STATUS
CS_scb_index(i4 msg,
PTR cdata,
i4 linstance,
char *instance,
PTR *instdata )
{
STATUS stat = OK;
PTR ptr;
# ifdef OS_THREADS_USED
CS_synch_lock( &Cs_srv_block.cs_scb_mutex );
# endif /* OS_THREADS_USED */
switch( msg )
{
case MO_GET:
if( OK == (stat = CS_get_block( instance,
Cs_srv_block.cs_scb_ptree,
&ptr ) ) )
*instdata = (PTR) CS_find_scb((CS_SID) ptr);
break;
case MO_GETNEXT:
if( OK == ( stat = CS_nxt_block( instance,
Cs_srv_block.cs_scb_ptree,
&ptr ) ) )
{
*instdata = (PTR) CS_find_scb((CS_SID) ptr);
stat = MOptrout( MO_INSTANCE_TRUNCATED,
ptr,
linstance,
instance );
}
break;
default:
stat = MO_BAD_MSG;
break;
}
# ifdef OS_THREADS_USED
CS_synch_unlock( &Cs_srv_block.cs_scb_mutex );
# endif /* OS_THREADS_USED */
return( stat );
}
STATUS
CS_scb_index(i4 msg,
PTR cdata,
i4 linstance,
char *instance,
PTR *instdata )
{
STATUS stat = OK;
PTR ptr;
switch( msg )
{
case MO_GET:
if( OK == (stat = CS_get_block( instance,
Cs_srv_block.cs_scb_ptree,
&ptr ) ) )
*instdata = (PTR) CS_find_scb((CS_SID) ptr);
break;
case MO_GETNEXT:
if( OK == ( stat = CS_nxt_block( instance,
Cs_srv_block.cs_scb_ptree,
&ptr ) ) )
{
*instdata = (PTR) CS_find_scb((CS_SID) ptr);
stat = MOptrout( MO_INSTANCE_TRUNCATED,
ptr,
linstance,
instance );
}
break;
default:
stat = MO_BAD_MSG;
break;
}
return( stat );
}
STATUS
CS_mod_session(char *uns_decimal_session, CS_SCB ** scbp)
{
u_i4 scb_as_ulong;
CS_SCB *an_scb;
CS_SCB *scan_scb;
STATUS stat;
CS_SCB *this_scb;
bool blFound = FALSE;
CSget_scb(&this_scb);
CS_str_to_uns(uns_decimal_session, &scb_as_ulong);
an_scb = (CS_SCB *) scb_as_ulong;
for (scan_scb = Cs_srv_block.cs_known_list->cs_next;
scan_scb && scan_scb != Cs_srv_block.cs_known_list;
scan_scb = scan_scb->cs_next) {
if (scan_scb == an_scb)
{
blFound = TRUE;
break;
}
}
if ((!blFound) && ((an_scb = CS_find_scb(an_scb)) == 0)) {
/* FIXME -- real error status */
/* "Invalid session id" */
stat = MO_NO_INSTANCE;
} else if ((MEcmp(an_scb->cs_username, this_scb->cs_username,
sizeof(an_scb->cs_username)))) {
/* FIXME -- better error */
/* "Superuser or owner status required to modify sessions" */
stat = MO_NO_WRITE;
} else {
*scbp = an_scb;
stat = OK;
}
return (stat);
}
static STATUS
CS_mod_session( char *uns_decimal_session, CS_SCB **scbp )
{
u_i4 scb_as_ulong;
CS_SID an_sid;
CS_SCB *an_scb;
STATUS stat;
CS_SCB *this_scb;
CSget_scb(&this_scb);
CS_str_to_uns( uns_decimal_session, &scb_as_ulong );
an_sid = (CS_SID)scb_as_ulong;
an_scb = CS_find_scb(an_sid);
if (an_scb == NULL)
{
/* FIXME -- real error status */
/* "Invalid session id" */
stat = MO_NO_INSTANCE;
}
else if ((MEcmp(an_scb->cs_username, this_scb->cs_username,
sizeof(an_scb->cs_username))))
{
/* FIXME -- better error */
/* "Superuser or owner status required to modify sessions" */
stat = MO_NO_WRITE;
}
else
{
*scbp = an_scb;
stat = OK;
}
return( stat );
