geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Modifications to resolve issues found during self-code review.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2006-12-08 05:45:03 +00:00
parent 9a0426279c
commit 8ade751650
34 changed files with 524 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CASA-auth-token/client/lib/engine.c
View File

@ -623,8 +623,11 @@ ObtainAuthTokenInt(
strcpy(pAuthTokenBuf, pCacheEntry->token);
}
else
{
if (*pAuthTokenBufLen != 0)
{
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0);
}
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_BUFFER_OVERFLOW);

4
CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
View File

@ -66,7 +66,7 @@ atsIsRunning()
StartDAEMON()
{
# Start the daemon
echo -n "Starting casa_atsd"
echo -n "Starting casa_atsd..."
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
@ -126,7 +126,7 @@ StartDAEMON()
StopDAEMON()
{
# Stop the daemon
echo -n "Shutting down casa_atsd"
echo -n "Stopping casa_atsd..."
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
if atsIsRunning ; then

25
CASA-auth-token/server/ApacheSupport/2.2/mod_authn_casa.c
View File

@ -153,10 +153,10 @@ check_password(
// Now get a copy of the location being protected
if (i > 1)
{
pLocationName = apr_palloc(r->pool, i);
pLocationName = apr_palloc(r->pool, i + 1);
if (pLocationName)
{
memset(pLocationName, 0, i);
memset(pLocationName, 0, i + 1);
memcpy(pLocationName, &(r->uri[1]), i - 1); // Do not include the slashes
}
else
@ -207,7 +207,6 @@ check_password(
&pPrincipalIf);
if (CASA_SUCCESS(casaStatus))
{
int buffLen = 0;
apr_table_t *e = r->subprocess_env;
@ -248,7 +247,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity id, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
@ -288,7 +287,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source name, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -329,7 +328,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error obtaining identity source url, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -390,7 +389,7 @@ check_password(
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %08X", casaStatus);
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Un-expected error during attribute enumeration, %0X", casaStatus);
retStatus = AUTH_GENERAL_ERROR;
}
}
@ -410,22 +409,12 @@ check_password(
}
else
{
// We did not check the username, set the return status based on the status
// returned by ValidateAuthToken().
if (CasaStatusCode(casaStatus) == CASA_STATUS_AUTHENTICATION_FAILURE)
{
// Authentication failed
retStatus = AUTH_DENIED;
}
else
{
// Allow other providers to get a crack to it
// We did not check the username, allow other providers to get a crack to it.
retStatus = AUTH_USER_NOT_FOUND;
}
}
}
}
}
else
{
ap_log_rerror(APLOG_MARK, APLOG_ALERT, 0, r, "Did not get module per-server config structure");

12
CASA-auth-token/server/AuthTokenValidate/README
View File

@ -88,6 +88,18 @@ a user or to obtain identity information about the user. Because of this it is
important that the tokens be secured by applications making use of them. It is
recommended that the tokens be transmitted using SSL.
Under Linux, the Validate CASA Authentication Token libraries validate tokens
by invoking a service (casa_atvd, also knon as CasaAuthtokenValidateD). The security of the
communications that happen between the library and the service is dependent on the properties
of the stack providing Unix Domain Sockets communications and the file system rights setup
on the folder where the domain sockets are created.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on casa_atvd. If this is not acceptable then change the
rigths on the folder to only allow selected users to connect to it.

6
CASA-auth-token/server/AuthTokenValidate/Svc/README
View File

@ -76,6 +76,12 @@ create its listeing socket to keep other services from hijacking it and taking o
the validation of CASA authentication sockets. CasaAuthtokenValidateD creates its
listen socket in the /var/lib/CASA/authtoken/validate/ folder.
The SuSE rpm package for this component only allows processes executing as casaatvd
to setup a listener on the /var/lib/CASA/authtoken/validate/ folder but it allows any
process to connect to it. This setup may allow a rogue process to easily launch a
denial of service attack on CasaAuthtokenValidateD. If this is not acceptable then
change the rigths on the folder to only allow selected users to connect to it.

2
CASA-auth-token/server/AuthTokenValidate/Svc/linux/CasaAuthtokenValidateD
View File

@ -107,7 +107,7 @@ StartDAEMON()
StopDAEMON()
{
echo -n "Shutting down..."
echo -n "Stopping casa_atvd..."
killproc $DAEMON
RVAL=$?
$ECHO

