Modifications to resolve issues found during self-code review.

This commit is contained in:
Juan Carlos Luciani 2006-12-08 05:45:03 +00:00
parent 9a0426279c
commit 8ade751650
34 changed files with 524 additions and 268 deletions

View File

@ -624,7 +624,10 @@ ObtainAuthTokenInt(
}
else
{
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0);
if (*pAuthTokenBufLen != 0)
{
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0);
}
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_BUFFER_OVERFLOW);

View File

@ -66,7 +66,7 @@ atsIsRunning()
StartDAEMON()
{
# Start the daemon
echo -n "Starting casa_atsd"
echo -n "Starting casa_atsd..."
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
@ -126,7 +126,7 @@ StartDAEMON()
StopDAEMON()
{
# Stop the daemon
echo -n "Shutting down casa_atsd"
echo -n "Stopping casa_atsd..."
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
if atsIsRunning ; then

View File

@ -153,10 +153,10 @@ check_password(
// Now get a copy of the location being protected
if (i > 1)
{
pLocationName = apr_palloc(r->pool, i);
pLocationName = apr_palloc(r->pool, i + 1);
if (pLocationName)
{
memset(pLocationName, 0, i);
memset(pLocationName, 0, i + 1);
memcpy(pLocationName, &(r->uri[1]), i - 1); // Do not include the slashes
}
else
@ -207,7 +207,6 @@ check_password(
&pPrincipalIf);
if (CASA_SUCCESS(casaStatus))
{
int buffLen = 0;
apr_table_t *e = r->subprocess_env;
@ -248,7 +247,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
@ -288,7 +287,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -329,7 +328,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -390,7 +389,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -410,18 +409,8 @@ check_password(
}
else
{
// We did not check the username, set the return status based on the status
// returned by ValidateAuthToken().
if (CasaStatusCode(casaStatus) == CASA_STATUS_AUTHENTICATION_FAILURE)
{
// Authentication failed
retStatus = AUTH_DENIED;
}
else
{
// Allow other providers to get a crack to it
retStatus = AUTH_USER_NOT_FOUND;
}
// We did not check the username, allow other providers to get a crack to it.
retStatus = AUTH_USER_NOT_FOUND;
}
}
}

View File

@ -87,6 +87,18 @@ CASA Authentication Tokens when compromised can be used to either impersonate
a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL.
Under Linux, the Validate CASA Authentication Token libraries validate tokens
by invoking a service (casa_atvd, also knon as CasaAuthtokenValidateD). The security of the
communications that happen between the library and the service is dependent on the properties
of the stack providing Unix Domain Sockets communications and the file system rights setup
on the folder where the domain sockets are created.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on casa_atvd. If this is not acceptable then change the
rigths on the folder to only allow selected users to connect to it.

View File

@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.

View File

@ -107,7 +107,7 @@ StartDAEMON()
StopDAEMON()
{
echo -n "Shutting down..."
echo -n "Stopping casa_atvd..."
killproc $DAEMON
RVAL=$?
$ECHO

View File

@ -36,6 +36,11 @@
#define MAXFD 64
#define MIN_THREADS 1
#define MAX_THREADS 4096
#define DEFAULT_BEGIN_THREADS 5
#define DEFAULT_GROW_THREADS 5
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//===[ Type definitions ]==================================================
@ -51,9 +56,9 @@ WorkerThread(void*);
char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n";
// Worker thread pool configuration parameters
int beginThreads = 5;
int growThreads = 5;
int maxThreads = 4096;
int beginThreads = DEFAULT_BEGIN_THREADS;
int growThreads = DEFAULT_GROW_THREADS;
int maxThreads = MAX_THREADS;
int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4;
@ -64,7 +69,7 @@ double numPerishingThreads = 0;
// Listen Port Number
//int listenPortNumber = 5000;
int listenPortNumber = 0;
unsigned short int listenPortNumber = 0;
// Parameter indicating whether or not the server needs to run
// as a daemon.
@ -133,7 +138,7 @@ ServiceRequests(void)
while (!terminating)
{
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
uint32_t requestId = IpcServerGetRequest();
if (requestId != 0)
{
// We got a request that needs servicing, now get the
@ -591,7 +596,7 @@ InitJavaInvoke(void)
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
}
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus);
return retStatus;
@ -616,8 +621,11 @@ UnInitJavaInvoke(void)
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm
g_jvm->DestroyJavaVM();
g_jvm = NULL;
if (g_jvm)
{
g_jvm->DestroyJavaVM();
g_jvm = NULL;
}
g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
@ -694,7 +702,6 @@ DaemonInit(
for (int i = 0; i < MAXFD; i++)
close(i);
// Spawn a worker
if ((pid = fork()) == -1)
{
@ -801,6 +808,7 @@ main(
// Scan through the options specified
while (!doneScanning)
{
long int value = 0;
opterr = 0;
option = getopt(argc, argv, "m:p:b:g:D:ds");
@ -810,15 +818,36 @@ main(
case 'p':
// Port number option, record location of
// argument.
listenPortNumber = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value > 0
&& value <= USHRT_MAX)
{
listenPortNumber = (unsigned short int) value;
}
else
{
fprintf(stderr, "Specified ListenPort parameter out of range, using default value");
}
optionsSpecified ++;
break;
case 'b':
// Begin threads option, override the default parameter
// with the value of the option.
beginThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
beginThreads = (int) value;
}
else
{
fprintf(stderr, "Specified BeginThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -826,7 +855,18 @@ main(
case 'g':
// Grow threads option, override the default parameter
// with the value of the option.
growThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
growThreads = (int) value;
}
else
{
fprintf(stderr, "Specified GrowThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -834,7 +874,18 @@ main(
case 'm':
// Max threads option, override the default parameter
// with the value of the option.
maxThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
maxThreads = (int) value;
}
else
{
fprintf(stderr, "Specified MaxThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -966,7 +1017,7 @@ main(
{
// Invalid option detected or the user failed to
// specify the listening port number.
printf(usage, argv[0]);
fprintf(stderr, usage, argv[0]);
}
return 0;

