geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Modifications to resolve issues found during self-code review.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2006-12-08 05:45:03 +00:00
parent 9a0426279c
commit 8ade751650
34 changed files with 524 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CASA-auth-token/client/lib/engine.c
View File

@ -624,7 +624,10 @@ ObtainAuthTokenInt(
} }
else else
{ {
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0); if (*pAuthTokenBufLen != 0)
{
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0);
}
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_BUFFER_OVERFLOW); CASA_STATUS_BUFFER_OVERFLOW);

4
CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
View File

@ -66,7 +66,7 @@ atsIsRunning()
StartDAEMON() StartDAEMON()
{ {
# Start the daemon # Start the daemon
echo -n "Starting casa_atsd" echo -n "Starting casa_atsd..."
## Start daemon with startproc(8). If this fails ## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate. ## the echo return value is set appropriate.
@ -126,7 +126,7 @@ StartDAEMON()
StopDAEMON() StopDAEMON()
{ {
# Stop the daemon # Stop the daemon
echo -n "Shutting down casa_atsd" echo -n "Stopping casa_atsd..."
## Stop daemon with killproc(8) and if this fails ## Stop daemon with killproc(8) and if this fails
## set echo the echo return value. ## set echo the echo return value.
if atsIsRunning ; then if atsIsRunning ; then

27
CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c
View File

@ -153,10 +153,10 @@ check_password(
// Now get a copy of the location being protected // Now get a copy of the location being protected
if (i > 1) if (i > 1)
{ {
pLocationName = apr_palloc(r->pool, i); pLocationName = apr_palloc(r->pool, i + 1);
if (pLocationName) if (pLocationName)
{ {
memset(pLocationName, 0, i); memset(pLocationName, 0, i + 1);
memcpy(pLocationName, &(r->uri[1]), i - 1); // Do not include the slashes memcpy(pLocationName, &(r->uri[1]), i - 1); // Do not include the slashes
} }
else else
@ -207,7 +207,6 @@ check_password(
&pPrincipalIf); &pPrincipalIf);
if (CASA_SUCCESS(casaStatus)) if (CASA_SUCCESS(casaStatus))
{ {
int buffLen = 0; int buffLen = 0;
apr_table_t *e = r->subprocess_env; apr_table_t *e = r->subprocess_env;
@ -248,7 +247,7 @@ check_password(
} }
else else
{ {
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %08X", casaStatus); ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR; retStatus = AUTH_GENERAL_ERROR;
} }
@ -288,7 +287,7 @@ check_password(
} }
else else
{ {
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %08X", casaStatus); ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR; retStatus = AUTH_GENERAL_ERROR;
} }
} }
@ -329,7 +328,7 @@ check_password(
} }
else else
{ {
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %08X", casaStatus); ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR; retStatus = AUTH_GENERAL_ERROR;
} }
} }
@ -390,7 +389,7 @@ check_password(
} }
else else
{ {
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %08X", casaStatus); ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR; retStatus = AUTH_GENERAL_ERROR;
} }
} }
@ -410,18 +409,8 @@ check_password(
} }
else else
{ {
// We did not check the username, set the return status based on the status // We did not check the username, allow other providers to get a crack to it.
// returned by ValidateAuthToken(). retStatus = AUTH_USER_NOT_FOUND;
if (CasaStatusCode(casaStatus) == CASA_STATUS_AUTHENTICATION_FAILURE)
{
// Authentication failed
retStatus = AUTH_DENIED;
}
else
{
// Allow other providers to get a crack to it
retStatus = AUTH_USER_NOT_FOUND;
}
} }
} }
} }

12
CASA-auth-token/server/AuthTokenValidate/README
View File

@ -87,6 +87,18 @@ CASA Authentication Tokens when compromised can be used to either impersonate
a user or to obtain identity information about the user. Because of this it is a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL. recommended that the tokens be transmitted using SSL.
Under Linux, the Validate CASA Authentication Token libraries validate tokens
by invoking a service (casa_atvd, also knon as CasaAuthtokenValidateD). The security of the
communications that happen between the library and the service is dependent on the properties
of the stack providing Unix Domain Sockets communications and the file system rights setup
on the folder where the domain sockets are created.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on casa_atvd. If this is not acceptable then change the
rigths on the folder to only allow selected users to connect to it.

6
CASA-auth-token/server/AuthTokenValidate/Svc/README
View File

@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder. listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.

2
CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD
View File

@ -107,7 +107,7 @@ StartDAEMON()
StopDAEMON() StopDAEMON()
{ {
echo -n "Shutting down..." echo -n "Stopping casa_atvd..."
killproc $DAEMON killproc $DAEMON
RVAL=$? RVAL=$?
$ECHO $ECHO

81
CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@ -36,6 +36,11 @@
#define MAXFD 64 #define MAXFD 64
#define MIN_THREADS 1
#define MAX_THREADS 4096
#define DEFAULT_BEGIN_THREADS 5
#define DEFAULT_GROW_THREADS 5
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket" #define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//===[ Type definitions ]================================================== //===[ Type definitions ]==================================================
@ -51,9 +56,9 @@ WorkerThread(void*);
char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n"; char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n";
// Worker thread pool configuration parameters // Worker thread pool configuration parameters
int beginThreads = 5; int beginThreads = DEFAULT_BEGIN_THREADS;
int growThreads = 5; int growThreads = DEFAULT_GROW_THREADS;
int maxThreads = 4096; int maxThreads = MAX_THREADS;
int minWaitingThreads = beginThreads; int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4; int maxWaitingThreads = beginThreads * 4;
@ -64,7 +69,7 @@ double numPerishingThreads = 0;
// Listen Port Number // Listen Port Number
//int listenPortNumber = 5000; //int listenPortNumber = 5000;
int listenPortNumber = 0; unsigned short int listenPortNumber = 0;
// Parameter indicating whether or not the server needs to run // Parameter indicating whether or not the server needs to run
// as a daemon. // as a daemon.
@ -133,7 +138,7 @@ ServiceRequests(void)
while (!terminating) while (!terminating)
{ {
// Get a request that needs servicing // Get a request that needs servicing
int32_t requestId = IpcServerGetRequest(); uint32_t requestId = IpcServerGetRequest();
if (requestId != 0) if (requestId != 0)
{ {
// We got a request that needs servicing, now get the // We got a request that needs servicing, now get the
@ -591,7 +596,7 @@ InitJavaInvoke(void)
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0); DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
} }
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus); DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
@ -616,8 +621,11 @@ UnInitJavaInvoke(void)
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0); DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm // Destroy the jvm
g_jvm->DestroyJavaVM(); if (g_jvm)
g_jvm = NULL; {
g_jvm->DestroyJavaVM();
g_jvm = NULL;
}
g_env = NULL; g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0); DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
@ -694,7 +702,6 @@ DaemonInit(
for (int i = 0; i < MAXFD; i++) for (int i = 0; i < MAXFD; i++)
close(i); close(i);
// Spawn a worker // Spawn a worker
if ((pid = fork()) == -1) if ((pid = fork()) == -1)
{ {
@ -801,6 +808,7 @@ main(
// Scan through the options specified // Scan through the options specified
while (!doneScanning) while (!doneScanning)
{ {
long int value = 0;
opterr = 0; opterr = 0;
option = getopt(argc, argv, "m:p:b:g:D:ds"); option = getopt(argc, argv, "m:p:b:g:D:ds");
@ -810,15 +818,36 @@ main(
case 'p': case 'p':
// Port number option, record location of // Port number option, record location of
// argument. // argument.
listenPortNumber = atoi(optarg); errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value > 0
&& value <= USHRT_MAX)
{
listenPortNumber = (unsigned short int) value;
}
else
{
fprintf(stderr, "Specified ListenPort parameter out of range, using default value");
}
optionsSpecified ++; optionsSpecified ++;
break; break;
case 'b': case 'b':
// Begin threads option, override the default parameter // Begin threads option, override the default parameter
// with the value of the option. // with the value of the option.
beginThreads = atoi(optarg); errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
beginThreads = (int) value;
}
else
{
fprintf(stderr, "Specified BeginThreads parameter out of range, using default value");
}
optionsSpecified ++; optionsSpecified ++;
break; break;
@ -826,7 +855,18 @@ main(
case 'g': case 'g':
// Grow threads option, override the default parameter // Grow threads option, override the default parameter
// with the value of the option. // with the value of the option.
growThreads = atoi(optarg); errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
growThreads = (int) value;
}
else
{
fprintf(stderr, "Specified GrowThreads parameter out of range, using default value");
}
optionsSpecified ++; optionsSpecified ++;
break; break;
@ -834,7 +874,18 @@ main(
case 'm': case 'm':
// Max threads option, override the default parameter // Max threads option, override the default parameter
// with the value of the option. // with the value of the option.
maxThreads = atoi(optarg); errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
maxThreads = (int) value;
}
else
{
fprintf(stderr, "Specified MaxThreads parameter out of range, using default value");
}
optionsSpecified ++; optionsSpecified ++;
break; break;
@ -966,7 +1017,7 @@ main(
{ {
// Invalid option detected or the user failed to // Invalid option detected or the user failed to
// specify the listening port number. // specify the listening port number.
printf(usage, argv[0]); fprintf(stderr, usage, argv[0]);
} }
return 0; return 0;

163
CASA-auth-token/server/AuthTokenValidate/config.c
View File

@ -93,7 +93,6 @@ RemoveWhiteSpaceFromTheEnd(
{ {
char *pLineEnd = (char*) pInString + strlen(pInString) - 1; char *pLineEnd = (char*) pInString + strlen(pInString) - 1;
DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0); DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0);
while (pLineEnd != pInString) while (pLineEnd != pInString)
@ -217,6 +216,8 @@ LowerCaseString(
// Abstract: // Abstract:
// //
// Notes: // Notes:
// Notes: Function assumes that the caller has made sure that the destination
// string buffer has enough space to receive the resulting string.
// //
// L2 // L2
//=======================================================================-- //=======================================================================--
@ -271,7 +272,7 @@ AddReference(
refCount = pConfigIfInstance->refCount; refCount = pConfigIfInstance->refCount;
PlatReleaseMutex(g_configIfMutex); PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount; return refCount;
} }
@ -378,13 +379,13 @@ GetEntryValue(
char *pValue = NULL; char *pValue = NULL;
LIST_ENTRY *pListEntry; LIST_ENTRY *pListEntry;
ConfigKey *pConfigKey; ConfigKey *pConfigKey;
int keyNameLen = strlen(pKeyName); int keyNameLen = (int) strlen(pKeyName);
char *pKeyNameLowercase; char *pKeyNameLowercase;
DbgTrace(2, "-GetEntryValue- Start\n", 0); DbgTrace(2, "-GetEntryValue- Start\n", 0);
// Allocate enough space to hold lower case version of the key name // Allocate enough space to hold lower case version of the key name
pKeyNameLowercase = malloc(keyNameLen + 1); pKeyNameLowercase = (char*) malloc(keyNameLen + 1);
if (pKeyNameLowercase) if (pKeyNameLowercase)
{ {
// Lower case the key name // Lower case the key name
@ -402,7 +403,7 @@ GetEntryValue(
&& memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0) && memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0)
{ {
// We found it, return its value. // We found it, return its value.
pValue = malloc(pConfigKey->valueLen + 1); pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pValue) if (pValue)
{ {
strcpy(pValue, pConfigKey->pValue); strcpy(pValue, pConfigKey->pValue);
@ -426,7 +427,7 @@ GetEntryValue(
DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0); DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0);
} }
DbgTrace(2, "-GetEntryValue- End, pValue = %08X\n", (unsigned int) pValue); DbgTrace(2, "-GetEntryValue- End, pValue = %0X\n", (unsigned int) pValue);
return pValue; return pValue;
} }
@ -461,8 +462,8 @@ GetConfigInterface(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int configFolderLen = strlen(pConfigFolder); int configFolderLen = (int) strlen(pConfigFolder);
int configNameLen = strlen(pConfigName); int configNameLen = (int) strlen(pConfigName);
ConfigIfInstance *pConfigIfInstance; ConfigIfInstance *pConfigIfInstance;
LIST_ENTRY *pListEntry; LIST_ENTRY *pListEntry;
CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL, CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
@ -506,13 +507,13 @@ GetConfigInterface(
char *pFilePath; char *pFilePath;
// Build a string containing the configuration file path // Build a string containing the configuration file path
pFilePath = malloc(configFolderLen + 1 + configNameLen + sizeof(".conf")); pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1);
if (pFilePath) if (pFilePath)
{ {
FILE *pConfigFile; FILE *pConfigFile;
strcpy(pFilePath, pConfigFolder); strcpy(pFilePath, pConfigFolder);
strcat(pFilePath, "/"); strcat(pFilePath, pathCharString);
strcat(pFilePath, pConfigName); strcat(pFilePath, pConfigName);
strcat(pFilePath, ".conf"); strcat(pFilePath, ".conf");
@ -521,7 +522,7 @@ GetConfigInterface(
if (pConfigFile) if (pConfigFile)
{ {
// Opened the file, create a ConfigIfInstance object for it. // Opened the file, create a ConfigIfInstance object for it.
pConfigIfInstance = malloc(sizeof(*pConfigIfInstance)); pConfigIfInstance = (ConfigIfInstance*) malloc(sizeof(*pConfigIfInstance));
if (pConfigIfInstance) if (pConfigIfInstance)
{ {
// Initialize the list head within the instance data // Initialize the list head within the instance data
@ -533,13 +534,13 @@ GetConfigInterface(
pConfigIfInstance->configIf.getEntryValue = GetEntryValue; pConfigIfInstance->configIf.getEntryValue = GetEntryValue;
// Save the ConfigFolder and ConfigName information within the instance data // Save the ConfigFolder and ConfigName information within the instance data
pConfigIfInstance->pConfigFolder = malloc(configFolderLen + 1); pConfigIfInstance->pConfigFolder = (char*) malloc(configFolderLen + 1);
if (pConfigIfInstance->pConfigFolder) if (pConfigIfInstance->pConfigFolder)
{ {
strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder); strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder);
pConfigIfInstance->configFolderLen = configFolderLen; pConfigIfInstance->configFolderLen = configFolderLen;
pConfigIfInstance->pConfigName = malloc(configNameLen + 1); pConfigIfInstance->pConfigName = (char*) malloc(configNameLen + 1);
if (pConfigIfInstance->pConfigName) if (pConfigIfInstance->pConfigName)
{ {
strcpy(pConfigIfInstance->pConfigName, pConfigName); strcpy(pConfigIfInstance->pConfigName, pConfigName);
@ -562,90 +563,100 @@ GetConfigInterface(
// Now update the instance data with the information present in the file // Now update the instance data with the information present in the file
if (fseek(pConfigFile, 0, SEEK_SET) == 0) if (fseek(pConfigFile, 0, SEEK_SET) == 0)
{ {
char line[512]; #define MAX_LINE_LEN 1024
char *pLine = (char*) malloc(MAX_LINE_LEN);
while (fgets(line, sizeof(line), pConfigFile) != NULL) if (pLine)
{ {
int lineLength; while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL)
RemoveWhiteSpaceFromTheEnd(line);
lineLength = strlen(line);
if (lineLength != 0)
{ {
char *pKey; int lineLength;
char *pKeyEnd;
char *pValue;
ConfigKey *pConfigKey;
// Attempt to find the key RemoveWhiteSpaceFromTheEnd(pLine);
pKey = SkipWhiteSpace(line);
// Make sure that we are not dealing with an empty line or a comment lineLength = (int) strlen(pLine);
if (*pKey == '\0' || *pKey == '#') if (lineLength != 0)
continue;
// Go past the key
pKeyEnd = SkipNonWhiteSpace(pKey);
// Protect against a malformed line
if (*pKeyEnd == '\0')
{ {
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0); char *pKey;
continue; char *pKeyEnd;
} char *pValue;
ConfigKey *pConfigKey;
// Attempt to find the value // Attempt to find the key
pValue = SkipWhiteSpace(pKeyEnd); pKey = SkipWhiteSpace(pLine);
// Protect against a malformed line // Make sure that we are not dealing with an empty line or a comment
if (*pValue == '\0') if (*pKey == '\0' || *pKey == '#')
{ continue;
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Delineate the key // Go past the key
*pKeyEnd = '\0'; pKeyEnd = SkipNonWhiteSpace(pKey);
// Create a ConfigKey object for this key/value pair // Protect against a malformed line
pConfigKey = malloc(sizeof(*pConfigKey)); if (*pKeyEnd == '\0')
if (pConfigKey)
{
pConfigKey->keyNameLen = strlen(pKey);
pConfigKey->pKeyName = malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
{ {
// Save the key name in lower case DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
LowerCaseString(pConfigKey->pKeyName, pKey); continue;
}
pConfigKey->valueLen = strlen(pValue); // Attempt to find the value
pConfigKey->pValue = malloc(pConfigKey->valueLen + 1); pValue = SkipWhiteSpace(pKeyEnd);
if (pConfigKey->pValue)
// Protect against a malformed line
if (*pValue == '\0')
{
DbgTrace(0, "-GetConfigInterface- Key found without value\n", 0);
continue;
}
// Delineate the key
*pKeyEnd = '\0';
// Create a ConfigKey object for this key/value pair
pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = (int) strlen(pKey);
pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
{ {
strcpy(pConfigKey->pValue, pValue); // Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
// The entry is ready, now associate it with the instance data. pConfigKey->valueLen = (int) strlen(pValue);
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry); pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
{
strcpy(pConfigKey->pValue, pValue);
// The entry is ready, now associate it with the instance data.
InsertTailList(&pConfigIfInstance->configKeyListHead, &pConfigKey->listEntry);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey);
}
} }
else else
{ {
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey->pKeyName);
free(pConfigKey); free(pConfigKey);
} }
} }
else else
{ {
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0); DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
free(pConfigKey);
} }
} }
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
} }
// Free the buffer allocated for holding line strings
free(pLine);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
} }
} }
else else
@ -680,8 +691,12 @@ GetConfigInterface(
} }
else else
{ {
DbgTrace(1, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno); DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath);
} }
// Free the buffer allocated for the file path
free(pFilePath);
} }
else else
{ {
@ -691,7 +706,7 @@ GetConfigInterface(
PlatReleaseMutex(g_configIfMutex); PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetConfigInterface- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -724,7 +739,7 @@ ConfigIfInit(void)
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-ConfigIfInit- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }

16
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
View File

@ -452,7 +452,7 @@ ConsumeElementData(
} }
} }
DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); DbgTrace(3, "-ConsumeElementData- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -801,7 +801,7 @@ AddReference(
refCount = pIdenTokenIfInstance->refCount; refCount = pIdenTokenIfInstance->refCount;
PlatReleaseMutex(g_idenTokenIfMutex); PlatReleaseMutex(g_idenTokenIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount; return refCount;
} }
@ -923,7 +923,7 @@ GetIdentityId(
exit: exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -999,7 +999,7 @@ GetSourceName(
exit: exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -1075,7 +1075,7 @@ GetSourceUrl(
exit: exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -1222,7 +1222,7 @@ AttributeEnumerate(
exit: exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -1385,7 +1385,7 @@ GetIdenTokenInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -1418,7 +1418,7 @@ IdenTokenIfInit(void)
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }

4
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c
View File

@ -90,7 +90,7 @@ AddReference(
refCount = pIdenTokenProviderIfInstance->refCount; refCount = pIdenTokenProviderIfInstance->refCount;
PlatReleaseMutex(g_idenTokenProviderIfMutex); PlatReleaseMutex(g_idenTokenProviderIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount; return refCount;
} }
@ -334,7 +334,7 @@ GET_IDEN_TOKEN_PROVIDER_INTERFACE_RTN(
exit: exit:
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }

2
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c
View File

@ -81,7 +81,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0); DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
} }
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex); DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex; return (HANDLE) pPlatMutex;
} }

8
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h
View File

@ -50,22 +50,22 @@
// //
// DbgTrace macro define // DbgTrace macro define
// //
#define DbgTrace(LEVEL, X, Y) { \ /*#define DbgTrace(LEVEL, X, Y) { \
char printBuff[256]; \ char printBuff[256]; \
if (LEVEL == 0 || DebugLevel >= LEVEL) \ if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \ { \
_snprintf(printBuff, sizeof(printBuff), X, Y); \ _snprintf(printBuff, sizeof(printBuff), X, Y); \
fprintf(stderr, "CASA_IdenToken %s", printBuff); \ fprintf(stderr, "CASA_IdenToken %s", printBuff); \
} \ } \
} }*/
/*#define DbgTrace(LEVEL, X, Y) { \ #define DbgTrace(LEVEL, X, Y) { \
if (LEVEL == 0 || DebugLevel >= LEVEL) \ if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \ { \
openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \ openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \
syslog(LOG_USER | LOG_INFO, X, Y); \ syslog(LOG_USER | LOG_INFO, X, Y); \
closelog(); \ closelog(); \
} \ } \
}*/ }
// Deal with function name mapping issues // Deal with function name mapping issues