77
CASA-auth-token/server/AuthTokenValidate/Svc/linux/server.cpp
View File

@ -36,6 +36,11 @@
#define MAXFD 64
#define MIN_THREADS 1
#define MAX_THREADS 4096
#define DEFAULT_BEGIN_THREADS 5
#define DEFAULT_GROW_THREADS 5
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//===[ Type definitions ]==================================================
@ -51,9 +56,9 @@ WorkerThread(void*);
char usage[] = "\nCasaAuthtokenValidateD: usage: [-p ListenPort] [-b BeginThreads] [-g GrowThreads] [-m MaxThreads] [-D DebugLevel] [-d] [-s]\n";
// Worker thread pool configuration parameters
int beginThreads = 5;
int growThreads = 5;
int maxThreads = 4096;
int beginThreads = DEFAULT_BEGIN_THREADS;
int growThreads = DEFAULT_GROW_THREADS;
int maxThreads = MAX_THREADS;
int minWaitingThreads = beginThreads;
int maxWaitingThreads = beginThreads * 4;
@ -64,7 +69,7 @@ double numPerishingThreads = 0;
// Listen Port Number
//int listenPortNumber = 5000;
int listenPortNumber = 0;
unsigned short int listenPortNumber = 0;
// Parameter indicating whether or not the server needs to run
// as a daemon.
@ -133,7 +138,7 @@ ServiceRequests(void)
while (!terminating)
{
// Get a request that needs servicing
int32_t requestId = IpcServerGetRequest();
uint32_t requestId = IpcServerGetRequest();
if (requestId != 0)
{
// We got a request that needs servicing, now get the
@ -591,7 +596,7 @@ InitJavaInvoke(void)
DbgTrace(0, "InitJavaInvoke- Error creating Java VM\n", 0);
}
DbgTrace(1, "InitJavaInvoke- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "InitJavaInvoke- End, retStatus = %0X\n", retStatus);
return retStatus;
@ -616,8 +621,11 @@ UnInitJavaInvoke(void)
DbgTrace(1, "UnInitJavaInvoke- Start\n", 0);
// Destroy the jvm
if (g_jvm)
{
g_jvm->DestroyJavaVM();
g_jvm = NULL;
}
g_env = NULL;
DbgTrace(1, "UnInitJavaInvoke- End\n", 0);
@ -694,7 +702,6 @@ DaemonInit(
for (int i = 0; i < MAXFD; i++)
close(i);
// Spawn a worker
if ((pid = fork()) == -1)
{
@ -801,6 +808,7 @@ main(
// Scan through the options specified
while (!doneScanning)
{
long int value = 0;
opterr = 0;
option = getopt(argc, argv, "m:p:b:g:D:ds");
@ -810,15 +818,36 @@ main(
case 'p':
// Port number option, record location of
// argument.
listenPortNumber = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value > 0
&& value <= USHRT_MAX)
{
listenPortNumber = (unsigned short int) value;
}
else
{
fprintf(stderr, "Specified ListenPort parameter out of range, using default value");
}
optionsSpecified ++;
break;
case 'b':
// Begin threads option, override the default parameter
// with the value of the option.
beginThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
beginThreads = (int) value;
}
else
{
fprintf(stderr, "Specified BeginThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -826,7 +855,18 @@ main(
case 'g':
// Grow threads option, override the default parameter
// with the value of the option.
growThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
growThreads = (int) value;
}
else
{
fprintf(stderr, "Specified GrowThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -834,7 +874,18 @@ main(
case 'm':
// Max threads option, override the default parameter
// with the value of the option.
maxThreads = atoi(optarg);
errno = 0;
value = strtol(optarg, (char**) NULL, 10);
if (errno == 0
&& value >= MIN_THREADS
&& value <= MAX_THREADS)
{
maxThreads = (int) value;
}
else
{
fprintf(stderr, "Specified MaxThreads parameter out of range, using default value");
}
optionsSpecified ++;
break;
@ -966,7 +1017,7 @@ main(
{
// Invalid option detected or the user failed to
// specify the listening port number.
printf(usage, argv[0]);
fprintf(stderr, usage, argv[0]);
}
return 0;