View File

@ -93,7 +93,6 @@ RemoveWhiteSpaceFromTheEnd(
{
char *pLineEnd = (char*) pInString + strlen(pInString) - 1;
DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0);
while (pLineEnd != pInString)
@ -217,6 +216,8 @@ LowerCaseString(
// Abstract:
//
// Notes:
// Notes: Function assumes that the caller has made sure that the destination
// string buffer has enough space to receive the resulting string.
//
// L2
//=======================================================================--
@ -271,7 +272,7 @@ AddReference(
refCount = pConfigIfInstance->refCount;
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -378,13 +379,13 @@ GetEntryValue(
char *pValue = NULL;
LIST_ENTRY *pListEntry;
ConfigKey *pConfigKey;
int keyNameLen = strlen(pKeyName);
int keyNameLen = (int) strlen(pKeyName);
char *pKeyNameLowercase;
DbgTrace(2, "-GetEntryValue- Start\n", 0);
// Allocate enough space to hold lower case version of the key name
pKeyNameLowercase = malloc(keyNameLen + 1);
pKeyNameLowercase = (char*) malloc(keyNameLen + 1);
if (pKeyNameLowercase)
{
// Lower case the key name
@ -402,7 +403,7 @@ GetEntryValue(
&& memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0)
{
// We found it, return its value.
pValue = malloc(pConfigKey->valueLen + 1);
pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pValue)
{
strcpy(pValue, pConfigKey->pValue);
@ -426,7 +427,7 @@ GetEntryValue(
DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0);
}
DbgTrace(2, "-GetEntryValue- End, pValue = %08X\n", (unsigned int) pValue);
DbgTrace(2, "-GetEntryValue- End, pValue = %0X\n", (unsigned int) pValue);
return pValue;
}
@ -461,8 +462,8 @@ GetConfigInterface(
// L2
//=======================================================================--
{
int configFolderLen = strlen(pConfigFolder);
int configNameLen = strlen(pConfigName);
int configFolderLen = (int) strlen(pConfigFolder);
int configNameLen = (int) strlen(pConfigName);
ConfigIfInstance *pConfigIfInstance;
LIST_ENTRY *pListEntry;
CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
@ -506,13 +507,13 @@ GetConfigInterface(
char *pFilePath;
// Build a string containing the configuration file path
pFilePath = malloc(configFolderLen + 1 + configNameLen + sizeof(".conf"));
pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1);
if (pFilePath)
{
FILE *pConfigFile;
strcpy(pFilePath, pConfigFolder);
strcat(pFilePath, "/");
strcat(pFilePath, pathCharString);
strcat(pFilePath, pConfigName);
strcat(pFilePath, ".conf");
@ -521,7 +522,7 @@ GetConfigInterface(
if (pConfigFile)
{
// Opened the file, create a ConfigIfInstance object for it.
pConfigIfInstance = malloc(sizeof(*pConfigIfInstance));
pConfigIfInstance = (ConfigIfInstance*) malloc(sizeof(*pConfigIfInstance));
if (pConfigIfInstance)
{
// Initialize the list head within the instance data
@ -533,13 +534,13 @@ GetConfigInterface(
pConfigIfInstance->configIf.getEntryValue = GetEntryValue;
// Save the ConfigFolder and ConfigName information within the instance data
pConfigIfInstance->pConfigFolder = malloc(configFolderLen + 1);
pConfigIfInstance->pConfigFolder = (char*) malloc(configFolderLen + 1);
if (pConfigIfInstance->pConfigFolder)
{
strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder);
pConfigIfInstance->configFolderLen = configFolderLen;
pConfigIfInstance->pConfigName = malloc(configNameLen + 1);
pConfigIfInstance->pConfigName = (char*) malloc(configNameLen + 1);
if (pConfigIfInstance->pConfigName)
{
strcpy(pConfigIfInstance->pConfigName, pConfigName);
@ -562,90 +563,100 @@ GetConfigInterface(
// Now update the instance data with the information present in the file
if (fseek(pConfigFile, 0, SEEK_SET) == 0)
{
char line[512];
while (fgets(line, sizeof(line), pConfigFile) != NULL)
#define MAX_LINE_LEN 1024
char *pLine = (char*) malloc(MAX_LINE_LEN);
if (pLine)
{
int lineLength;
RemoveWhiteSpaceFromTheEnd(line);
lineLength = strlen(line);
if (lineLength != 0)
while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL)
{
char *pKey;
char *pKeyEnd;
char *pValue;
ConfigKey *pConfigKey;
int lineLength;
// Attempt to find the key
pKey = SkipWhiteSpace(line);
RemoveWhiteSpaceFromTheEnd(pLine);
// Make sure that we are not dealing with an empty line or a comment
if (*pKey == '\0' || *pKey == '#')
continue;
// Go past the key
pKeyEnd = SkipNonWhiteSpace(pKey);
// Protect against a malformed line
if (*pKeyEnd == '\0')
lineLength = (int) strlen(pLine);
if (lineLength != 0)
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
char *pKey;
char *pKeyEnd;
char *pValue;
ConfigKey *pConfigKey;
// Attempt to find the value
pValue = SkipWhiteSpace(pKeyEnd);
// Attempt to find the key
pKey = SkipWhiteSpace(pLine);
// Protect against a malformed line
if (*pValue == '\0')
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Make sure that we are not dealing with an empty line or a comment
if (*pKey == '\0' || *pKey == '#')
continue;
// Delineate the key
*pKeyEnd = '\0';
// Go past the key
pKeyEnd = SkipNonWhiteSpace(pKey);
// Create a ConfigKey object for this key/value pair
pConfigKey = malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = strlen(pKey);
pConfigKey->pKeyName = malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
// Protect against a malformed line
if (*pKeyEnd == '\0')
{
// Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
pConfigKey->valueLen = strlen(pValue);
pConfigKey->pValue = malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
// Attempt to find the value
pValue = SkipWhiteSpace(pKeyEnd);
// Protect against a malformed line
if (*pValue == '\0')
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Delineate the key
*pKeyEnd = '\0';
// Create a ConfigKey object for this key/value pair
pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = (int) strlen(pKey);
pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
{
strcpy(pConfigKey->pValue, pValue);
// Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
// The entry is ready, now associate it with the instance data.
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry);
pConfigKey->valueLen = (int) strlen(pValue);
pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
{
strcpy(pConfigKey->pValue, pValue);
// The entry is ready, now associate it with the instance data.
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
}
// Free the buffer allocated for holding line strings
free(pLine);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
}
else
@ -680,8 +691,12 @@ GetConfigInterface(
}
else
{
DbgTrace(1, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath);
}
// Free the buffer allocated for the file path
free(pFilePath);
}
else
{
@ -691,7 +706,7 @@ GetConfigInterface(
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -724,7 +739,7 @@ ConfigIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

