Commit 75c3f459 authored by 's avatar
Browse files

Added checks for un-authenticated flows in cmd_connect(),

fixed some bugs in cmd_authenticate().


git-svn-id: file:///home/svn/mapi/trunk@541 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent d80b1a98
......@@ -86,7 +86,11 @@ struct flow
#ifdef WITH_PRIORITIES
int priority;
#endif
#endif
#ifdef WITH_AUTHENTICATION
unsigned char is_authenticated;
#endif
};
//Structure that stores information about a client process
......@@ -1485,7 +1489,34 @@ cmd_connect (int fd, int pid, int sock)
}
#endif
// mfukar TODO: If authentication is not provided, error.
/*
* mfukar
*
* If a flow is not authenticated, prevent connecting on it.
*/
#ifdef WITH_AUTHENTICATION
{
struct flow *flow;
flow = flist_get(flowlist, fd);
if(!flow)
{
// Flow not found.
DEBUG_CMD (printf ("cmd_connect: no flow found with ID %d\n", fd));
report_error (MAPI_INVALID_FLOW, pid, sock);
return;
}
if(flow->is_authenticated == 0)
{
// Flow is not authenticated.
DEBUG_CMD(printf("cmd_connect: flow with ID %d is not authenticated.\n", fd));
report_error(MAPI_FLOW_NOT_CONNECTED, pid, sock);
return;
}
}
#endif
if (err == 0)
{
......@@ -1796,7 +1827,6 @@ static void cmd_authenticate(int fd, int pid, unsigned char *data, int sock)
success:
/*
* TODO: Check fd's interface against the list taken from CA.
* TODO: Add anonymization functions based on policy.
*/
{
struct mapiipcbuf buf;
......@@ -1809,22 +1839,29 @@ success:
/*
* Form a policy request for VOd.
*/
t.opcode = 0x05;
t.opcode = POLICY_REQUEST;
memset(t.username, 0, MAX_DATA_SIZE);
memset(t.password, 0, MAX_DATA_SIZE);
if(send(_socket, &t, sizeof(auth_msg_t), 0) == -1)
{
fprintf(stderr, "Unable to request policy from VOd -- ");
perror("send");
goto failure; // XXX Oh really?
goto failure;
}
if(recv(_socket, &t, sizeof(auth_msg_t), 0) == -1)
{
fprintf(stderr, "Unable to receive policy from VOd -- ");
perror("recv");
goto failure;
}
if(t.opcode == POLICY_NOTFOUND)
{
fprintf(stderr, "cmd_authenticate(): Policy for flow with ID %d not found.\n", fd);
goto failure;
}
if(t.opcode == POLICY_ATTR)
{
memcpy(&nfunctions, t.username, sizeof(int));
......@@ -1832,7 +1869,7 @@ success:
}
else
{
fprintf(stderr, "cmd_authenticate(): Invalid response. Was expecting response with policy attributes.\n");
fprintf(stderr, "cmd_authenticate(): Invalid response from VOd. Was expecting response with policy attributes.\n");
goto failure;
}
......@@ -1898,8 +1935,19 @@ success:
}
free(buffer);
}
struct flow *flow = flist_get(flowlist, fd);
if(!flow)
{ // You are soooo screwed.
DEBUG_CMD(printf ("cmd_authenticate: Mwahaha. No flow found with ID %d\n", fd));
goto failure;
}
flow->is_authenticated = 1;
}
if(shutdown(_socket, SHUT_RDWR))
perror("shutdown");
close(_socket);
qbuf.cmd = AUTHENTICATE_ACK;
......@@ -1909,6 +1957,8 @@ success:
mapiipc_daemon_write(&qbuf, sock);
return;
failure:
if(shutdown(_socket, SHUT_RDWR))
perror("shutdown");
close(_socket);
qbuf.cmd = ERROR_ACK;
qbuf.mtype = get_id(fd);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment