diff --git a/CASA-auth-token/client/lib/authmech.c b/CASA-auth-token/client/lib/authmech.c index 39652cb6..86e6d531 100644 --- a/CASA-auth-token/client/lib/authmech.c +++ b/CASA-auth-token/client/lib/authmech.c @@ -57,8 +57,8 @@ LIST_ENTRY g_authMechModuleListHead = {&g_authMechModuleListHead, static CasaStatus GetAuthTokenIf( - IN const char *pAuthTypeName, - INOUT AuthTokenIf **ppAuthTokenIf) + IN const char *pAuthTypeName, + INOUT AuthTokenIf **ppAuthTokenIf) // // Arguments: // diff --git a/CASA-auth-token/client/lib/authmsg.c b/CASA-auth-token/client/lib/authmsg.c index a55631f2..16defafa 100644 --- a/CASA-auth-token/client/lib/authmsg.c +++ b/CASA-auth-token/client/lib/authmsg.c @@ -61,6 +61,10 @@ typedef struct _AuthRespParse XML_Parser p; int state; int elementDataProcessed; + char *pStatusData; + int statusDataLen; + char *pLifetimeData; + int lifetimeDataLen; AuthenticateResp *pAuthenticateResp; CasaStatus status; @@ -218,7 +222,7 @@ AuthRespStartElementHandler( } else { - DbgTrace(0, "-AuthRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -233,7 +237,7 @@ AuthRespStartElementHandler( } else { - DbgTrace(0, "-AuthRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -248,7 +252,7 @@ AuthRespStartElementHandler( } else { - DbgTrace(0, "-AuthRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -263,7 +267,7 @@ AuthRespStartElementHandler( } else { - DbgTrace(0, "-AuthRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -278,7 +282,7 @@ AuthRespStartElementHandler( } else { - DbgTrace(0, "-AuthRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -401,6 +405,8 @@ AuthRespCharDataHandler( // L2 //=======================================================================-- { + CasaStatus status; + DbgTrace(2, "-AuthRespCharDataHandler- Start\n", 0); // Just exit if being called to process white space @@ -423,68 +429,64 @@ AuthRespCharDataHandler( break; case AWAITING_STATUS_DATA: + case AWAITING_STATUS_ELEMENT_END: - // Set the appropriate status in the AuthenticationResp based on the - // returned status. - if (strncmp(HTTP_OK_STATUS_CODE, s, len) == 0) + // Consume the data + status = ConsumeElementData(pAuthRespParse, + s, + len, + &pAuthRespParse->pStatusData, + &pAuthRespParse->statusDataLen); + if (CASA_SUCCESS(status)) { - pAuthRespParse->status = CASA_STATUS_SUCCESS; - } - else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, s, len) == 0) - { - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_AUTHENTICATION_FAILURE); - } - else if (strncmp(HTTP_NOT_FOUND_STATUS_CODE, s, len) == 0) - { - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_CONFIGURATION_ERROR); - } - else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, s, len) == 0) - { - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_SERVER_ERROR); + // Advanced to the next state + pAuthRespParse->state = AWAITING_STATUS_ELEMENT_END; } else { - DbgTrace(0, "-AuthRespCharDataHandler- Un-expected status\n", 0); - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); + pAuthRespParse->status = status; + XML_StopParser(pAuthRespParse->p, XML_FALSE); } - - // Advanced to the next state - pAuthRespParse->state = AWAITING_STATUS_ELEMENT_END; break; case AWAITING_LIFETIME_DATA: + case AWAITING_LIFETIME_ELEMENT_END: - // Convert the lifetime string to a numeric value - pAuthRespParse->pAuthenticateResp->tokenLifetime = dtoul(s, len); - - // Advanced to the next state - pAuthRespParse->state = AWAITING_LIFETIME_ELEMENT_END; + // Consume the data + status = ConsumeElementData(pAuthRespParse, + s, + len, + &pAuthRespParse->pLifetimeData, + &pAuthRespParse->lifetimeDataLen); + if (CASA_SUCCESS(status)) + { + // Advanced to the next state + pAuthRespParse->state = AWAITING_LIFETIME_ELEMENT_END; + } + else + { + pAuthRespParse->status = status; + XML_StopParser(pAuthRespParse->p, XML_FALSE); + } break; case AWAITING_SESSION_TOKEN_DATA: case AWAITING_SESSION_TOKEN_ELEMENT_END: // Consume the data - pAuthRespParse->status = ConsumeElementData(pAuthRespParse, - s, - len, - &pAuthRespParse->pAuthenticateResp->pToken, - &pAuthRespParse->pAuthenticateResp->tokenLen); - if (CASA_SUCCESS(pAuthRespParse->status)) + status = ConsumeElementData(pAuthRespParse, + s, + len, + &pAuthRespParse->pAuthenticateResp->pToken, + &pAuthRespParse->pAuthenticateResp->tokenLen); + if (CASA_SUCCESS(status)) { // Advanced to the next state pAuthRespParse->state = AWAITING_SESSION_TOKEN_ELEMENT_END; } else { + pAuthRespParse->status = status; XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -535,7 +537,7 @@ AuthRespEndElementHandler( } else { - DbgTrace(0, "-AuthRespEndHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthRespEndHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -550,7 +552,7 @@ AuthRespEndElementHandler( } else { - DbgTrace(0, "-AuthRespEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -560,11 +562,51 @@ AuthRespEndElementHandler( // In this state, we are only expecting the Status Element. if (strcmp(name, STATUS_ELEMENT_NAME) == 0) { + // Set the appropriate status in the AuthenticationResp based on the returned status data + if (strncmp(HTTP_OK_STATUS_CODE, + pAuthRespParse->pStatusData, + pAuthRespParse->statusDataLen) == 0) + { + pAuthRespParse->status = CASA_STATUS_SUCCESS; + } + else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, + pAuthRespParse->pStatusData, + pAuthRespParse->statusDataLen) == 0) + { + pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_AUTHENTICATION_FAILURE); + } + else if (strncmp(HTTP_NOT_FOUND_STATUS_CODE, + pAuthRespParse->pStatusData, + pAuthRespParse->statusDataLen) == 0) + { + pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_CONFIGURATION_ERROR); + } + else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, + pAuthRespParse->pStatusData, + pAuthRespParse->statusDataLen) == 0) + { + pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_SERVER_ERROR); + } + else + { + DbgTrace(0, "-AuthRespEndElementHandler- Un-expected status\n", 0); + pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } + // Good, advance to the next state based on the status code. if (CASA_SUCCESS(pAuthRespParse->status)) { // The request completed successfully pAuthRespParse->state = AWAITING_SESSION_TOKEN_ELEMENT_START; + } else { @@ -573,7 +615,7 @@ AuthRespEndElementHandler( } else { - DbgTrace(0, "-AuthRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -583,12 +625,16 @@ AuthRespEndElementHandler( // In this state, we are only expecting the Lifetime Element. if (strcmp(name, LIFETIME_ELEMENT_NAME) == 0) { + // Convert the lifetime string to a numeric value + pAuthRespParse->pAuthenticateResp->tokenLifetime = dtoul(pAuthRespParse->pLifetimeData, + pAuthRespParse->lifetimeDataLen); + // Good, advance to the next state. pAuthRespParse->state = AWAITING_SESSION_TOKEN_DATA; } else { - DbgTrace(0, "-AuthRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -603,7 +649,7 @@ AuthRespEndElementHandler( } else { - DbgTrace(0, "-AuthRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -736,6 +782,13 @@ CreateAuthenticateResp( // Free the parser XML_ParserFree(p); + + // Free any buffers associated with the parse + if (authRespParse.pStatusData) + free(authRespParse.pStatusData); + + if (authRespParse.pLifetimeData) + free(authRespParse.pLifetimeData); } else { diff --git a/CASA-auth-token/client/lib/authpolicy.c b/CASA-auth-token/client/lib/authpolicy.c index 9abeab7e..003e63c9 100644 --- a/CASA-auth-token/client/lib/authpolicy.c +++ b/CASA-auth-token/client/lib/authpolicy.c @@ -103,7 +103,7 @@ AuthPolicyStartElementHandler( } else { - DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -137,7 +137,7 @@ AuthPolicyStartElementHandler( } else { - DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -448,7 +448,7 @@ AuthPolicyEndElementHandler( } else { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -464,7 +464,7 @@ AuthPolicyEndElementHandler( } else { - DbgTrace(0, "-AuthPolicyEndHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthPolicyEndHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -479,7 +479,7 @@ AuthPolicyEndElementHandler( } else { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -494,7 +494,7 @@ AuthPolicyEndElementHandler( } else { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; @@ -533,7 +533,7 @@ AuthPolicyEndElementHandler( } else { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected element\n", 0); XML_StopParser(pAuthPolicyParse->p, XML_FALSE); } break; diff --git a/CASA-auth-token/client/lib/cache.c b/CASA-auth-token/client/lib/cache.c index d6bee9a2..c5cf89fa 100644 --- a/CASA-auth-token/client/lib/cache.c +++ b/CASA-auth-token/client/lib/cache.c @@ -18,7 +18,8 @@ * To contact Novell about this file by physical or electronic mail, * you may find current contact information at