int Condor_Auth_X509::authenticate_continue(CondorError* errstack, bool non_blocking) { int gsi_auth_timeout = param_integer("GSI_AUTHENTICATION_TIMEOUT",-1); int old_timeout=0; if (gsi_auth_timeout>=0) { old_timeout = mySock_->timeout(gsi_auth_timeout); } CondorAuthX509Retval retval = Continue; while (retval == Continue) { switch (m_state) { case GetClientPre: retval = authenticate_server_pre(errstack, non_blocking); break; case GSSAuth: retval = authenticate_server_gss(errstack, non_blocking); break; case GetClientPost: retval = authenticate_server_gss_post(errstack, non_blocking); break; default: retval = Fail; break; } } if (gsi_auth_timeout>=0) { mySock_->timeout(old_timeout); //put it back to what it was before } return static_cast<int>(retval); }
int Condor_Auth_X509 :: authenticate(const char * /* remoteHost */, CondorError* errstack) { int status = 1; int reply = 0; //don't just return TRUE if isAuthenticated() == TRUE, since //we should BALANCE calls of Authenticate() on client/server side //just like end_of_message() calls must balance! if ( !authenticate_self_gss(errstack) ) { dprintf( D_SECURITY, "authenticate: user creds not established\n" ); status = 0; // If I failed, notify the other side. if (mySock_->isClient()) { // Tell the other side, abort mySock_->encode(); mySock_->code(status); mySock_->end_of_message(); } else { // I am server, first wait for the other side mySock_->decode(); mySock_->code(reply); mySock_->end_of_message(); if (reply == 1) { // The other side was okay, tell them the bad news mySock_->encode(); mySock_->code(status); mySock_->end_of_message(); } } } else { // wait to see if the other side is okay if (mySock_->isClient()) { // Tell the other side, that I am fine, then wait for answer mySock_->encode(); mySock_->code(status); mySock_->end_of_message(); mySock_->decode(); mySock_->code(reply); mySock_->end_of_message(); if (reply == 0) { // The other side failed, abort errstack->push("GSI", GSI_ERR_REMOTE_SIDE_FAILED, "Failed to authenticate because the remote (server) " "side was not able to acquire its credentials."); return 0; } } else { // I am server, first wait for the other side mySock_->decode(); mySock_->code(reply); mySock_->end_of_message(); if (reply) { mySock_->encode(); mySock_->code(status); mySock_->end_of_message(); } else { errstack->push("GSI", GSI_ERR_REMOTE_SIDE_FAILED, "Failed to authenticate because the remote (client) " "side was not able to acquire its credentials."); return 0; // The other side failed, abort } } int gsi_auth_timeout = param_integer("GSI_AUTHENTICATION_TIMEOUT",-1); int old_timeout=0; if (gsi_auth_timeout>=0) { old_timeout = mySock_->timeout(gsi_auth_timeout); } switch ( mySock_->isClient() ) { case 1: status = authenticate_client_gss(errstack); break; default: status = authenticate_server_gss(errstack); break; } if (gsi_auth_timeout>=0) { mySock_->timeout(old_timeout); //put it back to what it was before } } return( status ); }
int Condor_Auth_X509 :: authenticate(const char * /* remoteHost */, CondorError* errstack, bool non_blocking) { int status = 1; int reply = 0; token_status = 0; m_state = GetClientPre; //don't just return TRUE if isAuthenticated() == TRUE, since //we should BALANCE calls of Authenticate() on client/server side //just like end_of_message() calls must balance! if ( !authenticate_self_gss(errstack) ) { dprintf( D_SECURITY, "authenticate: user creds not established\n" ); status = 0; // If I failed, notify the other side. if (mySock_->isClient()) { // Tell the other side, abort mySock_->encode(); if (!mySock_->code(status)) { dprintf( D_SECURITY, "authenticate: and the remote side hung up on us.\n" ); } mySock_->end_of_message(); } else { // I am server, first wait for the other side mySock_->decode(); if (!mySock_->code(reply)) { dprintf( D_SECURITY, "authenticate: the client side hung up on us.\n" ); } mySock_->end_of_message(); if (reply == 1) { // The other side was okay, tell them the bad news mySock_->encode(); if (!mySock_->code(status)) { dprintf(D_SECURITY,"authenticate: the client hung up before authenticatiation\n"); } mySock_->end_of_message(); } } } else { // wait to see if the other side is okay if (mySock_->isClient()) { // Tell the other side, that I am fine, then wait for answer mySock_->encode(); if (!mySock_->code(status)) { dprintf(D_SECURITY, "authenticate: the service hung up before authentication\n"); } mySock_->end_of_message(); mySock_->decode(); if (!mySock_->code(reply)) { dprintf(D_SECURITY, "authenticate: the service hung up before authentication reply could be sent\n"); } mySock_->end_of_message(); if (reply == 0) { // The other side failed, abort errstack->push("GSI", GSI_ERR_REMOTE_SIDE_FAILED, "Failed to authenticate because the remote (server) " "side was not able to acquire its credentials."); return 0; } } else { m_state = GetClientPre; CondorAuthX509Retval tmp_status = authenticate_server_pre(errstack, non_blocking); if ((tmp_status == Fail) || (tmp_status == WouldBlock)) { return static_cast<int>(tmp_status); } } int gsi_auth_timeout = param_integer("GSI_AUTHENTICATION_TIMEOUT",-1); int old_timeout=0; if (gsi_auth_timeout>=0) { old_timeout = mySock_->timeout(gsi_auth_timeout); } if ( mySock_->isClient() ) { status = authenticate_client_gss(errstack); } else { CondorAuthX509Retval rc = authenticate_server_gss(errstack, non_blocking); if ( rc == Continue ) { rc = authenticate_server_gss_post( errstack, non_blocking ); } status = static_cast<int>( rc ); } if (gsi_auth_timeout>=0) { mySock_->timeout(old_timeout); //put it back to what it was before } } return( status ); }