bool verify_and_process_request(InputRqParsingOutput& data)
{
processing_error_occured = false;
error_code = ERROR_NONE;
return verify_request(data) && process_request(data);
}
static void
client_recv_cb(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf) {
struct client_context *client = stream->data;
struct remote_context *remote = client->remote;
int clen;
if (nread > 0) {
reset_timer(remote);
uv_read_stop(&client->handle.stream);
switch (client->stage) {
case XSTAGE_HANDSHAKE:
if (verify_methods(buf->base, nread)) {
handshake(client);
} else {
logger_log(LOG_ERR, "invalid method packet");
close_client(client);
close_remote(remote);
}
break;
case XSTAGE_REQUEST:
if (verify_request(buf->base, nread)) {
request_start(client, buf->base);
} else {
logger_log(LOG_ERR, "invalid request packet");
close_client(client);
close_remote(remote);
}
break;
case XSTAGE_FORWARD:
clen = nread + PRIMITIVE_BYTES;
uint8_t *c = client->buf + HEADER_BYTES;
int rc = crypto_encrypt(c, (uint8_t*)buf->base, nread);
if (rc) {
logger_log(LOG_ERR, "encrypt failed");
close_client(client);
close_remote(remote);
}
forward_to_remote(remote, c, clen);
break;
default:
break;
}
} else if (nread < 0) {
if (nread != UV_EOF) {
char addrbuf[INET6_ADDRSTRLEN + 1] = {0};
uint16_t port = ip_name(&client->addr, addrbuf, sizeof addrbuf);
logger_log(LOG_ERR, "receive from %s:%d failed: %s", addrbuf, port, uv_strerror(nread));
}
close_client(client);
close_remote(remote);
}
}
//##############################################################################
//##############################################################################
bool
RequestQueueClient::request(const Request& req, Ack& ack)
{
RANGE_LOG_TIMED_FUNCTION();
if (! verify_request(req)) {
throw MqueueException("invalid request");
}
ack_queue.flush(); /* Ensure ack queue is empty; ack_queue is specific for this thread
so we should be the only consumer; any garbage left in the
ack_queue is from a previously expired request */
if (! sending_queue.send(req.SerializeAsString())) {
return false;
}
std::string ack_payload = ack_queue.receive();
if (ack_payload.size() > 0) {
if(! ack.ParseFromString(ack_payload)) {
return false;
}
if(ack.request_id() != req.request_id()) {
return false;
}
if(ack.client_id() != req.client_id()) {
return false;
}
return true;
}
return false;
}
bool verify_and_process_request(InputRqParsingOutput& data)
{
error_code = ERROR_NONE;
bool ok = verify_request(data) && process_request(data);
return ok;
}
//##############################################################################
//##############################################################################
bool
RequestQueueListener::receive(Request& req)
{
//BOOST_LOG_FUNCTION();
std::string msg = receiving_queue.receive();
if (msg.size() > 0) {
if (! req.ParseFromString(msg)) {
return false;
}
if (! verify_request(req)) {
return false;
}
return true;
}
return false;
}
static int
vsock_dispatch(listener_context_t c, struct timeval *timeout)
{
vsock_info *info;
fence_req_t data;
fd_set rfds;
int n;
int client_fd;
int ret;
struct timeval tv;
if (timeout != NULL)
memcpy(&tv, timeout, sizeof(tv));
else {
tv.tv_sec = 1;
tv.tv_usec = 0;
}
info = (vsock_info *) c;
VALIDATE(info);
FD_ZERO(&rfds);
FD_SET(info->listen_sock, &rfds);
n = select(info->listen_sock + 1, &rfds, NULL, NULL, timeout);
if (n <= 0) {
if (errno == EINTR || errno == EAGAIN)
n = 0;
else
dbg_printf(2, "select: %s\n", strerror(errno));
return n;
}
client_fd = accept(info->listen_sock, NULL, NULL);
if (client_fd < 0) {
perror("accept");
return -1;
}
dbg_printf(3, "Accepted vsock client...\n");
ret = _read_retry(client_fd, &data, sizeof(data), &tv);
if (ret != sizeof(data)) {
dbg_printf(3, "Invalid request (read %d bytes)\n", ret);
close(client_fd);
return 0;
}
swab_fence_req_t(&data);
if (!verify_request(&data, info->args.hash, info->key, info->key_len)) {
printf("Key mismatch; dropping client\n");
close(client_fd);
return 0;
}
dbg_printf(3, "Request %d seqno %d domain %s\n",
data.request, data.seqno, data.domain);
if (history_check(info->history, &data) == 1) {
printf("We just did this request; dropping client\n");
close(client_fd);
return 0;
}
switch(info->args.auth) {
case AUTH_NONE:
case AUTH_SHA1:
case AUTH_SHA256:
case AUTH_SHA512:
printf("VSOCK request\n");
do_fence_request_vsock(client_fd, &data, info);
break;
default:
printf("XXX Unhandled authentication\n");
}
return 0;
}
OCEntityHandlerResult entity_handler(OCEntityHandlerFlag flag, OCEntityHandlerRequest *entity_handler_request, void *callback)
{
THINGS_LOG_V(TAG, THINGS_FUNC_ENTRY);
OCEntityHandlerResult eh_result = OC_EH_ERROR;
// Validate pointer
if (!entity_handler_request) {
THINGS_LOG_E(TAG, "Invalid request pointer");
return eh_result;
}
const char *uri = OCGetResourceUri(entity_handler_request->resource);
// Observe Request Handling
if (flag & OC_OBSERVE_FLAG) {
if (OC_OBSERVE_REGISTER == entity_handler_request->obsInfo.action) {
THINGS_LOG_V(TAG, "Observe Requset on : %s ", uri);
// 1. Check whether it's Observe request on the Collection Resource
if (NULL != strstr(uri, URI_DEVICE_COL)) {
//2. Check whether the query carriese the if=oic.if.b