69
CASA-auth-token/server/AuthTokenValidate/config.c
View File

@ -93,7 +93,6 @@ RemoveWhiteSpaceFromTheEnd(
{
char *pLineEnd = (char*) pInString + strlen(pInString) - 1;
DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0);
while (pLineEnd != pInString)
@ -217,6 +216,8 @@ LowerCaseString(
// Abstract:
//
// Notes:
// Notes: Function assumes that the caller has made sure that the destination
// string buffer has enough space to receive the resulting string.
//
// L2
//=======================================================================--
@ -271,7 +272,7 @@ AddReference(
refCount = pConfigIfInstance->refCount;
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -378,13 +379,13 @@ GetEntryValue(
char *pValue = NULL;
LIST_ENTRY *pListEntry;
ConfigKey *pConfigKey;
int keyNameLen = strlen(pKeyName);
int keyNameLen = (int) strlen(pKeyName);
char *pKeyNameLowercase;
DbgTrace(2, "-GetEntryValue- Start\n", 0);
// Allocate enough space to hold lower case version of the key name
pKeyNameLowercase = malloc(keyNameLen + 1);
pKeyNameLowercase = (char*) malloc(keyNameLen + 1);
if (pKeyNameLowercase)
{
// Lower case the key name
@ -402,7 +403,7 @@ GetEntryValue(
&& memcmp(pKeyNameLowercase, pConfigKey->pKeyName, keyNameLen) == 0)
{
// We found it, return its value.
pValue = malloc(pConfigKey->valueLen + 1);
pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pValue)
{
strcpy(pValue, pConfigKey->pValue);
@ -426,7 +427,7 @@ GetEntryValue(
DbgTrace(0, "-GetEntryValue- Buffer allocation failure\n", 0);
}
DbgTrace(2, "-GetEntryValue- End, pValue = %08X\n", (unsigned int) pValue);
DbgTrace(2, "-GetEntryValue- End, pValue = %0X\n", (unsigned int) pValue);
return pValue;
}
@ -461,8 +462,8 @@ GetConfigInterface(
// L2
//=======================================================================--
{
int configFolderLen = strlen(pConfigFolder);
int configNameLen = strlen(pConfigName);
int configFolderLen = (int) strlen(pConfigFolder);
int configNameLen = (int) strlen(pConfigName);
ConfigIfInstance *pConfigIfInstance;
LIST_ENTRY *pListEntry;
CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
@ -506,13 +507,13 @@ GetConfigInterface(
char *pFilePath;
// Build a string containing the configuration file path
pFilePath = malloc(configFolderLen + 1 + configNameLen + sizeof(".conf"));
pFilePath = (char*) malloc(configFolderLen + 1 + configNameLen + sizeof(".conf") + 1);
if (pFilePath)
{
FILE *pConfigFile;
strcpy(pFilePath, pConfigFolder);
strcat(pFilePath, "/");
strcat(pFilePath, pathCharString);
strcat(pFilePath, pConfigName);
strcat(pFilePath, ".conf");
@ -521,7 +522,7 @@ GetConfigInterface(
if (pConfigFile)
{
// Opened the file, create a ConfigIfInstance object for it.
pConfigIfInstance = malloc(sizeof(*pConfigIfInstance));
pConfigIfInstance = (ConfigIfInstance*) malloc(sizeof(*pConfigIfInstance));
if (pConfigIfInstance)
{
// Initialize the list head within the instance data
@ -533,13 +534,13 @@ GetConfigInterface(
pConfigIfInstance->configIf.getEntryValue = GetEntryValue;
// Save the ConfigFolder and ConfigName information within the instance data
pConfigIfInstance->pConfigFolder = malloc(configFolderLen + 1);
pConfigIfInstance->pConfigFolder = (char*) malloc(configFolderLen + 1);
if (pConfigIfInstance->pConfigFolder)
{
strcpy(pConfigIfInstance->pConfigFolder, pConfigFolder);
pConfigIfInstance->configFolderLen = configFolderLen;
pConfigIfInstance->pConfigName = malloc(configNameLen + 1);
pConfigIfInstance->pConfigName = (char*) malloc(configNameLen + 1);
if (pConfigIfInstance->pConfigName)
{
strcpy(pConfigIfInstance->pConfigName, pConfigName);
@ -562,15 +563,17 @@ GetConfigInterface(
// Now update the instance data with the information present in the file
if (fseek(pConfigFile, 0, SEEK_SET) == 0)
{
char line[512];
while (fgets(line, sizeof(line), pConfigFile) != NULL)
#define MAX_LINE_LEN 1024
char *pLine = (char*) malloc(MAX_LINE_LEN);
if (pLine)
{
while (fgets(pLine, MAX_LINE_LEN, pConfigFile) != NULL)
{
int lineLength;
RemoveWhiteSpaceFromTheEnd(line);
RemoveWhiteSpaceFromTheEnd(pLine);
lineLength = strlen(line);
lineLength = (int) strlen(pLine);
if (lineLength != 0)
{
char *pKey;
@ -579,7 +582,7 @@ GetConfigInterface(
ConfigKey *pConfigKey;
// Attempt to find the key
pKey = SkipWhiteSpace(line);
pKey = SkipWhiteSpace(pLine);
// Make sure that we are not dealing with an empty line or a comment
if (*pKey == '\0' || *pKey == '#')
@ -609,18 +612,18 @@ GetConfigInterface(
*pKeyEnd = '\0';
// Create a ConfigKey object for this key/value pair
pConfigKey = malloc(sizeof(*pConfigKey));
pConfigKey = (ConfigKey*) malloc(sizeof(*pConfigKey));
if (pConfigKey)
{
pConfigKey->keyNameLen = strlen(pKey);
pConfigKey->pKeyName = malloc(pConfigKey->keyNameLen + 1);
pConfigKey->keyNameLen = (int) strlen(pKey);
pConfigKey->pKeyName = (char*) malloc(pConfigKey->keyNameLen + 1);
if (pConfigKey->pKeyName)
{
// Save the key name in lower case
LowerCaseString(pConfigKey->pKeyName, pKey);
pConfigKey->valueLen = strlen(pValue);
pConfigKey->pValue = malloc(pConfigKey->valueLen + 1);
pConfigKey->valueLen = (int) strlen(pValue);
pConfigKey->pValue = (char*) malloc(pConfigKey->valueLen + 1);
if (pConfigKey->pValue)
{
strcpy(pConfigKey->pValue, pValue);
@ -647,6 +650,14 @@ GetConfigInterface(
}
}
}
// Free the buffer allocated for holding line strings
free(pLine);
}
else
{
DbgTrace(0, "-GetConfigInterface- Buffer allocation failure\n", 0);
}
}
else
{
@ -680,8 +691,12 @@ GetConfigInterface(
}
else
{
DbgTrace(1, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Unable to open config file, errno = %d\n", errno);
DbgTrace(0, "-GetConfigInterface- Config file unable to open = %s\n", pFilePath);
}
// Free the buffer allocated for the file path
free(pFilePath);
}
else
{
@ -691,7 +706,7 @@ GetConfigInterface(
PlatReleaseMutex(g_configIfMutex);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetConfigInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -724,7 +739,7 @@ ConfigIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ConfigIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

16
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identoken.c
View File

@ -452,7 +452,7 @@ ConsumeElementData(
}
}
DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-ConsumeElementData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -801,7 +801,7 @@ AddReference(
refCount = pIdenTokenIfInstance->refCount;
PlatReleaseMutex(g_idenTokenIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -923,7 +923,7 @@ GetIdentityId(
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -999,7 +999,7 @@ GetSourceName(
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1075,7 +1075,7 @@ GetSourceUrl(
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1222,7 +1222,7 @@ AttributeEnumerate(
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1385,7 +1385,7 @@ GetIdenTokenInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -1418,7 +1418,7 @@ IdenTokenIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

4
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/identokenprovider.c
View File

@ -90,7 +90,7 @@ AddReference(
refCount = pIdenTokenProviderIfInstance->refCount;
PlatReleaseMutex(g_idenTokenProviderIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -334,7 +334,7 @@ GET_IDEN_TOKEN_PROVIDER_INTERFACE_RTN(
exit:
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}

2
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.c
View File

@ -81,7 +81,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

8
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/linux/platform.h
View File