7
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c
View File

@ -77,7 +77,6 @@ EncodeData(
{ {
CasaStatus retStatus; CasaStatus retStatus;
int encodedSize; int encodedSize;
char *pTmp; char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0); DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -309,7 +308,7 @@ dtoul(
} }
} }
DbgTrace(2, "-dtoul- End, result = %d\n", n); DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n; return n;
} }

6
CASA-auth-token/server/AuthTokenValidate/identoken.c
View File

@ -81,7 +81,7 @@ GetIdenTokenProviderInterface(
DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0); DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0);
// Get the configuration for the module // Get the configuration for the module
retStatus = GetConfigInterface("/etc/CASA/authtoken/modules", retStatus = GetConfigInterface(moduleConfigFolderPath,
pIdenTokenTypeName, pIdenTokenTypeName,
&pModuleConfigIf); &pModuleConfigIf);
if (CASA_SUCCESS(retStatus) if (CASA_SUCCESS(retStatus)
@ -247,7 +247,7 @@ GetIdenTokenProviderInterface(
CASA_STATUS_CONFIGURATION_ERROR); CASA_STATUS_CONFIGURATION_ERROR);
} }
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -280,7 +280,7 @@ IdenTokenInit(void)
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-IdenTokenInit- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }

6
CASA-auth-token/server/AuthTokenValidate/internal.h
View File

@ -65,6 +65,8 @@ typedef struct _AuthToken
//===[ Global externals ]================================================== //===[ Global externals ]==================================================
extern int DebugLevel; extern int DebugLevel;
extern char pathCharString[];
extern char moduleConfigFolderPath[];
extern char IpcClientLibraryPath[]; extern char IpcClientLibraryPath[];
//===[ External prototypes ]=============================================== //===[ External prototypes ]===============================================
@ -214,8 +216,8 @@ DecodeData(
extern extern
int int
dtoul( dtoul(
IN char *cp, IN const char *cp,
IN int len); IN const int len);
//========================================================================= //=========================================================================

8
CASA-auth-token/server/AuthTokenValidate/linux/platform.c
View File

@ -41,6 +41,12 @@ typedef struct _PlatformMutex
//===[ Global variables ]================================================== //===[ Global variables ]==================================================
// Path separator
char pathCharString[] = "/";
// Modules configuration folder path
char moduleConfigFolderPath[] = "/etc/CASA/authtoken/modules";
// //
// Module synchronization mutex // Module synchronization mutex
// //
@ -113,7 +119,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0); DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
} }
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex); DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex; return (HANDLE) pPlatMutex;
} }

93
CASA-auth-token/server/AuthTokenValidate/principal.c
View File

@ -72,18 +72,27 @@ AddReference(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int refCount; int refCount = 0;
PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf); PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf);
DbgTrace(2, "-AddReference- Start\n", 0); DbgTrace(2, "-AddReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-AddReference- Invalid parameter\n", 0);
goto exit;
}
// Increment the reference count on the object // Increment the reference count on the object
PlatAcquireMutex(g_principalIfMutex); PlatAcquireMutex(g_principalIfMutex);
pPrincipalIfInstance->refCount ++; pPrincipalIfInstance->refCount ++;
refCount = pPrincipalIfInstance->refCount; refCount = pPrincipalIfInstance->refCount;
PlatReleaseMutex(g_principalIfMutex); PlatReleaseMutex(g_principalIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount); exit:
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount; return refCount;
} }
@ -114,6 +123,13 @@ ReleaseReference(
DbgTrace(2, "-ReleaseReference- Start\n", 0); DbgTrace(2, "-ReleaseReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-ReleaseReference- Invalid parameter\n", 0);
goto exit;
}
// Decrement the reference count on the object and determine if it needs to // Decrement the reference count on the object and determine if it needs to
// be released. // be released.
PlatAcquireMutex(g_principalIfMutex); PlatAcquireMutex(g_principalIfMutex);
@ -136,6 +152,8 @@ ReleaseReference(
free(pPrincipalIfInstance); free(pPrincipalIfInstance);
} }
exit:
DbgTrace(2, "-ReleaseReference- End\n", 0); DbgTrace(2, "-ReleaseReference- End\n", 0);
} }
@ -176,12 +194,26 @@ GetIdentityId(
DbgTrace(2, "-GetIdentityId- Start\n", 0); DbgTrace(2, "-GetIdentityId- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pIdentIdLen == NULL
|| (*pIdentIdLen != 0 && pIdentIdBuf == NULL))
{
DbgTrace(0, "-GetIdentityId- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token // Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf, retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf,
pIdentIdBuf, pIdentIdBuf,
pIdentIdLen); pIdentIdLen);
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus); exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -224,12 +256,26 @@ GetSourceName(
DbgTrace(2, "-GetSourceName- Start\n", 0); DbgTrace(2, "-GetSourceName- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceNameLen == NULL
|| (*pSourceNameLen != 0 && pSourceNameBuf == NULL))
{
DbgTrace(0, "-GetSourceName- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token // Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf, retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf,
pSourceNameBuf, pSourceNameBuf,
pSourceNameLen); pSourceNameLen);
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus); exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -272,12 +318,26 @@ GetSourceUrl(
DbgTrace(2, "-GetSourceUrl- Start\n", 0); DbgTrace(2, "-GetSourceUrl- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceUrlLen == NULL
|| (*pSourceUrlLen != 0 && pSourceUrlBuf == NULL))
{
DbgTrace(0, "-GetSourceUrl- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token // Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf, retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf,
pSourceUrlBuf, pSourceUrlBuf,
pSourceUrlLen); pSourceUrlLen);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus); exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -335,6 +395,21 @@ AttributeEnumerate(
DbgTrace(2, "-AttributeEnumerate- Start\n", 0); DbgTrace(2, "-AttributeEnumerate- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pEnumHandle == NULL
|| pAttribNameLen == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|| pAttribValueLen == NULL
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
{
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token // Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf, retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf,
pEnumHandle, pEnumHandle,
@ -343,7 +418,9 @@ AttributeEnumerate(
pAttribValueBuf, pAttribValueBuf,
pAttribValueLen); pAttribValueLen);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus); exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -409,7 +486,7 @@ GetPrincipalInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %08X\n", retStatus); DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -442,7 +519,7 @@ PrincipalIfInit(void)
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-PrincipalIfInit- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }

11
CASA-auth-token/server/AuthTokenValidate/util.c
View File

@ -77,7 +77,6 @@ EncodeData(
{ {
CasaStatus retStatus; CasaStatus retStatus;
int encodedSize; int encodedSize;
char *pTmp; char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0); DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus); DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus); DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -276,8 +275,8 @@ DecodeData(
//++======================================================================= //++=======================================================================
int int
dtoul( dtoul(
IN char *cp, IN const char *cp,
IN int len) IN const int len)
// //
// Arguments: // Arguments:
// //
@ -309,7 +308,7 @@ dtoul(
} }
} }
DbgTrace(2, "-dtoul- End, result = %d\n", n); DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n; return n;
} }