}
/*{
** Name: GM_gcmsend - make GCa_call for GCM request.
**
** Description:
** Makes the call...
**
** Re-entrancy:
** yes.
**
** Inputs:
** conn the connect block with the prepared message to send.
**
** Outputs:
** conn
**
** Returns:
** E_DB_OK
** E_DB_ERROR
**
** History:
** 8-oct-92 (daveb)
** created.
** 12-Nov-1992 (daveb)
** Need GCA_ALT_EXIT for our completiong routien to be seen.
** Add fs_parms var to simplify debugging.
** 14-Nov-1992 (daveb)
** take *cl_stat to fill in.
** 20-Nov-1992 (daveb)
** Put in more TRdisplay error logging, to fix later.
** 2-Dec-1992 (daveb)
** Check for server failed in quick abort case. Trying to avoid
** lots of errors re-connectiong to non-gcm servers.
** 08-sep-93 (swm)
** Changed sid type from i4 to CS_SID to match recent CL
** interface revision.
** 20-jul-95 (canor01)
** pass the SCB to IIGCa_call() instead of the SID
*/
static DB_STATUS
GM_gcmsend( GM_CONN_BLK *conn, STATUS *cl_stat )
{
DB_STATUS db_stat;
CS_SID sid;
i4 resume = 0;
STATUS local_status;
GCA_FS_PARMS *fs_parms = &conn->conn_fs_parms;
GM_PLACE_BLK *place = conn->conn_place;
conn->conn_state = GM_CONN_GCM_WORKING;
CSget_sid(&sid);
GM_incr( &GM_globals.gwm_stat_sem, &GM_globals.gwm_gcm_sends );
if( place->place_type == GM_PLACE_SRVR &&
((place->place_srvr.srvr_flags & GCA_RG_MIB_MASK) == 0 ||
place->place_srvr.srvr_state == GM_SRVR_FAILED ))
{
/* nothing can be had from this server. We did a lot of
setup work for nothing. FIXME -- move this test higher up? */
conn->conn_rsb->response.err_element = 0;
conn->conn_rsb->response.status = *cl_stat = MO_NO_INSTANCE;
conn->conn_state = GM_CONN_EMPTIED;
return( E_DB_ERROR );
}
do
{
*cl_stat = IIGCa_call(GCA_FASTSELECT,
(GCA_PARMLIST *)fs_parms,
GCA_ASYNC_FLAG | GCA_ALT_EXIT | resume,
(PTR)CS_find_scb(sid),
(i4) -1,
&local_status );
if (*cl_stat != OK)
{
/* "GWM Internal error: Error making gcm send to %0c" */
GM_1error( (GWX_RCB *)0, E_GW8042_GCA_CALL, GM_ERR_INTERNAL,
0, (PTR)conn->conn_rsb->request.place );
GM_error( *cl_stat );
conn->conn_state = GM_CONN_ERROR;
}
else
{
/* wait for completion routine to wake us */
*cl_stat = CSsuspend(CS_BIO_MASK, 0, 0);
if (*cl_stat != OK)
{
/* "GWM Internal error: CSsuspend problem" */
GM_error( E_GW8043_CS_SUSPEND );
GM_error( *cl_stat );
conn->conn_state = GM_CONN_ERROR;
}
else /* completion handler called */
{
switch ( *cl_stat = conn->conn_fs_parms.gca_status )
{
case OK:
resume = 0;
conn->conn_state = GM_CONN_GCM_DONE;
break;
case E_GCFFFE_INCOMPLETE:
GM_incr( &GM_globals.gwm_stat_sem,
&GM_globals.gwm_gcm_reissues );
resume = GCA_RESUME;
break;
case E_GC0032_NO_PEER:
resume = 0;
/* "GWM Internal error: Got 'no peer' to %0c (%1c %2x)" */
GM_3error( (GWX_RCB *)0, E_GW8044_NO_PEER,
GM_ERR_INTERNAL,
0, place->place_key,
0, place->place_srvr.srvr_class,
sizeof(place->place_srvr.srvr_flags),
(PTR)&place->place_srvr.srvr_flags );
GM_error( *cl_stat );
conn->conn_state = GM_CONN_ERROR;
break;
default:
resume = 0;
/* "GWM Internal error:
GCM completion error to %0c (%1c %2x)" */
GM_3error( (GWX_RCB *)0, E_GW8045_GCA_COMPLETION,
GM_ERR_INTERNAL,
0, (PTR)place->place_key,
0, (PTR)place->place_srvr.srvr_class,
sizeof(place->place_srvr.srvr_flags),
(PTR)&place->place_srvr.srvr_flags );
GM_error( *cl_stat );
conn->conn_state = GM_CONN_ERROR;
place->place_srvr.srvr_state = GM_SRVR_FAILED;
break;
}
}
}
} while( resume != 0 );
db_stat = (*cl_stat == OK) ? E_DB_OK : E_DB_ERROR;
return( db_stat );
