Added checks for un-authenticated flows in cmd_connect(),

fixed some bugs in cmd_authenticate(). git-svn-id: file:///home/svn/mapi/trunk@541 8d5bb341-7cf1-0310-8cf6-ba355fef3186

Added checks for un-authenticated flows in cmd_connect(),
fixed some bugs in cmd_authenticate(). git-svn-id: file:///home/svn/mapi/trunk@541 8d5bb341-7cf1-0310-8cf6-ba355fef3186
75c3f459 · d80b1a98 · 75c3f459
Commit 75c3f459 authored May 25, 2006 by
--- a/mapid.c
+++ b/mapid.c
@@ -86,7 +86,11 @@ struct flow

  #ifdef WITH_PRIORITIES
    int priority;
-  #endif  
+  #endif
+
+  #ifdef WITH_AUTHENTICATION
+    unsigned char is_authenticated;
+  #endif
 };

 //Structure that stores information about a client process
@@ -1485,7 +1489,34 @@ cmd_connect (int fd, int pid, int sock)
    }
 #endif

-  // mfukar TODO: If authentication is not provided, error.
+/*
+ * mfukar
+ *
+ * If a flow is not authenticated, prevent connecting on it.
+ */
+#ifdef WITH_AUTHENTICATION
+{
+	struct flow *flow;
+	flow = flist_get(flowlist, fd);
+
+	if(!flow)
+	{
+		// Flow not found.
+		DEBUG_CMD (printf ("cmd_connect: no flow found with ID %d\n", fd));
+
+		report_error (MAPI_INVALID_FLOW, pid, sock);
+		return;
+	}
+	if(flow->is_authenticated == 0)
+	{
+		// Flow is not authenticated.
+		DEBUG_CMD(printf("cmd_connect: flow with ID %d is not authenticated.\n", fd));
+
+		report_error(MAPI_FLOW_NOT_CONNECTED, pid, sock);
+		return;
+	}
+}
+#endif

  if (err == 0)
    {
@@ -1796,7 +1827,6 @@ static void cmd_authenticate(int fd, int pid, unsigned char *data, int sock)
 success:
 	/*
 	 * TODO: Check fd's interface against the list taken from CA.
-	 * TODO: Add anonymization functions based on policy.
 	 */
 	{
 		struct mapiipcbuf buf;
@@ -1809,22 +1839,29 @@ success:
 		/*
 		 * Form a policy request for VOd.
 		 */
-		t.opcode = 0x05;
+		t.opcode = POLICY_REQUEST;
 		memset(t.username, 0, MAX_DATA_SIZE);
 		memset(t.password, 0, MAX_DATA_SIZE);

 		if(send(_socket, &t, sizeof(auth_msg_t), 0) == -1)
 		{
+			fprintf(stderr, "Unable to request policy from VOd -- ");
 			perror("send");
-			goto failure; // XXX Oh really?
+			goto failure;
 		}

 		if(recv(_socket, &t, sizeof(auth_msg_t), 0) == -1)
 		{
+			fprintf(stderr, "Unable to receive policy from VOd -- "); 
 			perror("recv");
 			goto failure;
 		}

+		if(t.opcode == POLICY_NOTFOUND)
+		{
+			fprintf(stderr, "cmd_authenticate(): Policy for flow with ID %d not found.\n", fd);
+			goto failure;
+		}
 		if(t.opcode == POLICY_ATTR)
 		{
 			memcpy(&nfunctions, t.username, sizeof(int));
@@ -1832,7 +1869,7 @@ success:
 		}
 		else
 		{
-			fprintf(stderr, "cmd_authenticate(): Invalid response. Was expecting response with policy attributes.\n");
+			fprintf(stderr, "cmd_authenticate(): Invalid response from VOd. Was expecting response with policy attributes.\n");
 			goto failure;
 		}

@@ -1898,8 +1935,19 @@ success:
 		}

 		free(buffer);
-	}

+		struct flow *flow = flist_get(flowlist, fd);
+		if(!flow)
+		{ // You are soooo screwed.
+			DEBUG_CMD(printf ("cmd_authenticate: Mwahaha. No flow found with ID %d\n", fd));
+			goto failure;
+		}
+		flow->is_authenticated = 1;
+	}
+	
+	if(shutdown(_socket, SHUT_RDWR))
+		perror("shutdown");
+	
 	close(_socket);

 	qbuf.cmd = AUTHENTICATE_ACK;
@@ -1909,6 +1957,8 @@ success:
 	mapiipc_daemon_write(&qbuf, sock);
 	return;
 failure:
+	if(shutdown(_socket, SHUT_RDWR))
+		perror("shutdown");
 	close(_socket);
 	qbuf.cmd = ERROR_ACK;
 	qbuf.mtype = get_id(fd);