if ((strstr(entity_handler_request->query, OIC_INTERFACE_BATCH) == NULL)) {
//3. If not batch then error
THINGS_LOG_E(TAG, "Collection Resource Requires BATCH for Observing : %s", entity_handler_request->query);
eh_result = OC_EH_BAD_REQ;
goto RESPONSE_ERROR;
} else {
THINGS_LOG_E(TAG, "Receiving Observe Request Collection Resource");
}
}
} else if (OC_OBSERVE_DEREGISTER == entity_handler_request->obsInfo.action) {
THINGS_LOG_V(TAG, "CancelObserve Request on : %s", uri);
}
}
// Get/Post Request Handling
if (flag & OC_REQUEST_FLAG) {
if (things_get_reset_mask(RST_CONTROL_MODULE_DISABLE) == true) {
THINGS_LOG_V(TAG, "Control Module Disable.");
eh_result = OC_EH_NOT_ACCEPTABLE;
} else if ((OC_REST_GET == entity_handler_request->method)
|| (OC_REST_POST == entity_handler_request->method)) {
THINGS_LOG_V(TAG, "Request Handle : %x, Resource Handle : %x", entity_handler_request->requestHandle, entity_handler_request->resource);
if (verify_request(entity_handler_request, uri, (int)entity_handler_request->method) > 0) {
// IoTivity Stack Destroy the payload after receving result from this function
// Therefore, we need to copy/clone the payload for the later use..
things_resource_s *resource = things_create_resource_inst(entity_handler_request->requestHandle,
entity_handler_request->resource,
entity_handler_request->query,
entity_handler_request->payload);
resource->things_set_dev_addr(resource, &(entity_handler_request->devAddr));
resource->req_type = entity_handler_request->method;
eh_result = handle_message(resource);
} else {
THINGS_LOG_E(TAG, "Invalid Query in the Request : %s", entity_handler_request->query);
}
} else if (OC_REST_DELETE == entity_handler_request->method || OC_REST_PUT == entity_handler_request->method) {
THINGS_LOG_E(TAG, "Delete/PUT Req. Handling is not supported Yet");
} else {
THINGS_LOG_D(TAG, "Received unsupported method from client");
}
}
RESPONSE_ERROR:
if (eh_result != OC_EH_SLOW && eh_result != OC_EH_OK) {
// If the result is OC_EH_ERROR, the stack will remove the
// received request in the stack.
// If the reusult is OC_EH_SLOW, then the request will be
// stored in the stack till the response goes out
eh_result = send_response(entity_handler_request->requestHandle, entity_handler_request->resource, eh_result, uri, NULL);
// Currently this code will not do anything...
// Need to refactor later..
}
THINGS_LOG_D(TAG, THINGS_FUNC_EXIT);
return eh_result;
}
int
main(int argc, char **argv) {
xmlSecKeysMngrPtr mngr;
#ifndef XMLSEC_NO_XSLT
xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
/* start response */
fprintf(stdout, "Content-type: text/plain\n");
fprintf(stdout, "\n");
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* make sure that we print out everything to stdout */
xmlGenericErrorContext = stdout;
/* Init libxslt */
#ifndef XMLSEC_NO_XSLT
/* disable everything */
xsltSecPrefs = xsltNewSecurityPrefs();
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
xsltSetDefaultSecurityPrefs(xsltSecPrefs);
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stdout, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(NULL) < 0) {
fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n"
"that you have it installed and check shared libraries path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER) < 0) {
fprintf(stdout, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
/* create keys manager */
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stdout, "Error: failed to create keys manager.\n");
return(-1);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stdout, "Error: failed to initialize keys manager.\n");
return(-1);
}
if(load_keys(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
if(load_trusted_certs(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
if(verify_request(mngr) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
/* Destroy keys manager */
xmlSecKeysMngrDestroy(mngr);
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltFreeSecurityPrefs(xsltSecPrefs);
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
static int
mcast_dispatch(listener_context_t c, struct timeval *timeout)
{
mcast_info *info;
fence_req_t data;
fd_set rfds;
struct sockaddr_in sin;
int len;
int n;
socklen_t slen;
info = (mcast_info *)c;
VALIDATE(info);
FD_ZERO(&rfds);
FD_SET(info->mc_sock, &rfds);
n = select((info->mc_sock)+1, &rfds, NULL, NULL, timeout);
if (n < 0)
return n;
/*
* If no requests, we're done
*/
if (n == 0)
return 0;
slen = sizeof(sin);
len = recvfrom(info->mc_sock, &data, sizeof(data), 0,
(struct sockaddr *)&sin, &slen);
if (len <= 0) {
perror("recvfrom");
return len;
}
swab_fence_req_t(&data);
if (!verify_request(&data, info->args.hash, info->key,
info->key_len)) {
printf("Key mismatch; dropping packet\n");
return 0;
}
printf("Request %d seqno %d domain %s\n", data.request, data.seqno,
data.domain);
if (history_check(info->history, &data) == 1) {
printf("We just did this request; dropping packet\n");
return 0;
}
switch(info->args.auth) {
case AUTH_NONE:
case AUTH_SHA1:
case AUTH_SHA256:
case AUTH_SHA512:
printf("Plain TCP request\n");
do_fence_request_tcp(&data, info);
break;
default:
printf("XXX Unhandled authentication\n");
}
return 0;
}