}
/*
** Name: scs_check_external_password
**
** Description:
** Check the external password for a role
**
** Inputs:
** scb - SCB
**
** authname - Role/User name being checked
**
** password - Role/User password
**
** auth_role - TRUE if authenticating a role
**
** Returns:
** E_DB_OK - Access is allowed
**
** E_DB_WARN - Access is denied
**
** E_DB_ERROR - Failure determining access
**
** History:
** 9-mar-94 (robf)
** Created
** 11-mar-94 (robf)
** Distinguish between access disallowed and some other
** error. Add SCF activity in case auth. server take a while
** 15-mar-94 (robf)
** Rework to allow for user or role authentication, add
** parameter auth_role. Make routine external,
** name scs_check_external_password, and move to scseauth.c
** 22-mar-1996 (stial01)
** Cast length passed to sc0m_allocate to i4.
** 16-jul-96 (stephenb)
** Add effective user to parameter list and pass to authentication
** server (fix primarily for ICE authentication, but useful
** information for the user anyway).
** 16-Nov-1998 (jenjo02)
** When suspending on BIO read, use CS_BIOR_MASK.
*/
DB_STATUS
scs_check_external_password (
SCD_SCB *scb,
DB_OWN_NAME *authname,
DB_OWN_NAME *e_authname,
DB_PASSWORD *password,
bool auth_role
)
{
DB_STATUS status = E_DB_WARN;
STATUS cl_stat;
STATUS local_status;
char pmname[64];
char *pmvalue;
char target[64];
GCA_FS_PARMS fs_parms;
SCS_REBUFF *re_buff = NULL;
char *work_buff;
i4 resume = 0;
CS_SID sid;
PTR save_data_area;
char *q;
char *gcmvalue;
i4 error_index;
i4 error_status;
char *act_string;
char blank_string[32] = "";
for (;;)
{
if (auth_role)
act_string = "Validating external role password";
else
act_string = "Validating external user password";
MEcopy((PTR)act_string, STlength(act_string),
scb->scb_sscb.sscb_ics.ics_act1);
scb->scb_sscb.sscb_ics.ics_l_act1 = (i4)STlength(act_string);
/*
** Find the authentication mechanism for this role
*/
if (auth_role)
{
STprintf(pmname, "ii.$.secure.role_auth.%*s",
scs_trimwhite(sizeof(*authname),
(char*)authname),
(char*)authname);
}
else
{
STprintf(pmname, "ii.$.secure.user_auth.%*s",
scs_trimwhite(sizeof(*authname),
(char*)authname),
(char*)authname);
}
cl_stat = PMget(pmname, &pmvalue);
if (cl_stat != OK)
{
sc0e_put(E_SC035A_EXTPWD_NO_AUTH_MECH, 0, 1,
scs_trimwhite(sizeof(*authname),
(char*)authname),
(PTR)authname,
0, (PTR)0,
0, (PTR)0,
0, (PTR)0,
0, (PTR)0,
0, (PTR)0 );
status = E_DB_ERROR;
break;
}
/*
** Now we know the target mechanism, set up target destination
**
** Legal values are either 'value' which maps to value/authsvr
** or @value which is sent untranslated.
*/
if (*pmvalue != '@')
STprintf(target,"%s/authsvr",pmvalue);
else
STprintf(target,"%s", pmvalue+1);
/*
** Allocate buffer for processing the request
*/
status = sc0m_allocate(SCU_MZERO_MASK,
(i4)sizeof(SCS_REBUFF),
DB_SCF_ID,
(PTR)SCS_MEM,
SCRE_TAG,
(PTR*)&re_buff);
if (status != E_DB_OK)
{
/* sc0m_allocate puts error codes in return status */
sc0e_0_put(status, 0);
status = E_DB_ERROR;
break;
}
work_buff = re_buff->work_buff;
gcmvalue = re_buff->gcmvalue;
CSget_sid(&sid);
save_data_area = work_buff;
/*
** Build the fastselect request
*/
fs_parms.gca_user_name = NULL;
fs_parms.gca_password = NULL;
fs_parms.gca_account_name = NULL;
fs_parms.gca_completion = cep_complete;
fs_parms.gca_closure = NULL;
fs_parms.gca_peer_protocol = GCA_PROTOCOL_LEVEL_61;
fs_parms.gca_partner_name = target;
fs_parms.gca_modifiers = GCA_RQ_GCM;
fs_parms.gca_buffer = work_buff;
fs_parms.gca_b_length = RQ_BUFF_SIZE;
fs_parms.gca_message_type = GCM_SET;
q = save_data_area;
q += sizeof(i4); /* Past error_status */
q += sizeof(i4); /* Past error_index */
q += sizeof(i4); /* Past future[0] */
q += sizeof(i4); /* Past future[1] */
q += gcm_put_int(q, -1);/* Client perms */
q += gcm_put_int(q, 1); /* Row count */
q += gcm_put_int(q, 1); /* Element count */
if (auth_role)
