/* This function will now accept a argument sock_port and will pass it to * PBSD_authenticate, which will invoke pbs_iff passing this port as a command * line argument. (both on unix and windows) * This change is done because getsockname() fails sometimes on Windows. */ static int engage_authentication(int sd, char *server_name, int server_port, struct sockaddr_in *clnt_paddr) { int ret; char errbuf[ERR_BUF_SIZE]; char ebuf[PBS_MAXHOSTNAME + PBS_MAXPORTNUM + 128] = {'\0'}; if ((sd < 0) || (clnt_paddr == NULL)) { cs_logerr(-1, __func__, "Bad arguments, unable to authenticate."); return (-1); } switch (pbs_conf.auth_method) { case AUTH_MUNGE: if ((ret = engage_external_authentication(sd, AUTH_MUNGE, 0, errbuf, sizeof(errbuf))) != 0) cs_logerr(-1, __func__, errbuf); return (ret); case AUTH_RESV_PORT: if ((ret = CS_client_auth(sd)) == CS_SUCCESS) return (0); if ((ret == CS_AUTH_USE_IFF)) { /* CS_client_auth that got called was the one for STD security */ /*sock_port needs to be passed only for Windows.*/ if (PBSD_authenticate(sd, server_name, server_port, clnt_paddr) == 0) return (0); } break; default: cs_logerr(-1, __func__, "Unrecognized authentication method"); return (-1); } sprintf(ebuf, "Unable to authenticate connection (%s:%d)", server_name, server_port); cs_logerr(-1, __func__, ebuf); /* Remove any associated per-connection security context * remark: when using pbs_iff security there is none */ if (CS_close_socket(sd) != CS_SUCCESS) { sprintf(ebuf, "Problem closing context (%s:%d)", server_name, server_port); cs_logerr(-1, __func__, ebuf); } return (-1); }
static int engage_authentication(int sd, struct in_addr addr, int port, int authport_flags) { int ret; int mode; char ebuf[128]; char errbuf[1024]; #if !defined(WIN32) && !defined(__hpux) char dst[INET_ADDRSTRLEN+1]; /* for inet_ntop */ #endif if (sd < 0) { cs_logerr(-1, __func__, "Bad arguments, unable to authenticate."); return (-1); } mode = (authport_flags & B_SVR) ? CS_MODE_SERVER:CS_MODE_CLIENT; if (authport_flags & B_EXTERNAL) { if ((ret = engage_external_authentication(sd, pbs_conf.auth_method, mode, errbuf, sizeof(errbuf))) != 0) cs_logerr(-1, __func__, errbuf); return (ret); } else { if (mode == CS_MODE_SERVER) { ret = CS_server_auth(sd); if (ret == CS_SUCCESS || ret == CS_AUTH_CHECK_PORT) return (0); } else if (mode == CS_MODE_CLIENT) { ret = CS_client_auth(sd); if (ret == CS_SUCCESS || ret == CS_AUTH_USE_IFF) { /* * For authentication via iff CS_client_auth * temporarily returning CS_AUTH_USE_IFF until such * time as iff becomes a part of CS_client_auth */ return (0); } } } #if defined(WIN32) || defined(__hpux) /*inet_ntoa is thread-safe on windows & hpux*/ sprintf(ebuf, "Unable to authenticate with (%s:%d)", inet_ntoa(addr), port); #else sprintf(ebuf, "Unable to authenticate with (%s:%d)", inet_ntop(AF_INET, (void *) &addr, dst, INET_ADDRSTRLEN), port); #endif cs_logerr(-1, __func__, ebuf); if ((ret = CS_close_socket(sd)) != CS_SUCCESS) { #if defined(WIN32) || defined(__hpux) sprintf(ebuf, "Problem closing context (%s:%d)", inet_ntoa(addr), port); #else sprintf(ebuf, "Problem closing context (%s:%d)", inet_ntop(AF_INET, (void *) &addr, dst, INET_ADDRSTRLEN), port); #endif cs_logerr(-1, __func__, ebuf); } return (-1); }