/*
* Class: EmU_Login
* Method: user_login_main
* Signature: (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Z
*/
JNIEXPORT jboolean JNICALL Java_EmU_1Login_user_1login_1main(JNIEnv *env, jobject obj, jstring j_emergency_staff_auth_ip_addr, jstring j_username, jstring j_passwd)
{
const char *emergency_staff_auth_ip_addr;
const char *username;
const char *passwd;
jclass cls;
boolean authentication_flag;
// Get Emergency Staff Authority's IP address, username and password from Java
emergency_staff_auth_ip_addr = (*env)->GetStringUTFChars(env, j_emergency_staff_auth_ip_addr, 0);
username = (*env)->GetStringUTFChars(env, j_username, 0);
passwd = (*env)->GetStringUTFChars(env, j_passwd, 0);
Java_env = env;
Java_object = obj;
// Get the method ids for returning output to Java
cls = (*env)->GetObjectClass(env, obj);
Java_backend_alert_msg_callback_handler_id = (*env)->GetMethodID(env, cls, "backend_alert_msg_callback_handler", "(Ljava/lang/String;)V");
Java_backend_fatal_alert_msg_callback_handler_id = (*env)->GetMethodID(env, cls, "backend_fatal_alert_msg_callback_handler", "(Ljava/lang/String;)V");
Java_basic_info_ret_callback_handler_id = (*env)->GetMethodID(env, cls, "basic_info_ret_callback_handler", "(Ljava/lang/String;Ljava/lang/String;)V");
Java_ssl_cert_hash_ret_callback_handler_id = (*env)->GetMethodID(env, cls, "ssl_cert_hash_ret_callback_handler", "(Ljava/lang/String;)V");
if(Java_backend_alert_msg_callback_handler_id == 0)
int_error("Could not find method \"backend_alert_msg_callback_handler\"");
if(Java_backend_fatal_alert_msg_callback_handler_id == 0)
int_error("Could not find method \"backend_fatal_alert_msg_callback_handler\"");
if(Java_basic_info_ret_callback_handler_id == 0)
int_error("Could not find method \"basic_info_ret_callback_handler\"");
if(Java_ssl_cert_hash_ret_callback_handler_id == 0)
int_error("Could not find method \"ssl_cert_hash_ret_callback_handler\"");
// Authenticate the user
authentication_flag = authenticate_user((char *)emergency_staff_auth_ip_addr, (char *)username, (char *)passwd, backend_alert_msg_callback_handler,
backend_fatal_alert_msg_callback_handler, basic_info_ret_callback_handler, ssl_cert_hash_ret_callback_handler);
// Free up the Java string arguments
(*env)->ReleaseStringUTFChars(env, j_emergency_staff_auth_ip_addr, emergency_staff_auth_ip_addr);
(*env)->ReleaseStringUTFChars(env, j_username, username);
(*env)->ReleaseStringUTFChars(env, j_passwd, passwd);
return authentication_flag;
}
static gboolean
cib_remote_auth(xmlNode * login)
{
const char *user = NULL;
const char *pass = NULL;
const char *tmp = NULL;
crm_log_xml_info(login, "Login: "******"cib_command")) {
crm_err("Wrong tag: %s", tmp);
return FALSE;
}
tmp = crm_element_value(login, "op");
if (safe_str_neq(tmp, "authenticate")) {
crm_err("Wrong operation: %s", tmp);
return FALSE;
}
user = crm_element_value(login, "user");
pass = crm_element_value(login, "password");
if (!user || !pass) {
crm_err("missing auth credentials");
return FALSE;
}
/* Non-root daemons can only validate the password of the
* user they're running as
*/
if (check_group_membership(user, CRM_DAEMON_GROUP) == FALSE) {
crm_err("User is not a member of the required group");
return FALSE;
} else if (authenticate_user(user, pass) == FALSE) {
crm_err("PAM auth failed");
return FALSE;
}
return TRUE;
}
authent_author(request *req)
{
struct realm *realm;
char *user_name = ((void *)0);
struct user_info *user_item = ((void *)0);
int res = 0;
asm ("");
realm = realms;
if (__builtin_strcmp("Wsd", realm->name) == 0) {
req->internal_realm = ws_realm;
is_digest(&user_name);
}
if (authenticate_user(req, &user_name, &user_item) < 0) {
if (user_name != ((void *)0))
req->user = user_name;
res = -2;
goto authent_author_return;
}
if (is_member_of_groups(user_item, realm->groups) < 0)
res = -1;
authent_author_return:
return res;
}
void
process_request(int sfds)
{
int rc;
struct batch_request *request;
conn_t *conn;
time_now = time(NULL);
conn = get_conn(sfds);
if (!conn) {
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST, LOG_ERR,
"process_request", "did not find socket in connection table");
#ifdef WIN32
(void)closesocket(sfds);
#else
(void)close(sfds);
#endif
return;
}
if ((request = alloc_br(0)) == NULL) {
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST, LOG_ERR,
"process_request", "Unable to allocate request structure");
close_conn(sfds);
return;
}
request->rq_conn = sfds;
/*
* Read in the request and decode it to the internal request structure.
*/
if (get_connecthost(sfds, request->rq_host, PBS_MAXHOSTNAME)) {
(void)sprintf(log_buffer, "%s: %lu", msg_reqbadhost,
get_connectaddr(sfds));
log_event(PBSEVENT_DEBUG, PBS_EVENTCLASS_REQUEST, LOG_DEBUG,
"", log_buffer);
req_reject(PBSE_BADHOST, 0, request);
return;
}
#ifndef PBS_MOM
if (conn->cn_active == FromClientDIS) {
rc = dis_request_read(sfds, request);
} else {
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST, LOG_ERR,
"process_req", "request on invalid type of connection");
close_conn(sfds);
free_br(request);
return;
}
#else /* PBS_MOM */
rc = dis_request_read(sfds, request);
#endif /* PBS_MOM */
if (rc == -1) { /* End of file */
close_client(sfds);
free_br(request);
return;
} else if ((rc == PBSE_SYSTEM) || (rc == PBSE_INTERNAL)) {
/* read error, likely cannot send reply so just disconnect */
/* ??? not sure about this ??? */
close_client(sfds);
free_br(request);
return;
} else if (rc > 0) {
/*
* request didn't decode, either garbage or unknown
* request type, in ether case, return reject-reply
*/
req_reject(rc, 0, request);
close_client(sfds);
return;
}
#ifndef PBS_MOM
/* If the request is coming on the socket we opened to the */
/* scheduler, change the "user" from "root" to "Scheduler" */
if (find_sched_from_sock(request->rq_conn) != NULL) {
strncpy(request->rq_user, PBS_SCHED_DAEMON_NAME, PBS_MAXUSER);
request->rq_user[PBS_MAXUSER] = '\0';
}
#endif /* PBS_MOM */
(void)sprintf(log_buffer, msg_request, request->rq_type,
request->rq_user, request->rq_host, sfds);
log_event(PBSEVENT_DEBUG2, PBS_EVENTCLASS_REQUEST, LOG_DEBUG,
"", log_buffer);
/* is the request from a host acceptable to the server */
if (request->rq_type == PBS_BATCH_AuthExternal) {
rc = authenticate_external(conn, request);
if (rc == 0)
reply_ack(request);
else if (rc == -2)
req_reject(PBSE_NOSUP, 0, request);
else
req_reject(PBSE_BADCRED, 0, request);
return;
}
#ifndef PBS_MOM
if (server.sv_attr[(int)SRV_ATR_acl_host_enable].at_val.at_long) {
/* acl enabled, check it; always allow myself */
struct pbsnode *isanode = NULL;
if ((server.sv_attr[SRV_ATR_acl_host_moms_enable].at_flags & ATR_VFLAG_SET) &&
(server.sv_attr[(int)SRV_ATR_acl_host_moms_enable].at_val.at_long == 1)) {
isanode = find_nodebyaddr(get_connectaddr(sfds));
if ((isanode != NULL) && (isanode->nd_state & INUSE_DELETED))
isanode = NULL;
}
if (isanode == NULL) {
if ((acl_check(&server.sv_attr[(int)SRV_ATR_acl_hosts],
request->rq_host, ACL_Host) == 0) &&
(strcasecmp(server_host, request->rq_host) != 0)) {
req_reject(PBSE_BADHOST, 0, request);
close_client(sfds);
return;
}
}
}
/*
* determine source (user client or another server) of request.
* set the permissions granted to the client
*/
if (conn->cn_authen & PBS_NET_CONN_FROM_PRIVIL) {
/* request came from another server */
request->rq_fromsvr = 1;
request->rq_perm = ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR;
} else {
/* request not from another server */
request->rq_fromsvr = 0;
/*
* Client must be authenticated by a Authenticate User Request,
* if not, reject request and close connection.
* -- The following is retained for compat with old cmds --
* The exception to this is of course the Connect Request which
* cannot have been authenticated, because it contains the
* needed ticket; so trap it here. Of course, there is no
* prior authentication on the Authenticate User request either,
* but it comes over a reserved port and appears from another
* server, hence is automatically granted authorization.
*/
if (request->rq_type == PBS_BATCH_Connect) {
req_connect(request);
return;
}
if ((conn->cn_authen & PBS_NET_CONN_AUTHENTICATED) ==0) {
rc = PBSE_BADCRED;
} else {
rc = authenticate_user(request, conn);
}
if (rc != 0) {
req_reject(rc, 0, request);
if (rc == PBSE_BADCRED)
close_client(sfds);
return;
}
request->rq_perm =
svr_get_privilege(request->rq_user, request->rq_host);
}
/* if server shutting down, disallow new jobs and new running */
if (server.sv_attr[(int)SRV_ATR_State].at_val.at_long > SV_STATE_RUN) {
switch (request->rq_type) {
case PBS_BATCH_AsyrunJob:
case PBS_BATCH_JobCred:
case PBS_BATCH_UserCred:
case PBS_BATCH_UserMigrate:
case PBS_BATCH_MoveJob:
case PBS_BATCH_QueueJob:
case PBS_BATCH_RunJob:
case PBS_BATCH_StageIn:
case PBS_BATCH_jobscript:
req_reject(PBSE_SVRDOWN, 0, request);
return;
}
}
#else /* THIS CODE FOR MOM ONLY */
/* check connecting host against allowed list of ok clients */
if (!addrfind(conn->cn_addr)) {
req_reject(PBSE_BADHOST, 0, request);
close_client(sfds);
return;
}
request->rq_fromsvr = 1;
request->rq_perm = ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR | ATR_DFLAG_MOM;
#endif
/*
* dispatch the request to the correct processing function.
* The processing function must call reply_send() to free
* the request struture.