22
CASA-auth-token/server/AuthTokenValidate/validate.c
View File

@ -32,6 +32,9 @@
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket" #define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//#define INT32_MAX 2147483647
//===[ Type definitions ]================================================== //===[ Type definitions ]==================================================
//===[ Function prototypes ]=============================================== //===[ Function prototypes ]===============================================
@ -68,10 +71,10 @@ uint32_t g_atvsEndPointHandle; // Authentication Token Validation Service endp
//++======================================================================= //++=======================================================================
CasaStatus SSCS_CALL CasaStatus SSCS_CALL
ValidateAuthToken( ValidateAuthToken(
IN const char *pServiceName, IN const char *pServiceName,
IN const char *pTokenBuf, IN const char *pTokenBuf,
IN const int tokenBufLen, IN const int tokenBufLen,
INOUT PrincipalIf **ppPrincipalIf) INOUT PrincipalIf **ppPrincipalIf)
// //
// Arguments: // Arguments:
// pServiceName - // pServiceName -
@ -105,7 +108,7 @@ ValidateAuthToken(
{ {
CasaStatus retStatus; CasaStatus retStatus;
char *pDecodedTokenBuf; char *pDecodedTokenBuf;
int decodedTokenBufLen; int32_t decodedTokenBufLen;
PrincipalIf *pPrincipalIf; PrincipalIf *pPrincipalIf;
DbgTrace(1, "-ValidateAuthToken- Start\n", 0); DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@ -114,6 +117,7 @@ ValidateAuthToken(
if (pServiceName == NULL if (pServiceName == NULL
|| pTokenBuf == NULL || pTokenBuf == NULL
|| tokenBufLen == 0 || tokenBufLen == 0
|| tokenBufLen > INT32_MAX
|| ppPrincipalIf == NULL) || ppPrincipalIf == NULL)
{ {
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0); DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@ -248,7 +252,7 @@ ValidateAuthToken(
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
char *pIdenTokenData; char *pIdenTokenData;
int idenTokenDataLen; int32_t idenTokenDataLen;
// Assume failure // Assume failure
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@ -343,7 +347,7 @@ ValidateAuthToken(
exit: exit:
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-ValidateAuthToken- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
} }
@ -364,8 +368,8 @@ so_init()
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
// Check for environment variable specifying that the application is // Check for environment variable specifying that the application
// multi-threaded. // is not multi-threaded.
if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL) if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL)
{ {
// The parameter has been configured, remember it. // The parameter has been configured, remember it.

28
CASA-auth-token/server/PamSupport/pam_authtoken.c
View File

@ -94,10 +94,25 @@ pam_sm_authenticate(pam_handle_t *pamh,
char *pServicename = NULL; char *pServicename = NULL;
char *pAuthToken = NULL; char *pAuthToken = NULL;
// Verify input parameters
if (pamh == NULL
|| (argc > 0 && argv == NULL))
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
// Determine if we are supposed to perform the username check // Determine if we are supposed to perform the username check
// based on the arguments specified. // based on the arguments specified.
for (i = 0; i < argc; i++) for (i = 0; i < argc; i++)
{ {
// Do safety check
if (argv[i] == NULL)
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
if (*(argv[i]) == 'U') if (*(argv[i]) == 'U')
{ {
// The arguments indicate that we should check the username // The arguments indicate that we should check the username
@ -116,7 +131,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
// the username check. // the username check.
if (performUsernameCheck) if (performUsernameCheck)
{ {
char *pUsername; char *pUsername = NULL;
struct pam_response *responses = NULL; struct pam_response *responses = NULL;
// Obtain the username so that it can be checked. // Obtain the username so that it can be checked.
@ -135,11 +150,12 @@ pam_sm_authenticate(pam_handle_t *pamh,
} }
else else
{ {
struct pam_conv *pConv; struct pam_conv *pConv = NULL;
// The username has not been set, try to obtain it from the // The username has not been set, try to obtain it from the
// application through the use of the conversation function. // application through the use of the conversation function.
if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS) if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS
&& pConv != NULL)
{ {
struct pam_message msg; struct pam_message msg;
struct pam_message *messages = &msg; struct pam_message *messages = &msg;
@ -150,7 +166,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1, if (pConv->conv(1,
(const struct pam_message **) &messages, (const struct pam_message **) &messages,
&responses, &responses,
pConv->appdata_ptr) == PAM_SUCCESS) pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{ {
// Check if we have a successful response // Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS if (responses[0].resp_retcode == PAM_SUCCESS
@ -216,7 +233,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1, if (pConv->conv(1,
(const struct pam_message **) &messages, (const struct pam_message **) &messages,
&responses, &responses,
pConv->appdata_ptr) == PAM_SUCCESS) pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{ {
// Check if we have a successful response // Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS if (responses[0].resp_retcode == PAM_SUCCESS

8
CASA-auth-token/server/include/casa_c_ipc.h
View File

@ -160,9 +160,9 @@ int
IpcClientSubmitReq( IpcClientSubmitReq(
IN uint32_t endPointHandle, IN uint32_t endPointHandle,
IN char *pClientData, IN char *pClientData,
IN int clientDataLen, IN int32_t clientDataLen,
INOUT char **ppServerData, INOUT char **ppServerData,
INOUT int *pServerDataLen); INOUT int32_t *pServerDataLen);
// //
// Arguments In: endPointHandle - Handle of the remote endpoint that will // Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request. // be the target of the request.
@ -202,9 +202,9 @@ int
(*PFN_IpcClientSubmitReq)( (*PFN_IpcClientSubmitReq)(
IN uint32_t endPointHandle, IN uint32_t endPointHandle,
IN char *pClientData, IN char *pClientData,
IN int clientDataLen, IN int32_t clientDataLen,
INOUT char **ppServerData, INOUT char **ppServerData,
INOUT int *pServerDataLen); INOUT int32_t *pServerDataLen);
//++======================================================================= //++=======================================================================

8
CASA-auth-token/server/include/casa_s_ipc.h
View File

@ -46,7 +46,7 @@
//++======================================================================= //++=======================================================================
extern extern
int32_t uint32_t
IpcServerGetRequest(void); IpcServerGetRequest(void);
// //
// Arguments In: None. // Arguments In: None.
@ -72,7 +72,7 @@ IpcServerGetRequest(void);
extern extern
int32_t int32_t
IpcServerGetRequestData( IpcServerGetRequestData(
IN int32_t requestId, IN uint32_t requestId,
INOUT char **ppReqData); INOUT char **ppReqData);
// //
// Arguments In: requestId - The id of the request being processed. // Arguments In: requestId - The id of the request being processed.
@ -101,7 +101,7 @@ IpcServerGetRequestData(
extern extern
void void
IpcServerCompleteRequest( IpcServerCompleteRequest(
IN int32_t requestId, IN uint32_t requestId,
IN char *pReplyData); IN char *pReplyData);
// //
// Arguments In: requestId - The id of the request being completed. // Arguments In: requestId - The id of the request being completed.
@ -124,7 +124,7 @@ IpcServerCompleteRequest(
extern extern
void void
IpcServerAbortRequest( IpcServerAbortRequest(
IN int32_t requestId); IN uint32_t requestId);
// //
// Arguments In: requestId - The id of the request being aborted. // Arguments In: requestId - The id of the request being aborted.
// //

5
CASA-auth-token/server/utilities/IpcLibs/README
View File

@ -88,8 +88,9 @@ linux/client/test/testClient.c.
SECURITY CONSIDERATIONS SECURITY CONSIDERATIONS
IpcLibs does not provide any security features beyond what is provided by the protocol stacks for IpcLibs does not provide any security features beyond what is provided by the protocol stacks for
tcp/ip and Domain sockets communications. tcp/ip and Domain sockets communications. IpcLibs does not directly perform any uid/gid checks
when Domain socket communications are performed.
By leveraging the File System Access Control features, you can scope communications that occur over By leveraging the File System Access Control features, you can scope communications that occur over
Domain sockets to specific or groups of users. Domain sockets to specific or groups of users.

8
CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp
View File

@ -390,9 +390,9 @@ CChannel::connectionThread(
{ {
CChannel *pCChannel = *pSmartCChannel; CChannel *pCChannel = *pSmartCChannel;
bool doneReceivingData = false; bool doneReceivingData = false;
unsigned long bytesReceived; int32_t bytesReceived;
uint32_t reqId; uint32_t reqId;
int payloadLength; int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0; unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char *pRecvBuff; char *pRecvBuff;
@ -441,7 +441,7 @@ CChannel::connectionThread(
&payloadLength)) &payloadLength))
{ {
// Procced based on the packet type // Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr)) switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{ {
case ChannelProto::ReqDataCarrierPacketType: case ChannelProto::ReqDataCarrierPacketType:
@ -747,7 +747,7 @@ CChannel::submitReq(
uint32_t reqId, uint32_t reqId,
ClientReq &clientReq, ClientReq &clientReq,
char *pClientData, char *pClientData,
int clientDataLen) int32_t clientDataLen)
// //
// Arguments: // Arguments:
// //

2
CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h
View File

@ -222,7 +222,7 @@ public:
int submitReq(uint32_t reqId, int submitReq(uint32_t reqId,
ClientReq &clientReq, ClientReq &clientReq,
char *pClientData, char *pClientData,
int clientDataLen); int32_t clientDataLen);
// //
// Remove Request routine // Remove Request routine

21
CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp
View File

@ -354,8 +354,6 @@ IpcClientCloseRemoteEndPoint(
DbgTrace(0, "IpcClientCloseRemoteEndPoint- Not initialized\n", 0); DbgTrace(0, "IpcClientCloseRemoteEndPoint- Not initialized\n", 0);
} }
exit:
DbgTrace(1, "IpcClientCloseRemoteEndPoint- End, status = %0X\n", retStatus); DbgTrace(1, "IpcClientCloseRemoteEndPoint- End, status = %0X\n", retStatus);
return retStatus; return retStatus;
@ -368,9 +366,9 @@ int
IpcClientSubmitReq( IpcClientSubmitReq(
IN uint32_t endPointHandle, IN uint32_t endPointHandle,
IN char *pClientData, IN char *pClientData,
IN int clientDataLen, IN int32_t clientDataLen,
INOUT char **ppServerData, INOUT char **ppServerData,
INOUT int *pServerDataLen) INOUT int32_t *pServerDataLen)
// //
// Arguments In: endPointHandle - Handle of the remote endpoint that will // Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request. // be the target of the request.
@ -410,6 +408,15 @@ IpcClientSubmitReq(
DbgTrace(1, "IpcClientSubmitReq- Start\n", 0); DbgTrace(1, "IpcClientSubmitReq- Start\n", 0);
// Verify input parameters
if (pClientData == NULL
|| ppServerData == NULL
|| pServerDataLen == NULL)
{
DbgTrace(0, "IpcClientSubmitReq- Invalid parameter\n", 0);
goto exit;
}
// Verify that we have been initialized // Verify that we have been initialized
if (svcInitialized) if (svcInitialized)
{ {
@ -425,7 +432,7 @@ IpcClientSubmitReq(
// the request. // the request.
SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(*(iter->second)); SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(*(iter->second));
// Release our mutex before deleting the endpoint // Release our mutex before using the remote endpoint
pthread_mutex_unlock(&clientMutex); pthread_mutex_unlock(&clientMutex);
// Submit the request // Submit the request
@ -450,6 +457,8 @@ IpcClientSubmitReq(
DbgTrace(0, "IpcClientSubmitReq- Not initialized\n", 0); DbgTrace(0, "IpcClientSubmitReq- Not initialized\n", 0);
} }
exit:
DbgTrace(1, "IpcClientSubmitReq- End, retStatus = %0X\n", retStatus); DbgTrace(1, "IpcClientSubmitReq- End, retStatus = %0X\n", retStatus);
return retStatus; return retStatus;
@ -498,7 +507,7 @@ IpcClientInit(
DbgTrace(1, "IpcClientInit- Start\n", 0); DbgTrace(1, "IpcClientInit- Start\n", 0);
// Check input parameters // Check input parameters
if (pAppName == NULL) if (pName == NULL)
{ {
DbgTrace(0, "IpcClientInit- Invalid parameter\n", 0); DbgTrace(0, "IpcClientInit- Invalid parameter\n", 0);
goto exit; goto exit;

4
CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp
View File

@ -142,7 +142,7 @@ ClientReq::~ClientReq(void)
void void
ClientReq::processServerData( ClientReq::processServerData(
char *pServerData, char *pServerData,
int serverDataLength) int32_t serverDataLength)
// //
// Arguments: // Arguments:
// //
@ -230,7 +230,7 @@ ClientReq::processError(void)
int int
ClientReq::waitForCompletion( ClientReq::waitForCompletion(
char **ppResponseData, char **ppResponseData,
int *pResponseDataLength) int32_t *pResponseDataLength)
// //
// Arguments: // Arguments:
// //

6
CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h
View File

@ -52,7 +52,7 @@ class ClientReq
// Server Data // Server Data
char *m_pServerData; char *m_pServerData;
int m_serverDataLen; int32_t m_serverDataLen;
// Flag indicating the state of the submitting // Flag indicating the state of the submitting
// thread. // thread.
@ -114,7 +114,7 @@ public:
// Returns: Nothing. // Returns: Nothing.
// //
void processServerData(char *pServerData, void processServerData(char *pServerData,
int serverDataLength); int32_t serverDataLength);
// //
// Process Error routine // Process Error routine
@ -147,7 +147,7 @@ public:
// -1 == Request did not complete gracefully // -1 == Request did not complete gracefully
// //
int waitForCompletion(char **ppResponseData, int waitForCompletion(char **ppResponseData,
int *pResponseDataLength); int32_t *pResponseDataLength);
// //
// Completion status // Completion status

59
CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp
View File

@ -80,31 +80,41 @@ RemoteEndPoint::RemoteEndPoint(
{ {
DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %0X\n", this); DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %0X\n", this);
// Initialize our mutex // Verify that the specified path is not too long
pthread_mutex_init(&m_mutex, NULL); if (strlen(pSocketFileName) < sizeof(sizeof(m_serverUnAddr.sun_path)))
{
// Initialize our mutex
pthread_mutex_init(&m_mutex, NULL);
// Set the necessary information in the m_serverUnAddr variable // Set the necessary information in the m_serverUnAddr variable
m_serverUnAddr.sun_family = AF_UNIX; m_serverUnAddr.sun_family = AF_UNIX;
strcpy(m_serverUnAddr.sun_path, pSocketFileName); strncpy(m_serverUnAddr.sun_path, pSocketFileName, sizeof(m_serverUnAddr.sun_path) - 1);
// Set the necessary flags to indicate that DOMAIN sockets // Set the necessary flags to indicate that DOMAIN sockets
// should be used for communications. // should be used for communications.
m_Use_PF_UNIX = true; m_Use_PF_UNIX = true;
m_Use_AF_INET = false; m_Use_AF_INET = false;
// Setup the number of channels that we may have based on // Setup the number of channels that we may have based on
// whether the application is multi-threaded or not. // whether the application is multi-threaded or not.
if (multithreaded) if (multithreaded)
m_numCChannels = MAX_CHANNELS_PER_ENDPOINT; m_numCChannels = MAX_CHANNELS_PER_ENDPOINT;
else
m_numCChannels = 1;
// Instantiate entries in SmartCChannel vector
try {
for (int i = 0; i < m_numCChannels; i++)
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc();
}
}
else else
m_numCChannels = 1; {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Socket file path name too long\n", 0);
// Instantiate entries in SmartCChannel vector
try {
for (int i = 0; i < m_numCChannels; i++)
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
throw bad_alloc(); throw bad_alloc();
} }
@ -166,6 +176,7 @@ RemoteEndPoint::RemoteEndPoint(
m_cchannelVector.push_back(SmartCChannelPointer()); m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) { } catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0); DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc(); throw bad_alloc();
} }
@ -259,7 +270,7 @@ RemoteEndPoint::getCChannel(void)
m_cchannelVector[channelSelector].setPointer(NULL); m_cchannelVector[channelSelector].setPointer(NULL);
} }
CChannel *pCChannel; CChannel *pCChannel = NULL;
try { try {
// Use the appropriate server address when instantiating // Use the appropriate server address when instantiating
@ -325,9 +336,9 @@ RemoteEndPoint::getCChannel(void)
int int
RemoteEndPoint::submitReq( RemoteEndPoint::submitReq(
char *pClientData, char *pClientData,
int clientDataLen, int32_t clientDataLen,
char **ppServerData, char **ppServerData,
int *pServerDataLen) int32_t *pServerDataLen)
// //
// Arguments: // Arguments:
// //

4
CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h
View File

@ -186,9 +186,9 @@ public:
// Note: The routine blocks until the request completes. // Note: The routine blocks until the request completes.
// //
int submitReq(char *pClientData, int submitReq(char *pClientData,
int clientDataLen, int32_t clientDataLen,
char **ppServerData, char **ppServerData,
int *pServerDataLen); int32_t *pServerDataLen);
}; };
typedef SmartPtr<RemoteEndPoint> SmartRemoteEndPoint; typedef SmartPtr<RemoteEndPoint> SmartRemoteEndPoint;

102
CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp
View File

@ -68,7 +68,7 @@ ChannelProto::buildReqDataPktHdr(
// //
// Abstract: // Abstract:
// //
// Notes: // Notes: pPktHdr must point to a buffer of size ReqDataPktHdrTemple.length().
// //
// L2 // L2
//=======================================================================-- //=======================================================================--
@ -81,16 +81,16 @@ ChannelProto::buildReqDataPktHdr(
// - Req Data Packet Header Format - // - Req Data Packet Header Format -
// //
// ReqDataCarrierType // ReqDataCarrierType
// ReqIdHdr value (value format=%0X) // ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%0X) // PayloadLengthHdr value (value format=%08X)
// //
// Setup the necessary value strings // Setup the necessary value strings
char wrkBuffer[10]; char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId); sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer; string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength); sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer; string payloadLengthValue = wrkBuffer;
// Format the header. // Format the header.
@ -141,7 +141,7 @@ ChannelProto::buildReqErrorPktHdr(
// //
// Abstract: // Abstract:
// //
// Notes: // Notes: pPktHdr must point to a buffer of size ReqErrorPktHdrTemple.length().
// //
// L2 // L2
//=======================================================================-- //=======================================================================--
@ -154,16 +154,16 @@ ChannelProto::buildReqErrorPktHdr(
// - Req Error Packet Header Format - // - Req Error Packet Header Format -
// //
// ReqErrorCarrierType // ReqErrorCarrierType
// ReqIdHdr value (value format=%0X) // ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%0X) // PayloadLengthHdr value (value format=%08X)
// //
// Setup the necessary value strings // Setup the necessary value strings
char wrkBuffer[10]; char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId); sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer; string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength); sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer; string payloadLengthValue = wrkBuffer;
// Format the header. // Format the header.
@ -204,7 +204,8 @@ ChannelProto::buildReqErrorPktHdr(
//++======================================================================= //++=======================================================================
ChannelProto::PacketTypes ChannelProto::PacketTypes
ChannelProto::getPktType( ChannelProto::getPktType(
char &buff) char &buff,
int hdrLength)
// //
// Arguments: // Arguments:
// //
@ -223,29 +224,47 @@ ChannelProto::getPktType(
// Find the end of the Channel Packet Type // Find the end of the Channel Packet Type
char *pCurr = &buff; char *pCurr = &buff;
while (*pCurr != '\r') int bytesLeft = hdrLength;
bool endFound = false;
while (bytesLeft)
{
if (*pCurr == '\r')
{
endFound = true;
break;
}
pCurr ++; pCurr ++;
bytesLeft --;
// Found the end of the Channel Packet Type, now
// calculate its length.
int channelPktTypeLength = pCurr - &buff;
// Now start comparing
if (channelPktTypeLength == ReqDataCarrierType.length()
&& !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Data Carrier
packetType = ReqDataCarrierPacketType;
} }
else if (channelPktTypeLength == ReqErrorCarrierType.length()
&& !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength)) if (endFound)
{ {
// The type is Channel Req Error Carrier // Found the end of the Channel Packet Type, now
packetType = ReqErrorCarrierPacketType; // calculate its length.
int channelPktTypeLength = pCurr - &buff;
// Now start comparing
if (channelPktTypeLength == ReqDataCarrierType.length()
&& !memcmp(&buff, ReqDataCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Data Carrier
packetType = ReqDataCarrierPacketType;
}
else if (channelPktTypeLength == ReqErrorCarrierType.length()
&& !memcmp(&buff, ReqErrorCarrierType.c_str(), channelPktTypeLength))
{
// The type is Channel Req Error Carrier
packetType = ReqErrorCarrierPacketType;
}
else
{
DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0);
}
} }
else else
{ {
DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0); DbgTrace(0, "ChannelProto::getPktType- Invalid header\n", 0);
} }
DbgTrace(1, "ChannelProto::getPktType- End, type = %d\n", packetType); DbgTrace(1, "ChannelProto::getPktType- End, type = %d\n", packetType);
@ -283,7 +302,8 @@ ChannelProto::getReqIdAndPayloadLength(
char *pChannelHdr = NULL; char *pChannelHdr = NULL;
int bytesLeft = hdrLength; int bytesLeft = hdrLength;
// Skip the Channel Packet Type // Skip the Channel Packet Type which should always
// be the first header.
while (bytesLeft >= 2) while (bytesLeft >= 2)
{ {
if (*pCurr == '\r' if (*pCurr == '\r'
@ -334,7 +354,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0'; *(pCurr-2) = '\0';
// Convert the value to hex // Convert the value to hex
*pReqId = strtoul(pValue, NULL, 16); errno = 0;
unsigned long int value = strtoul(pValue, NULL, 16);
if (errno != 0
|| value > UINT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid reqId value, %s\n", pValue);
break;
}
// Use the value
*pReqId = (uint32_t) value;
// Undo the damage that we did // Undo the damage that we did
*(pCurr-2) = '\r'; *(pCurr-2) = '\r';
@ -353,7 +383,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0'; *(pCurr-2) = '\0';
// Convert the value to hex // Convert the value to hex
*pPayloadLength = strtoul(pValue, NULL, 16); errno = 0;
long int value = strtol(pValue, NULL, 16);
if (errno != 0
|| value > INT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue);
break;
}
// Use the value
*pPayloadLength = (int32_t) value;
// Undo the damage that we did // Undo the damage that we did
*(pCurr-2) = '\r'; *(pCurr-2) = '\r';

6
CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h
View File

@ -113,12 +113,16 @@ public:
// Parameters: // Parameters:
// buff (input) - // buff (input) -
// Reference to buffer containing the packet data. // Reference to buffer containing the packet data.
//
// hdrLength (input) -
// Length of the channel header.
// //
// Abstract: Returns the type of the specified channel packet. // Abstract: Returns the type of the specified channel packet.
// //
// Returns: Channel packet type. // Returns: Channel packet type.
// //
static PacketTypes getPktType(char &buff); static PacketTypes getPktType(char &buff,
int hdrLength);
// //
// Get Req Id and Payload Length Values routine // Get Req Id and Payload Length Values routine

8
CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp
View File

@ -234,15 +234,15 @@ SChannel::connectionThread(
{ {
SChannel *pSChannel = *pSmartSChannel; SChannel *pSChannel = *pSmartSChannel;
bool doneReceivingData = false; bool doneReceivingData = false;
unsigned long bytesReceived; int32_t bytesReceived;
unsigned long bytesSent; unsigned long bytesSent;
uint32_t reqId; uint32_t reqId;
int payloadLength; int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0; unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()]; char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()]; char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()];
char *pRecvBuff; char *pRecvBuff;
ServerReq *pServerReq; ServerReq *pServerReq = NULL;
DbgTrace(1, "SChannel::connectionThread- Start, Obj = %0X\n", pSChannel); DbgTrace(1, "SChannel::connectionThread- Start, Obj = %0X\n", pSChannel);
@ -285,7 +285,7 @@ SChannel::connectionThread(
&payloadLength)) &payloadLength))
{ {
// Procced based on the packet type // Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr)) switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{ {
case ChannelProto::ReqDataCarrierPacketType: case ChannelProto::ReqDataCarrierPacketType:

40
CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp
View File

@ -101,13 +101,13 @@ pthread_mutex_t interlockedMutex;
typedef map<int32_t, ServerReq*> RSMap; typedef map<int32_t, ServerReq*> RSMap;
typedef RSMap::iterator RSMapIter; typedef RSMap::iterator RSMapIter;
typedef pair<RSMapIter, bool> RSIterBoolPair; typedef pair<RSMapIter, bool> RSIterBoolPair;
RSMap rsMap; RSMap rsMap;
int numActiveRequests = 0; int numActiveRequests = 0;
// //
// Next request id (Can not be zero) // Next request id (Can not be zero)
// //
int32_t nextReqId = 1; uint32_t nextReqId = 1;
// //
// Pending ServerRequests List and count - Server requests are staged on this lists until // Pending ServerRequests List and count - Server requests are staged on this lists until
@ -436,15 +436,25 @@ BindSocket(int socketToBind)
// Remove pre-existing socket // Remove pre-existing socket
unlink(listenSocketFile); unlink(listenSocketFile);
// Setup the address that the daemon will use to listen // Verify that the specified path is not too long
// for connections. if (strlen(listenSocketFile) < sizeof(sizeof(listenAddr.sun_path)))
listenAddr.sun_family = AF_UNIX; {
strcpy(listenAddr.sun_path, listenSocketFile); // Setup the address that the daemon will use to listen
// for connections.
listenAddr.sun_family = AF_UNIX;
strncpy(listenAddr.sun_path, listenSocketFile, sizeof(listenAddr.sun_path) - 1);
// Perform the bind operation // Perform the bind operation
retStatus = bind(socketToBind, retStatus = bind(socketToBind,
(const sockaddr*) &listenAddr, (const sockaddr*) &listenAddr,
sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path)); sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path));
}
else
{
DbgTrace(0, "BindSocket- Listen socket file path too long\n", 0);
errno = ERANGE;
retStatus = -1;
}
// Return the file creation mask to its previous value // Return the file creation mask to its previous value
umask(prevMask); umask(prevMask);
@ -688,7 +698,7 @@ void* ServiceConnectionsThread(void)
//++======================================================================= //++=======================================================================
extern "C" extern "C"
int32_t uint32_t
IpcServerGetRequest(void) IpcServerGetRequest(void)
// //
// Arguments In: None. // Arguments In: None.
@ -813,7 +823,7 @@ exit:
extern "C" extern "C"
int32_t int32_t
IpcServerGetRequestData( IpcServerGetRequestData(
IN int32_t requestId, IN uint32_t requestId,
INOUT char **ppReqData) INOUT char **ppReqData)
// //
// Arguments In: requestId - The id of the request being processed. // Arguments In: requestId - The id of the request being processed.
@ -884,7 +894,7 @@ IpcServerGetRequestData(
extern "C" extern "C"
void void
IpcServerCompleteRequest( IpcServerCompleteRequest(
IN int32_t requestId, IN uint32_t requestId,
IN char *pReplyData) IN char *pReplyData)
// //
// Arguments In: requestId - The id of the request being completed. // Arguments In: requestId - The id of the request being completed.
@ -950,7 +960,7 @@ IpcServerCompleteRequest(
extern "C" extern "C"
void void
IpcServerAbortRequest( IpcServerAbortRequest(
IN int32_t requestId) IN uint32_t requestId)
// //
// Arguments In: requestId - The id of the request being aborted. // Arguments In: requestId - The id of the request being aborted.
// //
@ -1246,7 +1256,7 @@ IpcServerInit(
DbgTrace(1, "IpcServerInit- Start\n", 0); DbgTrace(1, "IpcServerInit- Start\n", 0);
// Check input parameters // Check input parameters
if (pAppName == NULL) if (pName == NULL)
{ {
DbgTrace(0, "IpcServerInit- Invalid parameter\n", 0); DbgTrace(0, "IpcServerInit- Invalid parameter\n", 0);
goto exit; goto exit;