Commit 7fbe4ac9 authored by 's avatar
Browse files

Authentication framework finished.



git-svn-id: file:///home/svn/mapi/trunk@527 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 5e1b5f49
......@@ -1753,9 +1753,9 @@ static void cmd_authenticate(int fd, int pid, unsigned char *data, int sock)
int len = 0;
memset(&t, 0, sizeof(auth_msg_t));
len += snprintf(t.username, 128, "%s", data + len) + 1;
len += snprintf(t.password, 128, "%s", data + len) + 1;
len += snprintf(t.vo, 128, "%s", data + len);
len += snprintf(t.username, MAX_DATA_SIZE, "%s", data + len) + 1;
len += snprintf(t.password, MAX_DATA_SIZE, "%s", data + len) + 1;
len += snprintf(t.vo, MAX_DATA_SIZE, "%s", data + len);
t.opcode = 0x16;
......@@ -1811,6 +1811,8 @@ success:
mapidrv *drv;
int nfunctions;
char *buffer = NULL;
size_t policy_length;
/*
* Form a policy request for VOd.
*/
......@@ -1830,7 +1832,30 @@ success:
goto failure;
}
memcpy(&nfunctions, t.username, sizeof(int));
if(t.opcode == POLICY_ATTR)
{
memcpy(&nfunctions, t.username, sizeof(int));
memcpy(&policy_length, t.password, sizeof(size_t));
}
else
{
fprintf(stderr, "cmd_authenticate(): Invalid response. Was expecting response with policy attributes.\n");
goto failure;
}
// Get the policy.
if((buffer = malloc((policy_length + 1) * sizeof(char))) == NULL)
{
perror("malloc");
goto failure;
}
memset(buffer, 0, sizeof(char) * (policy_length + 1));
if(recv(_socket, buffer, policy_length, 0) == -1)
{
perror("recv");
goto failure;
}
// Find the driver.
if((drv = get_drv(fd)) == NULL)
......@@ -1845,11 +1870,41 @@ success:
* Loop nfunctions times,
* get the functions and apply them.
*/
memset(&buf, 0, sizeof(struct mapiipcbuf));
strcpy(buf.function, "ANONYMIZE");
strcpy((char*)buf.data, "IP,SRC_IP,ZERO");
while(nfunctions--)
{
// Pointer to function.
char *ptr_to_function = buffer;
/*
* Pointer to the ':' character that is used
* to separate the function from its arguments.
*/
char *delimiter= NULL;
if((ptr_to_function = strrchr(ptr_to_function, '|')) == NULL)
{
fprintf(stderr, "Malformed policy received. Aborting.\n");
goto failure;
}
if((delimiter = strrchr(ptr_to_function, ':')) == NULL)
{
fprintf(stderr, "Malformed policy received. Aborting.\n");
goto failure;
}
function_id = mapidrv_apply_function(drv->devid, fd, 1, buf.function, buf.data);
*ptr_to_function++ = '\0';;
*delimiter++ = '\0';
memset(&buf, 0, sizeof(struct mapiipcbuf));
snprintf(buf.function, FUNCT_NAME_LENGTH, "%s", ptr_to_function);
snprintf((char *)buf.data, DATA_SIZE, "%s", delimiter);
function_id = mapidrv_apply_function(drv->devid, fd, 1, buf.function, buf.data);
}
free(buffer);
}
close(_socket);
......@@ -1861,6 +1916,7 @@ success:
mapiipc_daemon_write(&qbuf, sock);
return;
failure:
close(_socket);
qbuf.cmd = ERROR_ACK;
qbuf.mtype = get_id(fd);
qbuf.fd = fd;
......