*/
dispatch_request(sfds, request);
return;
}
gboolean
cib_remote_listen(int ssock, gpointer data)
{
int lpc = 0;
int csock = 0;
unsigned laddr;
time_t now = 0;
time_t start = time(NULL);
struct sockaddr_in addr;
#ifdef HAVE_GNUTLS_GNUTLS_H
gnutls_session *session = NULL;
#endif
cib_client_t *new_client = NULL;
xmlNode *login = NULL;
const char *user = NULL;
const char *pass = NULL;
const char *tmp = NULL;
cl_uuid_t client_id;
char uuid_str[UU_UNPARSE_SIZEOF];
#ifdef HAVE_DECL_NANOSLEEP
const struct timespec sleepfast = { 0, 10000000 }; /* 10 millisec */
#endif
/* accept the connection */
laddr = sizeof(addr);
csock = accept(ssock, (struct sockaddr *)&addr, &laddr);
crm_debug("New %s connection from %s",
ssock == remote_tls_fd ? "secure" : "clear-text", inet_ntoa(addr.sin_addr));
if (csock == -1) {
crm_err("accept socket failed");
return TRUE;
}
if (ssock == remote_tls_fd) {
#ifdef HAVE_GNUTLS_GNUTLS_H
/* create gnutls session for the server socket */
session = create_tls_session(csock, GNUTLS_SERVER);
if (session == NULL) {
crm_err("TLS session creation failed");
close(csock);
return TRUE;
}
#endif
}
do {
crm_trace("Iter: %d", lpc++);
if (ssock == remote_tls_fd) {
#ifdef HAVE_GNUTLS_GNUTLS_H
login = cib_recv_remote_msg(session, TRUE);
#endif
} else {
login = cib_recv_remote_msg(GINT_TO_POINTER(csock), FALSE);
}
if (login != NULL) {
break;
}
#ifdef HAVE_DECL_NANOSLEEP
nanosleep(&sleepfast, NULL);
#else
sleep(1);
#endif
now = time(NULL);
/* Peers have 3s to connect */
} while (login == NULL && (start - now) < 4);
crm_log_xml_info(login, "Login: "******"cib_command")) {
crm_err("Wrong tag: %s", tmp);
goto bail;
}
tmp = crm_element_value(login, "op");
if (safe_str_neq(tmp, "authenticate")) {
crm_err("Wrong operation: %s", tmp);
goto bail;
}
user = crm_element_value(login, "user");
pass = crm_element_value(login, "password");
/* Non-root daemons can only validate the password of the
* user they're running as
*/
if (check_group_membership(user, CRM_DAEMON_GROUP) == FALSE) {
crm_err("User is not a member of the required group");
goto bail;
} else if (authenticate_user(user, pass) == FALSE) {
crm_err("PAM auth failed");
goto bail;
}
/* send ACK */
crm_malloc0(new_client, sizeof(cib_client_t));
num_clients++;
new_client->channel_name = "remote";
new_client->name = crm_element_value_copy(login, "name");
cl_uuid_generate(&client_id);
cl_uuid_unparse(&client_id, uuid_str);
CRM_CHECK(new_client->id == NULL, crm_free(new_client->id));
new_client->id = crm_strdup(uuid_str);
#if ENABLE_ACL
new_client->user = crm_strdup(user);
#endif
new_client->callback_id = NULL;
if (ssock == remote_tls_fd) {
#ifdef HAVE_GNUTLS_GNUTLS_H
new_client->encrypted = TRUE;
new_client->channel = (void *)session;
#endif
} else {
new_client->channel = GINT_TO_POINTER(csock);
}
free_xml(login);
login = create_xml_node(NULL, "cib_result");
crm_xml_add(login, F_CIB_OPERATION, CRM_OP_REGISTER);
crm_xml_add(login, F_CIB_CLIENTID, new_client->id);
cib_send_remote_msg(new_client->channel, login, new_client->encrypted);
free_xml(login);
new_client->source =
(void *)G_main_add_fd(G_PRIORITY_DEFAULT, csock, FALSE, cib_remote_msg, new_client,
cib_remote_connection_destroy);
g_hash_table_insert(client_list, new_client->id, new_client);
return TRUE;
bail:
if (ssock == remote_tls_fd) {
#ifdef HAVE_GNUTLS_GNUTLS_H
gnutls_bye(*session, GNUTLS_SHUT_RDWR);
gnutls_deinit(*session);
gnutls_free(session);
#endif
}
close(csock);
free_xml(login);
return TRUE;
}
/**
* Main function for the cqpserver app.
*/
int
main(int argc, char *argv[])
{
int cmd;
which_app = cqpserver;
/* TODO: shouldn't these come AFTER initialize_cqp(), as that function may overwrite these values with defaults?
* or maybe I've missed some subtlety here....*/
silent = 1;
paging = autoshow = auto_save = 0;
if (!initialize_cqp(argc, argv)) {
Rprintf( "CQPserver: ERROR Couldn't initialise CQP engine.\n");
rcqp_receive_error(1);
}
cqiserver_welcome();
if (localhost) {
add_host_to_list("127.0.0.1"); /* in -L mode, connections from localhost are automatically accepted */
}
if (0 < accept_connection(server_port)) {
if (server_log)
Rprintf("CQPserver: Connected. Waiting for CONNECT request.\n");
}
else {
Rprintf( "CQPserver: ERROR Connection failed.\n");
rcqp_receive_error(1);
}
/* establish CQi connection: wait for CONNECT request */
cmd = cqi_read_command();
if (cmd != CQI_CTRL_CONNECT) {
if (server_log)
Rprintf("CQPserver: Connection refused.\n");
cqiserver_wrong_command_error(cmd);
}
user = cqi_read_string();
passwd = cqi_read_string();
if (server_log)
Rprintf("CQPserver: CONNECT user = '******' passwd = '%s' pid = %d\n", user, passwd, (int)getpid());
/* check password here (always required !!) */
if (!authenticate_user(user, passwd)) {
Rprintf("CQPserver: Wrong username or password. Connection refused.\n"); /* TODO shouldn't this be to stderr as it is not conditional on server_log? */
cqi_command(CQI_ERROR_CONNECT_REFUSED);
}
else {
cqi_command(CQI_STATUS_CONNECT_OK);
/* re-randomize for query lock key generation */
cl_randomize();
/* check which corpora the user is granted access to */
{
CorpusList *cl = FirstCorpusFromList();
while (cl != NULL) {
if (!check_grant(user, cl->name))
dropcorpus(cl);
cl = NextCorpusFromList(cl);
}
}
/* start command interpreter loop */
interpreter();
if (server_log)
Rprintf("CQPserver: User '%s' has logged off.\n", user);
}
/* connection terminated; clean up and exit */
Rprintf("CQPserver: Exit. (pid = %d)\n", (int)getpid());
/* TODO should we check cqp_error_status as in the main cqp app? */
return 0;
}
void process_request(char* code_sign_key) {
PLATFORM* platform;
int retval;
double last_rpc_time, x;
struct tm *rpc_time_tm;
bool ok_to_send_work = !config.dont_send_jobs;
bool have_no_work = false;
char buf[256];
HOST initial_host;
unsigned int i;
time_t t;
memset(&g_reply->wreq, 0, sizeof(g_reply->wreq));
// if client has sticky files we don't need any more, tell it
//
do_file_delete_regex();
// if different major version of BOINC, just send a message
//
if (wrong_core_client_version()
|| unacceptable_os()
|| unacceptable_cpu()
) {
ok_to_send_work = false;
}
// if no jobs reported and none to send, return without accessing DB
//
if (!ok_to_send_work && !g_request->results.size()) {
return;
}
warn_user_if_core_client_upgrade_scheduled();
if (requesting_work()) {
if (config.locality_scheduling || config.locality_scheduler_fraction || config.enable_assignment) {
have_no_work = false;
} else {
lock_sema();
have_no_work = ssp->no_work(g_pid);
if (have_no_work) {
g_wreq->no_jobs_available = true;
}
unlock_sema();
}
}
// If:
// - there's no work,
// - a config flag is set,
// - client isn't returning results,
// - this isn't an initial RPC,
// - client is requesting work
// then return without accessing the DB.
// This is an efficiency hack for when servers are overloaded
//
if (
have_no_work
&& config.nowork_skip
&& requesting_work()
&& (g_request->results.size() == 0)
&& (g_request->hostid != 0)
) {
g_reply->insert_message("No work available", "low");
g_reply->set_delay(DELAY_NO_WORK_SKIP);
if (!config.msg_to_host && !config.enable_vda) {
log_messages.printf(MSG_NORMAL, "No work - skipping DB access\n");
return;
}
}
// FROM HERE ON DON'T RETURN; "goto leave" instead
// (because ssp->no_work() may have tagged an entry in the work array
// with our process ID)
retval = open_database();
if (retval) {
send_error_message("Server can't open database", 3600);
g_reply->project_is_down = true;
goto leave;
}
retval = authenticate_user();
if (retval) goto leave;
if (g_reply->user.id == 0) {
log_messages.printf(MSG_CRITICAL, "No user ID!\n");
}
initial_host = g_reply->host;
g_reply->host.rpc_seqno = g_request->rpc_seqno;
g_reply->nucleus_only = false;
log_request();
// is host blacklisted?