View File

@ -452,7 +452,7 @@ ConsumeElementData(
}
}
DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-ConsumeElementData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -801,7 +801,7 @@ AddReference(
refCount = pIdenTokenIfInstance->refCount;
PlatReleaseMutex(g_idenTokenIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -923,7 +923,7 @@ GetIdentityId(
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -999,7 +999,7 @@ GetSourceName(
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1075,7 +1075,7 @@ GetSourceUrl(
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1222,7 +1222,7 @@ AttributeEnumerate(
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1385,7 +1385,7 @@ GetIdenTokenInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1418,7 +1418,7 @@ IdenTokenIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

View File

@ -90,7 +90,7 @@ AddReference(
refCount = pIdenTokenProviderIfInstance->refCount;
PlatReleaseMutex(g_idenTokenProviderIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -334,7 +334,7 @@ GET_IDEN_TOKEN_PROVIDER_INTERFACE_RTN(
exit:
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}

View File

@ -81,7 +81,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

View File

@ -50,22 +50,22 @@
//
// DbgTrace macro define
//
#define DbgTrace(LEVEL, X, Y) { \
/*#define DbgTrace(LEVEL, X, Y) { \
char printBuff[256]; \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
_snprintf(printBuff, sizeof(printBuff), X, Y); \
fprintf(stderr, "CASA_IdenToken %s", printBuff); \
} \
}
/*#define DbgTrace(LEVEL, X, Y) { \
}*/
#define DbgTrace(LEVEL, X, Y) { \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \
syslog(LOG_USER | LOG_INFO, X, Y); \
closelog(); \
} \
}*/
}
// Deal with function name mapping issues