www.novell.com. * - * Author: Juan Carlos Luciani + * Authors: Juan Carlos Luciani + * Todd Throne * ***********************************************************************/ @@ -113,7 +114,6 @@ CreateAuthTokenCacheEntry( keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2; pKey = malloc(keySize); - if (pKey) { strncpy(pKey, pCacheKey, keySize); diff --git a/CASA-auth-token/client/lib/config.c b/CASA-auth-token/client/lib/config.c index f3680313..c1afbb5d 100644 --- a/CASA-auth-token/client/lib/config.c +++ b/CASA-auth-token/client/lib/config.c @@ -208,7 +208,8 @@ LowerCaseString( // // Abstract: // -// Notes: +// Notes: Function assumes that the caller has made sure that the destination +// string buffer has enough space to receive the resulting string. // // L2 //=======================================================================-- @@ -448,7 +449,7 @@ GetConfigInterface( //=======================================================================-- { int configFolderLen = (int) strlen(pConfigFolder); - int configNameLen = (int)strlen(pConfigName); + int configNameLen = (int) strlen(pConfigName); ConfigIfInstance *pConfigIfInstance; LIST_ENTRY *pListEntry; CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, @@ -490,7 +491,7 @@ GetConfigInterface( char *pFilePath; // Build a string containing the configuration file path - pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf")); + pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1); if (pFilePath) { FILE *pConfigFile; @@ -546,90 +547,100 @@ GetConfigInterface( // Now update the instance data with the information present in the file if (fseek(pConfigFile, 0, SEEK_SET) == 0) { - char line[512]; - - while (fgets(line, sizeof(line), pConfigFile) != NULL) + #define MAX_LINE_LEN 1024 + char *pLine = (char*) malloc(MAX_LINE_LEN); + if (pLine) { - int lineLength; - - RemoveWhiteSpaceFromTheEnd(line); - - lineLength = (int) strlen(line); - if (lineLength != 0) + while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL) { - char *pKey; - char *pKeyEnd; - char *pValue; - ConfigKey *pConfigKey; + int lineLength; - // Attempt to find the key - pKey = SkipWhiteSpace(line); + RemoveWhiteSpaceFromTheEnd(pLine); - // Make sure that we are not dealing with an empty line or a comment - if (*pKey == '\0' || *pKey == '#') - continue; - - // Go past the key - pKeyEnd = SkipNonWhiteSpace(pKey); - - // Protect against a malformed line - if (*pKeyEnd == '\0') + lineLength = (int) strlen(pLine); + if (lineLength != 0) { - DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); - continue; - } + char *pKey; + char *pKeyEnd; + char *pValue; + ConfigKey *pConfigKey; - // Attempt to find the value - pValue = SkipWhiteSpace(pKeyEnd); + // Attempt to find the key + pKey = SkipWhiteSpace(pLine); - // Protect against a malformed line - if (*pValue == '\0') - { - DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); - continue; - } + // Make sure that we are not dealing with an empty line or a comment + if (*pKey == '\0' || *pKey == '#') + continue; - // Delineate the key - *pKeyEnd = '\0'; + // Go past the key + pKeyEnd = SkipNonWhiteSpace(pKey); - // Create a ConfigKey object for this key/value pair - pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey)); - if (pConfigKey) - { - pConfigKey->keyNameLen = (int) strlen(pKey); - pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1); - if (pConfigKey->pKeyName) + // Protect against a malformed line + if (*pKeyEnd == '\0') { - // Save the key name in lower case - LowerCaseString(pConfigKey->pKeyName, pKey); + DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); + continue; + } - pConfigKey->valueLen = (int) strlen(pValue); - pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1); - if (pConfigKey->pValue) + // Attempt to find the value + pValue = SkipWhiteSpace(pKeyEnd); + + // Protect against a malformed line + if (*pValue == '\0') + { + DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); + continue; + } + + // Delineate the key + *pKeyEnd = '\0'; + + // Create a ConfigKey object for this key/value pair + pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey)); + if (pConfigKey) + { + pConfigKey->keyNameLen = (int) strlen(pKey); + pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1); + if (pConfigKey->pKeyName) { - strcpy(pConfigKey->pValue, pValue); + // Save the key name in lower case + LowerCaseString(pConfigKey->pKeyName, pKey); - // The entry is ready, now associate it with the instance data. - InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry); + pConfigKey->valueLen = (int) strlen(pValue); + pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1); + if (pConfigKey->pValue) + { + strcpy(pConfigKey->pValue, pValue); + + // The entry is ready, now associate it with the instance data. + InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry); + } + else + { + DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); + free(pConfigKey->pKeyName); + free(pConfigKey); + } } else { DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - free(pConfigKey->pKeyName); free(pConfigKey); } } else { DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - free(pConfigKey); } } - else - { - DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - } } + + // Free the buffer allocated for holding line strings + free(pLine); + } + else + { + DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); } } else @@ -667,6 +678,9 @@ GetConfigInterface( DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno); DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath); } + + // Free the buffer allocated for the file path + free(pFilePath); } else { @@ -682,5 +696,5 @@ GetConfigInterface( //++======================================================================= //++======================================================================= -//++======================================================================= +//++======================================================================= diff --git a/CASA-auth-token/client/lib/engine.c b/CASA-auth-token/client/lib/engine.c index 2ac437d1..95377113 100644 --- a/CASA-auth-token/client/lib/engine.c +++ b/CASA-auth-token/client/lib/engine.c @@ -108,7 +108,7 @@ ObtainSessionToken( } else { - // Free the entry + // Free the entry FreeAuthCacheEntry(pCacheEntry); } } @@ -153,82 +153,82 @@ ObtainSessionToken( continue; } - // Authenticate to the ATS - pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken); - if (pReqMsg) - { - // Issue rpc - retStatus = Rpc(pRpcSession, - "Authenticate", - g_rpcFlags, - pReqMsg, - &pRespMsg, - &respLen); - if (CASA_SUCCESS(retStatus)) + // Authenticate to the ATS + pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken); + if (pReqMsg) { - AuthenticateResp *pAuthenticateResp; - - // Create Authenticate response object - retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp); + // Issue rpc + retStatus = Rpc(pRpcSession, + "Authenticate", + g_rpcFlags, + pReqMsg, + &pRespMsg, + &respLen); if (CASA_SUCCESS(retStatus)) { - // Return the auth token to the caller - pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, - retStatus, - pAuthenticateResp->pToken, - pAuthenticateResp->tokenLifetime, - pCredStoreScope); - - pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer - - // Free the Authenticate response object - RelAuthenticateResp(pAuthenticateResp); + AuthenticateResp *pAuthenticateResp; + + // Create Authenticate response object + retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp); + if (CASA_SUCCESS(retStatus)) + { + // Return the auth token to the caller + pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, + retStatus, + pAuthenticateResp->pToken, + pAuthenticateResp->tokenLifetime, + pCredStoreScope); + + pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer + + // Free the Authenticate response object + RelAuthenticateResp(pAuthenticateResp); + } } + else + { + DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus); + } + + // Free resources that may be hanging around + if (pRespMsg) + free(pRespMsg); + + free(pReqMsg); } else { - DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus); + DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); } - // Free resources that may be hanging around - if (pRespMsg) - free(pRespMsg); - - free(pReqMsg); - } - else - { - DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - - // Add the entry to the cache if successful or if the reason that we failed - // was because the server was unavailable. - if (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) - { - pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, - retStatus, - NULL, - DEFAULT_RETRY_LIFETIME, - pCredStoreScope); - - } - - // Release the cache entry if the resulting status is not successful - if (!CASA_SUCCESS(retStatus)) - { - FreeAuthCacheEntry(pCacheEntry); - } + // Add the entry to the cache if successful or if the reason that we failed + // was because the server was unavailable. + if (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) + { + pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, + retStatus, + NULL, + DEFAULT_RETRY_LIFETIME, + pCredStoreScope); + + } + + // Release the cache entry if the resulting status is not successful + if (!CASA_SUCCESS(retStatus)) + { + FreeAuthCacheEntry(pCacheEntry); + } // Free up the buffer associated with the authentication mechanism token free(pAuthMechToken); } else { - // Free the entry - FreeAuthCacheEntry(pCacheEntry); + // Free the entry + FreeAuthCacheEntry(pCacheEntry); } // Advance to the next entry @@ -564,7 +564,7 @@ ObtainAuthTokenInt( if (pCacheEntry == NULL) { // Initialize to retry in case of failure - int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; + int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; // Cache entry created, now try to obtain auth token from the CASA Server retStatus = ObtainAuthTokenFromServer(pServiceName, @@ -782,9 +782,6 @@ InitializeLibrary(void) if (stricmp(pDisableSecureConnections, "true") == 0) { g_rpcFlags &= ~SECURE_RPC_FLAG; - - // Change the default ATS port to 80 from 443 - g_ATSPort = 80; } else if (stricmp(pDisableSecureConnections, "false") == 0) { diff --git a/CASA-auth-token/client/lib/getpolicymsg.c b/CASA-auth-token/client/lib/getpolicymsg.c index ccb24738..1434de1e 100644 --- a/CASA-auth-token/client/lib/getpolicymsg.c +++ b/CASA-auth-token/client/lib/getpolicymsg.c @@ -56,6 +56,8 @@ typedef struct _GetAuthPolicyRespParse XML_Parser p; int state; int elementDataProcessed; + char *pStatusData; + int statusDataLen; GetAuthPolicyResp *pGetAuthPolicyResp; CasaStatus status; @@ -199,7 +201,7 @@ GetAuthPolicyRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -214,7 +216,7 @@ GetAuthPolicyRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -229,7 +231,7 @@ GetAuthPolicyRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -244,7 +246,7 @@ GetAuthPolicyRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -367,6 +369,8 @@ GetAuthPolicyRespCharDataHandler( // L2 //=======================================================================-- { + CasaStatus status; + DbgTrace(2, "-GetAuthPolicyRespCharDataHandler- Start\n", 0); // Just exit if being called to process white space @@ -389,58 +393,42 @@ GetAuthPolicyRespCharDataHandler( break; case AWAITING_STATUS_DATA: + case AWAITING_STATUS_ELEMENT_END: - // Set the appropriate status in the AuthenticationResp based on the - // returned status. - if (strncmp(HTTP_OK_STATUS_CODE, s, len) == 0) + // Consume the data + status = ConsumeElementData(pGetAuthPolicyRespParse, + s, + len, + &pGetAuthPolicyRespParse->pStatusData, + &pGetAuthPolicyRespParse->statusDataLen); + if (CASA_SUCCESS(status)) { - pGetAuthPolicyRespParse->status = CASA_STATUS_SUCCESS; - } - else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, s, len) == 0) - { - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_AUTHENTICATION_FAILURE); - } - else if (strncmp(HTTP_NOT_FOUND_STATUS_CODE, s, len) == 0) - { - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_NOT_CONFIGURED); - } - else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, s, len) == 0) - { - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_SERVER_ERROR); + // Advanced to the next state + pGetAuthPolicyRespParse->state = AWAITING_STATUS_ELEMENT_END; } else { - DbgTrace(0, "-GetAuthPolicyRespCharDataHandler- Un-expected status\n", 0); - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); + pGetAuthPolicyRespParse->status = status; + XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } - - // Advanced to the next state - pGetAuthPolicyRespParse->state = AWAITING_STATUS_ELEMENT_END; break; case AWAITING_AUTH_POLICY_DATA: case AWAITING_AUTH_POLICY_ELEMENT_END: - pGetAuthPolicyRespParse->status = ConsumeElementData(pGetAuthPolicyRespParse, - s, - len, - &pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, - &pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen); - if (CASA_SUCCESS(pGetAuthPolicyRespParse->status)) + status = ConsumeElementData(pGetAuthPolicyRespParse, + s, + len, + &pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, + &pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen); + if (CASA_SUCCESS(status)) { // Advanced to the next state pGetAuthPolicyRespParse->state = AWAITING_AUTH_POLICY_ELEMENT_END; } else { + pGetAuthPolicyRespParse->status = status; XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -491,7 +479,7 @@ GetAuthPolicyRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespEndHandler- Un-expected end element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespEndHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -506,7 +494,7 @@ GetAuthPolicyRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -516,6 +504,45 @@ GetAuthPolicyRespEndElementHandler( // In this state, we are only expecting the Status Element. if (strcmp(name, STATUS_ELEMENT_NAME) == 0) { + // Set the appropriate status in the GetAuthPolicyResp based on the returned status data + if (strncmp(HTTP_OK_STATUS_CODE, + pGetAuthPolicyRespParse->pStatusData, + pGetAuthPolicyRespParse->statusDataLen) == 0) + { + pGetAuthPolicyRespParse->status = CASA_STATUS_SUCCESS; + } + else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, + pGetAuthPolicyRespParse->pStatusData, + pGetAuthPolicyRespParse->statusDataLen) == 0) + { + pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_AUTHENTICATION_FAILURE); + } + else if (strncmp(HTTP_NOT_FOUND_STATUS_CODE, + pGetAuthPolicyRespParse->pStatusData, + pGetAuthPolicyRespParse->statusDataLen) == 0) + { + pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_NOT_CONFIGURED); + } + else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, + pGetAuthPolicyRespParse->pStatusData, + pGetAuthPolicyRespParse->statusDataLen) == 0) + { + pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_SERVER_ERROR); + } + else + { + DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected status\n", 0); + pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } + // Good, advance to the next state based on the status code. if (CASA_SUCCESS(pGetAuthPolicyRespParse->status)) { @@ -529,7 +556,7 @@ GetAuthPolicyRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -544,7 +571,7 @@ GetAuthPolicyRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthPolicyRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -636,7 +663,6 @@ CreateGetAuthPolicyResp( // Set the character data handler XML_SetCharacterDataHandler(p, (XML_CharacterDataHandler) GetAuthPolicyRespCharDataHandler); - // Set our user data XML_SetUserData(p, &getAuthPolicyRespParse); @@ -677,6 +703,10 @@ CreateGetAuthPolicyResp( // Free the parser XML_ParserFree(p); + + // Free any buffers associated with the parse + if (getAuthPolicyRespParse.pStatusData) + free(getAuthPolicyRespParse.pStatusData); } else { diff --git a/CASA-auth-token/client/lib/gettokenmsg.c b/CASA-auth-token/client/lib/gettokenmsg.c index 8a512f2b..62354e01 100644 --- a/CASA-auth-token/client/lib/gettokenmsg.c +++ b/CASA-auth-token/client/lib/gettokenmsg.c @@ -53,11 +53,15 @@ // typedef struct _GetAuthTokenRespParse { - XML_Parser p; - int state; - int elementDataProcessed; - GetAuthTokenResp *pGetAuthTokenResp; - CasaStatus status; + XML_Parser p; + int state; + int elementDataProcessed; + char *pStatusData; + int statusDataLen; + char *pLifetimeData; + int lifetimeDataLen; + GetAuthTokenResp *pGetAuthTokenResp; + CasaStatus status; } GetAuthTokenRespParse, *PGetAuthTokenRespParse; @@ -215,7 +219,7 @@ GetAuthTokenRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -230,7 +234,7 @@ GetAuthTokenRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -245,7 +249,7 @@ GetAuthTokenRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -260,7 +264,7 @@ GetAuthTokenRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -275,7 +279,7 @@ GetAuthTokenRespStartElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespStartElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -398,6 +402,8 @@ GetAuthTokenRespCharDataHandler( // L2 //=======================================================================-- { + CasaStatus status; + DbgTrace(2, "-GetAuthTokenRespCharDataHandler- Start\n", 0); // Just exit if being called to process white space @@ -420,62 +426,64 @@ GetAuthTokenRespCharDataHandler( break; case AWAITING_STATUS_DATA: + case AWAITING_STATUS_ELEMENT_END: - // Set the appropriate status in the AuthenticationResp based on the - // returned status. - if (strncmp(HTTP_OK_STATUS_CODE, s, len) == 0) + // Consume the data + status = ConsumeElementData(pGetAuthTokenRespParse, + s, + len, + &pGetAuthTokenRespParse->pStatusData, + &pGetAuthTokenRespParse->statusDataLen); + if (CASA_SUCCESS(status)) { - pGetAuthTokenRespParse->status = CASA_STATUS_SUCCESS; - } - else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, s, len) == 0) - { - pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_AUTHENTICATION_FAILURE); - } - else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, s, len) == 0) - { - pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_SERVER_ERROR); + // Advanced to the next state + pGetAuthTokenRespParse->state = AWAITING_STATUS_ELEMENT_END; } else { - DbgTrace(0, "-GetAuthTokenRespCharDataHandler- Un-expected status\n", 0); - pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); + pGetAuthTokenRespParse->status = status; + XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } - - // Advanced to the next state - pGetAuthTokenRespParse->state = AWAITING_STATUS_ELEMENT_END; break; case AWAITING_LIFETIME_DATA: + case AWAITING_LIFETIME_ELEMENT_END: - // Convert the lifetime string to a numeric value - pGetAuthTokenRespParse->pGetAuthTokenResp->tokenLifetime = dtoul(s, len); - - // Advanced to the next state - pGetAuthTokenRespParse->state = AWAITING_LIFETIME_ELEMENT_END; + // Consume the data + status = ConsumeElementData(pGetAuthTokenRespParse, + s, + len, + &pGetAuthTokenRespParse->pLifetimeData, + &pGetAuthTokenRespParse->lifetimeDataLen); + if (CASA_SUCCESS(status)) + { + // Advanced to the next state + pGetAuthTokenRespParse->state = AWAITING_LIFETIME_ELEMENT_END; + } + else + { + pGetAuthTokenRespParse->status = status; + XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); + } break; case AWAITING_AUTH_TOKEN_DATA: case AWAITING_AUTH_TOKEN_ELEMENT_END: // Consume the data - pGetAuthTokenRespParse->status = ConsumeElementData(pGetAuthTokenRespParse, - s, - len, - &pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, - &pGetAuthTokenRespParse->pGetAuthTokenResp->tokenLen); - if (CASA_SUCCESS(pGetAuthTokenRespParse->status)) + status = ConsumeElementData(pGetAuthTokenRespParse, + s, + len, + &pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, + &pGetAuthTokenRespParse->pGetAuthTokenResp->tokenLen); + if (CASA_SUCCESS(status)) { // Advanced to the next state pGetAuthTokenRespParse->state = AWAITING_AUTH_TOKEN_ELEMENT_END; } else { + pGetAuthTokenRespParse->status = status; XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -526,7 +534,7 @@ GetAuthTokenRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespEndHandler- Un-expected end element\n", 0); + DbgTrace(0, "-GetAuthTokenRespEndHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -541,7 +549,7 @@ GetAuthTokenRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected end element\n", 0); + DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -551,6 +559,37 @@ GetAuthTokenRespEndElementHandler( // In this state, we are only expecting the Status Element. if (strcmp(name, STATUS_ELEMENT_NAME) == 0) { + // Set the appropriate status in the GetAuthTokenResp based on the returned status data + if (strncmp(HTTP_OK_STATUS_CODE, + pGetAuthTokenRespParse->pStatusData, + pGetAuthTokenRespParse->statusDataLen) == 0) + { + pGetAuthTokenRespParse->status = CASA_STATUS_SUCCESS; + } + else if (strncmp(HTTP_UNAUTHORIZED_STATUS_CODE, + pGetAuthTokenRespParse->pStatusData, + pGetAuthTokenRespParse->statusDataLen) == 0) + { + pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_AUTHENTICATION_FAILURE); + } + else if (strncmp(HTTP_SERVER_ERROR_STATUS_CODE, + pGetAuthTokenRespParse->pStatusData, + pGetAuthTokenRespParse->statusDataLen) == 0) + { + pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_SERVER_ERROR); + } + else + { + DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected status\n", 0); + pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } + // Good, advance to the next state based on the status code. if (CASA_SUCCESS(pGetAuthTokenRespParse->status)) { @@ -564,7 +603,7 @@ GetAuthTokenRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -574,12 +613,16 @@ GetAuthTokenRespEndElementHandler( // In this state, we are only expecting the Lifetime Element. if (strcmp(name, LIFETIME_ELEMENT_NAME) == 0) { + // Convert the lifetime string to a numeric value + pGetAuthTokenRespParse->pGetAuthTokenResp->tokenLifetime = dtoul(pGetAuthTokenRespParse->pLifetimeData, + pGetAuthTokenRespParse->lifetimeDataLen); + // Good, advance to the next state. pGetAuthTokenRespParse->state = AWAITING_AUTH_TOKEN_DATA; } else { - DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -594,7 +637,7 @@ GetAuthTokenRespEndElementHandler( } else { - DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected start element\n", 0); + DbgTrace(0, "-GetAuthTokenRespEndElementHandler- Un-expected element\n", 0); XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -686,7 +729,6 @@ CreateGetAuthTokenResp( // Set the character data handler XML_SetCharacterDataHandler(p, (XML_CharacterDataHandler) GetAuthTokenRespCharDataHandler); - // Set our user data XML_SetUserData(p, &getAuthTokenRespParse); @@ -727,6 +769,13 @@ CreateGetAuthTokenResp( // Free the parser XML_ParserFree(p); + + // Free any buffers associated with the parse + if (getAuthTokenRespParse.pStatusData) + free(getAuthTokenRespParse.pStatusData); + + if (getAuthTokenRespParse.pLifetimeData) + free(getAuthTokenRespParse.pLifetimeData); } else { diff --git a/CASA-auth-token/client/lib/linux/Makefile.am b/CASA-auth-token/client/lib/linux/Makefile.am index 36347e62..809fc578 100644 --- a/CASA-auth-token/client/lib/linux/Makefile.am +++ b/CASA-auth-token/client/lib/linux/Makefile.am @@ -57,6 +57,7 @@ CFILES = ../authmech.c \ ../util.c \ ../invalidcert.c \ rpc.c \ + osslsupp.c \ platform.c CSFILES_CSC := diff --git a/CASA-auth-token/client/lib/linux/osslsupp.c b/CASA-auth-token/client/lib/linux/osslsupp.c new file mode 100644 index 00000000..e373fd9e --- /dev/null +++ b/CASA-auth-token/client/lib/linux/osslsupp.c @@ -0,0 +1,323 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + + +//===[ Include files ]===================================================== + +#include "internal.h" + +//===[ Type definitions ]================================================== + +//===[ Function prototypes ]=============================================== + +//===[ Global variables ]================================================== + +// Number of static locks required by OpenSSL +static +int g_numStaticLocks = 0; + +// Mutex array for OpenSSL static locks +static +pthread_mutex_t *g_staticLocks = NULL; + + +//++======================================================================= +static void +StaticLockFunction( + IN int mode, + IN int n, + IN const char *file, + IN int line) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + DbgTrace(2, "-StaticLockFunction- Start\n", 0); + + // Verify that the lock number is within range + if (n < g_numStaticLocks + && n >= 0) + { + // Either set or release the nth lock + if (mode & CRYPTO_LOCK) + { + // Set the lock + pthread_mutex_lock(&g_staticLocks[n]); + } + else + { + // Release the lock + pthread_mutex_unlock(&g_staticLocks[n]); + } + } + else + { + DbgTrace(2, "-StaticLockFunction- n out of range\n", 0); + } + + DbgTrace(2, "-StaticLockFunction- End\n", 0); +} + + +//++======================================================================= +static void +DynLockFunction( + IN int mode, + IN struct CRYPTO_dynlock_value *l, + IN const char *file, + IN int line) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + DbgTrace(2, "-DynLockFunction- Start\n", 0); + + if (l) + { + // Either set or release the lock + if (mode & CRYPTO_LOCK) + { + // Set the lock + pthread_mutex_lock((pthread_mutex_t*) l); + } + else + { + // Release the lock + pthread_mutex_unlock((pthread_mutex_t*) l); + } + } + else + { + DbgTrace(2, "-DynLockFunction- Invalid parameter\n", 0); + } + + DbgTrace(2, "-DynLockFunction- End\n", 0); +} + + +//++======================================================================= +static struct CRYPTO_dynlock_value* +CreateDynLockFunction( + IN const char *file, + IN int line) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + struct CRYPTO_dynlock_value *l; + + DbgTrace(1, "-CreateDynLockFunction- Start\n", 0); + + // Allocate space for the lock + l = (struct CRYPTO_dynlock_value*) malloc(sizeof(pthread_mutex_t)); + if (l) + { + pthread_mutex_init((pthread_mutex_t*) l, NULL); + } + else + { + DbgTrace(0, "-CreateDynLockFunction- Buffer allocation failure\n", 0); + } + + DbgTrace(1, "-CreateDynLockFunction- End, l = %0lX\n", (long) l); + + return l; +} + + +//++======================================================================= +static void +DestroyDynLockFunction( + IN struct CRYPTO_dynlock_value *l, + IN const char *file, + IN int line) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + DbgTrace(1, "-DestroyDynLockFunction- Start, l = %0lX\n", (long) l); + + if (l) + { + pthread_mutex_destroy((pthread_mutex_t*) l); + free(l); + } + + DbgTrace(1, "-DestroyDynLockFunction- End\n", 0); +} + + +//++======================================================================= +static unsigned long +ThreadIdFunction(void) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + unsigned long threadId; + + DbgTrace(2, "-ThreadIdFunction- Start\n", 0); + + threadId = (unsigned long) pthread_self(); + + DbgTrace(2, "-ThreadIdFunction- End, id = %0lX\n", threadId); + + return threadId; +} + + +//++======================================================================= +int +SetupOSSLSupport(void) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + int retStatus = -1; + int i; + + DbgTrace(1, "-SetupOSSLSupport- Start\n", 0); + + // Determine how many static locks are needed + g_numStaticLocks = CRYPTO_num_locks(); + + // Allocate space to hold the needed mutexes + g_staticLocks = malloc(sizeof(pthread_mutex_t) * g_numStaticLocks); + if (g_staticLocks) + { + for (i = 0; i < g_numStaticLocks; i++) + pthread_mutex_init(&g_staticLocks[i], NULL); + + // Set callback functions + CRYPTO_set_id_callback(ThreadIdFunction); + CRYPTO_set_locking_callback(StaticLockFunction); + CRYPTO_set_dynlock_create_callback(CreateDynLockFunction); + CRYPTO_set_dynlock_destroy_callback(DestroyDynLockFunction); + CRYPTO_set_dynlock_lock_callback(DynLockFunction); + + // Success + retStatus = 0; + } + else + { + DbgTrace(0, "-SetupOSSLSupport- Buffer allocation failure\n", 0); + } + + DbgTrace(1, "-SetupOSSLSupport- End, retStatus = %0X\n", retStatus); + + return retStatus; +} + + +//++======================================================================= +void +CleanupOSSLSupport(void) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + int i; + + DbgTrace(1, "-CleanupOSSLSupport- Start\n", 0); + + // Clear our callback functions + CRYPTO_set_id_callback(NULL); + CRYPTO_set_locking_callback(NULL); + CRYPTO_set_dynlock_create_callback(NULL); + CRYPTO_set_dynlock_destroy_callback(NULL); + CRYPTO_set_dynlock_lock_callback(NULL); + + // Now, cleanup the resources allocated for static locks + if (g_staticLocks) + { + for (i = 0; i < g_numStaticLocks; i++) + pthread_mutex_destroy(&g_staticLocks[i]); + + free(g_staticLocks); + } + + DbgTrace(1, "-CleanupOSSLSupport- End\n", 0); +} + + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/CASA-auth-token/client/lib/linux/platform.c b/CASA-auth-token/client/lib/linux/platform.c index 32482f8d..bfc885c8 100644 --- a/CASA-auth-token/client/lib/linux/platform.c +++ b/CASA-auth-token/client/lib/linux/platform.c @@ -42,6 +42,7 @@ typedef struct _NormalizedHostNameCacheEntry //===[ Type definitions for Local_sem ]==================================== + // // Notes: Most of the code for this definitions and the Local_sem_xxxx // functions was copied with minor modifications from W. Richard @@ -694,53 +695,65 @@ NormalizeHostName( // Now try to resolve the normalized name pLookupResult = gethostbyname(pHostName); - if (pLookupResult && pLookupResult->h_addrtype == AF_INET) + if (pLookupResult + && pLookupResult->h_addrtype == AF_INET + && pLookupResult->h_length > 0 + && pLookupResult->h_addr_list[0] != NULL) { - char dnsHostName[NI_MAXHOST]; - - // Set up a sockaddr structure - sockAddr.sin_family = AF_INET; - sockAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); - - // Now try to resolve the name using DNS - if (getnameinfo((const struct sockaddr*) &sockAddr, - sizeof(sockAddr), - dnsHostName, - sizeof(dnsHostName), - NULL, - 0, - NI_NAMEREQD) == 0) + char *pDnsHostName = (char*) malloc(NI_MAXHOST + 1); + if (pDnsHostName) { - // We resolved the address to a DNS name, use it as the normalized name. - pEntry->buffLengthRequired = (int) strlen(dnsHostName) + 1; - pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); - if (pEntry->pNormalizedHostName) + // Set up a sockaddr structure + sockAddr.sin_family = AF_INET; + sockAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); + + // Now try to resolve the name using DNS + if (getnameinfo((const struct sockaddr*) &sockAddr, + sizeof(sockAddr), + pDnsHostName, + NI_MAXHOST, + NULL, + 0, + NI_NAMEREQD) == 0) { - // Copy the dns name - strcpy(pEntry->pNormalizedHostName, dnsHostName); + // We resolved the address to a DNS name, use it as the normalized name. + pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1; + pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); + if (pEntry->pNormalizedHostName) + { + // Copy the dns name + strcpy(pEntry->pNormalizedHostName, pDnsHostName); + } + else + { + DbgTrace(0, "-NormalizeHostName- Buffer allocation error\n", 0); + } } else { - DbgTrace(0, "-NormalizeHostName- Buffer allocation error\n", 0); + DbgTrace(0, "-NormalizeHostName- getnameInfo failed, error %d\n", errno); + + // Not able to resolve the name in DNS, just use the host name as + // the normalized name. + pEntry->buffLengthRequired = (int) strlen(pHostName) + 1; + pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); + if (pEntry->pNormalizedHostName) + { + // Copy the host name + strcpy(pEntry->pNormalizedHostName, pHostName); + } + else + { + DbgTrace(0, "-NormalizeHostName- Buffer allocation error\n", 0); + } } + + // Free the buffer allocated to hold the DNS name + free(pDnsHostName); } else { - DbgTrace(0, "-NormalizeHostName- getnameInfo failed, error %d\n", errno); - - // Not able to resolve the name in DNS, just use the host name as - // the normalized name. - pEntry->buffLengthRequired = (int) strlen(pHostName) + 1; - pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired); - if (pEntry->pNormalizedHostName) - { - // Copy the host name - strcpy(pEntry->pNormalizedHostName, pHostName); - } - else - { - DbgTrace(0, "-NormalizeHostName- Buffer allocation error\n", 0); - } + DbgTrace(0, "-NormalizeHostName- Buffer allocation failure\n", 0); } } else diff --git a/CASA-auth-token/client/lib/linux/platform.h b/CASA-auth-token/client/lib/linux/platform.h index f6521415..fc8b1a7c 100644 --- a/CASA-auth-token/client/lib/linux/platform.h +++ b/CASA-auth-token/client/lib/linux/platform.h @@ -45,6 +45,7 @@ #include #include #include +#include //===[ Type definitions ]================================================== diff --git a/CASA-auth-token/client/lib/linux/rpc.c b/CASA-auth-token/client/lib/linux/rpc.c index 253dbaed..f5d0998f 100644 --- a/CASA-auth-token/client/lib/linux/rpc.c +++ b/CASA-auth-token/client/lib/linux/rpc.c @@ -31,8 +31,19 @@ #define MAX_RPC_RETRIES 3 +//===[ External prototypes ]=============================================== + +extern +int +SetupOSSLSupport(void); + +extern +void +CleanupOSSLSupport(void); + //===[ Function prototypes ]=============================================== + //===[ Global variables ]================================================== @@ -307,7 +318,9 @@ InternalRpc( // L2 //=======================================================================-- { +#ifndef CASA_STATUS_INVALID_SERVER_CERTIFICATE #define CASA_STATUS_INVALID_SERVER_CERTIFICATE CASA_STATUS_UNSUCCESSFUL // temporary until casa_status.h is updated +#endif CasaStatus retStatus; char *pPartialUrl; @@ -361,7 +374,6 @@ InternalRpc( } pUrl = (char*) malloc(partialUrlLen + strlen(pMethod) + 1); - if (pUrl) { strcpy(pUrl, pPartialUrl); @@ -465,7 +477,7 @@ InternalRpc( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(1, "-InternalRpc- End, retStatus = %d\n", retStatus); + DbgTrace(1, "-InternalRpc- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -514,7 +526,7 @@ Rpc( } while (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE && retries < MAX_RPC_RETRIES); - DbgTrace(1, "-Rpc- End, retStatus = %d\n", retStatus); + DbgTrace(1, "-Rpc- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -535,26 +547,34 @@ InitializeRpc(void) // L2 //=======================================================================-- { - CasaStatus retStatus; + CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); DbgTrace(1, "-InitializeRpc- Start\n", 0); - // Perform libcurl initializatoin - CURLcode curlStatus = curl_global_init(CURL_GLOBAL_SSL); - if (curlStatus != 0) + // Initialize OpenSSL support + if (SetupOSSLSupport() == 0) { - DbgTrace(0, "-InitializeRpc- Error initializing libcurl, curlStatus = %08X\n", curlStatus); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); + // Perform libcurl initializatoin + CURLcode curlStatus = curl_global_init(CURL_GLOBAL_SSL); + if (curlStatus != 0) + { + DbgTrace(0, "-InitializeRpc- Error initializing libcurl, curlStatus = %0X\n", curlStatus); + CleanupOSSLSupport(); + } + else + { + // Success + retStatus = CASA_STATUS_SUCCESS; + } } else { - // Success - retStatus = CASA_STATUS_SUCCESS; + DbgTrace(0, "-InitializeRpc- OpenSSL