geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Continued development of AuthenticationToken Validation Service.

Browse Source
This commit is contained in:
Juan Carlos Luciani
2006-09-07 23:33:33 +00:00
parent 307ed2444c
commit 6ab8fe3080
14 changed files with 386 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/Makefile.am
View File

@@ -40,6 +40,7 @@ ROOT = ../../../..
LIBDIR = $(ROOT)/$(LIB)
BINDIR = $(ROOT)/$(BIN)
JAVA_LIBDIR = /usr/lib/jvm/java-1.5.0-sun-1.5.0_07/jre/lib/i386/server
# handle Mono secondary dependencies
export MONO_PATH := $(MONO_PATH)
@@ -56,8 +57,8 @@ RESOURCES =
DEFINES += -Wno-format-extra-args -fno-strict-aliasing -fshort-wchar
CFLAGS += $(INCLUDES) $(DEFINES)
CPPFLAGS += -fPIC $(INCLUDES) $(DEFINES)
LIBS = -lpthread -lcasa_s_ipc
LDFLAGS = -L$(LIBDIR)/$(TARGET_CFG)
LIBS = -lpthread -lcasa_s_ipc -ljvm
LDFLAGS = -L$(LIBDIR)/$(TARGET_CFG) -L$(JAVA_LIBDIR)
OBJDIR = ./$(TARGET_CFG)/$(LIB)
OBJS = $(addprefix $(OBJDIR)/, $(CFILES:%.c=%.o)) $(addprefix $(OBJDIR)/, $(CPPFILES:%.cpp=%.o))

