From 8ade751650823eb68a29c38d9af3e729a55a60a5 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Fri, 8 Dec 2006 05:45:03 +0000 Subject: [PATCH] Modifications to resolve issues found during self-code review. --- CASA-auth-token/client/lib/engine.c | 5 +- .../server-java/Svc/linux/CasaAuthtokenSvcD | 4 +- .../server/ApacheSupport/2.2/mod_authn_casa.c | 27 +-- .../server/AuthTokenValidate/README | 12 ++ .../server/AuthTokenValidate/Svc/README | 6 + .../Svc/linux/CasaAuthtokenValidateD | 2 +- .../AuthTokenValidate/Svc/linux/server.cpp | 81 +++++++-- .../server/AuthTokenValidate/config.c | 163 ++++++++++-------- .../idenTokenProviders/casa/identoken.c | 16 +- .../casa/identokenprovider.c | 4 +- .../idenTokenProviders/casa/linux/platform.c | 2 +- .../idenTokenProviders/casa/linux/platform.h | 8 +- .../idenTokenProviders/casa/util.c | 7 +- .../server/AuthTokenValidate/identoken.c | 6 +- .../server/AuthTokenValidate/internal.h | 6 +- .../server/AuthTokenValidate/linux/platform.c | 8 +- .../server/AuthTokenValidate/principal.c | 93 +++++++++- .../server/AuthTokenValidate/util.c | 11 +- .../server/AuthTokenValidate/validate.c | 22 ++- .../server/PamSupport/pam_authtoken.c | 28 ++- CASA-auth-token/server/include/casa_c_ipc.h | 8 +- CASA-auth-token/server/include/casa_s_ipc.h | 8 +- .../server/utilities/IpcLibs/README | 5 +- .../IpcLibs/linux/client/cchannel.cpp | 8 +- .../utilities/IpcLibs/linux/client/cchannel.h | 2 +- .../utilities/IpcLibs/linux/client/client.cpp | 21 ++- .../IpcLibs/linux/client/clientreq.cpp | 4 +- .../IpcLibs/linux/client/clientreq.h | 6 +- .../IpcLibs/linux/client/remoteendpoint.cpp | 59 ++++--- .../IpcLibs/linux/client/remoteendpoint.h | 4 +- .../IpcLibs/linux/common/channelproto.cpp | 102 +++++++---- .../IpcLibs/linux/common/channelproto.h | 6 +- .../IpcLibs/linux/server/schannel.cpp | 8 +- .../utilities/IpcLibs/linux/server/server.cpp | 40 +++-- 34 files changed, 524 insertions(+), 268 deletions(-) diff --git a/CASA-auth-token/client/lib/engine.c b/CASA-auth-token/client/lib/engine.c index 250af9d3..6b18f5ba 100644 --- a/CASA-auth-token/client/lib/engine.c +++ b/CASA-auth-token/client/lib/engine.c @@ -624,7 +624,10 @@ ObtainAuthTokenInt( } else { - DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0); + if (*pAuthTokenBufLen != 0) + { + DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0); + } retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_AUTHTOKEN, CASA_STATUS_BUFFER_OVERFLOW); diff --git a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD index c3625a31..0ae40db3 100644 --- a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD +++ b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD @@ -66,7 +66,7 @@ atsIsRunning() StartDAEMON() { # Start the daemon - echo -n "Starting casa_atsd" + echo -n "Starting casa_atsd..." ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. @@ -126,7 +126,7 @@ StartDAEMON() StopDAEMON() { # Stop the daemon - echo -n "Shutting down casa_atsd" + echo -n "Stopping casa_atsd..." ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. if atsIsRunning ; then diff --git a/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c b/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c index a0bb0342..b1d4c5ec 100644 --- a/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c +++ b/CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c @@ -153,10 +153,10 @@ check_password( // Now get a copy of the location being protected if (i > 1) { - pLocationName = apr_palloc(r->pool, i); + pLocationName = apr_palloc(r->pool, i + 1); if (pLocationName) { - memset(pLocationName, 0, i); + memset(pLocationName, 0, i + 1); memcpy(pLocationName, &(r->uri[1]), i - 1); // Do not include the slashes } else @@ -207,7 +207,6 @@ check_password( &pPrincipalIf); if (CASA_SUCCESS(casaStatus)) { - int buffLen = 0; apr_table_t *e = r->subprocess_env; @@ -248,7 +247,7 @@ check_password( } else { - ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %08X", casaStatus); + ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %0X", casaStatus); retStatus = AUTH_GENERAL_ERROR; } @@ -288,7 +287,7 @@ check_password( } else { - ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %08X", casaStatus); + ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %0X", casaStatus); retStatus = AUTH_GENERAL_ERROR; } } @@ -329,7 +328,7 @@ check_password( } else { - ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %08X", casaStatus); + ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %0X", casaStatus); retStatus = AUTH_GENERAL_ERROR; } } @@ -390,7 +389,7 @@ check_password( } else { - ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %08X", casaStatus); + ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %0X", casaStatus); retStatus = AUTH_GENERAL_ERROR; } } @@ -410,18 +409,8 @@ check_password( } else { - // We did not check the username, set the return status based on the status - // returned by ValidateAuthToken(). - if (CasaStatusCode(casaStatus) == CASA_STATUS_AUTHENTICATION_FAILURE) - { - // Authentication failed - retStatus = AUTH_DENIED; - } - else - { - // Allow other providers to get a crack to it - retStatus = AUTH_USER_NOT_FOUND; - } + // We did not check the username, allow other providers to get a crack to it. + retStatus = AUTH_USER_NOT_FOUND; } } } diff --git a/CASA-auth-token/server/AuthTokenValidate/README b/CASA-auth-token/server/AuthTokenValidate/README index 3f247a06..11783482 100644 --- a/CASA-auth-token/server/AuthTokenValidate/README +++ b/CASA-auth-token/server/AuthTokenValidate/README @@ -87,6 +87,18 @@ CASA Authentication Tokens when compromised can be used to either impersonate a user or to obtain identity information about the user. Because of this it is important that the tokens be secured by applications making use of them. It is recommended that the tokens be transmitted using SSL. + +Under Linux, the Validate CASA Authentication Token libraries validate tokens +by invoking a service (casa_atvd, also knon as CasaAuthtokenValidateD). The security of the +communications that happen between the library and the service is dependent on the properties +of the stack providing Unix Domain Sockets communications and the file system rights setup +on the folder where the domain sockets are created. + +The SuSE rpm package for this component only allows processes executing as casaatvd +to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any +process to connect to it. This setup may allow a rogue process to easily launch a +denial of service attack on casa_atvd. If this is not acceptable then change the +rigths on the folder to only allow selected users to connect to it. diff --git a/CASA-auth-token/server/AuthTokenValidate/Svc/README b/CASA-auth-token/server/AuthTokenValidate/Svc/README index 223572ca..fdc4e44c 100644 --- a/CASA-auth-token/server/AuthTokenValidate/Svc/README +++ b/CASA-auth-token/server/AuthTokenValidate/Svc/README @@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its