
return rc;
}
void *process_svr_conn(
void *sock)
{
const char *className = "trqauthd";
int rc = PBSE_NONE;
char *server_name = NULL;
int server_port = 0;
int auth_type = 0;
char *user_name = NULL;
int user_pid = 0;
int user_sock = 0;
char *error_msg = NULL;
std::string message;
int send_len = 0;
char *trq_server_addr = NULL;
int trq_server_addr_len = 0;
int svr_sock = -1;
int msg_len = 0;
int debug_mark = 0;
int local_socket = *(int *)sock;
char msg_buf[1024];
long long req_type; /* Type of request coming in */
rc = socket_read_num(local_socket, &req_type);
if (rc == PBSE_NONE)
{
switch (req_type)
{
case TRQ_DOWN_TRQAUTHD:
{
rc = parse_terminate_request(local_socket, &user_name, &user_pid);
if (rc != PBSE_NONE)
break;
/* root is the only user that can terminate trqauthd */
if (strcmp(user_name, "root"))
{
rc = PBSE_PERM;
break;
}
rc = validate_user(local_socket, user_name, user_pid, msg_buf);
if (rc == PBSE_NONE)
{
trqauthd_up = false;
rc = build_active_server_response(message);
}
break;
}
case TRQ_PING_SERVER:
case TRQ_GET_ACTIVE_SERVER:
{
/* rc will get evaluated after the switch statement. */
rc = build_active_server_response(message);
break;
}
case TRQ_VALIDATE_ACTIVE_SERVER:
{
if ((rc = validate_server(server_name, server_port, NULL, NULL)) != PBSE_NONE)
{
break;
}
else if ((rc = build_active_server_response(message)) != PBSE_NONE)
{
break;
}
break;
}
case TRQ_AUTH_CONNECTION:
{
int disconnect_svr = TRUE;
/* incoming message format is:
* trq_system_len|trq_system|trq_port|Validation_type|user_len|user|pid|psock|
* message format to pbs_server is:
* +2+22+492+user+sock+0
* format from pbs_server is:
* +2+2+0+0+1
* outgoing message format is:
* #|msg_len|message|
* Send response to client here!!
* Disconnect message to svr:
* +2+22+592+{user_len}{user}
*
* msg to client in the case of success:
* 0|0||
*/
if ((rc = parse_request_client(local_socket, &server_name, &server_port, &auth_type, &user_name, &user_pid, &user_sock)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 1;
}
else
{
int retries = 0;
while (retries < MAX_RETRIES)
{
rc = PBSE_NONE;
disconnect_svr = TRUE;
if ((rc = validate_user(local_socket, user_name, user_pid, msg_buf)) != PBSE_NONE)
{
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
disconnect_svr = FALSE;
debug_mark = 1;
retries++;
usleep(20000);
continue;
}
else if ((rc = get_trq_server_addr(server_name, &trq_server_addr, &trq_server_addr_len)) != PBSE_NONE)
{
disconnect_svr = FALSE;
debug_mark = 2;
retries++;
usleep(20000);
continue;
}
else if ((svr_sock = socket_get_tcp_priv()) < 0)
{
rc = PBSE_SOCKET_FAULT;
disconnect_svr = FALSE;
debug_mark = 3;
retries++;
usleep(10000);
continue;
}
else if ((rc = socket_connect(&svr_sock, trq_server_addr, trq_server_addr_len, server_port, AF_INET, 1, &error_msg)) != PBSE_NONE)
{
/* for now we only need ssh_key and sign_key as dummys */
char *ssh_key = NULL;
char *sign_key = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
validate_server(server_name, server_port, ssh_key, &sign_key);
sprintf(log_buf, "Active server is %s", active_pbs_server);
log_event(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, log_buf);
disconnect_svr = FALSE;
debug_mark = 4;
socket_close(svr_sock);
retries++;
usleep(50000);
continue;
}
else if ((rc = build_request_svr(auth_type, user_name, user_sock, message)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
debug_mark = 5;
retries++;
usleep(50000);
continue;
}
else if ((send_len = message.length()) <= 0)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
rc = PBSE_INTERNAL;
debug_mark = 6;
retries++;
usleep(50000);
continue;
}
else if ((rc = socket_write(svr_sock, message.c_str(), send_len)) != send_len)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
rc = PBSE_SOCKET_WRITE;
debug_mark = 7;
retries++;
usleep(50000);
continue;
}
else if ((rc = parse_response_svr(svr_sock, &error_msg)) != PBSE_NONE)
{
socket_close(svr_sock);
disconnect_svr = FALSE;
debug_mark = 8;
retries++;
usleep(50000);
continue;
}
else
{
/* Success case */
message = "0|0||";
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d success. Conn %d authorized\n",
server_name, server_port, user_sock);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d logged in", user_name, server_name, server_port);
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
break;
}
}
if (TRUE == disconnect_svr)
{
send_svr_disconnect(svr_sock, user_name);
socket_close(svr_sock);
}
break;
}
default:
rc = PBSE_IVALREQ;
break;
}
}
else
{
sprintf(msg_buf, "socket_read_num failed: %d", rc);
log_record(PBSEVENT_CLIENTAUTH, PBS_EVENTCLASS_TRQAUTHD, __func__, msg_buf);
}
#ifdef UNIT_TEST
/* process_svr_conn_rc is used by ./test/trq_auth/test_trq_auth.c
to discover the status of unit test calls to process_svr_conn
*/
process_svr_conn_rc = rc;
#endif
if (rc != PBSE_NONE)
{
/* Failure case */
msg_len = 6 + 1 + 6 + 1 + 1;
if (error_msg == NULL)
{
char *tmp_err = pbse_to_txt(rc);
if (tmp_err != NULL)
error_msg = strdup(tmp_err);
else
error_msg = strdup("");
}
msg_len += strlen(error_msg);
message = string_format("%d|%d|%s|",rc,strlen(error_msg),error_msg);
if (debug_mode == TRUE)
{
fprintf(stderr, "Conn to %s port %d Fail. Conn %d not authorized (dm = %d, Err Num %d)\n", server_name, server_port, user_sock, debug_mark, rc);
}
snprintf(msg_buf, sizeof(msg_buf),
"User %s at IP:port %s:%d login attempt failed --%s",
(user_name) ? user_name : "null",
(server_name) ? server_name : "null", server_port,
(error_msg) ? error_msg : "null");
log_record(PBSEVENT_CLIENTAUTH | PBSEVENT_FORCE, PBS_EVENTCLASS_TRQAUTHD,
className, msg_buf);
}
if (message.length() != 0)
rc = socket_write(local_socket, message.c_str(), message.length());
if (trq_server_addr != NULL)
free(trq_server_addr);
if (server_name != NULL)
free(server_name);
if (user_name != NULL)
free(user_name);
if (error_msg != NULL)
free(error_msg);
socket_close(local_socket);
free(sock);
return(NULL);
} /* END process_svr_conn() */