296
CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@@ -26,6 +26,7 @@
//===[ Include files ]=====================================================
#include "internal.h"
#include <jni.h>
//===[ External data ]=====================================================
@@ -54,10 +55,12 @@ int beginThreads = 5;
int growThreads = 5;
int maxThreads = 4096;
int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4;
// Worker thread pool operating parameters
double numThreads = 0;
double numBusyThreads = 0;
double numPerishingThreads = 0;
// Listen Port Number
int listenPortNumber = 5000;
@@ -85,6 +88,16 @@ pthread_cond_t serverCondition;
// Operating parameters
bool terminating = false;
// Java parameters
JavaVM *g_jvm = NULL;
JNIEnv *g_env = NULL;
// Java AuthenticationToken Class and method name
//char authTokenClassName[] = "jtest";
//char authTokenClassValidateMethodName[] = "test4";
char authTokenClassName[] = "com.novell.casa.authtoksvc.AuthToken";
char authTokenClassValidateMethodName[] = "validate";
//++=======================================================================
void
@@ -188,12 +201,17 @@ WorkerThreadWaiting(void)
// Acquire our mutex
pthread_mutex_lock(&serverMutex);
// Decrement the numBusyThread count and determine if there are
// too many of us laying around.
// Decrement the numBusyThread count
numBusyThreads --;
if ((numThreads - numBusyThreads) > minWaitingThreads
&& ((numBusyThreads + growThreads) / numThreads) < 0.33 )
// Check if we have too many idle workers
if ((numThreads - numBusyThreads - numPerishingThreads) > maxWaitingThreads
&& numThreads > beginThreads)
{
// We want to let this worker perish
numPerishingThreads ++;
retValue = true;
}
else
retValue = false;
@@ -222,57 +240,137 @@ WorkerThread(void*)
// L0
//=======================================================================--
{
bool perishingThread = false;
DbgTrace(1, "WorkerThread- Start\n", 0);
// Set the thread in the detached state so that it is cleaned up when it exits
pthread_detach(pthread_self());
// Loop until told to terminate
while (!terminating)
// Attach the thread to the JVM
JNIEnv *env;
if (g_jvm->AttachCurrentThread((void**) &env, NULL) >= 0)
{
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
if (requestId != 0)
// We are now attached to the JVM, find the helper class that
// we need.
jclass helperClass = env->FindClass(authTokenClassName);
if (helperClass)
{
// We got a request that needs servicing, now get the
// data associated with it.
char *pReqData;
int dataLen = IpcServerGetRequestData(requestId, &pReqData);
if (dataLen != 0)
// Helper class found, now get the id of the method that we invoke
jmethodID mId = env->GetStaticMethodID(helperClass,
authTokenClassValidateMethodName,
"(Ljava/lang/String;)Ljava/lang/String;");
if (mId)
{
// Indicate that we are now busy
WorkerThreadBusy();
// Just echo the data back as the reply
IpcServerCompleteRequest(requestId, pReqData);
// Indicate that we are no longer busy and get indication of
// whether or not we should continue to try to process requests.
if (WorkerThreadWaiting() == true)
// Loop until told to terminate
while (!terminating)
{
DbgTrace(1, "WorkerThread- Requested to terminate\n", 0);
break;
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
if (requestId != 0)
{
// We got a request that needs servicing, now get the
// data associated with it.
char *pReqData;
int dataLen = IpcServerGetRequestData(requestId, &pReqData);
if (dataLen != 0)
{
// Indicate that we are now busy
WorkerThreadBusy();
// Lets push the jvm local frame to allow us to clean up our local
// references later.
env->PushLocalFrame(10);
jstring inString = env->NewStringUTF(pReqData);
if (inString)
{
// Invoke our helper method
jstring outString = (jstring) env->CallStaticObjectMethod(helperClass, mId, inString);
if (outString)
{
// The helper method succeded, complete the request.
const char *pOutChars = env->GetStringUTFChars(outString, NULL);
if (pOutChars)
{
IpcServerCompleteRequest(requestId, (char*) pOutChars);
env->ReleaseStringUTFChars(outString, pOutChars);
}
else
{
DbgTrace(0, "WorkerThread- Unable to get UTF characters\n", 0);
IpcServerAbortRequest(requestId);
}
}
else
{
// The helper method failed, just abort the request.
IpcServerAbortRequest(requestId);
}
}
else
{
DbgTrace(0, "WorkerThread- UTF String allocation failure\n", 0);
IpcServerAbortRequest(requestId);
}
// Pop the jvm local frame to clean up our local references
env->PopLocalFrame(NULL);
// Indicate that we are no longer busy and get indication of
// whether or not we should continue to try to process requests.
if (WorkerThreadWaiting() == true)
{
DbgTrace(1, "WorkerThread- Requested to terminate\n", 0);
// Remember that we are a perishing thread so that we can reduce the
// count as we exit.
perishingThread = true;
break;
}
}
else
{
DbgTrace(0, "WorkerThread- Error obtaining Request data\n", 0);
IpcServerAbortRequest(requestId);
}
}
else
{
// No need to service requests any longer
break;
}
}
}
else
{
DbgTrace(0, "WorkerThread- Error obtaining Request data\n", 0);
IpcServerAbortRequest(requestId);
DbgTrace(0, "WorkerThread- Failed to get method id\n", 0);
}
}
else
{
// No need to service requests any longer
break;
DbgTrace(0, "WorkerThread- Failed to find helper class\n", 0);
}
// Detach from the JVM
g_jvm->DetachCurrentThread();
}
else
{
DbgTrace(0, "WorkerThread- Failed to attach to JVM\n", 0);
}
// Decrement the number of worker threads and signal our main thread
// to terminate itself if we are the last worker thread.
pthread_mutex_lock(&serverMutex);
if (perishingThread)
numPerishingThreads --;
numThreads --;
if (numThreads == 0)
pthread_cond_signal(&serverCondition);
pthread_mutex_unlock(&serverMutex);
DbgTrace(1, "WorkerThread- End\n", 0);
@@ -314,6 +412,78 @@ SigTermHandler(
} /*-- SigTermHandler() --*/
//++=======================================================================
int
InitJavaInvoke(void)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L0
//=======================================================================--
{
int retStatus = -1;
DbgTrace(1, "InitJavaInvoke- Start\n", 0);
//JavaVMOption options[1];
//options[0].optionString = "-Djava.class.path=.";
JavaVMOption options[1];
options[0].optionString = "-Djava.class.path=/usr/share/java:/etc/CASA/authtoken";
JavaVMInitArgs vm_args;
vm_args.version = JNI_VERSION_1_4;
vm_args.options = options;
vm_args.nOptions = 1;
vm_args.ignoreUnrecognized = true;
if (JNI_CreateJavaVM(&g_jvm, (void**)&g_env, &vm_args) >= 0)
{
// Success
retStatus = 0;
}
else
{
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
}
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus);
return retStatus;
} /*-- InitJavaInvoke() --*/
//++=======================================================================
void
UnInitJavaInvoke(void)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L0
//=======================================================================--
{
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm
g_jvm->DestroyJavaVM();
g_jvm = NULL;
g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
} /*-- UnInitJavaInvoke() --*/
//++=======================================================================
void
DaemonInit(
@@ -572,53 +742,65 @@ main(
pthread_mutex_init(&interlockedMutex, NULL);
pthread_mutex_init(&serverMutex, NULL);
// Initialize the condition that we will use to wait
// for the exit of all of our worker threads.
if (pthread_cond_init(&serverCondition, NULL) == 0)
// Initialize the JVM
if (InitJavaInvoke() == 0)
{
// Initialize the IPC Server
if (IpcServerInit(appName,
DebugLevel,
UseSyslog) == 0)
// Initialize the condition that we will use to wait
// for the exit of all of our worker threads.
if (pthread_cond_init(&serverCondition, NULL) == 0)
{
// Now setup the appropriate listen address
int setAddressResult;
if (listenPortNumber == 0)
setAddressResult = IpcServerSetUnAddress(DOMAIN_SOCKET_FILE_NAME);
else
setAddressResult = IpcServerSetInAddress(listenPortNumber);
if (setAddressResult == 0)
// Initialize the IPC Server
if (IpcServerInit(appName,
DebugLevel,
UseSyslog) == 0)
{
// Now start the IPC server
if (IpcServerStart() == 0)
// Now setup the appropriate listen address
int setAddressResult;
if (listenPortNumber == 0)
setAddressResult = IpcServerSetUnAddress(DOMAIN_SOCKET_FILE_NAME);
else
setAddressResult = IpcServerSetInAddress(listenPortNumber);
if (setAddressResult == 0)
{
// Acquire our mutex
pthread_mutex_lock(&serverMutex);
// Now start the IPC server
if (IpcServerStart() == 0)
{
// Acquire our mutex
pthread_mutex_lock(&serverMutex);
// Start worker threads
GrowWorkerThreadPool(beginThreads);
// Start worker threads
GrowWorkerThreadPool(beginThreads);
// Wait for the worker threads to terminate
pthread_cond_wait(&serverCondition, &serverMutex);
// Wait for the worker threads to terminate
pthread_cond_wait(&serverCondition, &serverMutex);
// Release our mutex
pthread_mutex_unlock(&serverMutex);
// Release our mutex
pthread_mutex_unlock(&serverMutex);
DbgTrace(0, "main- Exiting, numThreads = %d\n", numThreads);
}
}
else
{
DbgTrace(0, "main- Setting of listen address failed\n", 0);
}
}
else
{
DbgTrace(0, "main- Setting of listen address failed\n", 0);
DbgTrace(0, "main- Initialization of Ipc server failed\n", 0);
}
}
else
{
DbgTrace(0, "main- Initialization of Ipc server failed\n", 0);
DbgTrace(0, "main- Condition initialization failed\n", 0);
}
// Un-initialize JVM
UnInitJavaInvoke();
}
else
{
DbgTrace(0, "main- Condition initialization failed\n", 0);
DbgTrace(0, "main- JVM initialization failed\n", 0);
}
}
else