listen socket in the /var/lib/CASA/authtoken/validate/ folder. +The SuSE rpm package for this component only allows processes executing as casaatvd +to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any +process to connect to it. This setup may allow a rogue process to easily launch a +denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then +change the rigths on the folder to only allow selected users to connect to it. + diff --git a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD index 34d6daa6..2fd2f8a5 100644 --- a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD +++ b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD @@ -107,7 +107,7 @@ StartDAEMON() StopDAEMON() { - echo -n "Shutting down..." + echo -n "Stopping casa_atvd..." killproc $DAEMON RVAL=$? $ECHO diff --git a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp index 24900dba..b4562d75 100644 --- a/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp +++ b/CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp @@ -36,6 +36,11 @@ #define MAXFD 64 +#define MIN_THREADS 1 +#define MAX_THREADS 4096 +#define DEFAULT_BEGIN_THREADS 5 +#define DEFAULT_GROW_THREADS 5 + #define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket" //===[ Type definitions ]================================================== @@ -51,9 +56,9 @@ WorkerThread(void*); char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n"; // Worker thread pool configuration parameters -int beginThreads = 5; -int growThreads = 5; -int maxThreads = 4096; +int beginThreads = DEFAULT_BEGIN_THREADS; +int growThreads = DEFAULT_GROW_THREADS; +int maxThreads = MAX_THREADS; int minWaitingThreads = beginThreads; int maxWaitingThreads = beginThreads * 4; @@ -64,7 +69,7 @@ double numPerishingThreads = 0; // Listen Port Number //int listenPortNumber = 5000; -int listenPortNumber = 0; +unsigned short int listenPortNumber = 0; // Parameter indicating whether or not the server needs to run // as a daemon. @@ -133,7 +138,7 @@ ServiceRequests(void) while (!terminating) { // Get a request that needs servicing - int32_t requestId = IpcServerGetRequest(); + uint32_t requestId = IpcServerGetRequest(); if (requestId != 0) { // We got a request that needs servicing, now get the @@ -591,7 +596,7 @@ InitJavaInvoke(void) DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0); } - DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus); return retStatus; @@ -616,8 +621,11 @@ UnInitJavaInvoke(void) DbgTrace(1, "UnInitJavaInvoke- Start\n", 0); // Destroy the jvm - g_jvm->DestroyJavaVM(); - g_jvm = NULL; + if (g_jvm) + { + g_jvm->DestroyJavaVM(); + g_jvm = NULL; + } g_env = NULL; DbgTrace(1, "UnInitJavaInvoke- End\n", 0); @@ -694,7 +702,6 @@ DaemonInit( for (int i = 0; i < MAXFD; i++) close(i); - // Spawn a worker if ((pid = fork()) == -1) { @@ -801,6 +808,7 @@ main( // Scan through the options specified while (!doneScanning) { + long int value = 0; opterr = 0; option = getopt(argc, argv, "m:p:b:g:D:ds"); @@ -810,15 +818,36 @@ main( case 'p': // Port number option, record location of // argument. - listenPortNumber = atoi(optarg); - + errno = 0; + value = strtol(optarg, (char**) NULL, 10); + if (errno == 0 + && value > 0 + && value <= USHRT_MAX) + { + listenPortNumber = (unsigned short int) value; + } + else + { + fprintf(stderr, "Specified ListenPort parameter out of range, using default value"); + } optionsSpecified ++; break; case 'b': // Begin threads option, override the default parameter // with the value of the option. - beginThreads = atoi(optarg); + errno = 0; + value = strtol(optarg, (char**) NULL, 10); + if (errno == 0 + && value >= MIN_THREADS + && value <= MAX_THREADS) + { + beginThreads = (int) value; + } + else + { + fprintf(stderr, "Specified BeginThreads parameter out of range, using default value"); + } optionsSpecified ++; break; @@ -826,7 +855,18 @@ main( case 'g': // Grow threads option, override the default parameter // with the value of the option. - growThreads = atoi(optarg); + errno = 0; + value = strtol(optarg, (char**) NULL, 10); + if (errno == 0 + && value >= MIN_THREADS + && value <= MAX_THREADS) + { + growThreads = (int) value; + } + else + { + fprintf(stderr, "Specified GrowThreads parameter out of range, using default value"); + } optionsSpecified ++; break; @@ -834,7 +874,18 @@ main( case 'm': // Max threads option, override the default parameter // with the value of the option. - maxThreads = atoi(optarg); + errno = 0; + value = strtol(optarg, (char**) NULL, 10); + if (errno == 0 + && value >= MIN_THREADS + && value <= MAX_THREADS) + { + maxThreads = (int) value; + } + else + { + fprintf(stderr, "Specified MaxThreads parameter out of range, using default value"); + } optionsSpecified ++; break; @@ -966,7 +1017,7 @@ main( { // Invalid option detected or the user failed to // specify the listening port number. - printf(usage, argv[0]); + fprintf(stderr, usage, argv[0]); } return 0; diff --git a/CASA-auth-token/server/AuthTokenValidate/config.c b/CASA-auth-token/server/AuthTokenValidate/config.c index 0fe71332..1e48e33a 100644 --- a/CASA-auth-token/server/AuthTokenValidate/config.c +++ b/CASA-auth-token/server/AuthTokenValidate/config.c @@ -93,7 +93,6 @@ RemoveWhiteSpaceFromTheEnd( { char *pLineEnd = (char*) pInString + strlen(pInString) - 1; - DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0); while (pLineEnd != pInString) @@ -217,6 +216,8 @@ LowerCaseString( // Abstract: // // Notes: +// Notes: Function assumes that the caller has made sure that the destination +// string buffer has enough space to receive the resulting string. // // L2 //=======================================================================-- @@ -271,7 +272,7 @@ AddReference( refCount = pConfigIfInstance->refCount; PlatReleaseMutex(g_configIfMutex); - DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); + DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -378,13 +379,13 @@ GetEntryValue( char *pValue = NULL; LIST_ENTRY *pListEntry; ConfigKey *pConfigKey; - int keyNameLen = strlen(pKeyName); + int keyNameLen = (int) strlen(pKeyName); char *pKeyNameLowercase; DbgTrace(2, "-GetEntryValue- Start\n", 0); // Allocate enough space to hold lower case version of the key name - pKeyNameLowercase = malloc(keyNameLen + 1); + pKeyNameLowercase = (char*) malloc(keyNameLen + 1); if (pKeyNameLowercase) { // Lower case the key name @@ -402,7 +403,7 @@ GetEntryValue( && memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0) { // We found it, return its value. - pValue = malloc(pConfigKey->valueLen + 1); + pValue = (char*) malloc(pConfigKey->valueLen + 1); if (pValue) { strcpy(pValue, pConfigKey->pValue); @@ -426,7 +427,7 @@ GetEntryValue( DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0); } - DbgTrace(2, "-GetEntryValue- End, pValue = %08X\n", (unsigned int) pValue); + DbgTrace(2, "-GetEntryValue- End, pValue = %0X\n", (unsigned int) pValue); return pValue; } @@ -461,8 +462,8 @@ GetConfigInterface( // L2 //=======================================================================-- { - int configFolderLen = strlen(pConfigFolder); - int configNameLen = strlen(pConfigName); + int configFolderLen = (int) strlen(pConfigFolder); + int configNameLen = (int) strlen(pConfigName); ConfigIfInstance *pConfigIfInstance; LIST_ENTRY *pListEntry; CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, @@ -506,13 +507,13 @@ GetConfigInterface( char *pFilePath; // Build a string containing the configuration file path - pFilePath = malloc(configFolderLen + 1 + configNameLen + sizeof(".conf")); + pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1); if (pFilePath) { FILE *pConfigFile; strcpy(pFilePath, pConfigFolder); - strcat(pFilePath, "/"); + strcat(pFilePath, pathCharString); strcat(pFilePath, pConfigName); strcat(pFilePath, ".conf"); @@ -521,7 +522,7 @@ GetConfigInterface( if (pConfigFile) { // Opened the file, create a ConfigIfInstance object for it. - pConfigIfInstance = malloc(sizeof(*pConfigIfInstance)); + pConfigIfInstance = (ConfigIfInstance*) malloc(sizeof(*pConfigIfInstance)); if (pConfigIfInstance) { // Initialize the list head within the instance data @@ -533,13 +534,13 @@ GetConfigInterface( pConfigIfInstance->configIf.getEntryValue = GetEntryValue; // Save the ConfigFolder and ConfigName information within the instance data - pConfigIfInstance->pConfigFolder = malloc(configFolderLen + 1); + pConfigIfInstance->pConfigFolder = (char*) malloc(configFolderLen + 1); if (pConfigIfInstance->pConfigFolder) { strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder); pConfigIfInstance->configFolderLen = configFolderLen; - pConfigIfInstance->pConfigName = malloc(configNameLen + 1); + pConfigIfInstance->pConfigName = (char*) malloc(configNameLen + 1); if (pConfigIfInstance->pConfigName) { strcpy(pConfigIfInstance->pConfigName, pConfigName); @@ -562,90 +563,100 @@ GetConfigInterface( // Now update the instance data with the information present in the file if (fseek(pConfigFile, 0, SEEK_SET) == 0) { - char line[512]; - - while (fgets(line, sizeof(line), pConfigFile) != NULL) + #define MAX_LINE_LEN 1024 + char *pLine = (char*) malloc(MAX_LINE_LEN); + if (pLine) { - int lineLength; - - RemoveWhiteSpaceFromTheEnd(line); - - lineLength = strlen(line); - if (lineLength != 0) + while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL) { - char *pKey; - char *pKeyEnd; - char *pValue; - ConfigKey *pConfigKey; + int lineLength; - // Attempt to find the key - pKey = SkipWhiteSpace(line); + RemoveWhiteSpaceFromTheEnd(pLine); - // Make sure that we are not dealing with an empty line or a comment - if (*pKey == '\0' || *pKey == '#') - continue; - - // Go past the key - pKeyEnd = SkipNonWhiteSpace(pKey); - - // Protect against a malformed line - if (*pKeyEnd == '\0') + lineLength = (int) strlen(pLine); + if (lineLength != 0) { - DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); - continue; - } + char *pKey; + char *pKeyEnd; + char *pValue; + ConfigKey *pConfigKey; - // Attempt to find the value - pValue = SkipWhiteSpace(pKeyEnd); + // Attempt to find the key + pKey = SkipWhiteSpace(pLine); - // Protect against a malformed line - if (*pValue == '\0') - { - DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); - continue; - } + // Make sure that we are not dealing with an empty line or a comment + if (*pKey == '\0' || *pKey == '#') + continue; - // Delineate the key - *pKeyEnd = '\0'; + // Go past the key + pKeyEnd = SkipNonWhiteSpace(pKey); - // Create a ConfigKey object for this key/value pair - pConfigKey = malloc(sizeof(*pConfigKey)); - if (pConfigKey) - { - pConfigKey->keyNameLen = strlen(pKey); - pConfigKey->pKeyName = malloc(pConfigKey->keyNameLen + 1); - if (pConfigKey->pKeyName) + // Protect against a malformed line + if (*pKeyEnd == '\0') { - // Save the key name in lower case - LowerCaseString(pConfigKey->pKeyName, pKey); + DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); + continue; + } - pConfigKey->valueLen = strlen(pValue); - pConfigKey->pValue = malloc(pConfigKey->valueLen + 1); - if (pConfigKey->pValue) + // Attempt to find the value + pValue = SkipWhiteSpace(pKeyEnd); + + // Protect against a malformed line + if (*pValue == '\0') + { + DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); + continue; + } + + // Delineate the key + *pKeyEnd = '\0'; + + // Create a ConfigKey object for this key/value pair + pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey)); + if (pConfigKey) + { + pConfigKey->keyNameLen = (int) strlen(pKey); + pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1); + if (pConfigKey->pKeyName) { - strcpy(pConfigKey->pValue, pValue); + // Save the key name in lower case + LowerCaseString(pConfigKey->pKeyName, pKey); - // The entry is ready, now associate it with the instance data. - InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry); + pConfigKey->valueLen = (int) strlen(pValue); + pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1); + if (pConfigKey->pValue) + { + strcpy(pConfigKey->pValue, pValue); + + // The entry is ready, now associate it with the instance data. + InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry); + } + else + { + DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); + free(pConfigKey->pKeyName); + free(pConfigKey); + } } else { DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - free(pConfigKey->pKeyName); free(pConfigKey); } } else { DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - free(pConfigKey); } } - else - { - DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); - } } + + // Free the buffer allocated for holding line strings + free(pLine); + } + else + { + DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); } } else @@ -680,8 +691,12 @@ GetConfigInterface( } else { - DbgTrace(1, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno); + DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno); + DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath); } + + // Free the buffer allocated for the file path + free(pFilePath); } else { @@ -691,7 +706,7 @@ GetConfigInterface( PlatReleaseMutex(g_configIfMutex); - DbgTrace(2, "-GetConfigInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetConfigInterface- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -724,7 +739,7 @@ ConfigIfInit(void) CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); - DbgTrace(1, "-ConfigIfInit- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-ConfigIfInit- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c index f9636b6b..812f2c0d 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c @@ -452,7 +452,7 @@ ConsumeElementData( } } - DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-ConsumeElementData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -801,7 +801,7 @@ AddReference( refCount = pIdenTokenIfInstance->refCount; PlatReleaseMutex(g_idenTokenIfMutex); - DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); + DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -923,7 +923,7 @@ GetIdentityId( exit: - DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -999,7 +999,7 @@ GetSourceName( exit: - DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -1075,7 +1075,7 @@ GetSourceUrl( exit: - DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -1222,7 +1222,7 @@ AttributeEnumerate( exit: - DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -1385,7 +1385,7 @@ GetIdenTokenInterface( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -1418,7 +1418,7 @@ IdenTokenIfInit(void) CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); - DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c index 072f6372..8fb9b043 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c @@ -90,7 +90,7 @@ AddReference( refCount = pIdenTokenProviderIfInstance->refCount; PlatReleaseMutex(g_idenTokenProviderIfMutex); - DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); + DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -334,7 +334,7 @@ GET_IDEN_TOKEN_PROVIDER_INTERFACE_RTN( exit: - DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c index 75bafc2b..9c97f70f 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c @@ -81,7 +81,7 @@ PlatAllocMutex(void) DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0); } - DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex); + DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex); return (HANDLE) pPlatMutex; } diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h index cc32cd17..a8fb012f 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h @@ -50,22 +50,22 @@ // // DbgTrace macro define // -#define DbgTrace(LEVEL, X, Y) { \ +/*#define DbgTrace(LEVEL, X, Y) { \ char printBuff[256]; \ if (LEVEL == 0 || DebugLevel >= LEVEL) \ { \ _snprintf(printBuff, sizeof(printBuff), X, Y); \ fprintf(stderr, "CASA_IdenToken %s", printBuff); \ } \ -} -/*#define DbgTrace(LEVEL, X, Y) { \ +}*/ +#define DbgTrace(LEVEL, X, Y) { \ if (LEVEL == 0 || DebugLevel >= LEVEL) \ { \ openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \ syslog(LOG_USER | LOG_INFO, X, Y); \ closelog(); \ } \ -}*/ +} // Deal with function name mapping issues diff --git a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c index 4e887979..2483c744 100644 --- a/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c +++ b/CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c @@ -77,7 +77,6 @@ EncodeData( { CasaStatus retStatus; int encodedSize; - char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -138,7 +137,7 @@ EncodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -267,7 +266,7 @@ DecodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -309,7 +308,7 @@ dtoul( } } - DbgTrace(2, "-dtoul- End, result = %d\n", n); + DbgTrace(2, "-dtoul- End, result = %0X\n", n); return n; } diff --git a/CASA-auth-token/server/AuthTokenValidate/identoken.c b/CASA-auth-token/server/AuthTokenValidate/identoken.c index b4888c3c..148941b1 100644 --- a/CASA-auth-token/server/AuthTokenValidate/identoken.c +++ b/CASA-auth-token/server/AuthTokenValidate/identoken.c @@ -81,7 +81,7 @@ GetIdenTokenProviderInterface( DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0); // Get the configuration for the module - retStatus = GetConfigInterface("/etc/CASA/authtoken/modules", + retStatus = GetConfigInterface(moduleConfigFolderPath, pIdenTokenTypeName, &pModuleConfigIf); if (CASA_SUCCESS(retStatus) @@ -247,7 +247,7 @@ GetIdenTokenProviderInterface( CASA_STATUS_CONFIGURATION_ERROR); } - DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -280,7 +280,7 @@ IdenTokenInit(void) CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); - DbgTrace(1, "-IdenTokenInit- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-IdenTokenInit- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/server/AuthTokenValidate/internal.h b/CASA-auth-token/server/AuthTokenValidate/internal.h index 7cabd823..4244f362 100644 --- a/CASA-auth-token/server/AuthTokenValidate/internal.h +++ b/CASA-auth-token/server/AuthTokenValidate/internal.h @@ -65,6 +65,8 @@ typedef struct _AuthToken //===[ Global externals ]================================================== extern int DebugLevel; +extern char pathCharString[]; +extern char moduleConfigFolderPath[]; extern char IpcClientLibraryPath[]; //===[ External prototypes ]=============================================== @@ -214,8 +216,8 @@ DecodeData( extern int dtoul( - IN char *cp, - IN int len); + IN const char *cp, + IN const int len); //========================================================================= diff --git a/CASA-auth-token/server/AuthTokenValidate/linux/platform.c b/CASA-auth-token/server/AuthTokenValidate/linux/platform.c index ec77a091..42c38b60 100644 --- a/CASA-auth-token/server/AuthTokenValidate/linux/platform.c +++ b/CASA-auth-token/server/AuthTokenValidate/linux/platform.c @@ -41,6 +41,12 @@ typedef struct _PlatformMutex //===[ Global variables ]================================================== +// Path separator +char pathCharString[] = "/"; + +// Modules configuration folder path +char moduleConfigFolderPath[] = "/etc/CASA/authtoken/modules"; + // // Module synchronization mutex // @@ -113,7 +119,7 @@ PlatAllocMutex(void) DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0); } - DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex); + DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex); return (HANDLE) pPlatMutex; } diff --git a/CASA-auth-token/server/AuthTokenValidate/principal.c b/CASA-auth-token/server/AuthTokenValidate/principal.c index e4361731..e247ce7a 100644 --- a/CASA-auth-token/server/AuthTokenValidate/principal.c +++ b/CASA-auth-token/server/AuthTokenValidate/principal.c @@ -72,18 +72,27 @@ AddReference( // L2 //=======================================================================-- { - int refCount; + int refCount = 0; PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf); DbgTrace(2, "-AddReference- Start\n", 0); + // Validate input parameter + if (pIfInstance == NULL) + { + DbgTrace(0, "-AddReference- Invalid parameter\n", 0); + goto exit; + } + // Increment the reference count on the object PlatAcquireMutex(g_principalIfMutex); pPrincipalIfInstance->refCount ++; refCount = pPrincipalIfInstance->refCount; PlatReleaseMutex(g_principalIfMutex); - DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); +exit: + + DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount); return refCount; } @@ -114,6 +123,13 @@ ReleaseReference( DbgTrace(2, "-ReleaseReference- Start\n", 0); + // Validate input parameter + if (pIfInstance == NULL) + { + DbgTrace(0, "-ReleaseReference- Invalid parameter\n", 0); + goto exit; + } + // Decrement the reference count on the object and determine if it needs to // be released. PlatAcquireMutex(g_principalIfMutex); @@ -136,6 +152,8 @@ ReleaseReference( free(pPrincipalIfInstance); } +exit: + DbgTrace(2, "-ReleaseReference- End\n", 0); } @@ -176,12 +194,26 @@ GetIdentityId( DbgTrace(2, "-GetIdentityId- Start\n", 