View File

@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

View File

@ -81,7 +81,7 @@ GetIdenTokenProviderInterface(
DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0);
// Get the configuration for the module
retStatus = GetConfigInterface("/etc/CASA/authtoken/modules",
retStatus = GetConfigInterface(moduleConfigFolderPath,
pIdenTokenTypeName,
&pModuleConfigIf);
if (CASA_SUCCESS(retStatus)
@ -247,7 +247,7 @@ GetIdenTokenProviderInterface(
CASA_STATUS_CONFIGURATION_ERROR);
}
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -280,7 +280,7 @@ IdenTokenInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

View File

@ -65,6 +65,8 @@ typedef struct _AuthToken
//===[ Global externals ]==================================================
extern int DebugLevel;
extern char pathCharString[];
extern char moduleConfigFolderPath[];
extern char IpcClientLibraryPath[];
//===[ External prototypes ]===============================================
@ -214,8 +216,8 @@ DecodeData(
extern
int
dtoul(
IN char *cp,
IN int len);
IN const char *cp,
IN const int len);
//=========================================================================

View File

@ -41,6 +41,12 @@ typedef struct _PlatformMutex
//===[ Global variables ]==================================================
// Path separator
char pathCharString[] = "/";
// Modules configuration folder path
char moduleConfigFolderPath[] = "/etc/CASA/authtoken/modules";
//
// Module synchronization mutex
//
@ -113,7 +119,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

View File

@ -72,18 +72,27 @@ AddReference(
// L2
//=======================================================================--
{
int refCount;
int refCount = 0;
PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf);
DbgTrace(2, "-AddReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-AddReference- Invalid parameter\n", 0);
goto exit;
}
// Increment the reference count on the object
PlatAcquireMutex(g_principalIfMutex);
pPrincipalIfInstance->refCount ++;
refCount = pPrincipalIfInstance->refCount;
PlatReleaseMutex(g_principalIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
exit:
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -114,6 +123,13 @@ ReleaseReference(
DbgTrace(2, "-ReleaseReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-ReleaseReference- Invalid parameter\n", 0);
goto exit;
}
// Decrement the reference count on the object and determine if it needs to
// be released.
PlatAcquireMutex(g_principalIfMutex);
@ -136,6 +152,8 @@ ReleaseReference(
free(pPrincipalIfInstance);
}
exit:
DbgTrace(2, "-ReleaseReference- End\n", 0);
}
@ -176,12 +194,26 @@ GetIdentityId(
DbgTrace(2, "-GetIdentityId- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pIdentIdLen == NULL
|| (*pIdentIdLen != 0 && pIdentIdBuf == NULL))
{
DbgTrace(0, "-GetIdentityId- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf,
pIdentIdBuf,
pIdentIdLen);
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -224,12 +256,26 @@ GetSourceName(
DbgTrace(2, "-GetSourceName- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceNameLen == NULL
|| (*pSourceNameLen != 0 && pSourceNameBuf == NULL))
{
DbgTrace(0, "-GetSourceName- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf,
pSourceNameBuf,
pSourceNameLen);
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -272,12 +318,26 @@ GetSourceUrl(
DbgTrace(2, "-GetSourceUrl- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceUrlLen == NULL
|| (*pSourceUrlLen != 0 && pSourceUrlBuf == NULL))
{
DbgTrace(0, "-GetSourceUrl- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf,
pSourceUrlBuf,
pSourceUrlLen);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -335,6 +395,21 @@ AttributeEnumerate(
DbgTrace(2, "-AttributeEnumerate- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pEnumHandle == NULL
|| pAttribNameLen == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|| pAttribValueLen == NULL
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
{
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf,
pEnumHandle,
@ -343,7 +418,9 @@ AttributeEnumerate(
pAttribValueBuf,
pAttribValueLen);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -409,7 +486,7 @@ GetPrincipalInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -442,7 +519,7 @@ PrincipalIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

View File

@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -276,8 +275,8 @@ DecodeData(
//++=======================================================================
int
dtoul(
IN char *cp,
IN int len)
IN const char *cp,
IN const int len)
//
// Arguments:
//
@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