@ -50,22 +50,22 @@
//
// DbgTrace macro define
//
#define DbgTrace(LEVEL, X, Y) { \
/*#define DbgTrace(LEVEL, X, Y) { \
char printBuff[256]; \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
_snprintf(printBuff, sizeof(printBuff), X, Y); \
fprintf(stderr, "CASA_IdenToken %s", printBuff); \
} \
}
/*#define DbgTrace(LEVEL, X, Y) { \
}*/
#define DbgTrace(LEVEL, X, Y) { \
if (LEVEL == 0 || DebugLevel >= LEVEL) \
{ \
openlog("CASA_IdenToken", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); \
syslog(LOG_USER | LOG_INFO, X, Y); \
closelog(); \
} \
}*/
}
// Deal with function name mapping issues

7
CASA-auth-token/server/AuthTokenValidate/idenTokenProviders/casa/util.c
View File

@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

6
CASA-auth-token/server/AuthTokenValidate/identoken.c
View File

@ -81,7 +81,7 @@ GetIdenTokenProviderInterface(
DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0);
// Get the configuration for the module
retStatus = GetConfigInterface("/etc/CASA/authtoken/modules",
retStatus = GetConfigInterface(moduleConfigFolderPath,
pIdenTokenTypeName,
&pModuleConfigIf);
if (CASA_SUCCESS(retStatus)
@ -247,7 +247,7 @@ GetIdenTokenProviderInterface(
CASA_STATUS_CONFIGURATION_ERROR);
}
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetIdenTokenProviderInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -280,7 +280,7 @@ IdenTokenInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-IdenTokenInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

6
CASA-auth-token/server/AuthTokenValidate/internal.h
View File

@ -65,6 +65,8 @@ typedef struct _AuthToken
//===[ Global externals ]==================================================
extern int DebugLevel;
extern char pathCharString[];
extern char moduleConfigFolderPath[];
extern char IpcClientLibraryPath[];
//===[ External prototypes ]===============================================
@ -214,8 +216,8 @@ DecodeData(
extern
int
dtoul(
IN char *cp,
IN int len);
IN const char *cp,
IN const int len);
//=========================================================================

8
CASA-auth-token/server/AuthTokenValidate/linux/platform.c
View File

@ -41,6 +41,12 @@ typedef struct _PlatformMutex
//===[ Global variables ]==================================================
// Path separator
char pathCharString[] = "/";
// Modules configuration folder path
char moduleConfigFolderPath[] = "/etc/CASA/authtoken/modules";
//
// Module synchronization mutex
//
@ -113,7 +119,7 @@ PlatAllocMutex(void)
DbgTrace(0, "-PlatAllocMutex- Memory allocation failure\n", 0);
}
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %08X\n", (unsigned int) pPlatMutex);
DbgTrace(2, "-PlatAllocMutex- End, retHandle = %0X\n", (unsigned int) pPlatMutex);
return (HANDLE) pPlatMutex;
}

93
CASA-auth-token/server/AuthTokenValidate/principal.c
View File

@ -72,18 +72,27 @@ AddReference(
// L2
//=======================================================================--
{
int refCount;
int refCount = 0;
PrincipalIfInstance *pPrincipalIfInstance = CONTAINING_RECORD(pIfInstance, PrincipalIfInstance, principalIf);
DbgTrace(2, "-AddReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-AddReference- Invalid parameter\n", 0);
goto exit;
}
// Increment the reference count on the object
PlatAcquireMutex(g_principalIfMutex);
pPrincipalIfInstance->refCount ++;
refCount = pPrincipalIfInstance->refCount;
PlatReleaseMutex(g_principalIfMutex);
DbgTrace(2, "-AddReference- End, refCount = %08X\n", refCount);
exit:
DbgTrace(2, "-AddReference- End, refCount = %0X\n", refCount);
return refCount;
}
@ -114,6 +123,13 @@ ReleaseReference(
DbgTrace(2, "-ReleaseReference- Start\n", 0);
// Validate input parameter
if (pIfInstance == NULL)
{
DbgTrace(0, "-ReleaseReference- Invalid parameter\n", 0);
goto exit;
}
// Decrement the reference count on the object and determine if it needs to
// be released.
PlatAcquireMutex(g_principalIfMutex);
@ -136,6 +152,8 @@ ReleaseReference(
free(pPrincipalIfInstance);
}
exit:
DbgTrace(2, "-ReleaseReference- End\n", 0);
}
@ -176,12 +194,26 @@ GetIdentityId(
DbgTrace(2, "-GetIdentityId- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pIdentIdLen == NULL
|| (*pIdentIdLen != 0 && pIdentIdBuf == NULL))
{
DbgTrace(0, "-GetIdentityId- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getIdentityId(pPrincipalIfInstance->pIdenTokenIf,
pIdentIdBuf,
pIdentIdLen);
DbgTrace(2, "-GetIdentityId- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetIdentityId- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -224,12 +256,26 @@ GetSourceName(
DbgTrace(2, "-GetSourceName- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceNameLen == NULL
|| (*pSourceNameLen != 0 && pSourceNameBuf == NULL))
{
DbgTrace(0, "-GetSourceName- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceName(pPrincipalIfInstance->pIdenTokenIf,
pSourceNameBuf,
pSourceNameLen);
DbgTrace(2, "-GetSourceName- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceName- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -272,12 +318,26 @@ GetSourceUrl(
DbgTrace(2, "-GetSourceUrl- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pSourceUrlLen == NULL
|| (*pSourceUrlLen != 0 && pSourceUrlBuf == NULL))
{
DbgTrace(0, "-GetSourceUrl- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->getSourceUrl(pPrincipalIfInstance->pIdenTokenIf,
pSourceUrlBuf,
pSourceUrlLen);
DbgTrace(2, "-GetSourceUrl- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-GetSourceUrl- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -335,6 +395,21 @@ AttributeEnumerate(
DbgTrace(2, "-AttributeEnumerate- Start\n", 0);
// Verify input parameters
if (pIfInstance == NULL
|| pEnumHandle == NULL
|| pAttribNameLen == NULL
|| (*pAttribNameLen != 0 && pAttribNameBuf == NULL
|| pAttribValueLen == NULL
|| (*pAttribValueLen != 0 && pAttribValueBuf == NULL)))
{
DbgTrace(0, "-AttributeEnumerate- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_INFORMATIONAL,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Just call into the identity token
retStatus = pPrincipalIfInstance->pIdenTokenIf->attributeEnumerate(pPrincipalIfInstance->pIdenTokenIf,
pEnumHandle,
@ -343,7 +418,9 @@ AttributeEnumerate(
pAttribValueBuf,
pAttribValueLen);
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %08X\n", retStatus);
exit:
DbgTrace(2, "-AttributeEnumerate- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -409,7 +486,7 @@ GetPrincipalInterface(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %08X\n", retStatus);
DbgTrace(2, "-GetPrincipalInterface- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -442,7 +519,7 @@ PrincipalIfInit(void)
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-PrincipalIfInit- End, retStatus = %0X\n", retStatus);
return retStatus;
}