//
if (g_reply->host._max_results_day == -1) {
send_error_message("Not accepting requests from this host", 86400);
goto leave;
}
if (strlen(config.sched_lockfile_dir)) {
int pid_with_lock = lock_sched();
if (pid_with_lock > 0) {
log_messages.printf(MSG_CRITICAL,
"Another scheduler instance [PID=%d] is running for this host\n",
pid_with_lock
);
} else if (pid_with_lock) {
log_messages.printf(MSG_CRITICAL,
"Error acquiring lock for [HOST#%d]\n", g_reply->host.id
);
}
if (pid_with_lock) {
send_error_message(
"Another scheduler instance is running for this host", 60
);
goto leave;
}
}
// in deciding whether it's a new day,
// add a random factor (based on host ID)
// to smooth out network traffic over the day
//
retval = rand();
srand(g_reply->host.id);
x = drand()*86400;
srand(retval);
last_rpc_time = g_reply->host.rpc_time;
t = (time_t)(g_reply->host.rpc_time + x);
rpc_time_tm = localtime(&t);
g_request->last_rpc_dayofyear = rpc_time_tm->tm_yday;
t = time(0);
g_reply->host.rpc_time = t;
t += (time_t)x;
rpc_time_tm = localtime(&t);
g_request->current_rpc_dayofyear = rpc_time_tm->tm_yday;
retval = modify_host_struct(g_reply->host);
// write time stats to disk if present
//
if (g_request->have_time_stats_log) {
write_time_stats_log();
}
// look up the client's platform(s) in the DB
//
platform = ssp->lookup_platform(g_request->platform.name);
if (platform) g_request->platforms.list.push_back(platform);
// if primary platform is anonymous, ignore alternate platforms
//
if (strcmp(g_request->platform.name, "anonymous")) {
for (i=0; i<g_request->alt_platforms.size(); i++) {
platform = ssp->lookup_platform(g_request->alt_platforms[i].name);
if (platform) g_request->platforms.list.push_back(platform);
}
}
if (g_request->platforms.list.size() == 0) {
sprintf(buf, "%s %s",
_("This project doesn't support computers of type"),
g_request->platform.name
);
g_reply->insert_message(buf, "notice");
log_messages.printf(MSG_CRITICAL,
"[HOST#%d] platform '%s' not found\n",
g_reply->host.id, g_request->platform.name
);
g_reply->set_delay(DELAY_PLATFORM_UNSUPPORTED);
goto leave;
}
handle_global_prefs();
read_host_app_versions();
update_n_jobs_today();
handle_results();
handle_file_xfer_results();
if (config.enable_vda) {
handle_vda();
}
// Do this before resending lost jobs
//
if (bad_install_type()) {
ok_to_send_work = false;
}
if (!requesting_work()) {
ok_to_send_work = false;
}
send_work_setup();
if (g_request->have_other_results_list) {
if (ok_to_send_work
&& (config.resend_lost_results || g_wreq->resend_lost_results)
&& !g_request->results_truncated
) {
if (resend_lost_work()) {
ok_to_send_work = false;
}
}
if (config.send_result_abort) {
send_result_abort();
}
}
if (requesting_work()) {
if (!send_code_sign_key(code_sign_key)) {
ok_to_send_work = false;
}
if (have_no_work) {
if (config.debug_send) {
log_messages.printf(MSG_NORMAL,
"[send] No jobs in shmem cache\n"
);
}
}
// if last RPC was within config.min_sendwork_interval, don't send work
//
if (!have_no_work && ok_to_send_work) {
if (config.min_sendwork_interval) {
double diff = dtime() - last_rpc_time;
if (diff < config.min_sendwork_interval) {
ok_to_send_work = false;
log_messages.printf(MSG_NORMAL,
"Not sending work - last request too recent: %f\n", diff
);
sprintf(buf,
"Not sending work - last request too recent: %d sec", (int)diff
);
g_reply->insert_message(buf, "low");
// the 1.01 is in case client's clock
// is slightly faster than ours
//
g_reply->set_delay(1.01*config.min_sendwork_interval);
}
}
if (ok_to_send_work) {
send_work();
}
}
if (g_wreq->no_jobs_available) {
g_reply->insert_message("Project has no tasks available", "low");
}
}
handle_msgs_from_host();
if (config.msg_to_host) {
handle_msgs_to_host();
}
update_host_record(initial_host, g_reply->host, g_reply->user);
write_host_app_versions();
leave:
if (!have_no_work) {
ssp->restore_work(g_pid);
}
}
struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
{
return (authenticate_user (pw,pass,NIL) >= 0) ? pw : NIL;
}
void process_request(char* code_sign_key) {
PLATFORM* platform;
int retval;
double last_rpc_time, x;
struct tm *rpc_time_tm;
bool ok_to_send_work = !config.dont_send_jobs;
bool have_no_work = false;
char buf[256];
HOST initial_host;
unsigned int i;
time_t t;
memset(&g_reply->wreq, 0, sizeof(g_reply->wreq));
// if client has sticky files we don't need any more, tell it
//
do_file_delete_regex();
// if different major version of BOINC, just send a message
//
if (wrong_core_client_version()
|| unacceptable_os()
|| unacceptable_cpu()
) {
ok_to_send_work = false;
}
// if no jobs reported and none to send, return without accessing DB
//
if (!ok_to_send_work && !g_request->results.size()) {
return;
}
warn_user_if_core_client_upgrade_scheduled();
if (requesting_work()) {
if (config.locality_scheduling || config.locality_scheduler_fraction || config.enable_assignment) {
have_no_work = false;
} else {
lock_sema();
have_no_work = ssp->no_work(g_pid);
if (have_no_work) {
g_wreq->no_jobs_available = true;
}
unlock_sema();
}
}
// If:
// - there's no work,
// - a config flag is set,
// - client isn't returning results,
// - this isn't an initial RPC,
// - client is requesting work
// then return without accessing the DB.
// This is an efficiency hack for when servers are overloaded
//
if (
have_no_work
&& config.nowork_skip
&& requesting_work()
&& (g_request->results.size() == 0)
&& (g_request->hostid != 0)
) {
g_reply->insert_message("No work available", "low");
g_reply->set_delay(DELAY_NO_WORK_SKIP);
if (!config.msg_to_host && !config.enable_vda) {
log_messages.printf(MSG_NORMAL, "No work - skipping DB access\n");
return;
}
}
// FROM HERE ON DON'T RETURN; "goto leave" instead
// (because ssp->no_work() may have tagged an entry in the work array
// with our process ID)
retval = open_database();
if (retval) {
send_error_message("Server can't open database", 3600);
g_reply->project_is_down = true;
goto leave;
}
retval = authenticate_user();
if (retval) goto leave;
if (g_reply->user.id == 0) {
log_messages.printf(MSG_CRITICAL, "No user ID!\n");
}
initial_host = g_reply->host;
g_reply->host.rpc_seqno = g_request->rpc_seqno;
g_reply->nucleus_only = false;
log_request();
#if 0
// if you need to debug a problem w/ a particular host or user,
// edit the following
//
if (g_reply->user.id == XX || g_reply.host.id == YY) {
config.sched_debug_level = 3;
config.debug_send = true;
...
}
int process_request(
struct tcp_chan *chan) /* file descriptor (socket) to get request */
{
int rc = PBSE_NONE;
struct batch_request *request = NULL;
char log_buf[LOCAL_LOG_BUF_SIZE];
long acl_enable = FALSE;
long state = SV_STATE_DOWN;
time_t time_now = time(NULL);
int free_request = TRUE;
char tmpLine[MAXLINE];
char *auth_err = NULL;
enum conn_type conn_active;
unsigned short conn_socktype;
unsigned short conn_authen;
unsigned long conn_addr;
int sfds = chan->sock;
pthread_mutex_lock(svr_conn[sfds].cn_mutex);
conn_active = svr_conn[sfds].cn_active;
conn_socktype = svr_conn[sfds].cn_socktype;
conn_authen = svr_conn[sfds].cn_authen;
conn_addr = svr_conn[sfds].cn_addr;
svr_conn[sfds].cn_lasttime = time_now;
pthread_mutex_unlock(svr_conn[sfds].cn_mutex);
if ((request = alloc_br(0)) == NULL)
{
snprintf(tmpLine, sizeof(tmpLine),
"cannot allocate memory for request from %lu",
conn_addr);
req_reject(PBSE_MEM_MALLOC, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_SYSTEM;
goto process_request_cleanup;
}
request->rq_conn = sfds;
/*
* Read in the request and decode it to the internal request structure.
*/
if (conn_active == FromClientDIS || conn_active == ToServerDIS)
{
#ifdef ENABLE_UNIX_SOCKETS
if ((conn_socktype & PBS_SOCK_UNIX) &&
(conn_authen != PBS_NET_CONN_AUTHENTICATED))
{
/* get_creds interestingly always returns 0 */
get_creds(sfds, conn_credent[sfds].username, conn_credent[sfds].hostname);
}
#endif /* END ENABLE_UNIX_SOCKETS */
rc = dis_request_read(chan, request);
}
else
{
char out[80];
snprintf(tmpLine, MAXLINE, "request on invalid type of connection: %d, sock type: %d, from address %s",
conn_active,conn_socktype, netaddr_long(conn_addr, out));
log_event(PBSEVENT_SYSTEM, PBS_EVENTCLASS_REQUEST,
"process_req", tmpLine);
snprintf(tmpLine, sizeof(tmpLine),
"request on invalid type of connection (%d) from %s",
conn_active,
netaddr_long(conn_addr, out));
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (rc == -1)
{
/* FAILURE */
/* premature end of file */
rc = PBSE_PREMATURE_EOF;
goto process_request_cleanup;
}
if ((rc == PBSE_SYSTEM) || (rc == PBSE_INTERNAL) || (rc == PBSE_SOCKET_CLOSE))
{
/* FAILURE */
/* read error, likely cannot send reply so just disconnect */
/* ??? not sure about this ??? */
goto process_request_cleanup;
}
if (rc > 0)
{
/* FAILURE */
/*
* request didn't decode, either garbage or unknown
* request type, in either case, return reject-reply
*/
req_reject(rc, 0, request, NULL, "cannot decode message");
free_request = FALSE;
goto process_request_cleanup;
}
if (get_connecthost(sfds, request->rq_host, PBS_MAXHOSTNAME) != 0)
{
sprintf(log_buf, "%s: %lu",
pbse_to_txt(PBSE_BADHOST),
conn_addr);
log_event(PBSEVENT_DEBUG, PBS_EVENTCLASS_REQUEST, "", log_buf);
snprintf(tmpLine, sizeof(tmpLine),
"cannot determine hostname for connection from %lu",
conn_addr);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (LOGLEVEL >= 1)
{
sprintf(log_buf,
msg_request,
reqtype_to_txt(request->rq_type),
request->rq_user,
request->rq_host,
sfds);
log_event(PBSEVENT_DEBUG2, PBS_EVENTCLASS_REQUEST, "", log_buf);
}
/* is the request from a host acceptable to the server */
if (conn_socktype & PBS_SOCK_UNIX)
{
strcpy(request->rq_host, server_name);
}
get_svr_attr_l(SRV_ATR_acl_host_enable, &acl_enable);
if (acl_enable)
{
/* acl enabled, check it; always allow myself and nodes */
struct array_strings *pas = NULL;
struct pbsnode *isanode;
get_svr_attr_arst(SRV_ATR_acl_hosts, &pas);
isanode = PGetNodeFromAddr(conn_addr);
if ((isanode == NULL) &&
(strcmp(server_host, request->rq_host) != 0) &&
(acl_check_my_array_string(pas, request->rq_host, ACL_Host) == 0))
{
char tmpLine[MAXLINE];
snprintf(tmpLine, sizeof(tmpLine), "request not authorized from host %s",
request->rq_host);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
free_request = FALSE;
rc = PBSE_BADHOST;
goto process_request_cleanup;
}
if (isanode != NULL)
unlock_node(isanode, "process_request", NULL, LOGLEVEL);
}
/*
* determine source (user client or another server) of request.
* set the permissions granted to the client
*/
if (conn_authen == PBS_NET_CONN_FROM_PRIVIL)
{
/* request came from another server */
request->rq_fromsvr = 1;
request->rq_perm =
ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR;
}
else
{
/* request not from another server */
conn_credent[sfds].timestamp = time_now;
request->rq_fromsvr = 0;
/*
* Client must be authenticated by an Authenticate User Request, if not,
* reject request and close connection. -- The following is retained for
* compat with old cmds -- The exception to this is of course the Connect
* Request which cannot have been authenticated, because it contains the
* needed ticket; so trap it here. Of course, there is no prior
* authentication on the Authenticate User request either, but it comes
* over a reserved port and appears from another server, hence is
* automatically granted authentication.
*
* The above is only true with inet sockets. With unix domain sockets, the
* user creds were read before the first dis_request_read call above.
