geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Modifications to resolve issues found during self-code review.

Browse Source
This commit is contained in:
Juan Carlos Luciani
2006-12-08 05:45:03 +00:00
parent 9a0426279c
commit 8ade751650
34 changed files with 524 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CASA-auth-token/server/AuthTokenValidate/Svc/README
View File

@@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.

2
CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD
View File

@@ -107,7 +107,7 @@ StartDAEMON()
StopDAEMON()
{
echo -n "Shutting down..."
echo -n "Stopping casa_atvd..."
killproc $DAEMON
RVAL=$?
$ECHO

81
CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@@ -36,6 +36,11 @@
#define MAXFD 64
#define MIN_THREADS 1
#define MAX_THREADS 4096
#define DEFAULT_BEGIN_THREADS 5
#define DEFAULT_GROW_THREADS 5
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//===[ Type definitions ]==================================================
@@ -51,9 +56,9 @@ WorkerThread(void*);
char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n";
// Worker thread pool configuration parameters
int beginThreads = 5;
int growThreads = 5;
int maxThreads = 4096;
int beginThreads = DEFAULT_BEGIN_THREADS;
int growThreads = DEFAULT_GROW_THREADS;
int maxThreads = MAX_THREADS;
int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4;
@@ -64,7 +69,7 @@ double numPerishingThreads = 0;
// Listen Port Number
//int listenPortNumber = 5000;
int listenPortNumber = 0;
unsigned short int listenPortNumber = 0;
// Parameter indicating whether or not the server needs to run
// as a daemon.
@@ -133,7 +138,7 @@ ServiceRequests(void)
while (!terminating)
{
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
uint32_t requestId = IpcServerGetRequest();
if (requestId != 0)
{
// We got a request that needs servicing, now get the
@@ -591,7 +596,7 @@ InitJavaInvoke(void)
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
}
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus);
return retStatus;
@@ -616,8 +621,11 @@ UnInitJavaInvoke(void)
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm
g_jvm->DestroyJavaVM();
g_jvm = NULL;
if (g_jvm)
{
g_jvm->DestroyJavaVM();
g_jvm = NULL;
}
g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
@@ -694,7 +702,6 @@ DaemonInit(
for (int i = 0; i < MAXFD; i++)
close(i);
// Spawn a worker
if ((pid = fork()) == -1)
{
@@ -801,6 +808,7 @@ main(
// Scan through the options specified
while (!doneScanning)
{
long int value = 0;
opterr = 0;
option = getopt(argc, argv, "m:p:b:g:D:ds");
@@ -810,15 +818,36 @@ main(
case 'p':
// Port number option, record location of
// argument.
listenPortNumber = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value > 0
&& value <= USHRT_MAX)
{
listenPortNumber = (unsigned short int) value;
}
else
{
fprintf(stderr, "Specified ListenPort parameter out of range, using default value");
}
optionsSpecified ++;
break;
case 'b':
// Begin threads option, override the default parameter
// with the value of the option.
beginThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
beginThreads = (int) value;
}
else
{
fprintf(stderr, "Specified BeginThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -826,7 +855,18 @@ main(
case 'g':
// Grow threads option, override the default parameter
// with the value of the option.
growThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
growThreads = (int) value;
}
else
{
fprintf(stderr, "Specified GrowThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -834,7 +874,18 @@ main(
case 'm':
// Max threads option, override the default parameter
// with the value of the option.
maxThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
maxThreads = (int) value;
}
else
{
fprintf(stderr, "Specified MaxThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@@ -966,7 +1017,7 @@ main(
{
// Invalid option detected or the user failed to
// specify the listening port number.
printf(usage, argv[0]);
fprintf(stderr, usage, argv[0]);
}
return 0;