0); + // Verify input parameters + if (pIfInstance == NULL + || pIdentIdLen == NULL + || (*pIdentIdLen != 0 && pIdentIdBuf == NULL)) + { + DbgTrace(0, "-GetIdentityId- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + // Just call into the identity token retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf, pIdentIdBuf, pIdentIdLen); - DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus); +exit: + + DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -224,12 +256,26 @@ GetSourceName( DbgTrace(2, "-GetSourceName- Start\n", 0); + // Verify input parameters + if (pIfInstance == NULL + || pSourceNameLen == NULL + || (*pSourceNameLen != 0 && pSourceNameBuf == NULL)) + { + DbgTrace(0, "-GetSourceName- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + // Just call into the identity token retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf, pSourceNameBuf, pSourceNameLen); - DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus); +exit: + + DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -272,12 +318,26 @@ GetSourceUrl( DbgTrace(2, "-GetSourceUrl- Start\n", 0); + // Verify input parameters + if (pIfInstance == NULL + || pSourceUrlLen == NULL + || (*pSourceUrlLen != 0 && pSourceUrlBuf == NULL)) + { + DbgTrace(0, "-GetSourceUrl- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + // Just call into the identity token retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf, pSourceUrlBuf, pSourceUrlLen); - DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus); +exit: + + DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -335,6 +395,21 @@ AttributeEnumerate( DbgTrace(2, "-AttributeEnumerate- Start\n", 0); + // Verify input parameters + if (pIfInstance == NULL + || pEnumHandle == NULL + || pAttribNameLen == NULL + || (*pAttribNameLen != 0 && pAttribNameBuf == NULL + || pAttribValueLen == NULL + || (*pAttribValueLen != 0 && pAttribValueBuf == NULL))) + { + DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + // Just call into the identity token retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf, pEnumHandle, @@ -343,7 +418,9 @@ AttributeEnumerate( pAttribValueBuf, pAttribValueLen); - DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus); +exit: + + DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -409,7 +486,7 @@ GetPrincipalInterface( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %08X\n", retStatus); + DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -442,7 +519,7 @@ PrincipalIfInit(void) CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); - DbgTrace(1, "-PrincipalIfInit- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-PrincipalIfInit- End, retStatus = %0X\n", retStatus); return retStatus; } diff --git a/CASA-auth-token/server/AuthTokenValidate/util.c b/CASA-auth-token/server/AuthTokenValidate/util.c index bf6a48b6..a5fbf7cb 100644 --- a/CASA-auth-token/server/AuthTokenValidate/util.c +++ b/CASA-auth-token/server/AuthTokenValidate/util.c @@ -77,7 +77,6 @@ EncodeData( { CasaStatus retStatus; int encodedSize; - char *pTmp; DbgTrace(3, "-EncodeData- Start\n", 0); @@ -138,7 +137,7 @@ EncodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -267,7 +266,7 @@ DecodeData( CASA_STATUS_INSUFFICIENT_RESOURCES); } - DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); + DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -276,8 +275,8 @@ DecodeData( //++======================================================================= int dtoul( - IN char *cp, - IN int len) + IN const char *cp, + IN const int len) // // Arguments: // @@ -309,7 +308,7 @@ dtoul( } } - DbgTrace(2, "-dtoul- End, result = %d\n", n); + DbgTrace(2, "-dtoul- End, result = %0X\n", n); return n; } diff --git a/CASA-auth-token/server/AuthTokenValidate/validate.c b/CASA-auth-token/server/AuthTokenValidate/validate.c index a40f4c08..81d695ba 100644 --- a/CASA-auth-token/server/AuthTokenValidate/validate.c +++ b/CASA-auth-token/server/AuthTokenValidate/validate.c @@ -32,6 +32,9 @@ #define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket" +//#define INT32_MAX 2147483647 + + //===[ Type definitions ]================================================== //===[ Function prototypes ]=============================================== @@ -68,10 +71,10 @@ uint32_t g_atvsEndPointHandle; // Authentication Token Validation Service endp //++======================================================================= CasaStatus SSCS_CALL ValidateAuthToken( - IN const char *pServiceName, - IN const char *pTokenBuf, - IN const int tokenBufLen, - INOUT PrincipalIf **ppPrincipalIf) + IN const char *pServiceName, + IN const char *pTokenBuf, + IN const int tokenBufLen, + INOUT PrincipalIf **ppPrincipalIf) // // Arguments: // pServiceName - @@ -105,7 +108,7 @@ ValidateAuthToken( { CasaStatus retStatus; char *pDecodedTokenBuf; - int decodedTokenBufLen; + int32_t decodedTokenBufLen; PrincipalIf *pPrincipalIf; DbgTrace(1, "-ValidateAuthToken- Start\n", 0); @@ -114,6 +117,7 @@ ValidateAuthToken( if (pServiceName == NULL || pTokenBuf == NULL || tokenBufLen == 0 + || tokenBufLen > INT32_MAX || ppPrincipalIf == NULL) { DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0); @@ -248,7 +252,7 @@ ValidateAuthToken( if (CASA_SUCCESS(retStatus)) { char *pIdenTokenData; - int idenTokenDataLen; + int32_t idenTokenDataLen; // Assume failure retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, @@ -343,7 +347,7 @@ ValidateAuthToken( exit: - DbgTrace(1, "-ValidateAuthToken- End, retStatus = %08X\n", retStatus); + DbgTrace(1, "-ValidateAuthToken- End, retStatus = %0X\n", retStatus); return retStatus; } @@ -364,8 +368,8 @@ so_init() // L2 //=======================================================================-- { - // Check for environment variable specifying that the application is - // multi-threaded. + // Check for environment variable specifying that the application + // is not multi-threaded. if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL) { // The parameter has been configured, remember it. diff --git a/CASA-auth-token/server/PamSupport/pam_authtoken.c b/CASA-auth-token/server/PamSupport/pam_authtoken.c index 44f2b296..b6839891 100644 --- a/CASA-auth-token/server/PamSupport/pam_authtoken.c +++ b/CASA-auth-token/server/PamSupport/pam_authtoken.c @@ -94,10 +94,25 @@ pam_sm_authenticate(pam_handle_t *pamh, char *pServicename = NULL; char *pAuthToken = NULL; + // Verify input parameters + if (pamh == NULL + || (argc > 0 && argv == NULL)) + { + LogError("Invalid parameter detected"); + return PAM_SYSTEM_ERR; + } + // Determine if we are supposed to perform the username check // based on the arguments specified. for (i = 0; i < argc; i++) { + // Do safety check + if (argv[i] == NULL) + { + LogError("Invalid parameter detected"); + return PAM_SYSTEM_ERR; + } + if (*(argv[i]) == 'U') { // The arguments indicate that we should check the username @@ -116,7 +131,7 @@ pam_sm_authenticate(pam_handle_t *pamh, // the username check. if (performUsernameCheck) { - char *pUsername; + char *pUsername = NULL; struct pam_response *responses = NULL; // Obtain the username so that it can be checked. @@ -135,11 +150,12 @@ pam_sm_authenticate(pam_handle_t *pamh, } else { - struct pam_conv *pConv; + struct pam_conv *pConv = NULL; // The username has not been set, try to obtain it from the // application through the use of the conversation function. - if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS) + if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS + && pConv != NULL) { struct pam_message msg; struct pam_message *messages = &msg; @@ -150,7 +166,8 @@ pam_sm_authenticate(pam_handle_t *pamh, if (pConv->conv(1, (const struct pam_message **) &messages, &responses, - pConv->appdata_ptr) == PAM_SUCCESS) + pConv->appdata_ptr) == PAM_SUCCESS + && responses != NULL) { // Check if we have a successful response if (responses[0].resp_retcode == PAM_SUCCESS @@ -216,7 +233,8 @@ pam_sm_authenticate(pam_handle_t *pamh, if (pConv->conv(1, (const struct pam_message **) &messages, &responses, - pConv->appdata_ptr) == PAM_SUCCESS) + pConv->appdata_ptr) == PAM_SUCCESS + && responses != NULL) { // Check if we have a successful response if (responses[0].resp_retcode == PAM_SUCCESS diff --git a/CASA-auth-token/server/include/casa_c_ipc.h b/CASA-auth-token/server/include/casa_c_ipc.h index f3982156..d3d57855 100644 --- a/CASA-auth-token/server/include/casa_c_ipc.h +++ b/CASA-auth-token/server/include/casa_c_ipc.h @@ -160,9 +160,9 @@ int IpcClientSubmitReq( IN uint32_t endPointHandle, IN char *pClientData, - IN int clientDataLen, + IN int32_t clientDataLen, INOUT char **ppServerData, - INOUT int *pServerDataLen); + INOUT int32_t *pServerDataLen); // // Arguments In: endPointHandle - Handle of the remote endpoint that will // be the target of the request. @@ -202,9 +202,9 @@ int (*PFN_IpcClientSubmitReq)( IN uint32_t endPointHandle, IN char *pClientData, - IN int clientDataLen, + IN int32_t clientDataLen, INOUT char **ppServerData, - INOUT int *pServerDataLen); + INOUT int32_t *pServerDataLen); //++======================================================================= diff --git a/CASA-auth-token/server/include/casa_s_ipc.h b/CASA-auth-token/server/include/casa_s_ipc.h index c867cae7..3c0e2fdb 100644 --- a/CASA-auth-token/server/include/casa_s_ipc.h +++ b/CASA-auth-token/server/include/casa_s_ipc.h @@ -46,7 +46,7 @@ //++======================================================================= extern -int32_t +uint32_t IpcServerGetRequest(void); // // Arguments In: None. @@ -72,7 +72,7 @@ IpcServerGetRequest(void); extern int32_t IpcServerGetRequestData( - IN int32_t requestId, + IN uint32_t requestId, INOUT char **ppReqData); // // Arguments In: requestId - The id of the request being processed. @@ -101,7 +101,7 @@ IpcServerGetRequestData( extern void IpcServerCompleteRequest( - IN int32_t requestId, + IN uint32_t requestId, IN char *pReplyData); // // Arguments In: requestId - The id of the request being completed. @@ -124,7 +124,7 @@ IpcServerCompleteRequest( extern void IpcServerAbortRequest( - IN int32_t requestId); + IN uint32_t requestId); // // Arguments In: requestId - The id of the request being aborted. // diff --git a/CASA-auth-token/server/utilities/IpcLibs/README b/CASA-auth-token/server/utilities/IpcLibs/README index 5e8f6dbf..5eab5509 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/README +++ b/CASA-auth-token/server/utilities/IpcLibs/README @@ -88,8 +88,9 @@ linux/client/test/testClient.c. SECURITY CONSIDERATIONS IpcLibs does not provide any security features beyond what is provided by the protocol stacks for -tcp/ip and Domain sockets communications. +tcp/ip and Domain sockets communications. IpcLibs does not directly perform any uid/gid checks +when Domain socket communications are performed. By leveraging the File System Access Control features, you can scope communications that occur over -Domain sockets to specific or groups of users. +Domain sockets to specific or groups of users. diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp index ffef201d..f3ed5041 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp @@ -390,9 +390,9 @@ CChannel::connectionThread( { CChannel *pCChannel = *pSmartCChannel; bool doneReceivingData = false; - unsigned long bytesReceived; + int32_t bytesReceived; uint32_t reqId; - int payloadLength; + int32_t payloadLength; unsigned long totalPayloadBytesReceived = 0; char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char *pRecvBuff; @@ -441,7 +441,7 @@ CChannel::connectionThread( &payloadLength)) { // Procced based on the packet type - switch (ChannelProto::getPktType(*reqDataPktHdr)) + switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr))) { case ChannelProto::ReqDataCarrierPacketType: @@ -747,7 +747,7 @@ CChannel::submitReq( uint32_t reqId, ClientReq &clientReq, char *pClientData, - int clientDataLen) + int32_t clientDataLen) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h index 093c1e49..b82ba6fe 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h @@ -222,7 +222,7 @@ public: int submitReq(uint32_t reqId, ClientReq &clientReq, char *pClientData, - int clientDataLen); + int32_t clientDataLen); // // Remove Request routine diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp index 859ea513..81a3e02f 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp @@ -354,8 +354,6 @@ IpcClientCloseRemoteEndPoint( DbgTrace(0, "IpcClientCloseRemoteEndPoint- Not initialized\n", 0); } -exit: - DbgTrace(1, "IpcClientCloseRemoteEndPoint- End, status = %0X\n", retStatus); return retStatus; @@ -368,9 +366,9 @@ int IpcClientSubmitReq( IN uint32_t endPointHandle, IN char *pClientData, - IN int clientDataLen, + IN int32_t clientDataLen, INOUT char **ppServerData, - INOUT int *pServerDataLen) + INOUT int32_t *pServerDataLen) // // Arguments In: endPointHandle - Handle of the remote endpoint that will // be the target of the request. @@ -410,6 +408,15 @@ IpcClientSubmitReq( DbgTrace(1, "IpcClientSubmitReq- Start\n", 0); + // Verify input parameters + if (pClientData == NULL + || ppServerData == NULL + || pServerDataLen == NULL) + { + DbgTrace(0, "IpcClientSubmitReq- Invalid parameter\n", 0); + goto exit; + } + // Verify that we have been initialized if (svcInitialized) { @@ -425,7 +432,7 @@ IpcClientSubmitReq( // the request. SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(*(iter->second)); - // Release our mutex before deleting the endpoint + // Release our mutex before using the remote endpoint pthread_mutex_unlock(&clientMutex); // Submit the request @@ -450,6 +457,8 @@ IpcClientSubmitReq( DbgTrace(0, "IpcClientSubmitReq- Not initialized\n", 0); } +exit: + DbgTrace(1, "IpcClientSubmitReq- End, retStatus = %0X\n", retStatus); return retStatus; @@ -498,7 +507,7 @@ IpcClientInit( DbgTrace(1, "IpcClientInit- Start\n", 0); // Check input parameters - if (pAppName == NULL) + if (pName == NULL) { DbgTrace(0, "IpcClientInit- Invalid