1
CASA-auth-token/non-java/server/AuthTokenValidate/internal.h
View File

@@ -32,6 +32,7 @@
#include <micasa_types.h>
#include <casa_status.h>
#include <casa_s_authtoken.h>
#include <casa_c_ipc.h>
#include "proto.h"
#include "list_entry.h"
#include "config_if.h"

5
CASA-auth-token/non-java/server/AuthTokenValidate/linux/Makefile.am
View File

@@ -46,7 +46,6 @@ MODULE_NAME = libcasa_s_authtoken
MODULE_EXT = so
CFILES = ../config.c \
../authtoken.c \
../principal.c \
../util.c \
../validate.c \
@@ -58,8 +57,8 @@ INCLUDES = -I. -I.. -I$(CASAINCLUDE) -I../../../include
RESOURCES =
DEFINES = -Wno-format-extra-args -fno-strict-aliasing
CFLAGS += $(INCLUDES) $(DEFINES)
LIBS = -lpthread -ldl -lexpat
LDFLAGS = -Bsymbolic -shared -Wl,-soname=$(MODULE_NAME).$(MODULE_EXT)
LIBS = -lpthread -ldl -lexpat -lcasa_c_ipc
LDFLAGS = -Bsymbolic -shared -Wl,-soname=$(MODULE_NAME).$(MODULE_EXT) -L$(ROOT)/lib/$(TARGET_CFG)
OBJDIR = ./$(TARGET_CFG)/$(LIB)
OBJS = $(addprefix $(OBJDIR)/, $(CFILES:%.c=%.o))