11
CASA-auth-token/server/AuthTokenValidate/util.c
View File

@ -77,7 +77,6 @@ EncodeData(
{
CasaStatus retStatus;
int encodedSize;
char *pTmp;
DbgTrace(3, "-EncodeData- Start\n", 0);
@ -138,7 +137,7 @@ EncodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-EncodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-EncodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -267,7 +266,7 @@ DecodeData(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(3, "-DecodeData- End, retStatus = %08X\n", retStatus);
DbgTrace(3, "-DecodeData- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -276,8 +275,8 @@ DecodeData(
//++=======================================================================
int
dtoul(
IN char *cp,
IN int len)
IN const char *cp,
IN const int len)
//
// Arguments:
//
@ -309,7 +308,7 @@ dtoul(
}
}
DbgTrace(2, "-dtoul- End, result = %d\n", n);
DbgTrace(2, "-dtoul- End, result = %0X\n", n);
return n;
}

14
CASA-auth-token/server/AuthTokenValidate/validate.c
View File

@ -32,6 +32,9 @@
#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket"
//#define INT32_MAX 2147483647
//===[ Type definitions ]==================================================
//===[ Function prototypes ]===============================================
@ -105,7 +108,7 @@ ValidateAuthToken(
{
CasaStatus retStatus;
char *pDecodedTokenBuf;
int decodedTokenBufLen;
int32_t decodedTokenBufLen;
PrincipalIf *pPrincipalIf;
DbgTrace(1, "-ValidateAuthToken- Start\n", 0);
@ -114,6 +117,7 @@ ValidateAuthToken(
if (pServiceName == NULL
|| pTokenBuf == NULL
|| tokenBufLen == 0
|| tokenBufLen > INT32_MAX
|| ppPrincipalIf == NULL)
{
DbgTrace(0, "-ValidateAuthToken- Invalid input parameter\n", 0);
@ -248,7 +252,7 @@ ValidateAuthToken(
if (CASA_SUCCESS(retStatus))
{
char *pIdenTokenData;
int idenTokenDataLen;
int32_t idenTokenDataLen;
// Assume failure
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
@ -343,7 +347,7 @@ ValidateAuthToken(
exit:
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %08X\n", retStatus);
DbgTrace(1, "-ValidateAuthToken- End, retStatus = %0X\n", retStatus);
return retStatus;
}
@ -364,8 +368,8 @@ so_init()
// L2
//=======================================================================--
{
// Check for environment variable specifying that the application is
// multi-threaded.
// Check for environment variable specifying that the application
// is not multi-threaded.
if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL)
{
// The parameter has been configured, remember it.

28
CASA-auth-token/server/PamSupport/pam_authtoken.c
View File

@ -94,10 +94,25 @@ pam_sm_authenticate(pam_handle_t *pamh,
char *pServicename = NULL;
char *pAuthToken = NULL;
// Verify input parameters
if (pamh == NULL
|| (argc > 0 && argv == NULL))
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
// Determine if we are supposed to perform the username check
// based on the arguments specified.
for (i = 0; i < argc; i++)
{
// Do safety check
if (argv[i] == NULL)
{
LogError("Invalid parameter detected");
return PAM_SYSTEM_ERR;
}
if (*(argv[i]) == 'U')
{
// The arguments indicate that we should check the username
@ -116,7 +131,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
// the username check.
if (performUsernameCheck)
{
char *pUsername;
char *pUsername = NULL;
struct pam_response *responses = NULL;
// Obtain the username so that it can be checked.
@ -135,11 +150,12 @@ pam_sm_authenticate(pam_handle_t *pamh,
}
else
{
struct pam_conv *pConv;
struct pam_conv *pConv = NULL;
// The username has not been set, try to obtain it from the
// application through the use of the conversation function.
if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS)
if (pam_get_item(pamh, PAM_CONV, (void*) &pConv) == PAM_SUCCESS
&& pConv != NULL)
{
struct pam_message msg;
struct pam_message *messages = &msg;
@ -150,7 +166,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1,
(const struct pam_message **) &messages,
&responses,
pConv->appdata_ptr) == PAM_SUCCESS)
pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{
// Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS
@ -216,7 +233,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pConv->conv(1,
(const struct pam_message **) &messages,
&responses,
pConv->appdata_ptr) == PAM_SUCCESS)
pConv->appdata_ptr) == PAM_SUCCESS
&& responses != NULL)
{
// Check if we have a successful response
if (responses[0].resp_retcode == PAM_SUCCESS

8
CASA-auth-token/server/include/casa_c_ipc.h
View File

@ -160,9 +160,9 @@ int
IpcClientSubmitReq(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen);
INOUT int32_t *pServerDataLen);
//
// Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request.
@ -202,9 +202,9 @@ int
(*PFN_IpcClientSubmitReq)(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen);
INOUT int32_t *pServerDataLen);
//++=======================================================================

8
CASA-auth-token/server/include/casa_s_ipc.h
View File

@ -46,7 +46,7 @@
//++=======================================================================
extern
int32_t
uint32_t
IpcServerGetRequest(void);
//
// Arguments In: None.
@ -72,7 +72,7 @@ IpcServerGetRequest(void);
extern
int32_t
IpcServerGetRequestData(
IN int32_t requestId,
IN uint32_t requestId,
INOUT char **ppReqData);
//
// Arguments In: requestId - The id of the request being processed.
@ -101,7 +101,7 @@ IpcServerGetRequestData(
extern
void
IpcServerCompleteRequest(
IN int32_t requestId,
IN uint32_t requestId,
IN char *pReplyData);
//
// Arguments In: requestId - The id of the request being completed.
@ -124,7 +124,7 @@ IpcServerCompleteRequest(
extern
void
IpcServerAbortRequest(
IN int32_t requestId);
IN uint32_t requestId);
//
// Arguments In: requestId - The id of the request being aborted.
//

3
CASA-auth-token/server/utilities/IpcLibs/README
View File

@ -88,7 +88,8 @@ linux/client/test/testClient.c.
SECURITY CONSIDERATIONS
IpcLibs does not provide any security features beyond what is provided by the protocol stacks for
tcp/ip and Domain sockets communications.
tcp/ip and Domain sockets communications. IpcLibs does not directly perform any uid/gid checks
when Domain socket communications are performed.
By leveraging the File System Access Control features, you can scope communications that occur over
Domain sockets to specific or groups of users.

8
CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.cpp
View File

@ -390,9 +390,9 @@ CChannel::connectionThread(
{
CChannel *pCChannel = *pSmartCChannel;
bool doneReceivingData = false;
unsigned long bytesReceived;
int32_t bytesReceived;
uint32_t reqId;
int payloadLength;
int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char *pRecvBuff;
@ -441,7 +441,7 @@ CChannel::connectionThread(
&payloadLength))
{
// Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr))
switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{
case ChannelProto::ReqDataCarrierPacketType:
@ -747,7 +747,7 @@ CChannel::submitReq(
uint32_t reqId,
ClientReq &clientReq,
char *pClientData,
int clientDataLen)
int32_t clientDataLen)
//
// Arguments:
//

2
CASA-auth-token/server/utilities/IpcLibs/linux/client/cchannel.h
View File

@ -222,7 +222,7 @@ public:
int submitReq(uint32_t reqId,
ClientReq &clientReq,
char *pClientData,
int clientDataLen);
int32_t clientDataLen);
//
// Remove Request routine

21
CASA-auth-token/server/utilities/IpcLibs/linux/client/client.cpp
View File

@ -354,8 +354,6 @@ IpcClientCloseRemoteEndPoint(
DbgTrace(0, "IpcClientCloseRemoteEndPoint- Not initialized\n", 0);
}
exit:
DbgTrace(1, "IpcClientCloseRemoteEndPoint- End, status = %0X\n", retStatus);
return retStatus;
@ -368,9 +366,9 @@ int
IpcClientSubmitReq(
IN uint32_t endPointHandle,
IN char *pClientData,
IN int clientDataLen,
IN int32_t clientDataLen,
INOUT char **ppServerData,
INOUT int *pServerDataLen)
INOUT int32_t *pServerDataLen)
//
// Arguments In: endPointHandle - Handle of the remote endpoint that will
// be the target of the request.
@ -410,6 +408,15 @@ IpcClientSubmitReq(
DbgTrace(1, "IpcClientSubmitReq- Start\n", 0);
// Verify input parameters
if (pClientData == NULL
|| ppServerData == NULL
|| pServerDataLen == NULL)
{
DbgTrace(0, "IpcClientSubmitReq- Invalid parameter\n", 0);
goto exit;
}
// Verify that we have been initialized
if (svcInitialized)
{
@ -425,7 +432,7 @@ IpcClientSubmitReq(
// the request.
SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(*(iter->second));
// Release our mutex before deleting the endpoint
// Release our mutex before using the remote endpoint
pthread_mutex_unlock(&clientMutex);
// Submit the request
@ -450,6 +457,8 @@ IpcClientSubmitReq(
DbgTrace(0, "IpcClientSubmitReq- Not initialized\n", 0);
}
exit:
DbgTrace(1, "IpcClientSubmitReq- End, retStatus = %0X\n", retStatus);
return retStatus;
@ -498,7 +507,7 @@ IpcClientInit(
DbgTrace(1, "IpcClientInit- Start\n", 0);
// Check input parameters
if (pAppName == NULL)
if (pName == NULL)
{
DbgTrace(0, "IpcClientInit- Invalid parameter\n", 0);
goto exit;

4
CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.cpp
View File

@ -142,7 +142,7 @@ ClientReq::~ClientReq(void)
void
ClientReq::processServerData(
char *pServerData,
int serverDataLength)
int32_t serverDataLength)
//
// Arguments:
//
@ -230,7 +230,7 @@ ClientReq::processError(void)
int
ClientReq::waitForCompletion(
char **ppResponseData,
int *pResponseDataLength)
int32_t *pResponseDataLength)
//
// Arguments:
//