parameter\n", 0); goto exit; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp index 03696be8..6caee71a 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp @@ -142,7 +142,7 @@ ClientReq::~ClientReq(void) void ClientReq::processServerData( char *pServerData, - int serverDataLength) + int32_t serverDataLength) // // Arguments: // @@ -230,7 +230,7 @@ ClientReq::processError(void) int ClientReq::waitForCompletion( char **ppResponseData, - int *pResponseDataLength) + int32_t *pResponseDataLength) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h index d707a9bb..b76ef094 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h @@ -52,7 +52,7 @@ class ClientReq // Server Data char *m_pServerData; - int m_serverDataLen; + int32_t m_serverDataLen; // Flag indicating the state of the submitting // thread. @@ -114,7 +114,7 @@ public: // Returns: Nothing. // void processServerData(char *pServerData, - int serverDataLength); + int32_t serverDataLength); // // Process Error routine @@ -147,7 +147,7 @@ public: // -1 == Request did not complete gracefully // int waitForCompletion(char **ppResponseData, - int *pResponseDataLength); + int32_t *pResponseDataLength); // // Completion status diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp index b320b078..0afaa559 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp @@ -80,31 +80,41 @@ RemoteEndPoint::RemoteEndPoint( { DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %0X\n", this); - // Initialize our mutex - pthread_mutex_init(&m_mutex, NULL); + // Verify that the specified path is not too long + if (strlen(pSocketFileName) < sizeof(sizeof(m_serverUnAddr.sun_path))) + { + // Initialize our mutex + pthread_mutex_init(&m_mutex, NULL); - // Set the necessary information in the m_serverUnAddr variable - m_serverUnAddr.sun_family = AF_UNIX; - strcpy(m_serverUnAddr.sun_path, pSocketFileName); + // Set the necessary information in the m_serverUnAddr variable + m_serverUnAddr.sun_family = AF_UNIX; + strncpy(m_serverUnAddr.sun_path, pSocketFileName, sizeof(m_serverUnAddr.sun_path) - 1); - // Set the necessary flags to indicate that DOMAIN sockets - // should be used for communications. - m_Use_PF_UNIX = true; - m_Use_AF_INET = false; + // Set the necessary flags to indicate that DOMAIN sockets + // should be used for communications. + m_Use_PF_UNIX = true; + m_Use_AF_INET = false; - // Setup the number of channels that we may have based on - // whether the application is multi-threaded or not. - if (multithreaded) - m_numCChannels = MAX_CHANNELS_PER_ENDPOINT; + // Setup the number of channels that we may have based on + // whether the application is multi-threaded or not. + if (multithreaded) + m_numCChannels = MAX_CHANNELS_PER_ENDPOINT; + else + m_numCChannels = 1; + + // Instantiate entries in SmartCChannel vector + try { + for (int i = 0; i < m_numCChannels; i++) + m_cchannelVector.push_back(SmartCChannelPointer()); + } catch (...) { + DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0); + pthread_mutex_destroy(&m_mutex); + throw bad_alloc(); + } + } else - m_numCChannels = 1; - - // Instantiate entries in SmartCChannel vector - try { - for (int i = 0; i < m_numCChannels; i++) - m_cchannelVector.push_back(SmartCChannelPointer()); - } catch (...) { - DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0); + { + DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Socket file path name too long\n", 0); throw bad_alloc(); } @@ -166,6 +176,7 @@ RemoteEndPoint::RemoteEndPoint( m_cchannelVector.push_back(SmartCChannelPointer()); } catch (...) { DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0); + pthread_mutex_destroy(&m_mutex); throw bad_alloc(); } @@ -259,7 +270,7 @@ RemoteEndPoint::getCChannel(void) m_cchannelVector[channelSelector].setPointer(NULL); } - CChannel *pCChannel; + CChannel *pCChannel = NULL; try { // Use the appropriate server address when instantiating @@ -325,9 +336,9 @@ RemoteEndPoint::getCChannel(void) int RemoteEndPoint::submitReq( char *pClientData, - int clientDataLen, + int32_t clientDataLen, char **ppServerData, - int *pServerDataLen) + int32_t *pServerDataLen) // // Arguments: // diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h index f7bd6a4f..f88d9d19 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h @@ -186,9 +186,9 @@ public: // Note: The routine blocks until the request completes. // int submitReq(char *pClientData, - int clientDataLen, + int32_t clientDataLen, char **ppServerData, - int *pServerDataLen); + int32_t *pServerDataLen); }; typedef SmartPtr SmartRemoteEndPoint; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp index ea1fbcea..417f733f 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp @@ -68,7 +68,7 @@ ChannelProto::buildReqDataPktHdr( // // Abstract: // -// Notes: +// Notes: pPktHdr must point to a buffer of size ReqDataPktHdrTemple.length(). // // L2 //=======================================================================-- @@ -81,16 +81,16 @@ ChannelProto::buildReqDataPktHdr( // - Req Data Packet Header Format - // // ReqDataCarrierType - // ReqIdHdr value (value format=%0X) - // PayloadLengthHdr value (value format=%0X) + // ReqIdHdr value (value format=%08X) + // PayloadLengthHdr value (value format=%08X) // // Setup the necessary value strings char wrkBuffer[10]; - sprintf(wrkBuffer, "%0X", reqId); + sprintf(wrkBuffer, "%08X", reqId); string reqIdValue = wrkBuffer; - sprintf(wrkBuffer, "%0X", payloadLength); + sprintf(wrkBuffer, "%08X", payloadLength); string payloadLengthValue = wrkBuffer; // Format the header. @@ -141,7 +141,7 @@ ChannelProto::buildReqErrorPktHdr( // // Abstract: // -// Notes: +// Notes: pPktHdr must point to a buffer of size ReqErrorPktHdrTemple.length(). // // L2 //=======================================================================-- @@ -154,16 +154,16 @@ ChannelProto::buildReqErrorPktHdr( // - Req Error Packet Header Format - // // ReqErrorCarrierType - // ReqIdHdr value (value format=%0X) - // PayloadLengthHdr value (value format=%0X) + // ReqIdHdr value (value format=%08X) + // PayloadLengthHdr value (value format=%08X) // // Setup the necessary value strings char wrkBuffer[10]; - sprintf(wrkBuffer, "%0X", reqId); + sprintf(wrkBuffer, "%08X", reqId); string reqIdValue = wrkBuffer; - sprintf(wrkBuffer, "%0X", payloadLength); + sprintf(wrkBuffer, "%08X", payloadLength); string payloadLengthValue = wrkBuffer; // Format the header. @@ -204,7 +204,8 @@ ChannelProto::buildReqErrorPktHdr( //++======================================================================= ChannelProto::PacketTypes ChannelProto::getPktType( - char &buff) + char &buff, + int hdrLength) // // Arguments: // @@ -223,29 +224,47 @@ ChannelProto::getPktType( // Find the end of the Channel Packet Type char *pCurr = &buff; - while (*pCurr != '\r') + int bytesLeft = hdrLength; + bool endFound = false; + while (bytesLeft) + { + if (*pCurr == '\r') + { + endFound = true; + break; + } + pCurr ++; - - // Found the end of the Channel Packet Type, now - // calculate its length. - int channelPktTypeLength = pCurr - &buff; - - // Now start comparing - if (channelPktTypeLength == ReqDataCarrierType.length() - && !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength)) - { - // The type is Channel Req Data Carrier - packetType = ReqDataCarrierPacketType; + bytesLeft --; } - else if (channelPktTypeLength == ReqErrorCarrierType.length() - && !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength)) + + if (endFound) { - // The type is Channel Req Error Carrier - packetType = ReqErrorCarrierPacketType; + // Found the end of the Channel Packet Type, now + // calculate its length. + int channelPktTypeLength = pCurr - &buff; + + // Now start comparing + if (channelPktTypeLength == ReqDataCarrierType.length() + && !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength)) + { + // The type is Channel Req Data Carrier + packetType = ReqDataCarrierPacketType; + } + else if (channelPktTypeLength == ReqErrorCarrierType.length() + && !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength)) + { + // The type is Channel Req Error Carrier + packetType = ReqErrorCarrierPacketType; + } + else + { + DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0); + } } else { - DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0); + DbgTrace(0, "ChannelProto::getPktType- Invalid header\n", 0); } DbgTrace(1, "ChannelProto::getPktType- End, type = %d\n", packetType); @@ -283,7 +302,8 @@ ChannelProto::getReqIdAndPayloadLength( char *pChannelHdr = NULL; int bytesLeft = hdrLength; - // Skip the Channel Packet Type + // Skip the Channel Packet Type which should always + // be the first header. while (bytesLeft >= 2) { if (*pCurr == '\r' @@ -334,7 +354,17 @@ ChannelProto::getReqIdAndPayloadLength( *(pCurr-2) = '\0'; // Convert the value to hex - *pReqId = strtoul(pValue, NULL, 16); + errno = 0; + unsigned long int value = strtoul(pValue, NULL, 16); + if (errno != 0 + || value > UINT32_MAX) + { + DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid reqId value, %s\n", pValue); + break; + } + + // Use the value + *pReqId = (uint32_t) value; // Undo the damage that we did *(pCurr-2) = '\r'; @@ -353,7 +383,17 @@ ChannelProto::getReqIdAndPayloadLength( *(pCurr-2) = '\0'; // Convert the value to hex - *pPayloadLength = strtoul(pValue, NULL, 16); + errno = 0; + long int value = strtol(pValue, NULL, 16); + if (errno != 0 + || value > INT32_MAX) + { + DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue); + break; + } + + // Use the value + *pPayloadLength = (int32_t) value; // Undo the damage that we did *(pCurr-2) = '\r'; diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h index 669a22ac..d53349ee 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h @@ -113,12 +113,16 @@ public: // Parameters: // buff (input) - // Reference to buffer containing the packet data. + // + // hdrLength (input) - + // Length of the channel header. // // Abstract: Returns the type of the specified channel packet. // // Returns: Channel packet type. // - static PacketTypes getPktType(char &buff); + static PacketTypes getPktType(char &buff, + int hdrLength); // // Get Req Id and Payload Length Values routine diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp index 6846ec98..98b2ef03 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp @@ -234,15 +234,15 @@ SChannel::connectionThread( { SChannel *pSChannel = *pSmartSChannel; bool doneReceivingData = false; - unsigned long bytesReceived; + int32_t bytesReceived; unsigned long bytesSent; uint32_t reqId; - int payloadLength; + int32_t payloadLength; unsigned long totalPayloadBytesReceived = 0; char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()]; char *pRecvBuff; - ServerReq *pServerReq; + ServerReq *pServerReq = NULL; DbgTrace(1, "SChannel::connectionThread- Start, Obj = %0X\n", pSChannel); @@ -285,7 +285,7 @@ SChannel::connectionThread( &payloadLength)) { // Procced based on the packet type - switch (ChannelProto::getPktType(*reqDataPktHdr)) + switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr))) { case ChannelProto::ReqDataCarrierPacketType: diff --git a/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp b/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp index a12fd69f..f7ca8e5c 100644 --- a/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp +++ b/CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp @@ -101,13 +101,13 @@ pthread_mutex_t interlockedMutex; typedef map RSMap; typedef RSMap::iterator RSMapIter; typedef pair RSIterBoolPair; -RSMap rsMap; +RSMap rsMap; int numActiveRequests = 0; // // Next request id (Can not be zero) // -int32_t nextReqId = 1; +uint32_t nextReqId = 1; // // Pending ServerRequests List and count - Server requests are staged on this lists until @@ -436,15 +436,25 @@ BindSocket(int socketToBind) // Remove pre-existing socket unlink(listenSocketFile); - // Setup the address that the daemon will use to listen - // for connections. - listenAddr.sun_family = AF_UNIX; - strcpy(listenAddr.sun_path, listenSocketFile); + // Verify that the specified path is not too long + if (strlen(listenSocketFile) < sizeof(sizeof(listenAddr.sun_path))) + { + // Setup the address that the daemon will use to listen + // for connections. + listenAddr.sun_family = AF_UNIX; + strncpy(listenAddr.sun_path, listenSocketFile, sizeof(listenAddr.sun_path) - 1); - // Perform the bind operation - retStatus = bind(socketToBind, - (const sockaddr*) &listenAddr, - sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path)); + // Perform the bind operation + retStatus = bind(socketToBind, + (const sockaddr*) &listenAddr, + sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path)); + } + else + { + DbgTrace(0, "BindSocket- Listen socket file path too long\n", 0); + errno = ERANGE; + retStatus = -1; + } // Return the file creation mask to its previous value umask(prevMask); @@ -688,7 +698,7 @@ void* ServiceConnectionsThread(void) //++======================================================================= extern "C" -int32_t +uint32_t IpcServerGetRequest(void) // // Arguments In: None. @@ -813,7 +823,7 @@ exit: extern "C" int32_t IpcServerGetRequestData( - IN int32_t requestId, + IN uint32_t requestId, INOUT char **ppReqData) // // Arguments In: requestId - The id of the request being processed. @@ -884,7 +894,7 @@ IpcServerGetRequestData( extern "C" void IpcServerCompleteRequest( - IN int32_t requestId, + IN uint32_t requestId, IN char *pReplyData) // // Arguments In: requestId - The id of the request being completed. @@ -950,7 +960,7 @@ IpcServerCompleteRequest( extern "C" void IpcServerAbortRequest( - IN int32_t requestId) + IN uint32_t requestId) // // Arguments In: requestId - The id of the request being aborted. // @@ -1246,7 +1256,7 @@ IpcServerInit( DbgTrace(1, "IpcServerInit- Start\n", 0); // Check input parameters - if (pAppName == NULL) + if (pName == NULL) { DbgTrace(0, "IpcServerInit- Invalid parameter\n", 0); goto exit;