support setup failure\n", 0); } - DbgTrace(1, "-InitializeRpc- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-InitializeRpc- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/interface.c b/CASA-auth-token/client/lib/mechanisms/krb5/interface.c index 207bd79d..f2f5ab79 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/interface.c +++ b/CASA-auth-token/client/lib/mechanisms/krb5/interface.c @@ -75,7 +75,7 @@ AuthTokenIf_AddReference( pAuthTokenIfInstance->refCount ++; refCount = pAuthTokenIfInstance->refCount; - DbgTrace(2, "-AuthTokenIf_AddReference- End, refCount = %08X\n", refCount); + DbgTrace(2, "-AuthTokenIf_AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -208,7 +208,7 @@ GET_AUTH_TOKEN_INTERFACE_RTN( exit: - DbgTrace(1, "-GetAuthTokenInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-GetAuthTokenInterface- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate.conf b/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate.conf index df2ad167..b5668b05 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate.conf +++ b/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate.conf @@ -7,6 +7,27 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName /usr/lib/CASA/authtoken/krb5mech.so +# +# DebugLevel setting. +# +# Description: Used to specify the level of logging utilized for debugging +# purposes. A level of zero being the lowest debugging level. +# +# If this parameter is not set, the client defaults +# to use a debug level of zero. +# +# Note: Debug statements can be viewed under Windows by using +# tools such as DbgView. Under Linux, debug statements are logged +# to /var/log/messages. +# +#DebugLevel 0 + diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate_lib64.conf b/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate_lib64.conf index c1bc0bb6..9513f26e 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate_lib64.conf +++ b/CASA-auth-token/client/lib/mechanisms/krb5/linux/Krb5Authenticate_lib64.conf @@ -7,6 +7,26 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName /usr/lib64/CASA/authtoken/krb5mech.so +# +# DebugLevel setting. +# +# Description: Used to specify the level of logging utilized for debugging +# purposes. A level of zero being the lowest debugging level. +# +# If this parameter is not set, the client defaults +# to use a debug level of zero. +# +# Note: Debug statements can be viewed under Windows by using +# tools such as DbgView. Under Linux, debug statements are logged +# to /var/log/messages. +# +#DebugLevel 0 diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/linux/get.c b/CASA-auth-token/client/lib/mechanisms/krb5/linux/get.c index 2c08d447..04ae03a2 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/linux/get.c +++ b/CASA-auth-token/client/lib/mechanisms/krb5/linux/get.c @@ -75,8 +75,11 @@ LogGssStatuses( } // Trace this message - DbgTrace(0, "-LogGssStatuses- GSS-API error %s: ", operation); - DbgTrace(0, "%s\n", (char *)msg.value); + if (msg.value != NULL) + { + DbgTrace(0, "-LogGssStatuses- GSS-API error %s: ", operation); + DbgTrace(0, "%s\n", (char *)msg.value); + } if (msg.length != 0) gss_release_buffer(&gssMinStat, &msg); @@ -102,8 +105,11 @@ LogGssStatuses( } // Trace this message - DbgTrace(0, "-LogGssStatuses- GSS-API error %s: ", operation); - DbgTrace(0, "%s\n", (char *)msg.value); + if (msg.value != NULL) + { + DbgTrace(0, "-LogGssStatuses- GSS-API error %s: ", operation); + DbgTrace(0, "%s\n", (char *)msg.value); + } if (msg.length != 0) gss_release_buffer(&gssMinStat, &msg); @@ -226,7 +232,7 @@ AuthTokenIf_GetAuthToken( gssBuffer.length = strlen(pKrbServiceName) + 1; if (strchr(pKrbServiceName, '@') != NULL) { - // The name is of the form "servicename@hostname" + // The name is of the form "servicename@realmname" gssMajStat = gss_import_name(&gssMinStat, &gssBuffer, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, @@ -290,7 +296,7 @@ AuthTokenIf_GetAuthToken( else { // The buffer provided is large enough, copy the data and return the actual size. - memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen +1); + memcpy((void*) pTokenBuf, pEncodedToken, encodedTokenLen + 1); // Success retStatus = CASA_STATUS_SUCCESS; diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/util.c b/CASA-auth-token/client/lib/mechanisms/krb5/util.c index 48ab55d2..93f94988 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/util.c +++ b/CASA-auth-token/client/lib/mechanisms/krb5/util.c @@ -80,7 +80,6 @@ EncodeData( { CasaStatus retStatus; int encodedSize; - char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -141,7 +140,7 @@ EncodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -270,7 +269,7 @@ DecodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -312,7 +311,7 @@ dtoul( } } - DbgTrace(2, "-dtoul- End, result = %d\n", n); + DbgTrace(2, "-dtoul- End, result = %0X\n", n); return n; } diff --git a/CASA-auth-token/client/lib/mechanisms/krb5/windows/Krb5Authenticate.conf b/CASA-auth-token/client/lib/mechanisms/krb5/windows/Krb5Authenticate.conf index 1268420f..7a785ba8 100644 --- a/CASA-auth-token/client/lib/mechanisms/krb5/windows/Krb5Authenticate.conf +++ b/CASA-auth-token/client/lib/mechanisms/krb5/windows/Krb5Authenticate.conf @@ -7,6 +7,12 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName \Program Files\novell\casa\lib\krb5mech.dll # diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/get.c b/CASA-auth-token/client/lib/mechanisms/pwd/get.c index cd8a8345..b9ec68e2 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/get.c +++ b/CASA-auth-token/client/lib/mechanisms/pwd/get.c @@ -106,13 +106,23 @@ GetUserCredentials( // There were no credentials for the realm, now try to obtain the // desktop credentials. secretId.len = sscs_Utf8Strlen("Desktop") + 1; - sscs_Utf8Strcpy((char*) secretId.id, "Desktop"); - rcode = miCASAGetCredential(0, - &secretId, - NULL, - &credtype, - &credential, - (SSCS_EXT_T*) pCredStoreScope); + if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN) + { + sscs_Utf8Strcpy((char*) secretId.id, "Desktop"); + rcode = miCASAGetCredential(0, + &secretId, + NULL, + &credtype, + &credential, + (SSCS_EXT_T*) pCredStoreScope); + } + else + { + DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_PWTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } } } else @@ -178,7 +188,7 @@ GetUserCredentials( *ppPassword = pPassword; } - DbgTrace(1, "-GetUserCredentials- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-GetUserCredentials- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/interface.c b/CASA-auth-token/client/lib/mechanisms/pwd/interface.c index 207bd79d..f2f5ab79 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/interface.c +++ b/CASA-auth-token/client/lib/mechanisms/pwd/interface.c @@ -75,7 +75,7 @@ AuthTokenIf_AddReference( pAuthTokenIfInstance->refCount ++; refCount = pAuthTokenIfInstance->refCount; - DbgTrace(2, "-AuthTokenIf_AddReference- End, refCount = %08X\n", refCount); + DbgTrace(2, "-AuthTokenIf_AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -208,7 +208,7 @@ GET_AUTH_TOKEN_INTERFACE_RTN( exit: - DbgTrace(1, "-GetAuthTokenInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-GetAuthTokenInterface- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate.conf b/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate.conf index f991c1a8..02d02550 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate.conf +++ b/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate.conf @@ -7,6 +7,25 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName /usr/lib/CASA/authtoken/pwmech.so - +# +# DebugLevel setting. +# +# Description: Used to specify the level of logging utilized for debugging +# purposes. A level of zero being the lowest debugging level. +# +# If this parameter is not set, the client defaults +# to use a debug level of zero. +# +# Note: Debug statements can be viewed under Windows by using +# tools such as DbgView. Under Linux, debug statements are logged +# to /var/log/messages. +# +#DebugLevel 0 diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate_lib64.conf b/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate_lib64.conf index f0435d9c..729e35b6 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate_lib64.conf +++ b/CASA-auth-token/client/lib/mechanisms/pwd/linux/PwdAuthenticate_lib64.conf @@ -7,6 +7,25 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName /usr/lib64/CASA/authtoken/pwmech.so - +# +# DebugLevel setting. +# +# Description: Used to specify the level of logging utilized for debugging +# purposes. A level of zero being the lowest debugging level. +# +# If this parameter is not set, the client defaults +# to use a debug level of zero. +# +# Note: Debug statements can be viewed under Windows by using +# tools such as DbgView. Under