* We automatically granted authentication because we can trust the socket
* creds. Authorization is still granted in svr_get_privilege below
*/
if (request->rq_type == PBS_BATCH_Connect)
{
req_connect(request);
if (conn_socktype == PBS_SOCK_INET)
{
rc = PBSE_IVALREQ;
req_reject(rc, 0, request, NULL, NULL);
free_request = FALSE;
goto process_request_cleanup;
}
}
if (conn_socktype & PBS_SOCK_UNIX)
{
pthread_mutex_lock(svr_conn[sfds].cn_mutex);
svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
pthread_mutex_unlock(svr_conn[sfds].cn_mutex);
}
if (ENABLE_TRUSTED_AUTH == TRUE )
rc = PBSE_NONE; /* bypass the authentication of the user--trust the client completely */
else if (munge_on)
{
/* If munge_on is true we will validate the connection now */
if (request->rq_type == PBS_BATCH_AltAuthenUser)
{
rc = req_altauthenuser(request);
free_request = FALSE;
goto process_request_cleanup;
}
else
{
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
}
}
else if (conn_authen != PBS_NET_CONN_AUTHENTICATED)
/* skip checking user if we did not get an authenticated credential */
rc = PBSE_BADCRED;
else
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
if (rc != 0)
{
req_reject(rc, 0, request, NULL, auth_err);
if (auth_err != NULL)
free(auth_err);
free_request = FALSE;
goto process_request_cleanup;
}
/*
* pbs_mom and checkpoint restart scripts both need the authority to do
* alters and releases on checkpointable jobs. Allow manager permission
* for root on the jobs execution node.
*/
if (((request->rq_type == PBS_BATCH_ModifyJob) ||
(request->rq_type == PBS_BATCH_ReleaseJob)) &&
(strcmp(request->rq_user, PBS_DEFAULT_ADMIN) == 0))
{
job *pjob;
char *dptr;
int skip = FALSE;
char short_host[PBS_MAXHOSTNAME+1];
/* make short host name */
strcpy(short_host, request->rq_host);
if ((dptr = strchr(short_host, '.')) != NULL)
{
*dptr = '\0';
}
if ((pjob = svr_find_job(request->rq_ind.rq_modify.rq_objname, FALSE)) != (job *)0)
{
if (pjob->ji_qs.ji_state == JOB_STATE_RUNNING)
{
if ((pjob->ji_wattr[JOB_ATR_checkpoint].at_flags & ATR_VFLAG_SET) &&
((csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "s") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "c") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "enabled") != NULL)) &&
(strstr(pjob->ji_wattr[JOB_ATR_exec_host].at_val.at_str, short_host) != NULL))
{
request->rq_perm = svr_get_privilege(request->rq_user, server_host);
skip = TRUE;
}
}
unlock_ji_mutex(pjob, __func__, "1", LOGLEVEL);
}
if (!skip)
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
}
else
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
} /* END else (conn_authen == PBS_NET_CONN_FROM_PRIVIL) */
/* if server shutting down, disallow new jobs and new running */
get_svr_attr_l(SRV_ATR_State, &state);
if (state > SV_STATE_RUN)
{
switch (request->rq_type)
{
case PBS_BATCH_AsyrunJob:
case PBS_BATCH_JobCred:
case PBS_BATCH_MoveJob:
case PBS_BATCH_QueueJob:
case PBS_BATCH_RunJob:
case PBS_BATCH_StageIn:
case PBS_BATCH_jobscript:
req_reject(PBSE_SVRDOWN, 0, request, NULL, NULL);
rc = PBSE_SVRDOWN;
free_request = FALSE;
goto process_request_cleanup;
/*NOTREACHED*/
break;
}
}
/*
* dispatch the request to the correct processing function.
* The processing function must call reply_send() to free
* the request struture.
*/
rc = dispatch_request(sfds, request);
return(rc);
process_request_cleanup:
if (free_request == TRUE)
free_br(request);
return(rc);
} /* END process_request() */
void process_request(
int sfds) /* file descriptor (socket) to get request */
{
#ifdef PBS_MOM
char *id = "process_request";
#endif
int rc;
struct batch_request *request = NULL;
#ifndef PBS_MOM
char *auth_err = NULL;
#endif
time_now = time(NULL);
request = alloc_br(0);
request->rq_conn = sfds;
/*
* Read in the request and decode it to the internal request structure.
*/
#ifndef PBS_MOM
if (svr_conn[sfds].cn_active == FromClientDIS)
{
#ifdef ENABLE_UNIX_SOCKETS
if ((svr_conn[sfds].cn_socktype & PBS_SOCK_UNIX) &&
(svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED))
{
get_creds(sfds, conn_credent[sfds].username, conn_credent[sfds].hostname);
}
#endif /* END ENABLE_UNIX_SOCKETS */
rc = dis_request_read(sfds, request);
}
else
{
LOG_EVENT(
PBSEVENT_SYSTEM,
PBS_EVENTCLASS_REQUEST,
"process_req",
"request on invalid type of connection");
close_conn(sfds);
free_br(request);
return;
}
#else /* PBS_MOM */
rc = dis_request_read(sfds, request);
#endif /* PBS_MOM */
if (rc == -1)
{
/* FAILURE */
/* premature end of file */
close_client(sfds);
free_br(request);
return;
}
if ((rc == PBSE_SYSTEM) || (rc == PBSE_INTERNAL))
{
/* FAILURE */
/* read error, likely cannot send reply so just disconnect */
/* ??? not sure about this ??? */
close_client(sfds);
free_br(request);
return;
}
if (rc > 0)
{
/* FAILURE */
/*
* request didn't decode, either garbage or unknown
* request type, in either case, return reject-reply
*/
req_reject(rc, 0, request, NULL, "cannot decode message");
close_client(sfds);
return;
}
if (get_connecthost(sfds, request->rq_host, PBS_MAXHOSTNAME) != 0)
{
char tmpLine[1024];
sprintf(log_buffer, "%s: %lu",
pbse_to_txt(PBSE_BADHOST),
get_connectaddr(sfds));
LOG_EVENT(PBSEVENT_DEBUG, PBS_EVENTCLASS_REQUEST, "", log_buffer);
snprintf(tmpLine, sizeof(tmpLine), "cannot determine hostname for connection from %lu",
get_connectaddr(sfds));
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
return;
}
if (LOGLEVEL >= 1)
{
sprintf(
log_buffer,
msg_request,
reqtype_to_txt(request->rq_type),
request->rq_user,
request->rq_host,
sfds);
LOG_EVENT(PBSEVENT_DEBUG2, PBS_EVENTCLASS_REQUEST, "", log_buffer);
}
/* is the request from a host acceptable to the server */
#ifndef PBS_MOM
if (svr_conn[sfds].cn_socktype & PBS_SOCK_UNIX)
{
strcpy(request->rq_host, server_name);
}
if (server.sv_attr[SRV_ATR_acl_host_enable].at_val.at_long)
{
/* acl enabled, check it; always allow myself and nodes */
struct pbsnode *isanode;
isanode = PGetNodeFromAddr(get_connectaddr(sfds));
if ((isanode == NULL) &&
(strcmp(server_host, request->rq_host) != 0) &&
(acl_check(
&server.sv_attr[SRV_ATR_acl_hosts],
request->rq_host,
ACL_Host) == 0))
{
char tmpLine[1024];
snprintf(tmpLine, sizeof(tmpLine), "request not authorized from host %s",
request->rq_host);
req_reject(PBSE_BADHOST, 0, request, NULL, tmpLine);
close_client(sfds);
return;
}
}
/*
* determine source (user client or another server) of request.
* set the permissions granted to the client
*/
if (svr_conn[sfds].cn_authen == PBS_NET_CONN_FROM_PRIVIL)
{
/* request came from another server */
request->rq_fromsvr = 1;
request->rq_perm =
ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR;
}
else
{
/* request not from another server */
request->rq_fromsvr = 0;
/*
* Client must be authenticated by an Authenticate User Request, if not,
* reject request and close connection. -- The following is retained for
* compat with old cmds -- The exception to this is of course the Connect
* Request which cannot have been authenticated, because it contains the
* needed ticket; so trap it here. Of course, there is no prior
* authentication on the Authenticate User request either, but it comes
* over a reserved port and appears from another server, hence is
* automatically granted authentication.
*
* The above is only true with inet sockets. With unix domain sockets, the
* user creds were read before the first dis_request_read call above.
* We automatically granted authentication because we can trust the socket
* creds. Authorization is still granted in svr_get_privilege below
*/
if (request->rq_type == PBS_BATCH_Connect)
{
req_connect(request);
if (svr_conn[sfds].cn_socktype == PBS_SOCK_INET)
return;
}
if (svr_conn[sfds].cn_socktype & PBS_SOCK_UNIX)
{
conn_credent[sfds].timestamp = time_now;
svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
}
if (ENABLE_TRUSTED_AUTH == TRUE )
rc = 0; /* bypass the authentication of the user--trust the client completely */
else if (munge_on)
{
/* If munge_on is true we will validate the connection now */
if ( request->rq_type == PBS_BATCH_AltAuthenUser)
{
rc = req_altauthenuser(request);
if (rc == PBSE_NONE)
{
conn_credent[sfds].timestamp = time_now;
svr_conn[sfds].cn_authen = PBS_NET_CONN_AUTHENTICATED;
}
return;
}
else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)
/* skip checking user if we did not get an authenticated credential */
rc = PBSE_BADCRED;
else
{
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
}
}
else if (svr_conn[sfds].cn_authen != PBS_NET_CONN_AUTHENTICATED)
rc = PBSE_BADCRED;
else
rc = authenticate_user(request, &conn_credent[sfds], &auth_err);
if (rc != 0)
{
req_reject(rc, 0, request, NULL, auth_err);
if (auth_err != NULL)
free(auth_err);
close_client(sfds);
return;
}
/*
* pbs_mom and checkpoint restart scripts both need the authority to do
* alters and releases on checkpointable jobs. Allow manager permission
* for root on the jobs execution node.
*/
if (((request->rq_type == PBS_BATCH_ModifyJob) ||
(request->rq_type == PBS_BATCH_ReleaseJob)) &&
(strcmp(request->rq_user, PBS_DEFAULT_ADMIN) == 0))
{
job *pjob;
char *dptr;
int skip = FALSE;
char short_host[PBS_MAXHOSTNAME+1];
/* make short host name */
strcpy(short_host, request->rq_host);
if ((dptr = strchr(short_host, '.')) != NULL)
{
*dptr = '\0';
}
if (((pjob = find_job(request->rq_ind.rq_modify.rq_objname)) != (job *)0) &&
(pjob->ji_qs.ji_state == JOB_STATE_RUNNING))
{
if ((pjob->ji_wattr[JOB_ATR_checkpoint].at_flags & ATR_VFLAG_SET) &&
((csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "s") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "c") != NULL) ||
(csv_find_string(pjob->ji_wattr[JOB_ATR_checkpoint].at_val.at_str, "enabled") != NULL)) &&
(strstr(pjob->ji_wattr[JOB_ATR_exec_host].at_val.at_str, short_host) != NULL))
{
request->rq_perm = svr_get_privilege(request->rq_user, server_host);
skip = TRUE;
}
}
if (!skip)
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
}
else
{
request->rq_perm = svr_get_privilege(request->rq_user, request->rq_host);
}
} /* END else (svr_conn[sfds].cn_authen == PBS_NET_CONN_FROM_PRIVIL) */
/* if server shutting down, disallow new jobs and new running */
if (server.sv_attr[SRV_ATR_State].at_val.at_long > SV_STATE_RUN)
{
switch (request->rq_type)
{
case PBS_BATCH_AsyrunJob:
case PBS_BATCH_JobCred:
case PBS_BATCH_MoveJob:
case PBS_BATCH_QueueJob:
case PBS_BATCH_RunJob:
case PBS_BATCH_StageIn:
case PBS_BATCH_jobscript:
req_reject(PBSE_SVRDOWN, 0, request, NULL, NULL);
return;
/*NOTREACHED*/
break;
}
}
#else /* THIS CODE FOR MOM ONLY */
{
/*extern tree *okclients; */
extern void mom_server_update_receive_time_by_ip(u_long ipaddr, const char *cmd);
/* check connecting host against allowed list of ok clients */
if (LOGLEVEL >= 6)
{
sprintf(log_buffer, "request type %s from host %s received",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(
PBSEVENT_JOB,
PBS_EVENTCLASS_JOB,
id,
log_buffer);
}
/* if (!tfind(svr_conn[sfds].cn_addr, &okclients)) */
if (!AVL_is_in_tree(svr_conn[sfds].cn_addr, 0, okclients))
{
sprintf(log_buffer, "request type %s from host %s rejected (host not authorized)",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(
PBSEVENT_JOB,
PBS_EVENTCLASS_JOB,
id,
log_buffer);
req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized");
close_client(sfds);
return;
}
if (LOGLEVEL >= 3)
{
sprintf(log_buffer, "request type %s from host %s allowed",
reqtype_to_txt(request->rq_type),
request->rq_host);
log_record(
PBSEVENT_JOB,
PBS_EVENTCLASS_JOB,
id,
log_buffer);
}
mom_server_update_receive_time_by_ip(svr_conn[sfds].cn_addr, reqtype_to_txt(request->rq_type));
} /* END BLOCK */
request->rq_fromsvr = 1;
request->rq_perm =
ATR_DFLAG_USRD | ATR_DFLAG_USWR |
ATR_DFLAG_OPRD | ATR_DFLAG_OPWR |
ATR_DFLAG_MGRD | ATR_DFLAG_MGWR |
ATR_DFLAG_SvWR | ATR_DFLAG_MOM;
#endif /* END else !PBS_MOM */
/*
* dispatch the request to the correct processing function.