q += gcm_put_str(q, "exp.scf.auth_server.role_authenticate"); /* Class id */
else
q += gcm_put_str(q, "exp.scf.auth_server.user_authenticate"); /* Class id */
q += gcm_put_str(q, "0"); /* Instance */
/*
** Now build the value.
** This consists of:
** Role:
** flag - 4 byte integer, currently 0
** real user - 32 byte blank-padded
** effective user - 32 byte blank-padded
** role - 32 byte blank-padded
** password - 24 byte blank-padded
** User:
** flag - 4 byte integer, currently 1
** real user - 32 byte blank-padded
** effective user - 32 byte blank-padded
** password - 24 byte blank-padded
** These are all padded into a single GCM value.
** Note: This assumes no NULL values in any of the fields.
*/
if (auth_role)
{
STprintf(gcmvalue,"%-4.4s%32.32s%32.32s%32.32s%-24.24s",
"0",
(char*)&scb->scb_sscb.sscb_ics.ics_rusername,
e_authname ? (char*)e_authname : blank_string,
(char*)authname,
(char*)password);
}
else
{
STprintf(gcmvalue,"%-4.4s%32.32s%32.32s%-24.24s",
"1",
(char*)authname,
e_authname ? (char*)e_authname : blank_string,
(char*)password);
}
q += gcm_put_str(q, gcmvalue ); /* Value */
fs_parms.gca_msg_length = (i4)(q - save_data_area);
break;
}
/*
** Now do the fastselect
*/
resume = 0;
if (status == E_DB_OK)
do
{
cl_stat = IIGCa_call(GCA_FASTSELECT,
(GCA_PARMLIST *)&fs_parms,
GCA_ASYNC_FLAG | GCA_ALT_EXIT | resume,
(PTR)CS_find_scb(sid),
(i4) -1,
&local_status);
if (cl_stat != OK)
{
sc0e_0_put(cl_stat, 0);
sc0e_0_put(E_SC0357_EXTPWD_GCA_FASTSELECT, 0);
status = E_DB_ERROR;
break;
}
else
{
/* wait for completion routine to wake us */
cl_stat = CSsuspend(CS_BIOR_MASK, 0, 0);
if (cl_stat != OK)
{
sc0e_0_put(cl_stat, 0);
sc0e_0_put(E_SC0356_EXTPWD_GCA_CSSUSPEND, 0);
status = E_DB_ERROR;
resume = 0;
break;
}
else /* completion handler called */
{
switch ( cl_stat = fs_parms.gca_status )
{
case OK:
resume = 0;
break;
case E_GCFFFE_INCOMPLETE:
resume = GCA_RESUME;
break;
case E_GC0032_NO_PEER:
case E_GC0138_GCN_NO_SERVER:
case E_GC0139_GCN_NO_DBMS:
resume = 0;
sc0e_put(E_SC0355_EXTPWD_GCA_NOPEER, 0, 2,
scs_trimwhite(sizeof(*authname),
(char*)authname),
(PTR)authname,
(i4)STlength(target),
(PTR)target,
0, (PTR)0,
0, (PTR)0,
0, (PTR)0,
0, (PTR)0 );
status = E_DB_ERROR;
break;
default:
resume = 0;
sc0e_0_put(cl_stat, 0);
sc0e_0_put(E_SC0354_EXTPWD_GCA_COMPLETION, 0);
status = E_DB_ERROR;
break;
}
}
}
} while( resume != 0 );
/*
** Check if select worked OK, if not skip to the end
*/
if (status == E_DB_OK)
{
/*
** Got result of fastselect, so unpack and see what happened
*/
q = save_data_area;
q += gcm_get_int(q, &error_status);
q += gcm_get_int(q, &error_index);
if (error_status != 0)
{
if (error_index == -1)
{
sc0e_0_put(error_status, 0);
sc0e_0_put(E_SC0359_EXTPWD_GCM_ERROR, 0);
status = E_DB_ERROR;
}
else
{
/* Access is denied */
status = E_DB_WARN;
}
}
else
{
/* Access is allowed */
status = E_DB_OK;
}
}
/* Reset activity */
scb->scb_sscb.sscb_ics.ics_l_act1 = 0;
/*
** Free buffer if allocated
*/
if (re_buff)
{
if (sc0m_deallocate(0, (PTR *) &re_buff) != E_DB_OK)
{
sc0e_0_put(status, 0);
}
}
return(status);
}