127
CASA-auth-token/non-java/server/AuthTokenValidate/validate.c
View File

@@ -41,6 +41,10 @@ int DebugLevel = 0;
static
bool g_moduleInitialized = false;
//
// IPC Client Sub-system variables
//
uint32_t atvsEndPointHandle; // Authentication Token Validation Service endpoint handle
//++=======================================================================
CasaStatus SSCS_CALL
@@ -126,8 +130,37 @@ ValidateAuthToken(
retStatus = IdenTokenInit();
if (CASA_SUCCESS(retStatus))
{
// Success
g_moduleInitialized = true;
// Initialize the Client Ipc Subsystem
if (IpcClientInit("CASA_AuthTokenValidate",
true,
DebugLevel,
false) == 0)
{
// Open endpoint for the Authentication Token Validation Service
if (IpcClientOpenInetRemoteEndPoint(5000,
0x7F000001,
0,
&atvsEndPointHandle) == 0)
{
// Success
g_moduleInitialized = true;
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to open remote endpoint\n", 0);
IpcClientShutdown();
IdenTokenUninit();
PrincipalIfUninit();
ConfigIfUninit();
}
}
else
{
DbgTrace(0, "-ValidateAuthToken- Ipc subsystem initialization failed\n", 0);
IdenTokenUninit();
PrincipalIfUninit();
ConfigIfUninit();
}
}
else
{
@@ -157,71 +190,87 @@ ValidateAuthToken(
&decodedTokenBufLen);
if (CASA_SUCCESS(retStatus))
{
AuthToken *pAuthToken;
char *pIdenTokenData;
int idenTokenDataLen;
// Token was decoded successfully, now create an authentication token object with it.
retStatus = CreateAuthToken(pDecodedTokenBuf, decodedTokenBufLen, &pAuthToken);
if (CASA_SUCCESS(retStatus))
// Token was decoded successfully, now submit the authentication token to the
// authentication token validation service.
if (IpcClientSubmitReq(atvsEndPointHandle,
pDecodedTokenBuf,
decodedTokenBufLen,
&pIdenTokenData,
&idenTokenDataLen) == 0)
{
// Now check the validity of the token
retStatus = CheckAuthToken(pAuthToken, pServiceName);
if (CASA_SUCCESS(retStatus))
// The submit succeeded, make sure that we got some identity data back.
if (pIdenTokenData)
{
IdenTokenProviderIf *pIdenTokenProviderIf;
// The token was validated, now
// Obtain Identity Token Provider interface
retStatus = GetIdenTokenProviderInterface(pAuthToken->pIdenTokenType,
&pIdenTokenProviderIf);
if (CASA_SUCCESS(retStatus))
if (idenTokenDataLen != 0)
{
IdenTokenIf *pIdenTokenIf;
IdenTokenProviderIf *pIdenTokenProviderIf;
// Use the Identity Token Provider to get an Identity Token Interface instance
retStatus = pIdenTokenProviderIf->getIdentityTokenIf(pIdenTokenProviderIf,
pAuthToken->pIdenToken,
pAuthToken->idenTokenLen,
&pIdenTokenIf);
// The authentication token was validated, now obtain
// Identity Token Provider interface.
retStatus = GetIdenTokenProviderInterface("CasaIdentityToken", // tbd - Hard code until we enhance the protocol with the atvs to also return this information.
&pIdenTokenProviderIf);
if (CASA_SUCCESS(retStatus))
{
// Now create a principal interface instance with the identity information present in
// the identity token.
retStatus = GetPrincipalInterface(pIdenTokenIf, &pPrincipalIf);
IdenTokenIf *pIdenTokenIf;
// Use the Identity Token Provider to get an Identity Token Interface instance
retStatus = pIdenTokenProviderIf->getIdentityTokenIf(pIdenTokenProviderIf,
pIdenTokenData,
idenTokenDataLen,
&pIdenTokenIf);
if (CASA_SUCCESS(retStatus))
{
// Success, return the principal interface to the caller.
*ppPrincipalIf = pPrincipalIf;
// Now create a principal interface instance with the identity information present in
// the identity token.
retStatus = GetPrincipalInterface(pIdenTokenIf, &pPrincipalIf);
if (CASA_SUCCESS(retStatus))
{
// Success, return the principal interface to the caller.
*ppPrincipalIf = pPrincipalIf;
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to instantiate principal interface\n", 0);
}
// Release identity token interface
pIdenTokenIf->releaseReference(pIdenTokenIf);
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to instantiate principal interface\n", 0);
DbgTrace(0, "-ValidateAuthToken- Failed to instantiate identity token\n", 0);
}
// Release identity token interface
pIdenTokenIf->releaseReference(pIdenTokenIf);
// Release identity token provider interface
pIdenTokenProviderIf->releaseReference(pIdenTokenProviderIf);
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to instantiate identity token\n", 0);
DbgTrace(0, "-ValidateAuthToken- Failed to obtain identity token provider interface\n", 0);
}
// Release identity token provider interface
pIdenTokenProviderIf->releaseReference(pIdenTokenProviderIf);
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to obtain identity token provider interface\n", 0);
DbgTrace(0, "-ValidateAuthToken- ValidateAuthToken submit did not return identity token data\n", 0);
}
}
// Free the AuthToken object
RelAuthToken(pAuthToken);
// Free the buffer containing the identity token data
free(pIdenTokenData);
}
else
{
DbgTrace(0, "-ValidateAuthToken- ValidateAuthToken submit did not return identity token data buffer\n", 0);
}
}
else
{
DbgTrace(0, "-ValidateAuthToken- Failed to create authentication token object\n", 0);
DbgTrace(1, "-ValidateAuthToken- ValidateAuthToken submit failed\n", 0);
}
// Free the decoded token buffer
free(pDecodedTokenBuf);
}