* The processing function must call reply_send() to free
* the request struture.
*/
dispatch_request(sfds, request);
return;
} /* END process_request() */
static int
#if defined(USE_PAM) || defined(_AIX)
isNoPassAllowed( const char *un )
{
struct passwd *pw = 0;
# ifdef HAVE_GETSPNAM /* (sic!) - not USESHADOW */
struct spwd *spw;
# endif
#else
isNoPassAllowed( const char *un, struct passwd *pw )
{
#endif
struct group *gr;
char **fp;
int hg;
if (!*un)
return 0;
if (cursource != PWSRC_MANUAL)
return 1;
for (hg = 0, fp = td->noPassUsers; *fp; fp++)
if (**fp == '@')
hg = 1;
else if (!strcmp( un, *fp ))
return 1;
else if (!strcmp( "*", *fp )) {
#if defined(USE_PAM) || defined(_AIX)
if (!(pw = getpwnam( un )))
return 0;
if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
continue;
# ifdef HAVE_GETSPNAM /* (sic!) - not USESHADOW */
if ((spw = getspnam( un )) &&
(spw->sp_pwdp[0] == '!' || spw->sp_pwdp[0] == '*'))
continue;
# endif
#endif
if (pw->pw_uid)
return 1;
}
#if defined(USE_PAM) || defined(_AIX)
if (hg && (pw || (pw = getpwnam( un )))) {
#else
if (hg) {
#endif
for (setgrent(); (gr = getgrent()); )
for (fp = td->noPassUsers; *fp; fp++)
if (**fp == '@' && !strcmp( gr->gr_name, *fp + 1 )) {
if (pw->pw_gid == gr->gr_gid) {
endgrent();
return 1;
}
for (; *gr->gr_mem; gr->gr_mem++)
if (!strcmp( un, *gr->gr_mem )) {
endgrent();
return 1;
}
}
endgrent();
}
return 0;
}
#if !defined(USE_PAM) && !defined(_AIX) && defined(HAVE_SETUSERCONTEXT)
# define LC_RET0 do { login_close(lc); return 0; } while(0)
#else
# define LC_RET0 return 0
#endif
int
verify( GConvFunc gconv, int rootok )
{
#ifdef USE_PAM
const char *psrv;
struct pam_data pdata;
int pretc, pnopass;
char psrvb[64];
#elif defined(_AIX)
char *msg, *curret;
int i, reenter;
#else
struct stat st;
const char *nolg;
char *buf;
int fd;
# ifdef HAVE_GETUSERSHELL
char *s;
# endif
# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
int tim, expir, warntime, quietlog;
# endif
#endif
debug( "verify ...\n" );
#ifdef USE_PAM
pnopass = FALSE;
if (!strcmp( curtype, "classic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
if (isNoPassAllowed( curuser )) {
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
pnopass = TRUE;
sprintf( psrvb, "%.31s-np", PAMService );
psrv = psrvb;
} else
psrv = PAMService;
} else
psrv = PAMService;
pdata.usecur = TRUE;
} else {
sprintf( psrvb, "%.31s-%.31s", PAMService, curtype );
psrv = psrvb;
pdata.usecur = FALSE;
}
pdata.gconv = gconv;
if (!doPAMAuth( psrv, &pdata ))
return 0;
#elif defined(_AIX)
if ((td->displayType & d_location) == dForeign) {
char *tmpch;
strncpy( hostname, td->name, sizeof(hostname) - 1 );
hostname[sizeof(hostname)-1] = '\0';
if ((tmpch = strchr( hostname, ':' )))
*tmpch = '\0';
} else
hostname[0] = '\0';
/* tty names should only be 15 characters long */
# if 0
for (i = 0; i < 15 && td->name[i]; i++) {
if (td->name[i] == ':' || td->name[i] == '.')
tty[i] = '_';
else
tty[i] = td->name[i];
}
tty[i] = '\0';
# else
memcpy( tty, "/dev/xdm/", 9 );
for (i = 0; i < 6 && td->name[i]; i++) {
if (td->name[i] == ':' || td->name[i] == '.')
tty[9 + i] = '_';
else
tty[9 + i] = td->name[i];
}
tty[9 + i] = '\0';
# endif
if (!strcmp( curtype, "classic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
if (isNoPassAllowed( curuser )) {
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
debug( "accepting despite empty password\n" );
goto done;
}
} else
if (!gconv( GCONV_PASS, 0 ))
return 0;
enduserdb();
msg = NULL;
if ((i = authenticate( curuser, curpass, &reenter, &msg ))) {
debug( "authenticate() failed: %s\n", msg );
if (msg)
free( msg );
loginfailed( curuser, hostname, tty );
if (i == ENOENT || i == ESAD)
V_RET_AUTH;
else
V_RET_FAIL( 0 );
}
if (reenter) {
logError( "authenticate() requests more data: %s\n", msg );
free( msg );
V_RET_FAIL( 0 );
}
} else if (!strcmp( curtype, "generic" )) {
if (!gconv( GCONV_USER, 0 ))
return 0;
for (curret = 0;;) {
msg = NULL;
if ((i = authenticate( curuser, curret, &reenter, &msg ))) {
debug( "authenticate() failed: %s\n", msg );
if (msg)
free( msg );
loginfailed( curuser, hostname, tty );
if (i == ENOENT || i == ESAD)
V_RET_AUTH;
else
V_RET_FAIL( 0 );
}
if (curret)
free( curret );
if (!reenter)
break;
if (!(curret = gconv( GCONV_HIDDEN, msg )))
return 0;
free( msg );
}
} else {
logError( "Unsupported authentication type %\"s requested\n", curtype );
V_RET_FAIL( 0 );
}
if (msg) {
displayStr( V_MSG_INFO, msg );
free( msg );
}
done:
#else
if (strcmp( curtype, "classic" )) {
logError( "Unsupported authentication type %\"s requested\n", curtype );
V_RET_FAIL( 0 );
}
if (!gconv( GCONV_USER, 0 ))
return 0;
if (!(p = getpwnam( curuser ))) {
debug( "getpwnam() failed.\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
if (p->pw_passwd[0] == '!' || p->pw_passwd[0] == '*') {
debug( "account is locked\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
# ifdef USESHADOW
if ((sp = getspnam( curuser ))) {
p->pw_passwd = sp->sp_pwdp;
if (p->pw_passwd[0] == '!' || p->pw_passwd[0] == '*') {
debug( "account is locked\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
} else
debug( "getspnam() failed: %m. Are you root?\n" );
# endif
if (!*p->pw_passwd) {
if (!td->allowNullPasswd) {
debug( "denying user with empty password\n" );
gconv( GCONV_PASS, 0 );
V_RET_AUTH;
}
goto nplogin;
}
if (isNoPassAllowed( curuser, p )) {
nplogin:
gconv( GCONV_PASS_ND, 0 );
if (!*curpass) {
debug( "accepting password-less login\n" );
goto done;
}
} else
if (!gconv( GCONV_PASS, 0 ))
return 0;
# ifdef KERBEROS
if (p->pw_uid) {
int ret;
char realm[REALM_SZ];
if (krb_get_lrealm( realm, 1 )) {
logError( "Cannot get KerberosIV realm.\n" );
V_RET_FAIL( 0 );
}
sprintf( krbtkfile, "%s.%.*s", TKT_ROOT, MAXPATHLEN - strlen( TKT_ROOT ) - 2, td->name );
krb_set_tkt_string( krbtkfile );
unlink( krbtkfile );
ret = krb_verify_user( curuser, "", realm, curpass, 1, "rcmd" );
if (ret == KSUCCESS) {
chown( krbtkfile, p->pw_uid, p->pw_gid );
debug( "KerberosIV verify succeeded\n" );
goto done;
} else if (ret != KDC_PR_UNKNOWN && ret != SKDC_CANT) {
logError( "KerberosIV verification failure %\"s for %s\n",
krb_get_err_text( ret ), curuser );
krbtkfile[0] = '\0';
V_RET_FAIL( 0 );
}
debug( "KerberosIV verify failed: %s\n", krb_get_err_text( ret ) );
}
krbtkfile[0] = '\0';
# endif /* KERBEROS */
# if defined(ultrix) || defined(__ultrix__)
if (authenticate_user( p, curpass, NULL ) < 0)
# elif defined(HAVE_PW_ENCRYPT)
if (strcmp( pw_encrypt( curpass, p->pw_passwd ), p->pw_passwd ))
# elif defined(HAVE_CRYPT)
if (strcmp( crypt( curpass, p->pw_passwd ), p->pw_passwd ))
# else
if (strcmp( curpass, p->pw_passwd ))
# endif
{
debug( "password verify failed\n" );
V_RET_AUTH;
}
done:
#endif /* !defined(USE_PAM) && !defined(_AIX) */
debug( "restrict %s ...\n", curuser );
#if defined(USE_PAM) || defined(_AIX)
if (!(p = getpwnam( curuser ))) {
logError( "getpwnam(%s) failed.\n", curuser );
V_RET_FAIL( 0 );
}
#endif
if (!p->pw_uid) {
if (!rootok && !td->allowRootLogin)
V_RET_FAIL( "Root logins are not allowed" );
return 1; /* don't deny root to log in */
}
#ifdef USE_PAM
debug( " pam_acct_mgmt() ...\n" );
pretc = pam_acct_mgmt( pamh, 0 );
reInitErrorLog();
debug( " pam_acct_mgmt() returned: %s\n", pam_strerror( pamh, pretc ) );
if (pretc == PAM_NEW_AUTHTOK_REQD) {
pdata.usecur = FALSE;
pdata.gconv = conv_interact;
/* pam will have output a message already, so no prepareErrorGreet() */
if (gconv != conv_interact || pnopass) {
pam_end( pamh, PAM_SUCCESS );
pamh = 0;
gSendInt( V_CHTOK_AUTH );
/* this cannot auth the wrong user, as only classic auths get here */
while (!doPAMAuth( PAMService, &pdata ))
if (pdata.abort)
return 0;
gSendInt( V_PRE_OK );
} else
gSendInt( V_CHTOK );
for (;;) {
debug( " pam_chauthtok() ...\n" );
pretc = pam_chauthtok( pamh, PAM_CHANGE_EXPIRED_AUTHTOK );
reInitErrorLog();
debug( " pam_chauthtok() returned: %s\n", pam_strerror( pamh, pretc ) );
if (pdata.abort) {
pam_end( pamh, PAM_SUCCESS );
pamh = 0;
return 0;
}
if (pretc == PAM_SUCCESS)