View File

@ -32,6 +32,9 @@
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//#define INT32_MAX 2147483647
//===[ Type definitions ]==================================================
//===[ Function prototypes ]===============================================
@ -68,10 +71,10 @@ uint32_t g_atvsEndPointHandle; // Authentication Token Validation Service endp
//++=======================================================================
CasaStatus SSCS_CALL
ValidateAuthToken(
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf)
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf)
//
// Arguments:
// pServiceName -
@ -105,7 +108,7 @@ ValidateAuthToken(
{
CasaStatus retStatus;
char *pDecodedTokenBuf;
int decodedTokenBufLen;
int32_t decodedTokenBufLen;
PrincipalIf *pPrincipalIf;
DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@ -114,6 +117,7 @@ ValidateAuthToken(
if (pServiceName == NULL
|| pTokenBuf == NULL
|| tokenBufLen == 0
|| tokenBufLen > INT32_MAX
|| ppPrincipalIf == NULL)
{
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@ -248,7 +252,7 @@ ValidateAuthToken(
if (CASA_SUCCESS(retStatus))
{
char *pIdenTokenData;
int idenTokenDataLen;
int32_t idenTokenDataLen;
// Assume failure
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@ -343,7 +347,7 @@ ValidateAuthToken(
exit:
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -364,8 +368,8 @@ so_init()
// L2
//=======================================================================--
{
// Check for environment variable specifying that the application is
// multi-threaded.
// Check for environment variable specifying that the application
// is not multi-threaded.
if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL)
{
// The parameter has been configured, remember it.

View File

@ -94,10 +94,25 @@ pam_sm_authenticate(pam_handle_t *pamh,
char *pServicename = NULL;
char *pAuthToken = NULL;
// Verify input parameters
if (pamh == NULL
|| (argc > 0 && argv == NULL))
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
// Determine if we are supposed to perform the username check
// based on the arguments specified.
for (i = 0; i < argc; i++)
{
// Do safety check
if (argv[i] == NULL)
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
if (*(argv[i]) == 'U')
{
// The arguments indicate that we should check the username
@ -116,7 +131,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
// the username check.
if (performUsernameCheck)
{
char *pUsername;
char *pUsername = NULL;
struct pam_response *responses = NULL;
// Obtain the username so that it can be checked.
@ -135,11 +150,12 @@ pam_sm_authenticate(pam_handle_t *pamh,
}
else
{
struct pam_conv *pConv;
struct pam_conv *pConv = NULL;
// The username has not been set, try to obtain it from the
// application through the use of the conversation function.
if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS)
if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS
&& pConv != NULL)
{
struct pam_message msg;
struct pam_message *messages = &msg;
@ -150,7 +166,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1,
(const struct pam_message **) &messages,
&responses,
pConv->appdata_ptr) == PAM_SUCCESS)
pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{
// Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS
@ -216,7 +233,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1,
(const struct pam_message **) &messages,
&responses,
pConv->appdata_ptr) == PAM_SUCCESS)
pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{
// Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS

View File

@ -160,9 +160,9 @@ int
IpcClientSubmitReq(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen);
INOUT int32_t *pServerDataLen);
//
// Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request.
@ -202,9 +202,9 @@ int
(*PFN_IpcClientSubmitReq)(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen);
INOUT int32_t *pServerDataLen);
//++=======================================================================

View File

@ -46,7 +46,7 @@
//++=======================================================================
extern
int32_t
uint32_t
IpcServerGetRequest(void);
//
// Arguments In: None.
@ -72,7 +72,7 @@ IpcServerGetRequest(void);
extern
int32_t
IpcServerGetRequestData(
IN int32_t requestId,
IN uint32_t requestId,
INOUT char **ppReqData);
//
// Arguments In: requestId - The id of the request being processed.
@ -101,7 +101,7 @@ IpcServerGetRequestData(
extern
void
IpcServerCompleteRequest(
IN int32_t requestId,
IN uint32_t requestId,
IN char *pReplyData);
//
// Arguments In: requestId - The id of the request being completed.
@ -124,7 +124,7 @@ IpcServerCompleteRequest(
extern
void
IpcServerAbortRequest(
IN int32_t requestId);
IN uint32_t requestId);
//
// Arguments In: requestId - The id of the request being aborted.
//

View File

@ -88,8 +88,9 @@ linux/client/test/testClient.c.
SECURITY CONSIDERATIONS
IpcLibs does not provide any security features beyond what is provided by the protocol stacks for
tcp/ip and Domain sockets communications.
tcp/ip and Domain sockets communications. IpcLibs does not directly perform any uid/gid checks
when Domain socket communications are performed.
By leveraging the File System Access Control features, you can scope communications that occur over
Domain sockets to specific or groups of users.
Domain sockets to specific or groups of users.