6
CASA-auth-token/server/utilities/IpcLibs/linux/client/clientreq.h
View File

@ -52,7 +52,7 @@ class ClientReq
// Server Data
char *m_pServerData;
int m_serverDataLen;
int32_t m_serverDataLen;
// Flag indicating the state of the submitting
// thread.
@ -114,7 +114,7 @@ public:
// Returns: Nothing.
//
void processServerData(char *pServerData,
int serverDataLength);
int32_t serverDataLength);
//
// Process Error routine
@ -147,7 +147,7 @@ public:
// -1 == Request did not complete gracefully
//
int waitForCompletion(char **ppResponseData,
int *pResponseDataLength);
int32_t *pResponseDataLength);
//
// Completion status

19
CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.cpp
View File

@ -80,12 +80,15 @@ RemoteEndPoint::RemoteEndPoint(
{
DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %0X\n", this);
// Verify that the specified path is not too long
if (strlen(pSocketFileName) < sizeof(sizeof(m_serverUnAddr.sun_path)))
{
// Initialize our mutex
pthread_mutex_init(&m_mutex, NULL);
// Set the necessary information in the m_serverUnAddr variable
m_serverUnAddr.sun_family = AF_UNIX;
strcpy(m_serverUnAddr.sun_path, pSocketFileName);
strncpy(m_serverUnAddr.sun_path, pSocketFileName, sizeof(m_serverUnAddr.sun_path) - 1);
// Set the necessary flags to indicate that DOMAIN sockets
// should be used for communications.
@ -105,6 +108,13 @@ RemoteEndPoint::RemoteEndPoint(
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc();
}
}
else
{
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Socket file path name too long\n", 0);
throw bad_alloc();
}
@ -166,6 +176,7 @@ RemoteEndPoint::RemoteEndPoint(
m_cchannelVector.push_back(SmartCChannelPointer());
} catch (...) {
DbgTrace(0, "RemoteEndPoint::RemoteEndPoint- Exception caught while initializing the cchannelVector\n", 0);
pthread_mutex_destroy(&m_mutex);
throw bad_alloc();
}
@ -259,7 +270,7 @@ RemoteEndPoint::getCChannel(void)
m_cchannelVector[channelSelector].setPointer(NULL);
}
CChannel *pCChannel;
CChannel *pCChannel = NULL;
try {
// Use the appropriate server address when instantiating
@ -325,9 +336,9 @@ RemoteEndPoint::getCChannel(void)
int
RemoteEndPoint::submitReq(
char *pClientData,
int clientDataLen,
int32_t clientDataLen,
char **ppServerData,
int *pServerDataLen)
int32_t *pServerDataLen)
//
// Arguments:
//

4
CASA-auth-token/server/utilities/IpcLibs/linux/client/remoteendpoint.h
View File

@ -186,9 +186,9 @@ public:
// Note: The routine blocks until the request completes.
//
int submitReq(char *pClientData,
int clientDataLen,
int32_t clientDataLen,
char **ppServerData,
int *pServerDataLen);
int32_t *pServerDataLen);
};
typedef SmartPtr<RemoteEndPoint> SmartRemoteEndPoint;

72
CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.cpp
View File

@ -68,7 +68,7 @@ ChannelProto::buildReqDataPktHdr(
//
// Abstract:
//
// Notes:
// Notes: pPktHdr must point to a buffer of size ReqDataPktHdrTemple.length().
//
// L2
//=======================================================================--
@ -81,16 +81,16 @@ ChannelProto::buildReqDataPktHdr(
// - Req Data Packet Header Format -
//
// ReqDataCarrierType
// ReqIdHdr value (value format=%0X)
// PayloadLengthHdr value (value format=%0X)
// ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%08X)
//
// Setup the necessary value strings
char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId);
sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength);
sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer;
// Format the header.
@ -141,7 +141,7 @@ ChannelProto::buildReqErrorPktHdr(
//
// Abstract:
//
// Notes:
// Notes: pPktHdr must point to a buffer of size ReqErrorPktHdrTemple.length().
//
// L2
//=======================================================================--
@ -154,16 +154,16 @@ ChannelProto::buildReqErrorPktHdr(
// - Req Error Packet Header Format -
//
// ReqErrorCarrierType
// ReqIdHdr value (value format=%0X)
// PayloadLengthHdr value (value format=%0X)
// ReqIdHdr value (value format=%08X)
// PayloadLengthHdr value (value format=%08X)
//
// Setup the necessary value strings
char wrkBuffer[10];
sprintf(wrkBuffer, "%0X", reqId);
sprintf(wrkBuffer, "%08X", reqId);
string reqIdValue = wrkBuffer;
sprintf(wrkBuffer, "%0X", payloadLength);
sprintf(wrkBuffer, "%08X", payloadLength);
string payloadLengthValue = wrkBuffer;
// Format the header.
@ -204,7 +204,8 @@ ChannelProto::buildReqErrorPktHdr(
//++=======================================================================
ChannelProto::PacketTypes
ChannelProto::getPktType(
char &buff)
char &buff,
int hdrLength)
//
// Arguments:
//
@ -223,9 +224,22 @@ ChannelProto::getPktType(
// Find the end of the Channel Packet Type
char *pCurr = &buff;
while (*pCurr != '\r')
pCurr ++;
int bytesLeft = hdrLength;
bool endFound = false;
while (bytesLeft)
{
if (*pCurr == '\r')
{
endFound = true;
break;
}
pCurr ++;
bytesLeft --;
}
if (endFound)
{
// Found the end of the Channel Packet Type, now
// calculate its length.
int channelPktTypeLength = pCurr - &buff;
@ -247,6 +261,11 @@ ChannelProto::getPktType(
{
DbgTrace(0, "ChannelProto::getPktType- No match found\n", 0);
}
}
else
{
DbgTrace(0, "ChannelProto::getPktType- Invalid header\n", 0);
}
DbgTrace(1, "ChannelProto::getPktType- End, type = %d\n", packetType);
@ -283,7 +302,8 @@ ChannelProto::getReqIdAndPayloadLength(
char *pChannelHdr = NULL;
int bytesLeft = hdrLength;
// Skip the Channel Packet Type
// Skip the Channel Packet Type which should always
// be the first header.
while (bytesLeft >= 2)
{
if (*pCurr == '\r'
@ -334,7 +354,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0';
// Convert the value to hex
*pReqId = strtoul(pValue, NULL, 16);
errno = 0;
unsigned long int value = strtoul(pValue, NULL, 16);
if (errno != 0
|| value > UINT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid reqId value, %s\n", pValue);
break;
}
// Use the value
*pReqId = (uint32_t) value;
// Undo the damage that we did
*(pCurr-2) = '\r';
@ -353,7 +383,17 @@ ChannelProto::getReqIdAndPayloadLength(
*(pCurr-2) = '\0';
// Convert the value to hex
*pPayloadLength = strtoul(pValue, NULL, 16);
errno = 0;
long int value = strtol(pValue, NULL, 16);
if (errno != 0
|| value > INT32_MAX)
{
DbgTrace(0, "ChannelProto::getReqIdAndPayloadLength- Invalid payloadLength value, %s\n", pValue);
break;
}
// Use the value
*pPayloadLength = (int32_t) value;
// Undo the damage that we did
*(pCurr-2) = '\r';

