From e9680fbfa1588d7c6b2de6d54318a1276c812660 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Thu, 14 Sep 2006 15:54:27 +0000 Subject: [PATCH] Completed the Authtoken Validate Service changes. --- CASA-auth-token/non-java/configure.in | 5 +- CASA-auth-token/non-java/include/casa_c_ipc.h | 42 ++ .../linux/CASA_auth_token_native.changes | 8 + .../linux/CASA_auth_token_native.spec.in | 40 +- .../AuthTokenValidate/Svc/linux/Makefile.am | 17 +- .../AuthTokenValidate/Svc/linux/server.cpp | 70 +- .../server/AuthTokenValidate/authtoken.c | 693 ------------------ .../idenTokenProviders/casa/README | 2 +- .../casa/linux/CasaIdentityToken.conf | 2 +- .../idenTokenProviders/casa/linux/Makefile.am | 4 +- .../server/AuthTokenValidate/identoken.c | 2 +- .../server/AuthTokenValidate/internal.h | 1 + .../AuthTokenValidate/linux/Makefile.am | 4 +- .../server/AuthTokenValidate/linux/platform.c | 5 + .../server/AuthTokenValidate/validate.c | 161 +++- .../non-java/server/PamSupport/test/README | 2 +- .../non-java/server/PamSupport/test/make.sh | 2 +- .../non-java/server/PamSupport/test/test.c | 4 +- .../IpcLibs/linux/client/cchannel.cpp | 2 +- .../utilities/IpcLibs/linux/client/client.cpp | 32 +- .../IpcLibs/linux/client/remoteendpoint.cpp | 41 +- .../utilities/IpcLibs/linux/server/server.cpp | 2 +- 22 files changed, 340 insertions(+), 801 deletions(-) delete mode 100644 CASA-auth-token/non-java/server/AuthTokenValidate/authtoken.c diff --git a/CASA-auth-token/non-java/configure.in b/CASA-auth-token/non-java/configure.in index 6d07aa9c..86416605 100644 --- a/CASA-auth-token/non-java/configure.in +++ b/CASA-auth-token/non-java/configure.in @@ -19,9 +19,10 @@ # ####################################################################### -AC_INIT(include/casa_s_authtoken.h) +AC_INIT(CASA_auth_token_native, 1.7.795,,CASA_auth_token_native) +AC_CONFIG_SRCDIR(autogen.sh) AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE(CASA_auth_token_native, 1.7.795) +AM_INIT_AUTOMAKE(tar-pax) RELEASE=`date +%Y%m%d_%H%M` AC_SUBST(RELEASE) AM_MAINTAINER_MODE diff --git a/CASA-auth-token/non-java/include/casa_c_ipc.h b/CASA-auth-token/non-java/include/casa_c_ipc.h index ec0b288a..f3982156 100644 --- a/CASA-auth-token/non-java/include/casa_c_ipc.h +++ b/CASA-auth-token/non-java/include/casa_c_ipc.h @@ -76,6 +76,13 @@ IpcClientOpenUnixRemoteEndPoint( // //=======================================================================-- +typedef +int +(*PFN_IpcClientOpenUnixRemoteEndPoint)( + IN char *pSocketFileName, + IN int maxRpcRetries, + INOUT uint32_t *pEndPointHandle); + //++======================================================================= extern @@ -110,6 +117,14 @@ IpcClientOpenInetRemoteEndPoint( // //=======================================================================-- +typedef +int +(*PFN_IpcClientOpenInetRemoteEndPoint)( + IN unsigned short int port, + IN uint32_t address, + IN int maxRpcRetries, + INOUT uint32_t *pEndPointHandle); + //++======================================================================= extern @@ -133,6 +148,11 @@ IpcClientCloseRemoteEndPoint( // //=======================================================================-- +typedef +int +(*PFN_IpcClientCloseRemoteEndPoint)( + IN uint32_t endPointHandle); + //++======================================================================= extern @@ -177,6 +197,15 @@ IpcClientSubmitReq( // //=======================================================================-- +typedef +int +(*PFN_IpcClientSubmitReq)( + IN uint32_t endPointHandle, + IN char *pClientData, + IN int clientDataLen, + INOUT char **ppServerData, + INOUT int *pServerDataLen); + //++======================================================================= extern @@ -214,6 +243,14 @@ IpcClientInit( // //=======================================================================-- +typedef +int +(*PFN_IpcClientInit)( + IN char *pName, + IN bool multithreaded, + IN int debugLevel, + IN bool useSyslog); + //++======================================================================= extern @@ -230,6 +267,11 @@ IpcClientShutdown(void); // //=======================================================================-- +typedef +void +(*PFN_IpcClientShutdown)(void); + + #endif // _IPCCLIENT_ //========================================================================= diff --git a/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes b/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes index a63e083b..eecf62ab 100644 --- a/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes +++ b/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Sep 14 09:48:54 MDT 2006 - jluciani@novell.com + +- Created the Validate AuthToken Service and made all of the necessary changes + to allow it to be consumed by the AuthTokenValidate library. + +- Also made necessary spec file changes to support our configuration. + ------------------------------------------------------------------- Tue Sep 5 08:37:35 MDT 2006 - jluciani@novell.com diff --git a/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.spec.in b/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.spec.in index 65162c01..40eb6b1e 100644 --- a/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.spec.in +++ b/CASA-auth-token/non-java/package/linux/CASA_auth_token_native.spec.in @@ -15,7 +15,7 @@ Name: CASA_auth_token_native %define debug_opt "" URL: http://www.novell.com/products -BuildRequires: CASA-devel apache2-devel expat gcc-c++ glib2-devel krb5-devel libgcc libgssapi libstdc++ libstdc++-devel mono-devel pam-devel pkgconfig update-alternatives java-1_5_0-sun java-1_5_0-sun-devel +BuildRequires: CASA-devel apache2-devel expat gcc-c++ glib2-devel krb5-devel libgcc libgssapi libstdc++ libstdc++-devel mono-devel pam-devel pkgconfig update-alternatives java-1_5_0-ibm java-1_5_0-ibm-devel %define prefix /usr License: LGPL Group: System/Libraries @@ -26,7 +26,7 @@ Release: 1 Summary: Novell CASA Authentication Token Libraries Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: expat java-1_5_0-sun CASA_auth_token_jaas_support +Requires: expat java-1_5_0-ibm CASA_auth_token_jaas_support PreReq: %fillup_prereq %insserv_prereq %description @@ -151,25 +151,31 @@ make install -d %{buildroot}%{prefix} install -d %{buildroot}%{prefix}/bin install -d %{buildroot}%{prefix}/%{_lib} -install -d %{buildroot}%{prefix}/%{_lib}/security +install -d %{buildroot}/%{_lib}/security install -d %{buildroot}%{prefix}/include install -d %{buildroot}/etc/init.d install -d %{buildroot}/etc/ld.so.conf.d install -d %{buildroot}/var install -d %{buildroot}/var/lib -install -d -m 777 %{buildroot}/var/lib/CASA -install -d -m 777 %{buildroot}/var/lib/CASA/authtoken -install -d -m 777 %{buildroot}/var/lib/CASA/authtoken/validate +install -d -m 755 %{buildroot}/var/lib/CASA +install -d -m 755 %{buildroot}/var/lib/CASA/authtoken +install -d -m 755 %{buildroot}/var/lib/CASA/authtoken/validate +install -d -m 755 %{buildroot}/etc/CASA +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d +install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/modules.d ## CASA_auth_token_native ## # Libs install -m 755 %{_lib}/%{cfg}/libcasa_s_authtoken.so %{buildroot}%{prefix}/%{_lib}/libcasa_s_authtoken.so.%{bldno} +install -m 755 %{_lib}/%{cfg}/casa_iden_token.so %{buildroot}%{prefix}/%{_lib}/casa_iden_token.so.%{bldno} install -m 755 %{_lib}/%{cfg}/libcasa_c_ipc.so %{buildroot}%{prefix}/%{_lib}/libcasa_c_ipc.so.%{bldno} install -m 755 %{_lib}/%{cfg}/libcasa_s_ipc.so %{buildroot}%{prefix}/%{_lib}/libcasa_s_ipc.so.%{bldno} # Lib Symbolic Links ln -sf libcasa_s_authtoken.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_s_authtoken.so ln -sf libcasa_s_authtoken.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_s_authtoken.so.1 +ln -sf casa_iden_token.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/casa_iden_token.so +ln -sf casa_iden_token.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/casa_iden_token.so.1 ln -sf libcasa_c_ipc.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_c_ipc.so ln -sf libcasa_c_ipc.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_c_ipc.so.1 ln -sf libcasa_s_ipc.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_s_ipc.so @@ -178,14 +184,13 @@ ln -sf libcasa_s_ipc.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/libcasa_s_ipc.so. # Bins install -m 755 bin/%{cfg}/CasaAuthtokenValidateD %{buildroot}%{prefix}/bin/CasaAuthtokenValidateD +# Others +install -m 644 server/AuthTokenValidate/idenTokenProviders/casa/linux/CasaIdentityToken.conf %{buildroot}/etc/CASA/authtoken.d/modules.d/CasaIdentityToken.conf + ## CASA_auth_token_pam_support ## # Libs -install -m 755 %{_lib}/%{cfg}/pam_casaauthtok.so %{buildroot}%{prefix}/%{_lib}/security/pam_casaauthtok.so.%{bldno} -#install -m 755 %{_lib}/%{cfg}/pam_casaauthtok.so %{buildroot}%{prefix}/%{_lib}/security/pam_casaauthtok.so +install -m 755 %{_lib}/%{cfg}/pam_casaauthtok.so %{buildroot}/%{_lib}/security/pam_casaauthtok.so -# Lib Symbolic Links -ln -sf pam_casaauthtok.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/security/pam_casaauthtok.so -ln -sf pam_casaauthtok.so.