View File

@ -390,9 +390,9 @@ CChannel::connectionThread(
{
CChannel *pCChannel = *pSmartCChannel;
bool doneReceivingData = false;
unsigned long bytesReceived;
int32_t bytesReceived;
uint32_t reqId;
int payloadLength;
int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char *pRecvBuff;
@ -441,7 +441,7 @@ CChannel::connectionThread(
&payloadLength))
{
// Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr))
switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{
case ChannelProto::ReqDataCarrierPacketType:
@ -747,7 +747,7 @@ CChannel::submitReq(
uint32_t reqId,
ClientReq &clientReq,
char *pClientData,
int clientDataLen)
int32_t clientDataLen)
//
// Arguments:
//

View File

@ -222,7 +222,7 @@ public:
int submitReq(uint32_t reqId,
ClientReq &clientReq,
char *pClientData,
int clientDataLen);
int32_t clientDataLen);
//
// Remove Request routine

View File

@ -354,8 +354,6 @@ IpcClientCloseRemoteEndPoint(
DbgTrace(0, "IpcClientCloseRemoteEndPoint- Not initialized\n", 0);
}
exit:
DbgTrace(1, "IpcClientCloseRemoteEndPoint- End, status = %0X\n", retStatus);
return retStatus;
@ -368,9 +366,9 @@ int
IpcClientSubmitReq(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen)
INOUT int32_t *pServerDataLen)
//
// Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request.
@ -410,6 +408,15 @@ IpcClientSubmitReq(
DbgTrace(1, "IpcClientSubmitReq- Start\n", 0);
// Verify input parameters
if (pClientData == NULL
|| ppServerData == NULL
|| pServerDataLen == NULL)
{
DbgTrace(0, "IpcClientSubmitReq- Invalid parameter\n", 0);
goto exit;
}
// Verify that we have been initialized
if (svcInitialized)
{
@ -425,7 +432,7 @@ IpcClientSubmitReq(
// the request.
SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(*(iter->second));
// Release our mutex before deleting the endpoint
// Release our mutex before using the remote endpoint
pthread_mutex_unlock(&clientMutex);
// Submit the request
@ -450,6 +457,8 @@ IpcClientSubmitReq(
DbgTrace(0, "IpcClientSubmitReq- Not initialized\n", 0);
}
exit:
DbgTrace(1, "IpcClientSubmitReq- End, retStatus = %0X\n", retStatus);
return retStatus;
@ -498,7 +507,7 @@ IpcClientInit(
DbgTrace(1, "IpcClientInit- Start\n", 0);
// Check input parameters
if (pAppName == NULL)
if (pName == NULL)
{
DbgTrace(0, "IpcClientInit- Invalid parameter\n", 0);
goto exit;

View File

@ -142,7 +142,7 @@ ClientReq::~ClientReq(void)
void
ClientReq::processServerData(
char *pServerData,
int serverDataLength)
int32_t serverDataLength)
//
// Arguments:
//
@ -230,7 +230,7 @@ ClientReq::processError(void)
int
ClientReq::waitForCompletion(
char **ppResponseData,
int *pResponseDataLength)
int32_t *pResponseDataLength)
//
// Arguments:
//

View File

@ -52,7 +52,7 @@ class ClientReq
// Server Data
char *m_pServerData;
int m_serverDataLen;
int32_t m_serverDataLen;
// Flag indicating the state of the submitting
// thread.
@ -114,7 +114,7 @@ public:
// Returns: Nothing.
//
void processServerData(char *pServerData,
int serverDataLength);
int32_t serverDataLength);
//
// Process Error routine
@ -147,7 +147,7 @@ public:
// -1 == Request did not complete gracefully
//
int waitForCompletion(char **ppResponseData,
int *pResponseDataLength);
int32_t *pResponseDataLength);
//
// Completion status

View File

@ -80,31 +80,41 @@ RemoteEndPoint::RemoteEndPoint(
{
DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %0X\n", this);
// Initialize our mutex
pthread_mutex_init(&m_mutex, NULL);
// Verify that the specified path is not too long
if (strlen(pSocketFileName) < sizeof(sizeof(m_serverUnAddr.sun_path)))
{
// Initialize our mutex
pthread_mutex_init(&m_mutex, NULL);
// Set the necessary information in the m_serverUnAddr variable
m_serverUnAddr.sun_family = AF_UNIX;
strcpy(m_serverUnAddr.sun_path, pSocketFileName);
// Set the necessary information in the m_serverUnAddr variable
m_serverUnAddr.sun_family = AF_UNIX;
strncpy(m_serverUnAddr.sun_path, pSocketFileName, sizeof(m_serverUnAddr.sun_path) - 1);
// Set the necessary flags to indicate that DOMAIN sockets
// should be used for communications.
m_Use_PF_UNIX = true;
m_Use_AF_INET = false;
// Set the necessary flags to indicate that DOMAIN sockets
// should be used for communications.
m_Use_PF_UNIX = true;
m_Use_AF_INET = false;
// Setup the number of channels that we may have based on
// whether the application is multi-threaded or not.
if (multithreaded)
m_numCChannels = MAX_CHANNELS_PER_ENDPOINT;
// Setup the number of channels that we may have based on
// whether the application is multi-threaded or not.
if (multithreaded)
m_numCChannels = MAX_CHANNELS_PER_ENDPOINT;
else
m_numCChannels = 1;
// Instantiate entries in SmartCChannel vector
try {
for (int i = 0; i < m_numCChannels; i++)
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc();
}
}
else
m_numCChannels = 1;
// Instantiate entries in SmartCChannel vector
try {
for (int i = 0; i < m_numCChannels; i++)
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
{
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Socket file path name too long\n", 0);
throw bad_alloc();
}
@ -166,6 +176,7 @@ RemoteEndPoint::RemoteEndPoint(
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc();
}
@ -259,7 +270,7 @@ RemoteEndPoint::getCChannel(void)
m_cchannelVector[channelSelector].setPointer(NULL);
}
CChannel *pCChannel;
CChannel *pCChannel = NULL;
try {
// Use the appropriate server address when instantiating
@ -325,9 +336,9 @@ RemoteEndPoint::getCChannel(void)
int
RemoteEndPoint::submitReq(
char *pClientData,
int clientDataLen,
int32_t clientDataLen,
char **ppServerData,
int *pServerDataLen)
int32_t *pServerDataLen)
//
// Arguments:
//