Linux, debug statements are logged +# to /var/log/messages. +# +#DebugLevel 0 diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/util.c b/CASA-auth-token/client/lib/mechanisms/pwd/util.c index 48ab55d2..93f94988 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/util.c +++ b/CASA-auth-token/client/lib/mechanisms/pwd/util.c @@ -80,7 +80,6 @@ EncodeData( { CasaStatus retStatus; int encodedSize; - char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -141,7 +140,7 @@ EncodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -270,7 +269,7 @@ DecodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -312,7 +311,7 @@ dtoul( } } - DbgTrace(2, "-dtoul- End, result = %d\n", n); + DbgTrace(2, "-dtoul- End, result = %0X\n", n); return n; } diff --git a/CASA-auth-token/client/lib/mechanisms/pwd/windows/PwdAuthenticate.conf b/CASA-auth-token/client/lib/mechanisms/pwd/windows/PwdAuthenticate.conf index 653e3864..7d8b27ea 100644 --- a/CASA-auth-token/client/lib/mechanisms/pwd/windows/PwdAuthenticate.conf +++ b/CASA-auth-token/client/lib/mechanisms/pwd/windows/PwdAuthenticate.conf @@ -7,6 +7,12 @@ # # ####################################################### +# +# LibraryName setting. +# +# Description: Used to specify the path to the library +# implementing the authentication mechanism. +# LibraryName \Program Files\novell\casa\lib\pwmech.dll # diff --git a/CASA-auth-token/client/lib/test/CASA_Auth.cpp b/CASA-auth-token/client/lib/test/CASA_Auth.cpp index e78e3e4c..47f2997d 100644 --- a/CASA-auth-token/client/lib/test/CASA_Auth.cpp +++ b/CASA-auth-token/client/lib/test/CASA_Auth.cpp @@ -124,113 +124,135 @@ EncodeData( void NonHttpTest(void) { CasaStatus retStatus; - char authToken[8192]; - int authTokenLen = sizeof(authToken); + char *pAuthToken; + int authTokenLen = 0; - // Obtain an authentication token for the targeted service - retStatus = ObtainAuthToken(pServiceName, pServerAddress, authToken, &authTokenLen); - if (!CASA_SUCCESS(retStatus)) + // First call to get the authentication token with no output buffer so + // that we can determine the buffer size necessary to hold the token. + retStatus = ObtainAuthToken(pServiceName, pServerAddress, NULL, &authTokenLen); + if (CasaStatusCode(retStatus) == CASA_STATUS_BUFFER_OVERFLOW) { - printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); - } - else - { - SOCKET sock; - struct sockaddr_in localAddr = {0}; - struct sockaddr_in remoteAddr = {0}; - struct linger linger_opt = {1, 15}; - struct hostent *pLookupResult; - - printf("-NonHttpTest- ObtainAuthToken succedded, tokenlen = %d\n", authTokenLen); - - // Send the token to the server - // - // Open socket - sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (sock != INVALID_SOCKET) + // Allocate buffer to receive the token + pAuthToken = (char*) malloc(authTokenLen); + if (pAuthToken) { - // Setup the local address structure - localAddr.sin_family = AF_INET; - localAddr.sin_addr.s_addr = htonl(INADDR_ANY); - - // Bind socket - if (!bind(sock, (const struct sockaddr*) &localAddr, sizeof(struct sockaddr_in))) + // Now get the token + retStatus = ObtainAuthToken(pServiceName, pServerAddress, pAuthToken, &authTokenLen); + if (!CASA_SUCCESS(retStatus)) { - // Resolve the server address - pLookupResult = gethostbyname(pServerAddress); - if (pLookupResult) + printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); + } + else + { + SOCKET sock; + struct sockaddr_in localAddr = {0}; + struct sockaddr_in remoteAddr = {0}; + struct linger linger_opt = {1, 15}; + struct hostent *pLookupResult; + + printf("-NonHttpTest- ObtainAuthToken succedded, tokenlen = %d\n", authTokenLen); + + // Send the token to the server + // + // Open socket + sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (sock != INVALID_SOCKET) { - // Validate the address type returned - if (pLookupResult->h_addrtype == AF_INET) + // Setup the local address structure + localAddr.sin_family = AF_INET; + localAddr.sin_addr.s_addr = htonl(INADDR_ANY); + + // Bind socket + if (!bind(sock, (const struct sockaddr*) &localAddr, sizeof(struct sockaddr_in))) { - int numAddressesFound = 0; - - // Determine how many addresses where returned - while (pLookupResult->h_addr_list[numAddressesFound] != NULL) + // Resolve the server address + pLookupResult = gethostbyname(pServerAddress); + if (pLookupResult) { - //printf("ServerAddress = %08X\n", *((int*) pLookupResult->h_addr_list[numAddressesFound])); - numAddressesFound ++; - } - //printf("Found %d addresses\n", numAddressesFound); + // Validate the address type returned + if (pLookupResult->h_addrtype == AF_INET) + { + int numAddressesFound = 0; - // Setup the remote address structure with the lookup results - remoteAddr.sin_family = AF_INET; - remoteAddr.sin_port = serverPort; - remoteAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); // Short-cut - //printf("ServerAddress = %08X\n", remoteAddr.sin_addr.s_addr); + // Determine how many addresses where returned + while (pLookupResult->h_addr_list[numAddressesFound] != NULL) + { + //printf("ServerAddress = %08X\n", *((int*) pLookupResult->h_addr_list[numAddressesFound])); + numAddressesFound ++; + } + //printf("Found %d addresses\n", numAddressesFound); - // Perform connect operation - if (connect(sock, - (struct sockaddr*) &remoteAddr, - sizeof(struct sockaddr_in)) == SOCKET_ERROR) - { - printf("-NonHttpTest- Connection creation failed, error = %d\n", errno); + // Setup the remote address structure with the lookup results + remoteAddr.sin_family = AF_INET; + remoteAddr.sin_port = serverPort; + remoteAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); // Short-cut + //printf("ServerAddress = %08X\n", remoteAddr.sin_addr.s_addr); + + // Perform connect operation + if (connect(sock, + (struct sockaddr*) &remoteAddr, + sizeof(struct sockaddr_in)) == SOCKET_ERROR) + { + printf("-NonHttpTest- Connection creation failed, error = %d\n", errno); + } + else + { + // Now the connection is setup, send the credentials to the server as one line. + // using our cheesy protocol followed by a hello string. + // + // Send the token to the server (including NULL terminator) + send(sock, pAuthToken, (int) strlen(pAuthToken) + 1, 0); + + // Send new line + send(sock, "\n", 1, 0); + + // Send "hello" + //send(sock, helloString, strlen(helloString) + 1, MSG_NOSIGNAL); + + // Send new line + //send(sock, "\n", 1, 0); + + // Shutdown the connection + shutdown(sock, 0); + } + } + else + { + printf("-NonHttpTest- Unsupported address type returned %08X\n", pLookupResult->h_addrtype); + } } else { - // Now the connection is setup, send the credentials to the server as one line. - // using our cheesy protocol followed by a hello string. - // - // Send the token to the server (including NULL terminator) - send(sock, authToken, (int) strlen(authToken) + 1, 0); - - // Send new line - send(sock, "\n", 1, 0); - - // Send "hello" - //send(sock, helloString, strlen(helloString) + 1, MSG_NOSIGNAL); - - // Send new line - //send(sock, "\n", 1, 0); - - // Shutdown the connection - shutdown(sock, 0); + printf("-NonHttpTest- Lookup for %s failed\n", pServerAddress); } } else { - printf("-NonHttpTest- Unsupported address type returned %08X\n", pLookupResult->h_addrtype); + printf("-NonHttpTest- Unable to bind socket, error = %d", errno); } + + // Close the socket + setsockopt(sock, SOL_SOCKET, SO_LINGER, (const char*) &linger_opt, sizeof(linger_opt)); + closesocket(sock); } else { - printf("-NonHttpTest- Lookup for %s failed\n", pServerAddress); + printf("-NonHttpTest- Unable to open socket, error = %d\n", errno); } } - else - { - printf("-NonHttpTest- Unable to bind socket, error = %d", errno); - } - - // Close the socket - setsockopt(sock, SOL_SOCKET, SO_LINGER, (const char*) &linger_opt, sizeof(linger_opt)); - closesocket(sock); + + // Release the buffer allocated for the token + free(pAuthToken); } else { - printf("-NonHttpTest- Unable to open socket, error = %d\n", errno); + printf("-NonHttpTest- Failed to allocate buffer for token\n", 0); } } + else + { + printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); + } } @@ -242,141 +264,162 @@ void NonHttpTest(void) void HttpTest(void) { CasaStatus retStatus; - char authToken[4096]; - int authTokenLen = sizeof(authToken); + char *pAuthToken; + int authTokenLen = 0; - // Obtain an authentication token for the targeted service - retStatus = ObtainAuthToken(pServiceName, pServerAddress, authToken, &authTokenLen); - if (!CASA_SUCCESS(retStatus)) + // First call to get the authentication token with no output buffer so + // that we can determine the buffer size necessary to hold the token. + retStatus = ObtainAuthToken(pServiceName, pServerAddress, NULL, &authTokenLen); + if (CasaStatusCode(retStatus) == CASA_STATUS_BUFFER_OVERFLOW) { - printf("-HttpTest- ObtainAuthToken