%{bldno} %{buildroot}%{prefix}/%{_lib}/security/pam_casaauthtok.so.1 ## CASA_auth_token_apache2_2_support ## # Libs @@ -225,9 +230,15 @@ rm -rf $RPM_BUILD_ROOT %dir /var/lib/CASA %dir /var/lib/CASA/authtoken %dir /var/lib/CASA/authtoken/validate +%dir /etc/CASA +%dir /etc/CASA/authtoken.d +%dir /etc/CASA/authtoken.d/modules.d %{prefix}/%{_lib}/libcasa_s_authtoken.so.%{bldno} %{prefix}/%{_lib}/libcasa_s_authtoken.so %{prefix}/%{_lib}/libcasa_s_authtoken.so.1 +%{prefix}/%{_lib}/casa_iden_token.so.%{bldno} +%{prefix}/%{_lib}/casa_iden_token.so +%{prefix}/%{_lib}/casa_iden_token.so.1 %{prefix}/%{_lib}/libcasa_c_ipc.so.%{bldno} %{prefix}/%{_lib}/libcasa_c_ipc.so %{prefix}/%{_lib}/libcasa_c_ipc.so.1 @@ -235,6 +246,7 @@ rm -rf $RPM_BUILD_ROOT %{prefix}/%{_lib}/libcasa_s_ipc.so %{prefix}/%{_lib}/libcasa_s_ipc.so.1 %{prefix}/bin/CasaAuthtokenValidateD +/etc/CASA/authtoken.d/modules.d/CasaIdentityToken.conf ## CASA_auth_token_pam_support ## @@ -252,10 +264,8 @@ rm -rf $RPM_BUILD_ROOT %files -n CASA_auth_token_pam_support %defattr(-,root,root) -%dir %{prefix}/%{_lib}/security -%{prefix}/%{_lib}/security/pam_casaauthtok.so.%{bldno} -%{prefix}/%{_lib}/security/pam_casaauthtok.so -%{prefix}/%{_lib}/security/pam_casaauthtok.so.1 +%dir /%{_lib}/security +/%{_lib}/security/pam_casaauthtok.so ## CASA_auth_token_apache2_2_support ## diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/Makefile.am b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/Makefile.am index 5c1e24bd..7db4e090 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/Makefile.am +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/Makefile.am @@ -40,9 +40,8 @@ ROOT = ../../../.. LIBDIR = $(ROOT)/$(LIB) BINDIR = $(ROOT)/$(BIN) -#JAVA_LIBDIR = /usr/lib/jvm/java-1.5.0-sun-1.5.0_07/jre/lib/i386/server -JAVA_LIBDIR = /usr/lib/jvm/jre-1.5.0-sun/lib/$(HOSTTYPE)/server -JAVA_INCDIR = /usr/lib/jvm/java-1.5.0-sun/include +JAVA_LIBDIR = /usr/lib/jvm/java-1.5.0-ibm/jre/bin +JAVA_INCDIR = /usr/lib/jvm/java-1.5.0-ibm/include # handle Mono secondary dependencies export MONO_PATH := $(MONO_PATH) @@ -54,13 +53,13 @@ CFILES = CPPFILES = server.cpp CSFILES_CSC := -INCLUDES = -I. -I$(ROOT)/include -I$(JAVA_INCDIR) -I$(JAVA_INCDIR)/linux +INCLUDES = -I. -I$(ROOT)/include -I$(JAVA_INCDIR) RESOURCES = -DEFINES += -Wno-format-extra-args -fno-strict-aliasing -fshort-wchar +DEFINES += -fno-strict-aliasing -fshort-wchar CFLAGS += $(INCLUDES) $(DEFINES) CPPFLAGS += -fPIC $(INCLUDES) $(DEFINES) $(RPM_OPT_FLAGS) -LIBS = -lpthread -lcasa_s_ipc -ljvm -LDFLAGS = -L$(LIBDIR)/$(TARGET_CFG) -L$(JAVA_LIBDIR) -Xlinker -rpath -Xlinker $(JAVA_LIBDIR) +LIBS = -lpthread -lcasa_s_ipc -ljvm -ljsig -lj9thr23 +LDFLAGS = -L$(LIBDIR)/$(TARGET_CFG) -L$(JAVA_LIBDIR) -L$(JAVA_LIBDIR)/classic OBJDIR = ./$(TARGET_CFG)/$(LIB) OBJS = $(addprefix $(OBJDIR)/, $(CFILES:%.c=%.o)) $(addprefix $(OBJDIR)/, $(CPPFILES:%.cpp=%.o)) @@ -74,8 +73,8 @@ all: $(OBJDIR)/$(MODULE_NAME) # # Pattern based rules. # -vpath %.c $(CLIENT) $(COMMON) -vpath %.cpp $(CLIENT) $(COMMON) +vpath %.c . +vpath %.cpp . $(OBJDIR)/%.o: %.c $(CC) -c $(CFLAGS) -o $@ $< diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/server.cpp b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/server.cpp index d3e3290f..9b466d91 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/server.cpp +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/Svc/linux/server.cpp @@ -63,10 +63,10 @@ double numBusyThreads = 0; double numPerishingThreads = 0; // Listen Port Number -int listenPortNumber = 5000; -//int listenPortNumber = 0; +//int listenPortNumber = 5000; +int listenPortNumber = 0; -// Parameter indicating whether or not XSrv needs to run +// Parameter indicating whether or not the server needs to run // as a daemon. bool daemonize = false; @@ -74,7 +74,7 @@ bool daemonize = false; char appName[] = "CasaAuthtokenValidateD"; // Debug Level -int DebugLevel = 3; +int DebugLevel = 0; bool UseSyslog = false; // Variables for daemon auto-restart after crash feature @@ -92,10 +92,11 @@ bool terminating = false; JavaVM *g_jvm = NULL; JNIEnv *g_env = NULL; +char classpath[] = "-Djava.class.path=/usr/share/java/CASA/authtoken/CasaAuthToken.jar:/usr/share/java/CASA/authtoken/external/axis.jar:/usr/share/java/CASA/authtoken/external/axis-ant.jar:/usr/share/java/CASA/authtoken/external/commons-discovery-0.2.jar:/usr/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar:/usr/share/java/CASA/authtoken/external/jaxrpc.jar:/usr/share/java/CASA/authtoken/external/log4j-1.2.8.jar:/usr/share/java/CASA/authtoken/external/saaj.jar:/usr/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar:/usr/share/java/CASA/authtoken/external/wss4j-1.5.0.jar:/usr/share/java/CASA/authtoken/external/xalan.jar:/usr/share/java/CASA/authtoken/external/xercesImpl.jar:/usr/share/java/CASA/authtoken/external/xml-apis.jar:/usr/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar:/usr/share/java/CASA/authtoken/external:/etc/CASA/authtoken.d"; // Java