View File

@ -186,9 +186,9 @@ public:
// Note: The routine blocks until the request completes.
//
int submitReq(char *pClientData,
int clientDataLen,
int32_t clientDataLen,
char **ppServerData,
int *pServerDataLen);
int32_t *pServerDataLen);
};
typedef SmartPtr<RemoteEndPoint> SmartRemoteEndPoint;

View File

@ -68,7 +68,7 @@ ChannelProto::buildReqDataPktHdr(
//
// Abstract:
//
// Notes:
// Notes: pPktHdr must point to a buffer of size ReqDataPktHdrTemple.length().
//
// L2
//=======================================================================--
@ -81,16 +81,16 @@ ChannelProto::buildReqDataPktHdr(
// - Req Data Packet Header Format -
//
// ReqDataCarrierType
// ReqIdHdr value (value format=%0X)
// PayloadLengthHdr value (value format=%0X)
// ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%08X)
//
// Setup the necessary value strings
char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId);
sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength);
sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer;
// Format the header.
@ -141,7 +141,7 @@ ChannelProto::buildReqErrorPktHdr(
//
// Abstract:
//
// Notes:
// Notes: pPktHdr must point to a buffer of size ReqErrorPktHdrTemple.length().
//
// L2
//=======================================================================--
@ -154,16 +154,16 @@ ChannelProto::buildReqErrorPktHdr(
// - Req Error Packet Header Format -
//
// ReqErrorCarrierType
// ReqIdHdr value (value format=%0X)
// PayloadLengthHdr value (value format=%0X)
// ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%08X)
//
// Setup the necessary value strings
char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId);
sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength);
sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer;
// Format the header.
@ -204,7 +204,8 @@ ChannelProto::buildReqErrorPktHdr(
//++=======================================================================
ChannelProto::PacketTypes
ChannelProto::getPktType(
char &buff)
char &buff,
int hdrLength)
//
// Arguments:
//
@ -223,29 +224,47 @@ ChannelProto::getPktType(
// Find the end of the Channel Packet Type
char *pCurr = &buff;
while (*pCurr != '\r')
int bytesLeft = hdrLength;
bool endFound = false;
while (bytesLeft)
{
if (*pCurr == '\r')
{
endFound = true;
break;
}
pCurr ++;
// Found the end of the Channel Packet Type, now
// calculate its length.
int channelPktTypeLength = pCurr - &buff;
// Now start comparing
if (channelPktTypeLength == ReqDataCarrierType.length()
&& !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Data Carrier
packetType = ReqDataCarrierPacketType;
bytesLeft --;
}
else if (channelPktTypeLength == ReqErrorCarrierType.length()
&& !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength))
if (endFound)
{
// The type is Channel Req Error Carrier
packetType = ReqErrorCarrierPacketType;
// Found the end of the Channel Packet Type, now
// calculate its length.
int channelPktTypeLength = pCurr - &buff;
// Now start comparing
if (channelPktTypeLength == ReqDataCarrierType.length()
&& !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Data Carrier
packetType = ReqDataCarrierPacketType;
}
else if (channelPktTypeLength == ReqErrorCarrierType.length()
&& !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Error Carrier
packetType = ReqErrorCarrierPacketType;
}
else
{
DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0);
}
}
else
{
DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0);
DbgTrace(0, "ChannelProto::getPktType- Invalid header\n", 0);
}
DbgTrace(1, "ChannelProto::getPktType- End, type = %d\n", packetType);
@ -283,7 +302,8 @@ ChannelProto::getReqIdAndPayloadLength(
char *pChannelHdr = NULL;
int bytesLeft = hdrLength;
// Skip the Channel Packet Type
// Skip the Channel Packet Type which should always
// be the first header.
while (bytesLeft >= 2)
{
if (*pCurr == '\r'
@ -334,7 +354,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0';
// Convert the value to hex
*pReqId = strtoul(pValue, NULL, 16);
errno = 0;
unsigned long int value = strtoul(pValue, NULL, 16);
if (errno != 0
|| value > UINT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid reqId value, %s\n", pValue);
break;
}
// Use the value
*pReqId = (uint32_t) value;
// Undo the damage that we did
*(pCurr-2) = '\r';
@ -353,7 +383,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0';
// Convert the value to hex
*pPayloadLength = strtoul(pValue, NULL, 16);
errno = 0;
long int value = strtol(pValue, NULL, 16);
if (errno != 0
|| value > INT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue);
break;
}
// Use the value
*pPayloadLength = (int32_t) value;
// Undo the damage that we did
*(pCurr-2) = '\r';