break;
/* effectively there is only PAM_AUTHTOK_ERR */
gSendInt( V_FAIL );
}
if (curpass)
free( curpass );
curpass = newpass;
newpass = 0;
} else if (pretc != PAM_SUCCESS) {
pam_end( pamh, pretc );
pamh = 0;
V_RET_AUTH;
}
#elif defined(_AIX) /* USE_PAM */
msg = NULL;
if (loginrestrictions( curuser,
((td->displayType & d_location) == dForeign) ? S_RLOGIN : S_LOGIN,
tty, &msg ) == -1)
{
debug( "loginrestrictions() - %s\n", msg ? msg : "error" );
loginfailed( curuser, hostname, tty );
prepareErrorGreet();
if (msg) {
displayStr( V_MSG_ERR, msg );
free( msg );
}
gSendInt( V_AUTH );
return 0;
}
if (msg)
free( (void *)msg );
#endif /* USE_PAM || _AIX */
#ifndef _AIX
# ifdef HAVE_SETUSERCONTEXT
# ifdef HAVE_LOGIN_GETCLASS
lc = login_getclass( p->pw_class );
# else
lc = login_getpwclass( p );
# endif
if (!lc)
V_RET_FAIL( 0 );
p->pw_shell = login_getcapstr( lc, "shell", p->pw_shell, p->pw_shell );
# endif
# ifndef USE_PAM
/* restrict_expired */
# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
# if !defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || (!defined(HAVE_SETUSERCONTEXT) && defined(USESHADOW))
if (sp)
# endif
{
# define DEFAULT_WARN (2L * 7L) /* Two weeks */
tim = time( NULL ) / 86400L;
# ifdef HAVE_SETUSERCONTEXT
quietlog = login_getcapbool( lc, "hushlogin", 0 );
warntime = login_getcaptime( lc, "warnexpire",
DEFAULT_WARN * 86400L,
DEFAULT_WARN * 86400L ) / 86400L;
# else
quietlog = 0;
# ifdef USESHADOW
warntime = sp->sp_warn != -1 ? sp->sp_warn : DEFAULT_WARN;
# else
warntime = DEFAULT_WARN;
# endif
# endif
# ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
if (p->pw_expire) {
expir = p->pw_expire / 86400L;
# else
if (sp->sp_expire != -1) {
expir = sp->sp_expire;
# endif
if (tim > expir) {
displayStr( V_MSG_ERR,
"Your account has expired;"
" please contact your system administrator" );
gSendInt( V_FAIL );
LC_RET0;
} else if (tim > (expir - warntime) && !quietlog) {
displayMsg( V_MSG_INFO,
"Warning: your account will expire in %d day(s)",
expir - tim );
}
}
# ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
if (p->pw_change) {
expir = p->pw_change / 86400L;
# else
if (!sp->sp_lstchg) {
displayStr( V_MSG_ERR,
"You are required to change your password immediately"
" (root enforced)" );
/* XXX todo password change */
gSendInt( V_FAIL );
LC_RET0;
} else if (sp->sp_max != -1) {
expir = sp->sp_lstchg + sp->sp_max;
if (sp->sp_inact != -1 && tim > expir + sp->sp_inact) {
displayStr( V_MSG_ERR,
"Your account has expired;"
" please contact your system administrator" );
gSendInt( V_FAIL );
LC_RET0;
}
# endif
if (tim > expir) {
displayStr( V_MSG_ERR,
"You are required to change your password immediately"
" (password aged)" );
/* XXX todo password change */
gSendInt( V_FAIL );
LC_RET0;
} else if (tim > (expir - warntime) && !quietlog) {
displayMsg( V_MSG_INFO,
"Warning: your password will expire in %d day(s)",
expir - tim );
}
}
}
# endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE || USESHADOW */
/* restrict_nologin */
# ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
# endif
if ((
# ifdef HAVE_SETUSERCONTEXT
/* Do we ignore a nologin file? */
!login_getcapbool( lc, "ignorenologin", 0 )) &&
(!stat( (nolg = login_getcapstr( lc, "nologin", "", NULL )), &st ) ||
# endif
!stat( (nolg = _PATH_NOLOGIN), &st )))
{
if (st.st_size && (fd = open( nolg, O_RDONLY )) >= 0) {
if ((buf = Malloc( st.st_size + 1 ))) {
if (read( fd, buf, st.st_size ) == st.st_size) {
close( fd );
buf[st.st_size] = 0;
displayStr( V_MSG_ERR, buf );
free( buf );
gSendInt( V_FAIL );
LC_RET0;
}
free( buf );
}
close( fd );
}
displayStr( V_MSG_ERR,
"Logins are not allowed at the moment.\nTry again later" );
gSendInt( V_FAIL );
LC_RET0;
}
/* restrict_time */
# if defined(HAVE_SETUSERCONTEXT) && defined(HAVE_AUTH_TIMEOK)
if (!auth_timeok( lc, time( NULL ) )) {
displayStr( V_MSG_ERR,
"You are not allowed to login at the moment" );
gSendInt( V_FAIL );
LC_RET0;
}
# endif
# ifdef HAVE_GETUSERSHELL
for (;;) {
if (!(s = getusershell())) {
debug( "shell not in /etc/shells\n" );
endusershell();
V_RET_FAIL( "Your login shell is not listed in /etc/shells" );
}
if (!strcmp( s, p->pw_shell )) {
endusershell();
break;
}
}
# endif
# endif /* !USE_PAM */
/* restrict_nohome */
# ifdef HAVE_SETUSERCONTEXT
if (login_getcapbool( lc, "requirehome", 0 )) {
struct stat st;
if (!*p->pw_dir || stat( p->pw_dir, &st ) || st.st_uid != p->pw_uid) {
displayStr( V_MSG_ERR, "Home folder not available" );
gSendInt( V_FAIL );
LC_RET0;
}
}
# endif
#endif /* !_AIX */
return 1;
}
static const char *envvars[] = {
"TZ", /* SYSV and SVR4, but never hurts */
#ifdef _AIX
"AUTHSTATE", /* for kerberos */
#endif
NULL
};
#if defined(USE_PAM) && defined(HAVE_INITGROUPS)
static int num_saved_gids;
static gid_t *saved_gids;
static int
saveGids( void )
{
num_saved_gids = getgroups( 0, 0 );
if (!(saved_gids = Malloc( sizeof(gid_t) * num_saved_gids )))
return 0;
if (getgroups( num_saved_gids, saved_gids ) < 0) {
logError( "saving groups failed: %m\n" );
return 0;
}
return 1;
}
static int
restoreGids( void )
{
if (setgroups( num_saved_gids, saved_gids ) < 0) {
logError( "restoring groups failed: %m\n" );
return 0;
}
if (setgid( p->pw_gid ) < 0) {
logError( "restoring gid failed: %m\n" );
return 0;
}
return 1;
}
#endif /* USE_PAM && HAVE_INITGROUPS */
static int
resetGids( void )
{
#ifdef HAVE_INITGROUPS
if (setgroups( 0, &p->pw_gid /* anything */ ) < 0) {
logError( "restoring groups failed: %m\n" );
return 0;
}
#endif
if (setgid( 0 ) < 0) {
logError( "restoring gid failed: %m\n" );
return 0;
}
return 1;
}
static int
setGid( const char *name, int gid )
{
if (setgid( gid ) < 0) {
logError( "setgid(%d) (user %s) failed: %m\n", gid, name );
return 0;
}
#ifdef HAVE_INITGROUPS
if (initgroups( name, gid ) < 0) {
logError( "initgroups for %s failed: %m\n", name );
setgid( 0 );
return 0;
}
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
return 1;
}
static int
setUid( const char *name, int uid )
{
if (setuid( uid ) < 0) {
logError( "setuid(%d) (user %s) failed: %m\n", uid, name );
return 0;
}
return 1;
}
static int
setUser( const char *name, int uid, int gid )
{
if (setGid( name, gid )) {
if (setUid( name, uid ))
return 1;
resetGids();
}
return 0;
}
#if defined(SECURE_RPC) || defined(K5AUTH)
static void
nukeAuth( int len, const char *name )
{
int i;
for (i = 0; i < td->authNum; i++)
if (td->authorizations[i]->name_length == len &&
!memcmp( td->authorizations[i]->name, name, len ))
{
memcpy( &td->authorizations[i], &td->authorizations[i+1],
sizeof(td->authorizations[i]) * (--td->authNum - i) );
break;
}
}
#endif
static void
mergeSessionArgs( int cansave )
{
char *mfname;
const char *fname;
int i, needsave;
mfname = 0;
fname = ".dmrc";
if ((!curdmrc || newdmrc) && *dmrcDir)
if (strApp( &mfname, dmrcDir, "/", curuser, fname, (char *)0 ))
fname = mfname;
needsave = 0;
if (!curdmrc) {
curdmrc = iniLoad( fname );
if (!curdmrc) {
strDup( &curdmrc, "[Desktop]\nSession=default\n" );
needsave = 1;
}
}
if (newdmrc) {
curdmrc = iniMerge( curdmrc, newdmrc );
needsave = 1;
}
if (needsave && cansave)
if (!iniSave( curdmrc, fname ) && errno == ENOENT && mfname) {
for (i = 0; mfname[i]; i++)
if (mfname[i] == '/') {
mfname[i] = 0;
mkdir( mfname, 0755 );
mfname[i] = '/';
}
iniSave( curdmrc, mfname );
}
if (mfname)
free( mfname );
}
static int
createClientLog( const char *log )
{
char randstr[32], *randstrp = 0, *lname;
int lfd;
for (;;) {
struct expando macros[] = {
{ 'd', 0, td->name },
{ 'u', 0, curuser },
{ 'r', 0, randstrp },
{ 0, 0, 0 }
};
if (!(lname = expandMacros( log, macros )))
exit( 1 );
unlink( lname );
if ((lfd = open( lname, O_WRONLY|O_CREAT|O_EXCL, 0600 )) >= 0) {
dup2( lfd, 1 );
dup2( lfd, 2 );
close( lfd );
free( lname );
return TRUE;
}
if (errno != EEXIST || !macros[2].uses) {
free( lname );
return FALSE;
}
logInfo( "Session log file %s not usable, trying another one.\n",
lname );
free( lname );
sprintf( randstr, "%d", secureRandom() );
randstrp = randstr;
}
}
/*!
