int
Authentication::handshake_continue(MyString my_methods, bool non_blocking)
{
//server
if( non_blocking && !mySock->readReady() ) {
return -2;
}
int shouldUseMethod = 0;
int client_methods = 0;
dprintf (D_SECURITY, "HANDSHAKE: handshake() - i am the server\n");
mySock->decode();
if ( !mySock->code( client_methods ) || !mySock->end_of_message() ) {
return -1;
}
dprintf ( D_SECURITY, "HANDSHAKE: client sent (methods == %i)\n", client_methods);
shouldUseMethod = selectAuthenticationType( my_methods, client_methods );
if ( (shouldUseMethod & CAUTH_KERBEROS) && Condor_Auth_Kerberos::Initialize() == false ) {
dprintf (D_SECURITY, "HANDSHAKE: excluding KERBEROS: %s\n", "Initialization failed");
shouldUseMethod &= ~CAUTH_KERBEROS;
}
if ( (shouldUseMethod & CAUTH_SSL) && Condor_Auth_SSL::Initialize() == false ) {
dprintf (D_SECURITY, "HANDSHAKE: excluding SSL: %s\n", "Initialization failed");
shouldUseMethod &= ~CAUTH_SSL;
}
if ( shouldUseMethod == CAUTH_GSI && activate_globus_gsi() != 0 ) {
dprintf (D_SECURITY, "HANDSHAKE: excluding GSI: %s\n", x509_error_string());
client_methods &= ~CAUTH_GSI;
shouldUseMethod = selectAuthenticationType( my_methods, client_methods );
}
dprintf ( D_SECURITY, "HANDSHAKE: i picked (method == %i)\n", shouldUseMethod);
mySock->encode();
if ( !mySock->code( shouldUseMethod ) || !mySock->end_of_message() ) {
return -1;
}
dprintf ( D_SECURITY, "HANDSHAKE: client received (method == %i)\n", shouldUseMethod);
return shouldUseMethod;
}
int Authentication::handshake(MyString my_methods) {
int shouldUseMethod = 0;
dprintf ( D_SECURITY, "HANDSHAKE: in handshake(my_methods = '%s')\n", my_methods.Value());
if ( mySock->isClient() ) {
// client
dprintf (D_SECURITY, "HANDSHAKE: handshake() - i am the client\n");
mySock->encode();
int method_bitmask = SecMan::getAuthBitmask(my_methods.Value());
dprintf ( D_SECURITY, "HANDSHAKE: sending (methods == %i) to server\n", method_bitmask);
if ( !mySock->code( method_bitmask ) || !mySock->end_of_message() ) {
return -1;
}
mySock->decode();
if ( !mySock->code( shouldUseMethod ) || !mySock->end_of_message() ) {
return -1;
}
dprintf ( D_SECURITY, "HANDSHAKE: server replied (method = %i)\n", shouldUseMethod);
} else {
//server
int client_methods = 0;
dprintf (D_SECURITY, "HANDSHAKE: handshake() - i am the server\n");
mySock->decode();
if ( !mySock->code( client_methods ) || !mySock->end_of_message() ) {
return -1;
}
dprintf ( D_SECURITY, "HANDSHAKE: client sent (methods == %i)\n", client_methods);
shouldUseMethod = selectAuthenticationType( my_methods, client_methods );
dprintf ( D_SECURITY, "HANDSHAKE: i picked (method == %i)\n", shouldUseMethod);
mySock->encode();
if ( !mySock->code( shouldUseMethod ) || !mySock->end_of_message() ) {
return -1;
}
dprintf ( D_SECURITY, "HANDSHAKE: client received (method == %i)\n", shouldUseMethod);
}
return( shouldUseMethod );
}