6
CASA-auth-token/server/utilities/IpcLibs/linux/common/channelproto.h
View File

@ -114,11 +114,15 @@ public:
// buff (input) -
// Reference to buffer containing the packet data.
//
// hdrLength (input) -
// Length of the channel header.
//
// Abstract: Returns the type of the specified channel packet.
//
// Returns: Channel packet type.
//
static PacketTypes getPktType(char &buff);
static PacketTypes getPktType(char &buff,
int hdrLength);
//
// Get Req Id and Payload Length Values routine

8
CASA-auth-token/server/utilities/IpcLibs/linux/server/schannel.cpp
View File

@ -234,15 +234,15 @@ SChannel::connectionThread(
{
SChannel *pSChannel = *pSmartSChannel;
bool doneReceivingData = false;
unsigned long bytesReceived;
int32_t bytesReceived;
unsigned long bytesSent;
uint32_t reqId;
int payloadLength;
int32_t payloadLength;
unsigned long totalPayloadBytesReceived = 0;
char reqDataPktHdr[ReqDataPktHdrTemplate.length()];
char reqErrorPktHdr[ReqErrorPktHdrTemplate.length()];
char *pRecvBuff;
ServerReq *pServerReq;
ServerReq *pServerReq = NULL;
DbgTrace(1, "SChannel::connectionThread- Start, Obj = %0X\n", pSChannel);
@ -285,7 +285,7 @@ SChannel::connectionThread(
&payloadLength))
{
// Procced based on the packet type
switch (ChannelProto::getPktType(*reqDataPktHdr))
switch (ChannelProto::getPktType(*reqDataPktHdr, sizeof(reqDataPktHdr)))
{
case ChannelProto::ReqDataCarrierPacketType:

24
CASA-auth-token/server/utilities/IpcLibs/linux/server/server.cpp
View File

@ -107,7 +107,7 @@ int numActiveRequests = 0;
//
// Next request id (Can not be zero)
//
int32_t nextReqId = 1;
uint32_t nextReqId = 1;
//
// Pending ServerRequests List and count - Server requests are staged on this lists until
@ -436,15 +436,25 @@ BindSocket(int socketToBind)
// Remove pre-existing socket
unlink(listenSocketFile);
// Verify that the specified path is not too long
if (strlen(listenSocketFile) < sizeof(sizeof(listenAddr.sun_path)))
{
// Setup the address that the daemon will use to listen
// for connections.
listenAddr.sun_family = AF_UNIX;
strcpy(listenAddr.sun_path, listenSocketFile);
strncpy(listenAddr.sun_path, listenSocketFile, sizeof(listenAddr.sun_path) - 1);
// Perform the bind operation
retStatus = bind(socketToBind,
(const sockaddr*) &listenAddr,
sizeof(listenAddr.sun_family) + strlen(listenAddr.sun_path));
}
else
{
DbgTrace(0, "BindSocket- Listen socket file path too long\n", 0);
errno = ERANGE;
retStatus = -1;
}
// Return the file creation mask to its previous value
umask(prevMask);
@ -688,7 +698,7 @@ void* ServiceConnectionsThread(void)
//++=======================================================================
extern "C"
int32_t
uint32_t
IpcServerGetRequest(void)
//
// Arguments In: None.
@ -813,7 +823,7 @@ exit:
extern "C"
int32_t
IpcServerGetRequestData(
IN int32_t requestId,
IN uint32_t requestId,
INOUT char **ppReqData)
//
// Arguments In: requestId - The id of the request being processed.
@ -884,7 +894,7 @@ IpcServerGetRequestData(
extern "C"
void
IpcServerCompleteRequest(
IN int32_t requestId,
IN uint32_t requestId,
IN char *pReplyData)
//
// Arguments In: requestId - The id of the request being completed.
@ -950,7 +960,7 @@ IpcServerCompleteRequest(
extern "C"
void
IpcServerAbortRequest(
IN int32_t requestId)
IN uint32_t requestId)
//
// Arguments In: requestId - The id of the request being aborted.
//
@ -1246,7 +1256,7 @@ IpcServerInit(
DbgTrace(1, "IpcServerInit- Start\n", 0);
// Check input parameters
if (pAppName == NULL)
if (pName == NULL)
{
DbgTrace(0, "IpcServerInit- Invalid parameter\n", 0);
goto exit;