......@@ -66,8 +66,6 @@ int main(int argc, char **argv)
return(-1);
}
plist();
if((_socket = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
{
perror("socket");
......@@ -188,19 +186,17 @@ void *request_handler(void *args)
// Orderly shutdown. Terminate.
goto term;
}
else
fprintf(stderr, "Got %d bytes.\n", bytes_recvd);
switch(req->opcode)
{
case 0x05:
req->opcode = 0x02;
case POLICY_REQUEST:
req->opcode = POLICY_RESP;
// TODO -- find the policy and copy it in the packet
send_policy(mapid_socket, req);
send(mapid_socket, req, sizeof(auth_msg_t), 0);
break;
case 0x16:
case AUTH_REQUEST:
sconnection = connect_to_CA(&CA_socket, &ssl_context, &remote_addr);
if(!sconnection)
{
......@@ -217,7 +213,7 @@ void *request_handler(void *args)
send(mapid_socket, req, sizeof(auth_msg_t), 0);
break;
case 0x1C:
case NIC_REQUEST:
if(send_nic_list(mapid_socket, req) == -1)
fprintf(stderr, "request_handler: Error in send_nic_list()\n");
......@@ -550,16 +546,16 @@ int authenticate_user(SSL *sconnection, auth_msg_t *data)
free(resp);
return(-1);
}
if(resp->opcode == 0x06)
if(resp->opcode == AUTH_SUCCESS)
{
data->opcode = 0x06;
data->opcode = AUTH_SUCCESS;
free(resp);
return(1);
}
else if(resp->opcode == 0x15)
else if(resp->opcode == AUTH_FAILURE)
{
fprintf(stderr, "authenticate_user: Authentication of user %s failed.\n", resp->username);
data->opcode = 0x15;
data->opcode = AUTH_FAILURE;
free(resp);
return(0);
}
......@@ -629,7 +625,7 @@ int send_nic_list(int mapid_socket, auth_msg_t *data)
}
else
{
failure: data->opcode = 0x04;
failure: data->opcode = NIC_NOTFOUND;
send(mapid_socket, data, sizeof(auth_msg_t), 0);
......@@ -638,7 +634,7 @@ failure: data->opcode = 0x04;
}
}
data->opcode = 0x0D;
data->opcode = NIC_RESPONSE;
char *s = data->username;
pthread_mutex_lock(&list_lock);
......@@ -713,7 +709,7 @@ int send_policy(int mapid_socket, auth_msg_t *request)
}
else
{
len += sprintf(policy + len, "%s|", (char *)tmp_node->data);
len += sprintf(policy + len, "|%s", (char *)tmp_node->data);
}
tmp_node = tmp_node->next;
......@@ -721,12 +717,17 @@ int send_policy(int mapid_socket, auth_msg_t *request)
fprintf(stderr, "VO: %s\tFunctions: %d\tString: %s\n", vo_name, nfunctions, policy);
// TODO: Send policy to mapid.
/*
* Send policy attributes to mapid,
* then send the policy.
*/
auth_msg_t response;
memset(&response, 0, sizeof(auth_msg_t));
response.opcode = POLICY_ATTR;
strncpy(response.vo, vo->vo_name, MAX_DATA_SIZE);
memcpy(response.username, &nfunctions, sizeof(int));
memcpy(response.password, &len, sizeof(size_t));
if(send(mapid_socket, &response, sizeof(auth_msg_t), 0) == -1)
......@@ -734,6 +735,12 @@ int send_policy(int mapid_socket, auth_msg_t *request)
perror("send");
return(-1);
}
if(send(mapid_socket, policy, len, 0) == -1)
{
perror("send");
return(-1);
}
return(0);
}
else
......@@ -1029,18 +1036,3 @@ int reorder(flist_t *func_list)
return(0);
}
void plist(void)
{
flist_node_t *tmp = vos->head;
tmp = ((vo_info_t *)(tmp->data))->policy->head;
while(tmp)
{
fprintf(stderr, "%s\n", (char *)tmp->data);
tmp = flist_next(tmp);
}
return;
}
......@@ -39,6 +39,19 @@
// Socket on which mapid & vod communicate.
#define VODSOCKGLOBAL "/tmp/vod.sock"
// Requests & responses
#define POLICY_REQUEST 0x05
#define AUTH_REQUEST 0x16
#define NIC_REQUEST 0x1C
#define AUTH_SUCCESS 0x06
#define AUTH_FAILURE 0x15
#define NIC_RESPONSE 0x0D
#define NIC_NOTFOUND 0x04
#define POLICY_RESP 0x02
#define POLICY_NOTFOUND 0x10
#define POLICY_ATTR 0x40
// This will be sent to the CA
typedef struct _authentication_message
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment