geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Modifications to resolve issues found during self-code review.

Browse Source
This commit is contained in:
Juan Carlos Luciani
2006-12-08 05:45:03 +00:00
parent 9a0426279c
commit 8ade751650
34 changed files with 524 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CASA-auth-token/server/AuthTokenValidate/README
View File

@@ -87,6 +87,18 @@ CASA Authentication Tokens when compromised can be used to either impersonate
a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL.
Under Linux, the Validate CASA Authentication Token libraries validate tokens
by invoking a service (casa_atvd, also knon as CasaAuthtokenValidateD). The security of the
communications that happen between the library and the service is dependent on the properties
of the stack providing Unix Domain Sockets communications and the file system rights setup
on the folder where the domain sockets are created.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on casa_atvd. If this is not acceptable then change the
rigths on the folder to only allow selected users to connect to it.

6
CASA-auth-token/server/AuthTokenValidate/Svc/README
View File

@@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.

2
CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD
View File

@@ -107,7 +107,7 @@ StartDAEMON()
StopDAEMON()
{
echo -n "Shutting down..."
echo -n "Stopping casa_atvd..."
killproc $DAEMON
RVAL=$?
$ECHO

81
CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@@ -36,6 +36,11 @@
#define MAXFD 64
#define MIN_THREADS 1
#define MAX_THREADS 4096
#define DEFAULT_BEGIN_THREADS 5
#define DEFAULT_GROW_THREADS 5
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//===[ Type definitions ]==================================================
@@ -51,9 +56,9 @@ WorkerThread(void*);
char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n";
// Worker thread pool configuration parameters
int beginThreads = 5;
int growThreads = 5;
int maxThreads = 4096;
int beginThreads = DEFAULT_BEGIN_THREADS;
int growThreads = DEFAULT_GROW_THREADS;
int maxThreads = MAX_THREADS;
int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4;
@@ -64,7 +69,7 @@ double numPerishingThreads = 0;
// Listen Port Number
//int listenPortNumber = 5000;
int listenPortNumber = 0;
unsigned short int listenPortNumber = 0;
// Parameter indicating whether or not the server needs to run
// as a daemon.
@@ -133,7 +138,7 @@ ServiceRequests(void)
while (!terminating)
{
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
uint32_t requestId = IpcServerGetRequest();
if (requestId != 0)
{
// We got a request that needs servicing, now get the
@@ -591,7 +596,7 @@ InitJavaInvoke(void)
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
}
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus);
return retStatus;
@@ -616,8 +621,11 @@ UnInitJavaInvoke(void)
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm
g_jvm->DestroyJavaVM();
g_jvm = NULL;
if (g_jvm)
{
g_jvm->DestroyJavaVM();
g_jvm = NULL;
}
g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
@@ -694,7 +702,6 @@ DaemonInit(
for (int i = 0; i < MAXFD; i++)
close(i);
// Spawn a worker
if ((pid = fork()) == -1)
{
@@ -801,6 +808,7 @@ main(
// Scan through the options specified
while (!doneScanning)
{
long int value = 0;
opterr = 0;
option = getopt(argc, argv, "m:p:b:g:D:ds");
@@ -810,15 +818,36 @@ main(
case 'p':
// Port number option, record location of
// argument.
listenPortNumber = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value > 0
&& value <= USHRT_MAX)
{
listenPortNumber = (unsigned short int) value;
}
else
{
fprintf(stderr, "Specified ListenPort parameter out of range, using default value");
}
optionsSpecified ++;
break;
case 'b':
// Begin threads option, override the default parameter
// with the value of the option.
beginThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
beginThreads = (int) value;
}
else
{
fprintf(stderr, "Specified BeginThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -826,7 +855,18 @@ main(
case 'g':
// Grow threads option, override the default parameter
// with the value of the option.
growThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
growThreads = (int) value;
}
else
{
fprintf(stderr, "Specified GrowThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -834,7 +874,18 @@ main(
case 'm':
// Max threads option, override the default parameter
// with the value of the option.
maxThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
maxThreads = (int) value;
}
else
{
fprintf(stderr, "Specified MaxThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -966,7 +1017,7 @@ main(
{
// Invalid option detected or the user failed to
// specify the listening port number.
printf(usage, argv[0]);
fprintf(stderr, usage, argv[0]);
}
return 0;

163
CASA-auth-token/server/AuthTokenValidate/config.c
View File

@@ -93,7 +93,6 @@ RemoveWhiteSpaceFromTheEnd(
{
char *pLineEnd = (char*) pInString + strlen(pInString) - 1;
DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0);
while (pLineEnd != pInString)
@@ -217,6 +216,8 @@ LowerCaseString(
// Abstract:
//
// Notes:
// Notes: Function assumes that the caller has made sure that the destination
// string buffer has enough space to receive the resulting string.
//
// L2
//=======================================================================--
@@ -271,7 +272,7 @@ AddReference(
refCount = pConfigIfInstance->refCount;
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@@ -378,13 +379,13 @@ GetEntryValue(
char *pValue = NULL;
LIST_ENTRY *pListEntry;
ConfigKey *pConfigKey;
int keyNameLen = strlen(pKeyName);
int keyNameLen = (int) strlen(pKeyName);
char *pKeyNameLowercase;
DbgTrace(2, "-GetEntryValue- Start\n", 0);
// Allocate enough space to hold lower case version of the key name
pKeyNameLowercase = malloc(keyNameLen + 1);
pKeyNameLowercase = (char*) malloc(keyNameLen + 1);
if (pKeyNameLowercase)
{
// Lower case the key name
@@ -402,7 +403,7 @@ GetEntryValue(
&& memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0)
{
// We found it, return its value.
pValue = malloc(pConfigKey->valueLen + 1);
pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pValue)
{
strcpy(pValue, pConfigKey->pValue);
@@ -426,7 +427,7 @@ GetEntryValue(
DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0);
}
DbgTrace(2, "-GetEntryValue- End, pValue = %08X\n", (unsigned int) pValue);
DbgTrace(2, "-GetEntryValue- End, pValue = %0X\n", (unsigned int) pValue);
return pValue;
}
@@ -461,8 +462,8 @@ GetConfigInterface(
// L2
//=======================================================================--
{
int configFolderLen = strlen(pConfigFolder);
int configNameLen = strlen(pConfigName);
int configFolderLen = (int) strlen(pConfigFolder);
int configNameLen = (int) strlen(pConfigName);
ConfigIfInstance *pConfigIfInstance;
LIST_ENTRY *pListEntry;
CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
@@ -506,13 +507,13 @@ GetConfigInterface(
char *pFilePath;
// Build a string containing the configuration file path
pFilePath = malloc(configFolderLen + 1 + configNameLen + sizeof(".conf"));
pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1);
if (pFilePath)
{
FILE *pConfigFile;
strcpy(pFilePath, pConfigFolder);
strcat(pFilePath, "/");
strcat(pFilePath, pathCharString);
strcat(pFilePath, pConfigName);
strcat(pFilePath, ".conf");
@@ -521,7 +522,7 @@ GetConfigInterface(
if (pConfigFile)
{
// Opened the file, create a ConfigIfInstance object for it.
pConfigIfInstance = malloc(sizeof(*pConfigIfInstance));
pConfigIfInstance = (ConfigIfInstance*) malloc(sizeof(*pConfigIfInstance));
if (pConfigIfInstance)
{
// Initialize the list head within the instance data
@@ -533,13 +534,13 @@ GetConfigInterface(
pConfigIfInstance->configIf.getEntryValue = GetEntryValue;
// Save the ConfigFolder and ConfigName information within the instance data
pConfigIfInstance->pConfigFolder = malloc(configFolderLen + 1);
pConfigIfInstance->pConfigFolder = (char*) malloc(configFolderLen + 1);
if (pConfigIfInstance->pConfigFolder)
{
strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder);
pConfigIfInstance->configFolderLen = configFolderLen;
pConfigIfInstance->pConfigName = malloc(configNameLen + 1);
pConfigIfInstance->pConfigName = (char*) malloc(configNameLen + 1);
if (pConfigIfInstance->pConfigName)
{
strcpy(pConfigIfInstance->pConfigName, pConfigName);
@@ -562,90 +563,100 @@ GetConfigInterface(
// Now update the instance data with the information present in the file
if (fseek(pConfigFile, 0, SEEK_SET) == 0)
{
char line[512];
while (fgets(line, sizeof(line), pConfigFile) != NULL)
#define MAX_LINE_LEN 1024
char *pLine = (char*) malloc(MAX_LINE_LEN);
if (pLine)
{
int lineLength;
RemoveWhiteSpaceFromTheEnd(line);
lineLength = strlen(line);
if (lineLength != 0)
while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL)
{
char *pKey;
char *pKeyEnd;
char *pValue;
ConfigKey *pConfigKey;
int lineLength;
// Attempt to find the key
pKey = SkipWhiteSpace(line);
RemoveWhiteSpaceFromTheEnd(pLine);
// Make sure that we are not dealing with an empty line or a comment
if (*pKey == '\0' || *pKey == '#')
continue;
// Go past the key
pKeyEnd = SkipNonWhiteSpace(pKey);
// Protect against a malformed line
if (*pKeyEnd == '\0')
lineLength = (int) strlen(pLine);
if (lineLength != 0)
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
char *pKey;
char *pKeyEnd;
char *pValue;
ConfigKey *pConfigKey;
// Attempt to find the value
pValue = SkipWhiteSpace(pKeyEnd);
// Attempt to find the key
pKey = SkipWhiteSpace(pLine);
// Protect against a malformed line
if (*pValue == '\0')
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Make sure that we are not dealing with an empty line or a comment
if (*pKey == '\0' || *pKey == '#')
continue;
// Delineate the key
*pKeyEnd = '\0';
// Go past the key
pKeyEnd = SkipNonWhiteSpace(pKey);
// Create a ConfigKey object for this key/value pair
pConfigKey = malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = strlen(pKey);
pConfigKey->pKeyName = malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
// Protect against a malformed line
if (*pKeyEnd == '\0')
{
// Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
pConfigKey->valueLen = strlen(pValue);
pConfigKey->pValue = malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
// Attempt to find the value
pValue = SkipWhiteSpace(pKeyEnd);
// Protect against a malformed line
if (*pValue == '\0')
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Delineate the key
*pKeyEnd = '\0';
// Create a ConfigKey object for this key/value pair
pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = (int) strlen(pKey);
pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
{
strcpy(pConfigKey->pValue, pValue);
// Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
// The entry is ready, now associate it with the instance data.
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry);
pConfigKey->valueLen = (int) strlen(pValue);
pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
{
strcpy(pConfigKey->pValue, pValue);
// The entry is ready, now associate it with the instance data.
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey);
}
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
}
// Free the buffer allocated for holding line strings
free(pLine);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
}
else
@@ -680,8 +691,12 @@ GetConfigInterface(
}
else
{
DbgTrace(1, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath);
}
// Free the buffer allocated for the file path
free(pFilePath);
}
else
{
@@ -691,7 +706,7 @@ GetConfigInterface(
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -724,7 +739,7 @@ ConfigIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

16
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
View File

@@ -452,7 +452,7 @@ ConsumeElementData(
}
}
DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-ConsumeElementData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -801,7 +801,7 @@ AddReference(
refCount = pIdenTokenIfInstance->refCount;
PlatReleaseMutex(g_idenTokenIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@@ -923,7 +923,7 @@ GetIdentityId(
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -999,7 +999,7 @@ GetSourceName(
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -1075,7 +1075,7 @@ GetSourceUrl(
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -1222,7 +1222,7 @@ AttributeEnumerate(
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -1385,7 +1385,7 @@ GetIdenTokenInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -1418,7 +1418,7 @@ IdenTokenIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

4
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c
View File

@@ -90,7 +90,7 @@ AddReference(
refCount = pIdenTokenProviderIfInstance->refCount;
PlatReleaseMutex(g_idenTokenProviderIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@@ -334,7 +334,7 @@ GET_IDEN_TOKEN_PROVIDER_INTERFACE_RTN(
exit:
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}

2
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c
View File

@@ -81,7 +81,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

8
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h
View File

@@ -50,22 +50,22 @@
//
// DbgTrace macro define
//
#define DbgTrace(LEVEL, X, Y) { \
/*#define DbgTrace(LEVEL, X, Y) { \
char printBuff[256]; \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
_snprintf(printBuff, sizeof(printBuff), X, Y); \
fprintf(stderr, "CASA_IdenToken %s", printBuff); \
} \
}
/*#define DbgTrace(LEVEL, X, Y) { \
}*/
#define DbgTrace(LEVEL, X, Y) { \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \
syslog(LOG_USER | LOG_INFO, X, Y); \
closelog(); \
} \
}*/
}
// Deal with function name mapping issues

7
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c
View File

@@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

6
CASA-auth-token/server/AuthTokenValidate/identoken.c
View File

@@ -81,7 +81,7 @@ GetIdenTokenProviderInterface(
DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0);
// Get the configuration for the module
retStatus = GetConfigInterface("/etc/CASA/authtoken/modules",
retStatus = GetConfigInterface(moduleConfigFolderPath,
pIdenTokenTypeName,
&pModuleConfigIf);
if (CASA_SUCCESS(retStatus)
@@ -247,7 +247,7 @@ GetIdenTokenProviderInterface(
CASA_STATUS_CONFIGURATION_ERROR);
}
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -280,7 +280,7 @@ IdenTokenInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

6
CASA-auth-token/server/AuthTokenValidate/internal.h
View File

@@ -65,6 +65,8 @@ typedef struct _AuthToken
//===[ Global externals ]==================================================
extern int DebugLevel;
extern char pathCharString[];
extern char moduleConfigFolderPath[];
extern char IpcClientLibraryPath[];
//===[ External prototypes ]===============================================
@@ -214,8 +216,8 @@ DecodeData(
extern
int
dtoul(
IN char *cp,
IN int len);
IN const char *cp,
IN const int len);
//=========================================================================

8
CASA-auth-token/server/AuthTokenValidate/linux/platform.c
View File

@@ -41,6 +41,12 @@ typedef struct _PlatformMutex
//===[ Global variables ]==================================================
// Path separator
char pathCharString[] = "/";
// Modules configuration folder path
char moduleConfigFolderPath[] = "/etc/CASA/authtoken/modules";
//
// Module synchronization mutex
//
@@ -113,7 +119,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

93
CASA-auth-token/server/AuthTokenValidate/principal.c
View File

@@ -72,18 +72,27 @@ AddReference(
// L2
//=======================================================================--
{
int refCount;
int refCount = 0;
PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf);
DbgTrace(2, "-AddReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-AddReference- Invalid parameter\n", 0);
goto exit;
}
// Increment the reference count on the object
PlatAcquireMutex(g_principalIfMutex);
pPrincipalIfInstance->refCount ++;
refCount = pPrincipalIfInstance->refCount;
PlatReleaseMutex(g_principalIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
exit:
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@@ -114,6 +123,13 @@ ReleaseReference(
DbgTrace(2, "-ReleaseReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-ReleaseReference- Invalid parameter\n", 0);
goto exit;
}
// Decrement the reference count on the object and determine if it needs to
// be released.
PlatAcquireMutex(g_principalIfMutex);
@@ -136,6 +152,8 @@ ReleaseReference(
free(pPrincipalIfInstance);
}
exit:
DbgTrace(2, "-ReleaseReference- End\n", 0);
}
@@ -176,12 +194,26 @@ GetIdentityId(
DbgTrace(2, "-GetIdentityId- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pIdentIdLen == NULL
|| (*pIdentIdLen != 0 && pIdentIdBuf == NULL))
{
DbgTrace(0, "-GetIdentityId- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf,
pIdentIdBuf,
pIdentIdLen);
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -224,12 +256,26 @@ GetSourceName(
DbgTrace(2, "-GetSourceName- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceNameLen == NULL
|| (*pSourceNameLen != 0 && pSourceNameBuf == NULL))
{
DbgTrace(0, "-GetSourceName- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf,
pSourceNameBuf,
pSourceNameLen);
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -272,12 +318,26 @@ GetSourceUrl(
DbgTrace(2, "-GetSourceUrl- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceUrlLen == NULL
|| (*pSourceUrlLen != 0 && pSourceUrlBuf == NULL))
{
DbgTrace(0, "-GetSourceUrl- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf,
pSourceUrlBuf,
pSourceUrlLen);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -335,6 +395,21 @@ AttributeEnumerate(
DbgTrace(2, "-AttributeEnumerate- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pEnumHandle == NULL
|| pAttribNameLen == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|| pAttribValueLen == NULL
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
{
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf,
pEnumHandle,
@@ -343,7 +418,9 @@ AttributeEnumerate(
pAttribValueBuf,
pAttribValueLen);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -409,7 +486,7 @@ GetPrincipalInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -442,7 +519,7 @@ PrincipalIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

11
CASA-auth-token/server/AuthTokenValidate/util.c
View File

@@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -276,8 +275,8 @@ DecodeData(
//++=======================================================================
int
dtoul(
IN char *cp,
IN int len)
IN const char *cp,
IN const int len)
//
// Arguments:
//
@@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

22
CASA-auth-token/server/AuthTokenValidate/validate.c
View File

@@ -32,6 +32,9 @@
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//#define INT32_MAX 2147483647
//===[ Type definitions ]==================================================
//===[ Function prototypes ]===============================================
@@ -68,10 +71,10 @@ uint32_t g_atvsEndPointHandle; // Authentication Token Validation Service endp
//++=======================================================================
CasaStatus SSCS_CALL
ValidateAuthToken(
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf)
IN const char *pServiceName,
IN const char *pTokenBuf,
IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf)
//
// Arguments:
// pServiceName -
@@ -105,7 +108,7 @@ ValidateAuthToken(
{
CasaStatus retStatus;
char *pDecodedTokenBuf;
int decodedTokenBufLen;
int32_t decodedTokenBufLen;
PrincipalIf *pPrincipalIf;
DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@@ -114,6 +117,7 @@ ValidateAuthToken(
if (pServiceName == NULL
|| pTokenBuf == NULL
|| tokenBufLen == 0
|| tokenBufLen > INT32_MAX
|| ppPrincipalIf == NULL)
{
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@@ -248,7 +252,7 @@ ValidateAuthToken(
if (CASA_SUCCESS(retStatus))
{
char *pIdenTokenData;
int idenTokenDataLen;
int32_t idenTokenDataLen;
// Assume failure
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@@ -343,7 +347,7 @@ ValidateAuthToken(
exit:
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@@ -364,8 +368,8 @@ so_init()
// L2
//=======================================================================--
{
// Check for environment variable specifying that the application is
// multi-threaded.
// Check for environment variable specifying that the application
// is not multi-threaded.
if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL)
{
// The parameter has been configured, remember it.