* \internal
* \brief ARI HTTP handler.
*
* This handler takes the HTTP request and turns it into the appropriate
* RESTful request (conversion to JSON, routing, etc.)
*
* \param ser TCP session.
* \param urih URI handler.
* \param uri URI requested.
* \param method HTTP method.
* \param get_params HTTP \c GET params.
* \param headers HTTP headers.
*/
static int ast_ari_callback(struct ast_tcptls_session_instance *ser,
const struct ast_http_uri *urih,
const char *uri,
enum ast_http_method method,
struct ast_variable *get_params,
struct ast_variable *headers)
{
RAII_VAR(struct ast_ari_conf *, conf, NULL, ao2_cleanup);
RAII_VAR(struct ast_str *, response_body, ast_str_create(256), ast_free);
RAII_VAR(struct ast_ari_conf_user *, user, NULL, ao2_cleanup);
struct ast_ari_response response = {};
RAII_VAR(struct ast_variable *, post_vars, NULL, ast_variables_destroy);
if (!response_body) {
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 500, "Server Error", "Out of memory");
return 0;
}
response.headers = ast_str_create(40);
if (!response.headers) {
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 500, "Server Error", "Out of memory");
return 0;
}
conf = ast_ari_config_get();
if (!conf || !conf->general) {
ast_free(response.headers);
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 500, "Server Error", "URI handler config missing");
return 0;
}
process_cors_request(headers, &response);
/* Process form data from a POST. It could be mixed with query
* parameters, which seems a bit odd. But it's allowed, so that's okay
* with us.
*/
post_vars = ast_http_get_post_vars(ser, headers);
if (!post_vars) {
switch (errno) {
case EFBIG:
ast_ari_response_error(&response, 413,
"Request Entity Too Large",
"Request body too large");
goto request_failed;
case ENOMEM:
ast_http_request_close_on_completion(ser);
ast_ari_response_error(&response, 500,
"Internal Server Error",
"Out of memory");
goto request_failed;
case EIO:
ast_ari_response_error(&response, 400,
"Bad Request", "Error parsing request body");
goto request_failed;
}
}
if (get_params == NULL) {
get_params = post_vars;
} else if (get_params && post_vars) {
/* Has both post_vars and get_params */
struct ast_variable *last_var = post_vars;
while (last_var->next) {
last_var = last_var->next;
}
/* The duped get_params will get freed when post_vars gets
* ast_variables_destroyed.
*/
last_var->next = ast_variables_dup(get_params);
get_params = post_vars;
}
user = authenticate_user(get_params, headers);
if (response.response_code > 0) {
/* POST parameter processing error. Do nothing. */
} else if (!user) {
/* Per RFC 2617, section 1.2: The 401 (Unauthorized) response
* message is used by an origin server to challenge the
* authorization of a user agent. This response MUST include a
* WWW-Authenticate header field containing at least one
* challenge applicable to the requested resource.
*/
ast_ari_response_error(&response, 401, "Unauthorized", "Authentication required");
/* Section 1.2:
* realm = "realm" "=" realm-value
* realm-value = quoted-string
* Section 2:
* challenge = "Basic" realm
*/
ast_str_append(&response.headers, 0,
"WWW-Authenticate: Basic realm=\"%s\"\r\n",
conf->general->auth_realm);
} else if (!ast_fully_booted) {
ast_http_request_close_on_completion(ser);
ast_ari_response_error(&response, 503, "Service Unavailable", "Asterisk not booted");
} else if (user->read_only && method != AST_HTTP_GET && method != AST_HTTP_OPTIONS) {
ast_ari_response_error(&response, 403, "Forbidden", "Write access denied");
} else if (ast_ends_with(uri, "/")) {
remove_trailing_slash(uri, &response);
} else if (ast_begins_with(uri, "api-docs/")) {
/* Serving up API docs */
if (method != AST_HTTP_GET) {
ast_ari_response_error(&response, 405, "Method Not Allowed", "Unsupported method");
} else {
/* Skip the api-docs prefix */
ast_ari_get_docs(strchr(uri, '/') + 1, headers, &response);
}
} else {
/* Other RESTful resources */
ast_ari_invoke(ser, uri, method, get_params, headers,
&response);
}
if (response.no_response) {
/* The handler indicates no further response is necessary.
* Probably because it already handled it */
ast_free(response.headers);
return 0;
}
request_failed:
/* If you explicitly want to have no content, set message to
* ast_json_null().
*/
ast_assert(response.message != NULL);
ast_assert(response.response_code > 0);
/* response.message could be NULL, in which case the empty response_body
* is correct
*/
if (response.message && !ast_json_is_null(response.message)) {
ast_str_append(&response.headers, 0,
"Content-type: application/json\r\n");
if (ast_json_dump_str_format(response.message, &response_body,
conf->general->format) != 0) {
/* Error encoding response */
response.response_code = 500;
response.response_text = "Internal Server Error";
ast_str_set(&response_body, 0, "%s", "");
ast_str_set(&response.headers, 0, "%s", "");
}
}
ast_debug(3, "Examining ARI response:\n%d %s\n%s\n%s\n", response.response_code,
response.response_text, ast_str_buffer(response.headers), ast_str_buffer(response_body));
ast_http_send(ser, method, response.response_code,
response.response_text, response.headers, response_body,
0, 0);
/* ast_http_send takes ownership, so we don't have to free them */
response_body = NULL;
ast_json_unref(response.message);
return 0;
}
/* Returns TRUE if login is allowed with the given local password. */
#ifdef HAVE_SIA
Boolean ssh_user_validate_local_password(SshUser uc,
const char *password,
const char *remote_host)
#else /* HAVE_SIA */
Boolean ssh_user_validate_local_password(SshUser uc,
const char *password)
#endif /* HAVE_SIA */
{
char *encrypted_password;
const char *correct_passwd = uc->correct_encrypted_passwd;
#ifdef HAVE_ULTRIX_SHADOW_PASSWORDS
{
struct svcinfo *svp;
struct passwd *pw;
pw = getpwnam(uc->name);
if (!pw)
return FALSE;
svp = getsvc();
if (svp == NULL)
{
error("getsvc() failed in ultrix code in auth_passwd");
return FALSE;
}
if ((svp->svcauth.seclevel == SEC_UPGRADE &&
strcmp(pw->pw_passwd, "*") == 0) ||
svp->svcauth.seclevel == SEC_ENHANCED)
return authenticate_user(pw, password, "/dev/ttypXX") >= 0;
}
#endif /* HAVE_ULTRIX_SHADOW_PASSWORDS */
#ifdef HAVE_SIA
{
int argc;
char **argv;
/* Passing a collection routine to my_sia_validate_user() here would
be useless and could be harmful.
It would be useless because at this point, stdin/stdout/stderr
are all redirected to /dev/null.
It would be harmful if the collection routine tried to print
anything to stdout, say, a warning that the password is incorrect.
At this point, nothing has been printed to stdout yet and it's
redirected to /dev/null. Printing to stdout now would initialize
it as fully buffered (not line buffered) since /dev/null isn't a
tty. That would cause problems later on in the child, which gets
a copy of the stdout structure. When the child printed /etc/motd
and the mail notice, the user wouldn't see them because they'd
be stuck in the stdout buffer. */
get_sia_args(&argc, &argv);
if (my_sia_validate_user(NULL, argc, argv,
(char *)remote_host, uc->name,
NULL, 0, NULL, (char *)password) == SIASUCCESS)
return TRUE;
else
return FALSE;
}
#endif /* HAVE_SIA */
/* Encrypt the candidate password using the proper salt. */
#if defined(HAVE_SCO_ETC_SHADOW) || defined(HAVE_HPUX_TCB_AUTH)
encrypted_password = bigcrypt(password,
(correct_passwd[0] && correct_passwd[1]) ?
correct_passwd : "xx");
#else /* defined(HAVE_SCO_ETC_SHADOW) || defined(HAVE_HPUX_TCB_AUTH) */
encrypted_password = crypt(password,
(correct_passwd[0] && correct_passwd[1]) ?
correct_passwd : "xx");
#endif /* HAVE_SCO_ETC_SHADOW */
/* Authentication is accepted if the encrypted passwords are identical. */
return strcmp(encrypted_password, correct_passwd) == 0;
}
/*!
* \internal
* \brief ARI HTTP handler.
*
* This handler takes the HTTP request and turns it into the appropriate
* RESTful request (conversion to JSON, routing, etc.)
*
* \param ser TCP session.
* \param urih URI handler.
* \param uri URI requested.
* \param method HTTP method.
* \param get_params HTTP \c GET params.
* \param headers HTTP headers.
*/
static int ast_ari_callback(struct ast_tcptls_session_instance *ser,
const struct ast_http_uri *urih,
const char *uri,
enum ast_http_method method,
struct ast_variable *get_params,
struct ast_variable *headers)
{
RAII_VAR(struct ast_ari_conf *, conf, NULL, ao2_cleanup);
RAII_VAR(struct ast_str *, response_headers, ast_str_create(40), ast_free);
RAII_VAR(struct ast_str *, response_body, ast_str_create(256), ast_free);
RAII_VAR(struct ast_ari_conf_user *, user, NULL, ao2_cleanup);
struct ast_ari_response response = {};
int ret = 0;
if (!response_headers || !response_body) {
return -1;
}
response.headers = ast_str_create(40);
if (!response.headers) {
return -1;
}
conf = ast_ari_config_get();
if (!conf || !conf->general) {
return -1;
}
process_cors_request(headers, &response);
user = authenticate_user(get_params, headers);
if (!user) {
/* Per RFC 2617, section 1.2: The 401 (Unauthorized) response
* message is used by an origin server to challenge the
* authorization of a user agent. This response MUST include a
* WWW-Authenticate header field containing at least one
* challenge applicable to the requested resource.
*/
response.response_code = 401;
response.response_text = "Unauthorized";
/* Section 1.2:
* realm = "realm" "=" realm-value
* realm-value = quoted-string
* Section 2:
* challenge = "Basic" realm
*/
ast_str_append(&response.headers, 0,
"WWW-Authenticate: Basic realm=\"%s\"\r\n",
conf->general->auth_realm);
response.message = ast_json_pack("{s: s}",
"error", "Authentication required");
} else if (!ast_fully_booted) {
response.response_code = 503;
response.response_text = "Service Unavailable";
response.message = ast_json_pack("{s: s}",
"error", "Asterisk not booted");
} else if (user->read_only && method != AST_HTTP_GET && method != AST_HTTP_OPTIONS) {
response.message = ast_json_pack("{s: s}",
"error", "Write access denied");
response.response_code = 403;
response.response_text = "Forbidden";
} else if (ast_ends_with(uri, "/")) {
remove_trailing_slash(uri, &response);
} else if (ast_begins_with(uri, "api-docs/")) {
/* Serving up API docs */
if (method != AST_HTTP_GET) {
response.message =
ast_json_pack("{s: s}",
"message", "Unsupported method");
response.response_code = 405;
response.response_text = "Method Not Allowed";
} else {
/* Skip the api-docs prefix */
ast_ari_get_docs(strchr(uri, '/') + 1, headers, &response);
}
} else {
/* Other RESTful resources */
ast_ari_invoke(ser, uri, method, get_params, headers,
&response);
}
if (response.no_response) {
/* The handler indicates no further response is necessary.
