Пример #1
0
int
main()
{
	char buf[50];
	char buf1[50];
	struct sockaddr_in sin;
	SafeSock ssock;
	IpVerify* userverify;

	set_mySubSystem( "COLLECTOR", SUBSYSTEM_TYPE_COLLECTOR );

	config();

#ifdef WIN32
	_CrtMemCheckpoint( &s1 );
#endif

	userverify = new IpVerify();

	userverify->Init();

	buf[0] = '\0';

	while( 1 ) {
		printf("Enter test:\n");
		scanf("%s",buf);
		if ( strncmp(buf,"exit",4) == 0 )
			break;
		if ( strncmp(buf,"reinit",6) == 0 ) {
			config();
			userverify->Init();
			continue;
		}
		printf("Verifying %s ... ",buf);
		sprintf(buf1,"<%s:1970>",buf);
		string_to_sin(buf1,&sin);
		if ( userverify->Verify(WRITE,&sin) == TRUE )
			printf("ALLOW\n");
		else
			printf("DENY\n");
	}
	
	delete userverify;

#ifdef WIN32
	_CrtMemCheckpoint( &s2 );
	// _CrtMemDumpAllObjectsSince( &s1 );
    _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
    _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT);
    _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE);
    _CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDOUT);
    _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE);
    _CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDOUT);
	if ( _CrtMemDifference( &s3, &s1, &s2 ) )
      _CrtMemDumpStatistics( &s3 );
	// _CrtDumpMemoryLeaks();	// report any memory leaks on Win32
#endif

	return TRUE;
}
Пример #2
0
void startShadow( ClassAd *ad )
{
    // see if the SchedD punched a DAEMON-level authorization
    // hole for this job. if it did, we'll do the same here
    //
    MyString auth_hole_id;
    if (ad->LookupString(ATTR_STARTD_PRINCIPAL, auth_hole_id)) {
        IpVerify* ipv = daemonCore->getIpVerify();
        if (!ipv->PunchHole(DAEMON, auth_hole_id)) {
            dprintf(D_ALWAYS,
                    "WARNING: IpVerify::PunchHole error for %s: "
                    "job may fail to execute\n",
                    auth_hole_id.Value());
        }
    }

    initShadow( ad );

    int wantClaiming = 0;
    ad->LookupBool(ATTR_CLAIM_STARTD, wantClaiming);

    if( is_reconnect ) {
        Shadow->reconnect();
    } else {
        // if the shadow is going to claim the startd,
        // we need to asynchrously claim it.

        // Otherwise, in the usual case under the sched,
        // call spawn here, which will activate the pre-claimed
        // startd
        if (!wantClaiming) {
            Shadow->spawn();
        }
    }
}
Пример #3
0
int
main( int argc, char* argv[] )
{
	int		i;
	param_functions *p_funcs = NULL;
	
	set_mySubSystem( "DAEMON-TOOL", SUBSYSTEM_TYPE_TOOL );

	MyName = argv[0];
	myDistro->Init( argc, argv );

	FILE *input_fp = stdin;

	for( i=1; i<argc; i++ ) {
		if( match_prefix( argv[i], "-daemontype" ) ) {
			if( argv[i + 1] ) {
				get_mySubSystem()->setName( argv[++i] );
				get_mySubSystem()->setTypeFromName( );
			} else {
				usage();
			}
		} else if( match_prefix( argv[i], "-debug" ) ) {
				// dprintf to console
			Termlog = 1;
			p_funcs = get_param_functions();
			dprintf_config( "DAEMON-TOOL", p_funcs );
			set_debug_flags(NULL, D_FULLDEBUG|D_SECURITY);
		} else if( match_prefix( argv[i], "-" ) ) {
			usage();
		} else {
			usage();
		}
	}

	// If we didn't get told what subsystem we should use, set it
	// to "TOOL".

	if( !get_mySubSystem()->isNameValid() ) {
		get_mySubSystem()->setName( "DAEMON-TOOL" );
	}

	config( 0, true );

	IpVerify ipverify;

	MyString line;
	while( line.readLine(input_fp) ) {
		line.chomp();
		if( line.IsEmpty() || line[0] == '#' ) {
			printf("%s\n",line.Value());
			continue;
		}

		StringList fields(line.Value()," ");
		fields.rewind();

		char const *perm_str = fields.next();
		char const *fqu = fields.next();
		char const *ip = fields.next();
		char const *expected = fields.next();

		MyString sin_str = generate_sinful(ip, 0);

		condor_sockaddr addr;
		if( !addr.from_sinful(sin_str) ) {
			fprintf(stderr,"Invalid ip address: %s\n",ip);
			exit(1);
		}

		DCpermission perm = StringToDCpermission(perm_str);
		if( perm == LAST_PERM ) {
			fprintf(stderr,"Invalid permission level: %s\n",perm_str);
			exit(1);
		}

		if( strcmp(fqu,"*") == 0 ) {
			fqu = "";
		}

		char const *result;
		MyString reason;
		if( ipverify.Verify(perm,addr,fqu,&reason,&reason) != USER_AUTH_SUCCESS ) {
			result = "DENIED";
		}
		else {
			result = "ALLOWED";
		}

		if( expected && strcasecmp(expected,result) != 0 ) {
			printf("Got wrong result '%s' for '%s': reason: %s!\n",
				   result,line.Value(),reason.Value());
			printf("Aborting.\n");
			exit(1);
		}
		if( expected ) {
			printf("%s\n",line.Value());
		}
		else {
			printf("%s %s\n",line.Value(),result);
		}
	}
}