/** * @brief * Helper function to get the authentication data in case external (non-resv-port) * authentication. This is a generic wrapper for all "external" authentication methods. * * This function is used as a callback from other libraries (currently only TPP) * to get the authentication data to be sent to a peer doing connection initiation. * * @param[in] auth_type - The auth_type configured * @param[out] data_len - Length of the encoded authentication data * @param[in/out] ebuf - Error message is updated here * @param[in] ebufsz - size of the error message buffer * * @return - Encoded authentication data * @retval - NULL - Failure * @retval - !NULL - Success * */ void * get_ext_auth_data(int auth_type, int *data_len, char *ebuf, int ebufsz) { char *adata = NULL; *data_len = 0; #ifndef WIN32 /* right now, we only know about munge authentication */ adata = pbs_get_munge_auth_data(1, ebuf, ebufsz); if (adata) *data_len = strlen(adata); #else snprintf(ebuf, ebufsz, "Authentication method not supported"); #endif return adata; }
/** * @brief * Generate munge key specific to the user and send PBS batch request * (PBS_BATCH_AuthExternal)to PBS server to authenticate user. * * @param[in] sock - socket fd * @param[in] auth_type - Authentication type (Munge/AMS etc) * @param[in] fromsvr - connection initiated from server? * * @return int * @retval 0 on success * @retval -1 on failure * @retval -2 on unsupported auth_type * */ int engage_external_authentication(int sock, int auth_type, int fromsvr, char *ebuf, int ebufsz) { int cred_len = 0, rc = 0, ret = 0; char *cred = NULL; struct batch_reply *reply = NULL; switch (auth_type) { #ifndef WIN32 case AUTH_MUNGE: ebuf[0] = '\0'; cred = pbs_get_munge_auth_data(fromsvr, ebuf, ebufsz); if (!cred) goto err; break; #endif default: snprintf(ebuf, ebufsz, "Authentication type not supported"); ret = -2; } if (cred) { ret = -1; cred_len = strlen(cred); DIS_tcp_setup(sock); if (encode_DIS_ReqHdr(sock, PBS_BATCH_AuthExternal, pbs_current_user) || diswuc(sock, auth_type) || /* authentication_type */ diswsi(sock, cred_len) || /* credential length */ diswcs(sock, cred, cred_len) || /* credential data */ encode_DIS_ReqExtend(sock, NULL)) { pbs_errno = PBSE_SYSTEM; goto err; } if (DIS_tcp_wflush(sock)) { pbs_errno = PBSE_SYSTEM; goto err; } memset(cred, 0, cred_len); reply = PBSD_rdrpy_sock(sock, &rc); if ((reply != NULL) && (reply->brp_code != 0)) { pbs_errno = PBSE_BADCRED; PBSD_FreeReply(reply); goto err; } PBSD_FreeReply(reply); free(cred); return 0; } /* else fall through */ err: if (ebuf[0] != '\0') { fprintf(stderr, "%s\n", ebuf); cs_logerr(-1, __func__, ebuf); } free(cred); return ret; }