View File

@ -113,12 +113,16 @@ public:
// Parameters:
// buff (input) -
// Reference to buffer containing the packet data.
//
// hdrLength (input) -
// Length of the channel header.
//
// Abstract: Returns the type of the specified channel packet.
//
// Returns: Channel packet type.
//
static PacketTypes getPktType(char &buff);
static PacketTypes getPktType(char &buff,
int hdrLength);
//
// Get Req Id and Payload Length Values routine

View File

@ -234,15 +234,15 @@ SChannel::connectionThread(
{
SChannel *pSChannel = *pSmartSChannel;
bool doneReceivingData = false;
unsigned long bytesReceived;
int32_t bytesReceived;
unsigned long bytesSent;
uint32_t reqId;
int payloadLength;
int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()];
char *pRecvBuff;
ServerReq *pServerReq;
ServerReq *pServerReq = NULL;
DbgTrace(1, "SChannel::connectionThread- Start, Obj = %0X\n", pSChannel);
@ -285,7 +285,7 @@ SChannel::connectionThread(
&payloadLength))
{
// Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr))
switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{
case ChannelProto::ReqDataCarrierPacketType:

View File

@ -101,13 +101,13 @@ pthread_mutex_t interlockedMutex;
typedef map<int32_t, ServerReq*> RSMap;
typedef RSMap::iterator RSMapIter;
typedef pair<RSMapIter, bool> RSIterBoolPair;
RSMap rsMap;
RSMap rsMap;
int numActiveRequests = 0;
//
// Next request id (Can not be zero)
//
int32_t nextReqId = 1;
uint32_t nextReqId = 1;
//
// Pending ServerRequests List and count - Server requests are staged on this lists until
@ -436,15 +436,25 @@ BindSocket(int socketToBind)
// Remove pre-existing socket
unlink(listenSocketFile);
// Setup the address that the daemon will use to listen
// for connections.
listenAddr.sun_family = AF_UNIX;
strcpy(listenAddr.sun_path, listenSocketFile);
// Verify that the specified path is not too long
if (strlen(listenSocketFile) < sizeof(sizeof(listenAddr.sun_path)))
{
// Setup the address that the daemon will use to listen
// for connections.
listenAddr.sun_family = AF_UNIX;
strncpy(listenAddr.sun_path, listenSocketFile, sizeof(listenAddr.sun_path) - 1);
// Perform the bind operation
retStatus = bind(socketToBind,
(const sockaddr*) &listenAddr,
sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path));
// Perform the bind operation
retStatus = bind(socketToBind,
(const sockaddr*) &listenAddr,
sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path));
}
else
{
DbgTrace(0, "BindSocket- Listen socket file path too long\n", 0);
errno = ERANGE;
retStatus = -1;
}
// Return the file creation mask to its previous value
umask(prevMask);
@ -688,7 +698,7 @@ void* ServiceConnectionsThread(void)
//++=======================================================================
extern "C"
int32_t
uint32_t
IpcServerGetRequest(void)
//
// Arguments In: None.
@ -813,7 +823,7 @@ exit:
extern "C"
int32_t
IpcServerGetRequestData(
IN int32_t requestId,
IN uint32_t requestId,
INOUT char **ppReqData)
//
// Arguments In: requestId - The id of the request being processed.
@ -884,7 +894,7 @@ IpcServerGetRequestData(
extern "C"
void
IpcServerCompleteRequest(
IN int32_t requestId,
IN uint32_t requestId,
IN char *pReplyData)
//
// Arguments In: requestId - The id of the request being completed.
@ -950,7 +960,7 @@ IpcServerCompleteRequest(
extern "C"
void
IpcServerAbortRequest(
IN int32_t requestId)
IN uint32_t requestId)
//
// Arguments In: requestId - The id of the request being aborted.
//
@ -1246,7 +1256,7 @@ IpcServerInit(
DbgTrace(1, "IpcServerInit- Start\n", 0);
// Check input parameters
if (pAppName == NULL)
if (pName == NULL)
{
DbgTrace(0, "IpcServerInit- Invalid parameter\n", 0);
goto exit;