AuthenticationToken Class and method name //char authTokenClassName[] = "jtest"; //char authTokenClassValidateMethodName[] = "test4"; -char authTokenClassName[] = "com.novell.casa.authtoksvc.AuthToken"; +char authTokenClassName[] = "com/novell/casa/authtoksvc/AuthToken"; char authTokenClassValidateMethodName[] = "validate"; @@ -249,7 +250,9 @@ WorkerThread(void*) // Attach the thread to the JVM JNIEnv *env; - if (g_jvm->AttachCurrentThread((void**) &env, NULL) >= 0) + JavaVMAttachArgs attachArgs = {0}; + attachArgs.version = JNI_VERSION_1_4; + if (g_jvm->AttachCurrentThread((void**) &env, &attachArgs) >= 0) { // We are now attached to the JVM, find the helper class that // we need. @@ -288,26 +291,36 @@ WorkerThread(void*) { // Invoke our helper method jstring outString = (jstring) env->CallStaticObjectMethod(helperClass, mId, inString); - if (outString) + + // Check if an excption occurred + if (env->ExceptionCheck() == JNI_TRUE) { - // The helper method succeded, complete the request - // with the data returned. - const char *pOutChars = env->GetStringUTFChars(outString, NULL); - if (pOutChars) - { - IpcServerCompleteRequest(requestId, (char*) pOutChars); - env->ReleaseStringUTFChars(outString, pOutChars); - } - else - { - DbgTrace(0, "WorkerThread- Unable to get UTF characters\n", 0); - IpcServerAbortRequest(requestId); - } + // There is a pending exception, display the info which in turn clears it. + env->ExceptionDescribe(); } else { - // The helper method failed, just abort the request. - IpcServerAbortRequest(requestId); + if (outString) + { + // The helper method succeded, complete the request + // with the data returned. + const char *pOutChars = env->GetStringUTFChars(outString, NULL); + if (pOutChars) + { + IpcServerCompleteRequest(requestId, (char*) pOutChars); + env->ReleaseStringUTFChars(outString, pOutChars); + } + else + { + DbgTrace(0, "WorkerThread- Unable to get UTF characters\n", 0); + IpcServerAbortRequest(requestId); + } + } + else + { + // The helper method failed, just abort the request. + IpcServerAbortRequest(requestId); + } } } else @@ -433,14 +446,17 @@ InitJavaInvoke(void) DbgTrace(1, "InitJavaInvoke- Start\n", 0); - //JavaVMOption options[1]; - //options[0].optionString = "-Djava.class.path=."; - JavaVMOption options[1]; - options[0].optionString = "-Djava.class.path=/usr/share/java:/etc/CASA/authtoken"; + JavaVMOption options[6]; + options[0].optionString = classpath; + options[1].optionString = "-Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser"; + options[2].optionString = "-Djavax.xml.parsers.DocumentBuilderFactory=org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"; + options[3].optionString = "-Djavax.xml.parsers.SAXParserFactory=org.apache.xerces.jaxp.SAXParserFactoryImpl"; + //options[4].optionString = "-Xcheck:jni"; + //options[5].optionString = "-Djaxp.debug=1"; JavaVMInitArgs vm_args; vm_args.version = JNI_VERSION_1_4; vm_args.options = options; - vm_args.nOptions = 1; + vm_args.nOptions = 4; vm_args.ignoreUnrecognized = true; if (JNI_CreateJavaVM(&g_jvm, (void**)&g_env, &vm_args) >= 0) { diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/authtoken.c b/CASA-auth-token/non-java/server/AuthTokenValidate/authtoken.c deleted file mode 100644 index d4ded26d..00000000 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/authtoken.c +++ /dev/null @@ -1,693 +0,0 @@ -/*********************************************************************** - * - * Copyright (C) 2006 Novell, Inc. All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; version 2.1 - * of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, Novell, Inc. - * - * To contact Novell about this file by physical or electronic mail, - * you may find current contact information at www.novell.com. - * - * Author: Juan Carlos Luciani - * - ***********************************************************************/ - - -//===[ Include files ]===================================================== - -#include "internal.h" - -//===[ Type definitions ]================================================== - -// -// Parse states -// -#define AWAITING_ROOT_ELEMENT_START 