示例#1
0
/**
 * @brief
 *		Helper function to get the authentication data in case external (non-resv-port)
 *		authentication. This is a generic wrapper for all "external" authentication methods.
 *
 *		This function is used as a callback from other libraries (currently only TPP)
 *		to get the authentication data to be sent to a peer doing connection initiation.
 *
 * @param[in] auth_type - The auth_type configured
 * @param[out] data_len - Length of the encoded authentication data
 * @param[in/out] ebuf	- Error message is updated here
 * @param[in] ebufsz	- size of the error message buffer
 *
 * @return - Encoded authentication data
 * @retval - NULL - Failure
 * @retval - !NULL - Success
 *
 */
void *
get_ext_auth_data(int auth_type, int *data_len, char *ebuf, int ebufsz)
{
	char *adata = NULL;

	*data_len = 0;

#ifndef WIN32
	/* right now, we only know about munge authentication */
	adata = pbs_get_munge_auth_data(1, ebuf, ebufsz);
	if (adata)
		*data_len = strlen(adata);
#else
	snprintf(ebuf, ebufsz, "Authentication method not supported");
#endif

	return adata;
}
示例#2
0
/**
 * @brief
 *      Generate munge key specific to the user and send PBS batch request
 *      (PBS_BATCH_AuthExternal)to PBS server to authenticate user.
 *
 * @param[in] sock - socket fd
 * @param[in] auth_type - Authentication type (Munge/AMS etc)
 * @param[in] fromsvr - connection initiated from server?
 *
 * @return  int
 * @retval   0 on success
 * @retval  -1 on failure
 * @retval  -2 on unsupported auth_type
 *
 */
int
engage_external_authentication(int sock, int auth_type, int fromsvr, char *ebuf, int ebufsz)
{
	int cred_len = 0, rc = 0, ret = 0;
	char *cred = NULL;
	struct batch_reply *reply = NULL;

	switch (auth_type) {
#ifndef WIN32
		case AUTH_MUNGE:
			ebuf[0] = '\0';
			cred = pbs_get_munge_auth_data(fromsvr, ebuf, ebufsz);
			if (!cred)
				goto err;
			break;
#endif
		default:
			snprintf(ebuf, ebufsz, "Authentication type not supported");
			ret = -2;
	}

	if (cred) {
		ret = -1;
		cred_len = strlen(cred);
		DIS_tcp_setup(sock);
		if (encode_DIS_ReqHdr(sock, PBS_BATCH_AuthExternal, pbs_current_user) ||
				diswuc(sock, auth_type) || /* authentication_type */
				diswsi(sock, cred_len) ||       /* credential length */
				diswcs(sock, cred, cred_len) || /* credential data */
				encode_DIS_ReqExtend(sock, NULL)) {
			pbs_errno = PBSE_SYSTEM;
			goto err;
		}

		if (DIS_tcp_wflush(sock)) {
			pbs_errno = PBSE_SYSTEM;
			goto err;
		}

		memset(cred, 0, cred_len);

		reply = PBSD_rdrpy_sock(sock, &rc);
		if ((reply != NULL) && (reply->brp_code != 0)) {
			pbs_errno = PBSE_BADCRED;
			PBSD_FreeReply(reply);
			goto err;
		}

		PBSD_FreeReply(reply);
		free(cred);
		return 0;
	}

	/* else fall through */

err:
	if (ebuf[0] != '\0') {
		fprintf(stderr, "%s\n", ebuf);
		cs_logerr(-1, __func__, ebuf);
	}
	free(cred);
	return ret;
}