* Probably because it already handled it */
return 0;
}
/* If you explicitly want to have no content, set message to
* ast_json_null().
*/
ast_assert(response.message != NULL);
ast_assert(response.response_code > 0);
ast_str_append(&response_headers, 0, "%s", ast_str_buffer(response.headers));
/* response.message could be NULL, in which case the empty response_body
* is correct
*/
if (response.message && !ast_json_is_null(response.message)) {
ast_str_append(&response_headers, 0,
"Content-type: application/json\r\n");
if (ast_json_dump_str_format(response.message, &response_body,
conf->general->format) != 0) {
/* Error encoding response */
response.response_code = 500;
response.response_text = "Internal Server Error";
ast_str_set(&response_body, 0, "%s", "");
ast_str_set(&response_headers, 0, "%s", "");
ret = -1;
}
}
ast_http_send(ser, method, response.response_code,
response.response_text, response_headers, response_body,
0, 0);
/* ast_http_send takes ownership, so we don't have to free them */
response_headers = NULL;
response_body = NULL;
ast_json_unref(response.message);
return ret;
}
int
Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
{
struct passwd *p;
login_cap_t *lc;
auth_session_t *as;
char *style, *shell, *home, *s, **argv;
char path[MAXPATHLEN];
int authok;
/* User may have specified an authentication style. */
if ((style = strchr(greet->name, ':')) != NULL)
*style++ = '\0';
Debug ("Verify %s, style %s ...\n", greet->name,
style ? style : "default");
p = getpwnam (greet->name);
endpwent();
if (!p || strlen (greet->name) == 0) {
Debug("getpwnam() failed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
if ((lc = login_getclass(p->pw_class)) == NULL) {
Debug("login_getclass() failed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
if ((style = login_getstyle(lc, style, "xdm")) == NULL) {
Debug("login_getstyle() failed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
if ((as = auth_open()) == NULL) {
Debug("auth_open() failed.\n");
login_close(lc);
bzero(greet->password, strlen(greet->password));
return 0;
}
if (auth_setoption(as, "login", "yes") == -1) {
Debug("auth_setoption() failed.\n");
login_close(lc);
bzero(greet->password, strlen(greet->password));
return 0;
}
/* Set up state for no challenge, just check a response. */
auth_setstate(as, 0);
auth_setdata(as, "", 1);
auth_setdata(as, greet->password, strlen(greet->password) + 1);
/* Build path of the auth script and call it */
snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style);
auth_call(as, path, style, "-s", "response", greet->name,
lc->lc_class, (void *)NULL);
authok = auth_getstate(as);
if ((authok & AUTH_ALLOW) == 0) {
Debug("password verify failed\n");
bzero(greet->password, strlen(greet->password));
auth_close(as);
login_close(lc);
return 0;
}
/* Run the approval script */
if (!auth_approval(as, lc, greet->name, "auth-xdm")) {
Debug("login not approved\n");
bzero(greet->password, strlen(greet->password));
auth_close(as);
login_close(lc);
return 0;
}
auth_close(as);
login_close(lc);
/* Check empty passwords against allowNullPasswd */
if (!greet->allow_null_passwd && strlen(greet->password) == 0) {
Debug("empty password not allowed\n");
return 0;
}
/* Only accept root logins if allowRootLogin resource is set */
if (p->pw_uid == 0 && !greet->allow_root_login) {
Debug("root logins not allowed\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
/*
* Shell must be in /etc/shells
*/
for (;;) {
s = getusershell();
if (s == NULL) {
/* did not found the shell in /etc/shells
-> failure */
Debug("shell not in /etc/shells\n");
bzero(greet->password, strlen(greet->password));
endusershell();
return 0;
}
if (strcmp(s, p->pw_shell) == 0) {
/* found the shell in /etc/shells */
endusershell();
break;
}
}
#else /* !USE_BSDAUTH */
int
Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
{
struct passwd *p;
#ifdef USE_PAM
pam_handle_t **pamhp = thepamhp();
#else
#ifdef USESHADOW
struct spwd *sp;
#endif
char *user_pass = NULL;
#endif
#ifdef __OpenBSD__
char *s;
struct timeval tp;
#endif
char *shell, *home;
char **argv;
Debug ("Verify %s ...\n", greet->name);
#if defined(sun) && defined(SVR4)
/* Solaris: If CONSOLE is set to /dev/console in /etc/default/login,
then root can only login on system console */
# define SOLARIS_LOGIN_DEFAULTS "/etc/default/login"
if (strcmp(greet->name, "root") == 0) {
char *console = NULL, *tmp = NULL;
FILE *fs;
if ((fs= fopen(SOLARIS_LOGIN_DEFAULTS, "r")) != NULL)
{
char str[120];
while (!feof(fs))
{
fgets(str, 120, fs);
if(str[0] == '#' || strlen(str) < 8)
continue;
if((tmp = strstr(str, "CONSOLE=")) != NULL)
console = strdup((tmp+8));
}
fclose(fs);
if ( console != NULL &&
(strncmp(console, "/dev/console", 12) == 0) &&
(strncmp(d->name,":0",2) != 0) )
{
Debug("Not on system console\n");
bzero(greet->password, strlen(greet->password));
XFree(console);
return 0;
}
XFree(console);
}
else
{
Debug("Could not open %s\n", SOLARIS_LOGIN_DEFAULTS);
}
}
#endif
#ifndef USE_PAM
p = getpwnam (greet->name);
endpwent();
if (!p || strlen (greet->name) == 0) {
Debug ("getpwnam() failed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
} else {
#ifdef linux
if (!strcmp(p->pw_passwd, "!") || !strcmp(p->pw_passwd, "*")) {
Debug ("The account is locked, no login allowed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
#endif
user_pass = p->pw_passwd;
}
#endif
#ifdef KERBEROS
if(strcmp(greet->name, "root") != 0){
char name[ANAME_SZ];
char realm[REALM_SZ];
char *q;
int ret;
if(krb_get_lrealm(realm, 1)){
Debug ("Can't get Kerberos realm.\n");
} else {
sprintf(krbtkfile, "%s.%s", TKT_ROOT, d->name);
krb_set_tkt_string(krbtkfile);
unlink(krbtkfile);
ret = krb_verify_user(greet->name, "", realm,
greet->password, 1, "rcmd");
if(ret == KSUCCESS){
chown(krbtkfile, p->pw_uid, p->pw_gid);
Debug("kerberos verify succeeded\n");
if (k_hasafs()) {
if (k_setpag() == -1)
LogError ("setpag() failed for %s\n",
greet->name);
if((ret = k_afsklog(NULL, NULL)) != KSUCCESS)
LogError("Warning %s\n",
krb_get_err_text(ret));
}
goto done;
} else if(ret != KDC_PR_UNKNOWN && ret != SKDC_CANT){
/* failure */
Debug("kerberos verify failure %d\n", ret);
krbtkfile[0] = '\0';
}
}
}
#endif
#ifndef USE_PAM
#ifdef USESHADOW
errno = 0;
sp = getspnam(greet->name);
if (sp == NULL) {
Debug ("getspnam() failed, errno=%d. Are you root?\n", errno);
} else {
user_pass = sp->sp_pwdp;
}
#ifndef QNX4
endspent();
#endif /* QNX4 doesn't need endspent() to end shadow passwd ops */
#endif
#if defined(ultrix) || defined(__ultrix__)
if (authenticate_user(p, greet->password, NULL) < 0)
#else
if (strcmp (crypt (greet->password, user_pass), user_pass))
#endif
{
if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
Debug ("password verify failed\n");
bzero(greet->password, strlen(greet->password));
return 0;
} /* else: null passwd okay */
}
#ifdef KERBEROS
done:
#endif
#ifdef __OpenBSD__
/*
* Only accept root logins if allowRootLogin resource is set
*/
if ((p->pw_uid == 0) && !greet->allow_root_login) {
Debug("root logins not allowed\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
/*
* Shell must be in /etc/shells
*/
for (;;) {
s = getusershell();
if (s == NULL) {
/* did not found the shell in /etc/shells
-> failure */
Debug("shell not in /etc/shells\n");
bzero(greet->password, strlen(greet->password));
endusershell();
return 0;
}
if (strcmp(s, p->pw_shell) == 0) {
/* found the shell in /etc/shells */
endusershell();
break;
}
}
/*
* Test for expired password
*/
if (p->pw_change || p->pw_expire)
(void)gettimeofday(&tp, (struct timezone *)NULL);
if (p->pw_change) {
if (tp.tv_sec >= p->pw_change) {
Debug("Password has expired.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
}
if (p->pw_expire) {
if (tp.tv_sec >= p->pw_expire) {
Debug("account has expired.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
}
#endif /* __OpenBSD__ */
bzero(user_pass, strlen(user_pass)); /* in case shadow password */
#else /* USE_PAM */
#define PAM_BAIL \
if (pam_error != PAM_SUCCESS) goto pam_failed;
PAM_password = greet->password;
pam_error = pam_start("xdm", greet->name, &PAM_conversation, pamhp);
PAM_BAIL;
pam_error = pam_set_item(*pamhp, PAM_TTY, d->name);
PAM_BAIL;
pam_error = pam_set_item(*pamhp, PAM_RHOST, "");
PAM_BAIL;
pam_error = pam_authenticate(*pamhp, 0);
PAM_BAIL;
pam_error = pam_acct_mgmt(*pamhp, 0);
/* really should do password changing, but it doesn't fit well */
PAM_BAIL;
pam_error = pam_setcred(*pamhp, 0);
PAM_BAIL;
p = getpwnam (greet->name);
endpwent();
if (!p || strlen (greet->name) == 0) {
Debug ("getpwnam() failed.\n");
bzero(greet->password, strlen(greet->password));
return 0;
}
if (pam_error != PAM_SUCCESS) {
pam_failed:
pam_end(*pamhp, PAM_SUCCESS);
*pamhp = NULL;
return 0;
}
#undef PAM_BAIL
#endif /* USE_PAM */
#endif /* USE_BSDAUTH */
Debug ("verify succeeded\n");
/* The password is passed to StartClient() for use by user-based
authorization schemes. It is zeroed there. */
verify->uid = p->pw_uid;
verify->gid = p->pw_gid;
home = p->pw_dir;
shell = p->pw_shell;
argv = 0;
if (d->session)
argv = parseArgs (argv, d->session);
if (greet->string)
argv = parseArgs (argv, greet->string);
if (!argv)
argv = parseArgs (argv, "xsession");
verify->argv = argv;
verify->userEnviron = userEnv (d, p->pw_uid == 0,
greet->name, home, shell);
Debug ("user environment:\n");
printEnv (verify->userEnviron);
verify->systemEnviron = systemEnv (d, greet->name, home);
Debug ("system environment:\n");
printEnv (verify->systemEnviron);
Debug ("end of environments\n");
return 1;
}