0x0 -#define AWAITING_ROOT_ELEMENT_END 0x1 -#define AWAITING_SIGNATURE_DATA 0x2 -#define AWAITING_SIGNATURE_ELEMENT_START 0x3 -#define AWAITING_SIGNATURE_ELEMENT_END 0x4 -#define AWAITING_LIFETIME_DATA 0x5 -#define AWAITING_LIFETIME_ELEMENT_START 0x6 -#define AWAITING_LIFETIME_ELEMENT_END 0x7 -#define AWAITING_IDENT_TOKEN_ELEMENT_START 0x8 -#define AWAITING_IDENT_TOKEN_ELEMENT_END 0x9 -#define AWAITING_IDENT_TOKEN_DATA 0xA -#define AWAITING_TYPE_ELEMENT_START 0xB -#define AWAITING_TYPE_ELEMENT_END 0xC -#define AWAITING_TYPE_DATA 0xD -#define DONE_PARSING 0xE - -// -// Authentication Token Parse Structure -// -typedef struct _AuthTokenParse -{ - XML_Parser p; - int state; - int elementDataProcessed; - AuthToken *pAuthToken; - CasaStatus status; - -} AuthTokenParse, *PAuthTokenParse; - - -//===[ Function prototypes ]=============================================== - -//===[ Global variables ]================================================== - -//++======================================================================= -static -void XMLCALL -AuthTokenStartElementHandler( - IN void *pUserData, - IN const XML_Char *name, - IN const XML_Char **atts) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - AuthTokenParse *pAuthTokenParse = (AuthTokenParse*) pUserData; - - DbgTrace(2, "-AuthTokenStartElementHandler- Start\n", 0); - - // Proceed based on the state - switch (pAuthTokenParse->state) - { - case AWAITING_ROOT_ELEMENT_START: - - // In this state, we are only expecting the Authentication - // Response Element. - if (strcmp(name, AUTH_TOKEN_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_SIGNATURE_ELEMENT_START; - } - else - { - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_SIGNATURE_ELEMENT_START: - - // In this state, we are only expecting the Signature Element. - if (strcmp(name, SIGNATURE_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_SIGNATURE_DATA; - } - else - { - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_LIFETIME_ELEMENT_START: - - // In this state, we are only expecting the Lifetime Element. - if (strcmp(name, LIFETIME_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_LIFETIME_DATA; - } - else - { - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_IDENT_TOKEN_ELEMENT_START: - - // In this state, we are only expecting the Identity Token Element. - if (strcmp(name, IDENTITY_TOKEN_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_TYPE_ELEMENT_START; - } - else - { - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_TYPE_ELEMENT_START: - - // In this state, we are only expecting the Type Element. - if (strcmp(name, TYPE_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_TYPE_DATA; - } - else - { - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - default: - DbgTrace(0, "-AuthTokenStartElementHandler- Un-expected state = %d\n", pAuthTokenParse->state); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - break; - } - - DbgTrace(2, "-AuthTokenStartElementHandler- End\n", 0); -} - - -//++======================================================================= -static -CasaStatus -ConsumeElementData( - IN AuthTokenParse *pAuthTokenParse, - IN const XML_Char *s, - IN int len, - INOUT char **ppElementData, - INOUT int *pElementDataLen) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - CasaStatus retStatus = CASA_STATUS_SUCCESS; - - DbgTrace(3, "-ConsumeElementData- Start\n", 0); - - // Proceed based on whether or not we have already consumed data - // for this element. - if (*ppElementData == NULL) - { - // We have not yet consumed data for this element - pAuthTokenParse->elementDataProcessed = len; - - // Allocate a buffer to hold this element data (null terminated). - *ppElementData = (char*) malloc(len + 1); - if (*ppElementData) - { - memset(*ppElementData, 0, len + 1); - memcpy(*ppElementData, s, len); - - // Return the length of the element data buffer - *pElementDataLen = pAuthTokenParse->elementDataProcessed + 1; - } - else - { - DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - } - else - { - char *pNewBuf; - - // We have already received token data, append this data to it. - pNewBuf = (char*) malloc(pAuthTokenParse->elementDataProcessed + len + 1); - if (pNewBuf) - { - memset(pNewBuf, - 0, - pAuthTokenParse->elementDataProcessed + len + 1); - memcpy(pNewBuf, - *ppElementData, - pAuthTokenParse->elementDataProcessed); - memcpy(pNewBuf + pAuthTokenParse->elementDataProcessed, s, len); - pAuthTokenParse->elementDataProcessed += len; - - // Swap the buffers - free(*ppElementData); - *ppElementData = pNewBuf; - - // Return the length of the element data buffer - *pElementDataLen = pAuthTokenParse->elementDataProcessed + 1; - } - else - { - DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - } - - DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); - - return retStatus; -} - - -//++======================================================================= -static -void XMLCALL -AuthTokenCharDataHandler( - IN void *pUserData, - IN const XML_Char *s, - IN int len) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - AuthTokenParse *pAuthTokenParse = (AuthTokenParse*) pUserData; - - DbgTrace(2, "-AuthTokenCharDataHandler- Start\n", 0); - - // Just exit if being called to process LF and CR characters - if (len == 1 - && ((*s == '\n') || (*s == '\r'))) - { - goto exit; - } - - // Proceed based on the state - switch (pAuthTokenParse->state) - { - case AWAITING_SIGNATURE_DATA: - case AWAITING_SIGNATURE_ELEMENT_END: - - pAuthTokenParse->status = ConsumeElementData(pAuthTokenParse, - s, - len, - &pAuthTokenParse->pAuthToken->pSignature, - &pAuthTokenParse->pAuthToken->signatureLen); - if (CASA_SUCCESS(pAuthTokenParse->status)) - { - // Advanced to the next state - pAuthTokenParse->state = AWAITING_SIGNATURE_ELEMENT_END; - } - else - { - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_LIFETIME_DATA: - case AWAITING_LIFETIME_ELEMENT_END: - - // Convert the lifetime string to a numeric value - pAuthTokenParse->pAuthToken->tokenLifetime = dtoul((char*) s, len); - - // Advanced to the next state - pAuthTokenParse->state = AWAITING_LIFETIME_ELEMENT_END; - break; - - case AWAITING_TYPE_DATA: - case AWAITING_TYPE_ELEMENT_END: - - pAuthTokenParse->status = ConsumeElementData(pAuthTokenParse, - s, - len, - &pAuthTokenParse->pAuthToken->pIdenTokenType, - &pAuthTokenParse->pAuthToken->idenTokenTypeLen); - if (CASA_SUCCESS(pAuthTokenParse->status)) - { - // Advanced to the next state - pAuthTokenParse->state = AWAITING_TYPE_ELEMENT_END; - } - else - { - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_IDENT_TOKEN_DATA: - case AWAITING_IDENT_TOKEN_ELEMENT_END: - - pAuthTokenParse->status = ConsumeElementData(pAuthTokenParse, - s, - len, - &pAuthTokenParse->pAuthToken->pIdenToken, - &pAuthTokenParse->pAuthToken->idenTokenLen); - if (CASA_SUCCESS(pAuthTokenParse->status)) - { - // Advanced to the next state - pAuthTokenParse->state = AWAITING_IDENT_TOKEN_ELEMENT_END; - } - else - { - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - default: - DbgTrace(0, "-AuthTokenCharDataHandler- Un-expected state = %d\n", pAuthTokenParse->state); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - break; - } - -exit: - - DbgTrace(2, "-AuthTokenCharDataHandler- End\n", 0); -} - - -//++======================================================================= -static -void XMLCALL -AuthTokenEndElementHandler( - IN void *pUserData, - IN const XML_Char *name) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - AuthTokenParse *pAuthTokenParse = (AuthTokenParse*) pUserData; - - DbgTrace(2, "-AuthTokenEndElementHandler- Start\n", 0); - - // Proceed based on the state - switch (pAuthTokenParse->state) - { - case AWAITING_ROOT_ELEMENT_END: - - // In this state, we are only expecting the Authentication - // Token Element. - if (strcmp(name, AUTH_TOKEN_ELEMENT_NAME) == 0) - { - // Done. - pAuthTokenParse->state = DONE_PARSING; - } - else - { - DbgTrace(0, "-AuthTokenEndHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_SIGNATURE_ELEMENT_END: - - // In this state, we are only expecting the Signature Element. - if (strcmp(name, SIGNATURE_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_LIFETIME_ELEMENT_START; - } - else - { - DbgTrace(0, "-AuthTokenEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_LIFETIME_ELEMENT_END: - - // In this state, we are only expecting the Lifetime Element. - if (strcmp(name, LIFETIME_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_IDENT_TOKEN_ELEMENT_START; - } - else - { - DbgTrace(0, "-AuthTokenEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_TYPE_ELEMENT_END: - - // In this state, we are only expecting the Type Element. - if (strcmp(name, TYPE_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_IDENT_TOKEN_DATA; - } - else - { - DbgTrace(0, "-AuthTokenEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - case AWAITING_IDENT_TOKEN_ELEMENT_END: - - // In this state, we are only expecting the Identity Token Element. - if (strcmp(name, IDENTITY_TOKEN_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthTokenParse->state = AWAITING_ROOT_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthTokenEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - } - break; - - default: - DbgTrace(0, "-AuthTokenEndElementHandler- Un-expected state = %d\n", pAuthTokenParse->state); - XML_StopParser(pAuthTokenParse->p, XML_FALSE); - break; - } - - DbgTrace(2, "-AuthTokenEndElementHandler- End\n", 0); -} - - -//++======================================================================= -CasaStatus -CreateAuthToken( - IN char *pTokenBuf, - IN int tokenBufLen, - INOUT AuthToken **ppAuthToken) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - CasaStatus retStatus = CASA_STATUS_SUCCESS; - AuthTokenParse authTokenParse = {0}; - AuthToken *pAuthToken; - - DbgTrace(1, "-CreateAuthToken- Start\n", 0); - - /* - * Authentication tokens have the following format: - * - * - * - * signature value - * lifetime value - * identity token typeidentity token data - * - * - */ - - // Allocate AuthToken object - pAuthToken = malloc(sizeof(*pAuthToken)); - if (pAuthToken) - { - XML_Parser p; - - // Initialize the AuthToken object and set it in the - // authentication response parse object. - memset(pAuthToken, 0, sizeof(*pAuthToken)); - authTokenParse.pAuthToken = pAuthToken; - - // Create parser - p = XML_ParserCreate(NULL); - if (p) - { - // Keep track of the parser in our parse object - authTokenParse.p = p; - - // Initialize the status within the parse object - authTokenParse.status = CASA_STATUS_SUCCESS; - - // Set the start and end element handlers - XML_SetElementHandler(p, - AuthTokenStartElementHandler, - AuthTokenEndElementHandler); - - // Set the character data handler - XML_SetCharacterDataHandler(p, AuthTokenCharDataHandler); - - - // Set our user data - XML_SetUserData(p, &authTokenParse); - - // Parse the document - if (XML_Parse(p, pTokenBuf, tokenBufLen, 1) == XML_STATUS_OK) - { - // Verify that the parse operation completed successfully - if (authTokenParse.state == DONE_PARSING) - { - // The parse operation succeded. - retStatus = CASA_STATUS_SUCCESS; - } - else - { - DbgTrace(0, "-CreateAuthToken- Parse operation did not complete\n", 0); - - // Check if a status has been recorded - if (authTokenParse.status != CASA_STATUS_SUCCESS) - { - retStatus = authTokenParse.status; - } - else - { - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_PROTOCOL_ERROR); - } - } - } - else - { - DbgTrace(0, "-CreateAuthToken- Parse error %d\n", XML_GetErrorCode(p)); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_PROTOCOL_ERROR); - } - - // Free the parser - XML_ParserFree(p); - } - else - { - DbgTrace(0, "-CreateAuthToken- Parser creation error\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - - // Return the AuthenticationResp object to the caller if necessary - if (CASA_SUCCESS(retStatus)) - { - *ppAuthToken = pAuthToken; - } - else - { - free(pAuthToken); - } - } - else - { - DbgTrace(0, "-CreateAuthToken- Memory allocation error\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - - DbgTrace(1, "-CreateAuthToken- End, retStatus = %08X\n", retStatus); - - return retStatus; -} - - -//++======================================================================= -void -RelAuthToken( - IN AuthToken *pAuthToken) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L2 -//=======================================================================-- -{ - DbgTrace(1, "-RelAuthToken- Start\n", 0); - - // Free the resources associated with the object - if (pAuthToken->pSignature) - free(pAuthToken->pSignature); - - if (pAuthToken->pIdenTokenType) - free(pAuthToken->pIdenTokenType); - - if (pAuthToken->pIdenToken) - free(pAuthToken->pIdenToken); - - free(pAuthToken); - - DbgTrace(1, "-RelAuthToken- End\n", 0); -} - - -//++======================================================================= -CasaStatus -CheckAuthToken( - IN AuthToken *pAuthToken, - IN const char *pServiceName) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - CasaStatus retStatus = CASA_STATUS_SUCCESS; - - DbgTrace(1, "-CheckuthToken- Start\n", 0); - - // tbd - - DbgTrace(1, "-CheckAuthToken- End, retStatus = %08X\n", retStatus); - - return retStatus; -} - - diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README index e40a2516..61daecd2 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/README @@ -13,7 +13,7 @@ Authentication. CONFIGURATION The path to the casa_identoken plug-in is configured by placing the file -CasaIdentityToken.conf in the /etc/opt/CASA/authtoken.d/modules.d folder. +CasaIdentityToken.conf in the /etc/CASA/authtoken.d/modules.d folder. PROGRAMMING