failed with status %d\n", retStatus); - } - else - { - SOCKET sock; - struct sockaddr_in localAddr = {0}; - struct sockaddr_in remoteAddr = {0}; - struct linger linger_opt = {1, 15}; - struct hostent *pLookupResult; - - //printf("ObtainAuthToken succedded, token = %s\n", authToken); - printf("-HttpTest- ObtainAuthToken succedded, tokenlen = %d\n", authTokenLen); - - // Send the token to the server - // Open socket - sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (sock != INVALID_SOCKET) + // Allocate buffer to receive the token + pAuthToken = (char*) malloc(authTokenLen); + if (pAuthToken) { - // Setup the local address structure - localAddr.sin_family = AF_INET; - localAddr.sin_addr.s_addr = htonl(INADDR_ANY); - - // Bind socket - if (!bind(sock, (const struct sockaddr*) &localAddr, sizeof(struct sockaddr_in))) + // Now get the token + retStatus = ObtainAuthToken(pServiceName, pServerAddress, pAuthToken, &authTokenLen); + if (!CASA_SUCCESS(retStatus)) { - // Resolve the server address - pLookupResult = gethostbyname(pServerAddress); - if (pLookupResult) + printf("-HttpTest- ObtainAuthToken failed with status %0X\n", retStatus); + } + else + { + SOCKET sock; + struct sockaddr_in localAddr = {0}; + struct sockaddr_in remoteAddr = {0}; + struct linger linger_opt = {1, 15}; + struct hostent *pLookupResult; + + printf("-HttpTest- ObtainAuthToken succedded, tokenlen = %d\n", authTokenLen); + + // Send the token to the server + // Open socket + sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (sock != INVALID_SOCKET) { - // Validate the address type returned - if (pLookupResult->h_addrtype == AF_INET) + // Setup the local address structure + localAddr.sin_family = AF_INET; + localAddr.sin_addr.s_addr = htonl(INADDR_ANY); + + // Bind socket + if (!bind(sock, (const struct sockaddr*) &localAddr, sizeof(struct sockaddr_in))) { - int numAddressesFound = 0; - - // Determine how many addresses where returned - while (pLookupResult->h_addr_list[numAddressesFound] != NULL) + // Resolve the server address + pLookupResult = gethostbyname(pServerAddress); + if (pLookupResult) { - //printf("ServerAddress = %08X\n", *((int*) pLookupResult->h_addr_list[numAddressesFound])); - numAddressesFound ++; - } - //printf("Found %d addresses\n", numAddressesFound); - - - // Setup the remote address structure with the lookup results - remoteAddr.sin_family = AF_INET; - remoteAddr.sin_port = serverPort; - remoteAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); // Short-cut - //printf("ServerAddress = %08X\n", remoteAddr.sin_addr.s_addr); - - // Perform connect operation - if (connect(sock, - (struct sockaddr*) &remoteAddr, - sizeof(struct sockaddr_in)) == SOCKET_ERROR) - { - printf("-HttpTest- Connection creation failed, error = %d\n", errno); - } - else - { - char *pBasicCredentials; - char *pEncodedBasicCredentials; - int encodedLength; - char CasaPrincipal[] = "CasaPrincipal:"; - char HTTPReqPart1[] = "GET /example-info HTTP/1.1\r\\nUser-Agent: CasaTestClient\r\nHost: jcstation.dnsdhcp.provo.novell.com:4096\r\nConnection: Keep-Alive\r\nAuthorization: Basic "; - - // Now the connection is setup, send 1st part of HTTP request to the server. - send(sock, HTTPReqPart1, (int) strlen(HTTPReqPart1), 0); - - // Now setup the HTTP Basic Credentials - pBasicCredentials = (char*) malloc(strlen(CasaPrincipal) + strlen(authToken) + 1); - if (pBasicCredentials) + // Validate the address type returned + if (pLookupResult->h_addrtype == AF_INET) { - memcpy(pBasicCredentials, CasaPrincipal, sizeof(CasaPrincipal)); - strcat(pBasicCredentials, authToken); + int numAddressesFound = 0; - // Now Base64 encode the credentials - if (EncodeData((const void*) pBasicCredentials, - (const int32_t) strlen(pBasicCredentials), - &pEncodedBasicCredentials, - (int32_t *) &encodedLength) == 0) + // Determine how many addresses where returned + while (pLookupResult->h_addr_list[numAddressesFound] != NULL) { - // Send the encoded credentials - send(sock, pEncodedBasicCredentials, encodedLength - 1, 0); + //printf("ServerAddress = %08X\n", *((int*) pLookupResult->h_addr_list[numAddressesFound])); + numAddressesFound ++; + } + //printf("Found %d addresses\n", numAddressesFound); - // Send the rest of the header - send(sock, "\r\n\r\n", 4, 0); - // Free the buffer holding the encoded credentials - free(pEncodedBasicCredentials); + // Setup the remote address structure with the lookup results + remoteAddr.sin_family = AF_INET; + remoteAddr.sin_port = serverPort; + remoteAddr.sin_addr.s_addr = *((int*) pLookupResult->h_addr_list[0]); // Short-cut + //printf("ServerAddress = %08X\n", remoteAddr.sin_addr.s_addr); + + // Perform connect operation + if (connect(sock, + (struct sockaddr*) &remoteAddr, + sizeof(struct sockaddr_in)) == SOCKET_ERROR) + { + printf("-HttpTest- Connection creation failed, error = %d\n", errno); } else { - printf("-HttpTest- Error encoding credentials\n"); - } + char *pBasicCredentials; + char *pEncodedBasicCredentials; + int encodedLength; + char CasaPrincipal[] = "CasaPrincipal:"; + char HTTPReqPart1[] = "GET /example-info HTTP/1.1\r\\nUser-Agent: CasaTestClient\r\nHost: jcstation.dnsdhcp.provo.novell.com:4096\r\nConnection: Keep-Alive\r\nAuthorization: Basic "; - // Free the buffer containing the basic credentials - free(pBasicCredentials); + // Now the connection is setup, send 1st part of HTTP request to the server. + send(sock, HTTPReqPart1, (int) strlen(HTTPReqPart1), 0); + + // Now setup the HTTP Basic Credentials + pBasicCredentials = (char*) malloc(strlen(CasaPrincipal) + strlen(pAuthToken) + 1); + if (pBasicCredentials) + { + memcpy(pBasicCredentials, CasaPrincipal, sizeof(CasaPrincipal)); + strcat(pBasicCredentials, pAuthToken); + + // Now Base64 encode the credentials + if (EncodeData((const void*) pBasicCredentials, + (const int32_t) strlen(pBasicCredentials), + &pEncodedBasicCredentials, + (int32_t *) &encodedLength) == 0) + { + // Send the encoded credentials + send(sock, pEncodedBasicCredentials, encodedLength - 1, 0); + + // Send the rest of the header + send(sock, "\r\n\r\n", 4, 0); + + // Free the buffer holding the encoded credentials + free(pEncodedBasicCredentials); + } + else + { + printf("-HttpTest- Error encoding credentials\n"); + } + + // Free the buffer containing the basic credentials + free(pBasicCredentials); + } + else + { + printf("-HttpTest- Buffer allocation failure\n"); + } + + // Shutdown the connection + shutdown(sock, 0); + } } else { - printf("-HttpTest- Buffer allocation failure\n"); + printf("-HttpTest- Unsupported address type returned %08X\n", pLookupResult->h_addrtype); } - - // Shutdown the connection - shutdown(sock, 0); + } + else + { + printf("-HttpTest- Lookup for %s failed\n", pServerAddress); } } else { - printf("-HttpTest- Unsupported address type returned %08X\n", pLookupResult->h_addrtype); + printf("-HttpTest- Unable to bind socket, error = %d", errno); } + + // Close the socket + setsockopt(sock, SOL_SOCKET, SO_LINGER, (const char*) &linger_opt, sizeof(linger_opt)); + closesocket(sock); } else { - printf("-HttpTest- Lookup for %s failed\n", pServerAddress); + printf("-HttpTest- Unable to open socket, error = %d\n", errno); } } - else - { - printf("-HttpTest- Unable to bind socket, error = %d", errno); - } - // Close the socket - setsockopt(sock, SOL_SOCKET, SO_LINGER, (const char*) &linger_opt, sizeof(linger_opt)); - closesocket(sock); + // Release the buffer allocated for the token + free(pAuthToken); } else { - printf("-HttpTest- Unable to open socket, error = %d\n", errno); + printf("-HttpTest- Failed to allocate buffer for token\n", 0); } } + else + { + printf("-HttpTest- ObtainAuthToken failed with status %0X\n", retStatus); + } } diff --git a/CASA-auth-token/client/lib/util.c b/CASA-auth-token/client/lib/util.c index b93a5508..a5fbf7cb 100644 --- a/CASA-auth-token/client/lib/util.c +++ b/CASA-auth-token/client/lib/util.c @@ -77,7 +77,6 @@ EncodeData( { CasaStatus retStatus; int encodedSize; - char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -138,7 +137,7 @@ EncodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -267,7 +266,7 @@ DecodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -309,7 +308,7 @@ dtoul( } } - DbgTrace(2, "-dtoul- End, result = %d\n", n); + DbgTrace(2, "-dtoul- End, result = %0X\n", n); return n; } diff --git a/CASA-auth-token/client/lib/windows/dllsup.c b/CASA-auth-token/client/lib/windows/dllsup.c index b9efd784..ba628c74 100644 --- a/CASA-auth-token/client/lib/windows/dllsup.c +++ b/CASA-auth-token/client/lib/windows/dllsup.c @@ -113,7 +113,7 @@ ObtainAuthTokenEx( pAuthTokenBufLen, pCredStoreScope); - DbgTrace(1, "-ObtainAuthTokenEx- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-ObtainAuthTokenEx- End, retStatus = %0X\n", retStatus); return retStatus; }