/* This function will now accept a argument sock_port and will pass it to * PBSD_authenticate, which will invoke pbs_iff passing this port as a command * line argument. (both on unix and windows) * This change is done because getsockname() fails sometimes on Windows. */ static int engage_authentication(int sd, char *server_name, int server_port, struct sockaddr_in *clnt_paddr) { int ret; char errbuf[ERR_BUF_SIZE]; char ebuf[PBS_MAXHOSTNAME + PBS_MAXPORTNUM + 128] = {'\0'}; if ((sd < 0) || (clnt_paddr == NULL)) { cs_logerr(-1, __func__, "Bad arguments, unable to authenticate."); return (-1); } switch (pbs_conf.auth_method) { case AUTH_MUNGE: if ((ret = engage_external_authentication(sd, AUTH_MUNGE, 0, errbuf, sizeof(errbuf))) != 0) cs_logerr(-1, __func__, errbuf); return (ret); case AUTH_RESV_PORT: if ((ret = CS_client_auth(sd)) == CS_SUCCESS) return (0); if ((ret == CS_AUTH_USE_IFF)) { /* CS_client_auth that got called was the one for STD security */ /*sock_port needs to be passed only for Windows.*/ if (PBSD_authenticate(sd, server_name, server_port, clnt_paddr) == 0) return (0); } break; default: cs_logerr(-1, __func__, "Unrecognized authentication method"); return (-1); } sprintf(ebuf, "Unable to authenticate connection (%s:%d)", server_name, server_port); cs_logerr(-1, __func__, ebuf); /* Remove any associated per-connection security context * remark: when using pbs_iff security there is none */ if (CS_close_socket(sd) != CS_SUCCESS) { sprintf(ebuf, "Problem closing context (%s:%d)", server_name, server_port); cs_logerr(-1, __func__, ebuf); } return (-1); }
static int engage_authentication(int sd, struct in_addr addr, int port, int authport_flags) { int ret; int mode; char ebuf[128]; char errbuf[1024]; #if !defined(WIN32) && !defined(__hpux) char dst[INET_ADDRSTRLEN+1]; /* for inet_ntop */ #endif if (sd < 0) { cs_logerr(-1, __func__, "Bad arguments, unable to authenticate."); return (-1); } mode = (authport_flags & B_SVR) ? CS_MODE_SERVER:CS_MODE_CLIENT; if (authport_flags & B_EXTERNAL) { if ((ret = engage_external_authentication(sd, pbs_conf.auth_method, mode, errbuf, sizeof(errbuf))) != 0) cs_logerr(-1, __func__, errbuf); return (ret); } else { if (mode == CS_MODE_SERVER) { ret = CS_server_auth(sd); if (ret == CS_SUCCESS || ret == CS_AUTH_CHECK_PORT) return (0); } else if (mode == CS_MODE_CLIENT) { ret = CS_client_auth(sd); if (ret == CS_SUCCESS || ret == CS_AUTH_USE_IFF) { /* * For authentication via iff CS_client_auth * temporarily returning CS_AUTH_USE_IFF until such * time as iff becomes a part of CS_client_auth */ return (0); } } } #if defined(WIN32) || defined(__hpux) /*inet_ntoa is thread-safe on windows & hpux*/ sprintf(ebuf, "Unable to authenticate with (%s:%d)", inet_ntoa(addr), port); #else sprintf(ebuf, "Unable to authenticate with (%s:%d)", inet_ntop(AF_INET, (void *) &addr, dst, INET_ADDRSTRLEN), port); #endif cs_logerr(-1, __func__, ebuf); if ((ret = CS_close_socket(sd)) != CS_SUCCESS) { #if defined(WIN32) || defined(__hpux) sprintf(ebuf, "Problem closing context (%s:%d)", inet_ntoa(addr), port); #else sprintf(ebuf, "Problem closing context (%s:%d)", inet_ntop(AF_INET, (void *) &addr, dst, INET_ADDRSTRLEN), port); #endif cs_logerr(-1, __func__, ebuf); } return (-1); }
/** * @brief * Generate munge key specific to the user and send PBS batch request * (PBS_BATCH_AuthExternal)to PBS server to authenticate user. * * @param[in] sock - socket fd * @param[in] auth_type - Authentication type (Munge/AMS etc) * @param[in] fromsvr - connection initiated from server? * * @return int * @retval 0 on success * @retval -1 on failure * @retval -2 on unsupported auth_type * */ int engage_external_authentication(int sock, int auth_type, int fromsvr, char *ebuf, int ebufsz) { int cred_len = 0, rc = 0, ret = 0; char *cred = NULL; struct batch_reply *reply = NULL; switch (auth_type) { #ifndef WIN32 case AUTH_MUNGE: ebuf[0] = '\0'; cred = pbs_get_munge_auth_data(fromsvr, ebuf, ebufsz); if (!cred) goto err; break; #endif default: snprintf(ebuf, ebufsz, "Authentication type not supported"); ret = -2; } if (cred) { ret = -1; cred_len = strlen(cred); DIS_tcp_setup(sock); if (encode_DIS_ReqHdr(sock, PBS_BATCH_AuthExternal, pbs_current_user) || diswuc(sock, auth_type) || /* authentication_type */ diswsi(sock, cred_len) || /* credential length */ diswcs(sock, cred, cred_len) || /* credential data */ encode_DIS_ReqExtend(sock, NULL)) { pbs_errno = PBSE_SYSTEM; goto err; } if (DIS_tcp_wflush(sock)) { pbs_errno = PBSE_SYSTEM; goto err; } memset(cred, 0, cred_len); reply = PBSD_rdrpy_sock(sock, &rc); if ((reply != NULL) && (reply->brp_code != 0)) { pbs_errno = PBSE_BADCRED; PBSD_FreeReply(reply); goto err; } PBSD_FreeReply(reply); free(cred); return 0; } /* else fall through */ err: if (ebuf[0] != '\0') { fprintf(stderr, "%s\n", ebuf); cs_logerr(-1, __func__, ebuf); } free(cred); return ret; }