NOTES diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/CasaIdentityToken.conf b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/CasaIdentityToken.conf index dec6372d..35a6d6a2 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/CasaIdentityToken.conf +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/CasaIdentityToken.conf @@ -10,6 +10,6 @@ # # ####################################################### -LibraryName /opt/novell/CASA/lib/casa_iden_token.so +LibraryName /usr/lib/casa_iden_token.so diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/Makefile.am b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/Makefile.am index 9350ed4d..5f5c67b7 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/Makefile.am +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/idenTokenProviders/casa/linux/Makefile.am @@ -54,7 +54,7 @@ CFILES = ../identokenprovider.c \ CSFILES_CSC := INCLUDES = -I. -I.. -I../../.. -I$(CASAINCLUDE) -I../../../../../include RESOURCES = -DEFINES = -Wno-format-extra-args -fno-strict-aliasing +DEFINES = -fno-strict-aliasing CFLAGS += $(INCLUDES) $(DEFINES) LIBS = -lpthread -ldl -lexpat LDFLAGS = -Bsymbolic -shared -Wl,-soname=$(MODULE_NAME).$(MODULE_EXT) @@ -62,7 +62,7 @@ LDFLAGS = -Bsymbolic -shared -Wl,-soname=$(MODULE_NAME).$(MODULE_EXT) OBJDIR = ./$(TARGET_CFG)/$(LIB) OBJS = $(addprefix $(OBJDIR)/, $(CFILES:%.c=%.o)) -EXTRA_DIST = $(CFILES) *.h +EXTRA_DIST = $(CFILES) *.h CasaIdentityToken.conf CUR_DIR := $(shell pwd) diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/identoken.c b/CASA-auth-token/non-java/server/AuthTokenValidate/identoken.c index f9ff26d9..ab5c67a0 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/identoken.c +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/identoken.c @@ -81,7 +81,7 @@ GetIdenTokenProviderInterface( DbgTrace(2, "-GetIdenTokenProviderInterface- Start\n", 0); // Get the configuration for the module - retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/modules.d", + retStatus = GetConfigInterface("/etc/CASA/authtoken.d/modules.d", pIdenTokenTypeName, &pModuleConfigIf); if (CASA_SUCCESS(retStatus) diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/internal.h b/CASA-auth-token/non-java/server/AuthTokenValidate/internal.h index a0f7727c..7cabd823 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/internal.h +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/internal.h @@ -65,6 +65,7 @@ typedef struct _AuthToken //===[ Global externals ]================================================== extern int DebugLevel; +extern char IpcClientLibraryPath[]; //===[ External prototypes ]=============================================== diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/linux/Makefile.am b/CASA-auth-token/non-java/server/AuthTokenValidate/linux/Makefile.am index 2fa259d9..5886277e 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/linux/Makefile.am +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/linux/Makefile.am @@ -55,9 +55,9 @@ CFILES = ../config.c \ CSFILES_CSC := INCLUDES = -I. -I.. -I$(CASAINCLUDE) -I../../../include RESOURCES = -DEFINES = -Wno-format-extra-args -fno-strict-aliasing +DEFINES = -fno-strict-aliasing CFLAGS += $(INCLUDES) $(DEFINES) -LIBS = -lpthread -ldl -lexpat -lcasa_c_ipc +LIBS = -lpthread -ldl -lexpat LDFLAGS = -Bsymbolic -shared -Wl,-soname=$(MODULE_NAME).$(MODULE_EXT) -L$(ROOT)/lib/$(TARGET_CFG) OBJDIR = ./$(TARGET_CFG)/$(LIB) diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/linux/platform.c b/CASA-auth-token/non-java/server/AuthTokenValidate/linux/platform.c index d24762b8..d21a1a92 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/linux/platform.c +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/linux/platform.c @@ -46,6 +46,11 @@ typedef struct _PlatformMutex // pthread_mutex_t g_hModuleMutex = PTHREAD_MUTEX_INITIALIZER; +// +// Ipc client library path +// +char IpcClientLibraryPath[] = "/usr/lib/libcasa_c_ipc.so"; + //++======================================================================= HANDLE diff --git a/CASA-auth-token/non-java/server/AuthTokenValidate/validate.c b/CASA-auth-token/non-java/server/AuthTokenValidate/validate.c index fb9072d7..99f7eb76 100644 --- a/CASA-auth-token/non-java/server/AuthTokenValidate/validate.c +++ b/CASA-auth-token/non-java/server/AuthTokenValidate/validate.c @@ -26,6 +26,12 @@ #include "internal.h" +//===[ Manifest constants ]================================================ + +#define APPLICATION_NOT_MULTI_THREADED "CASA_APPLICATION_NOT_MULTI_THREADED" + +#define DOMAIN_SOCKET_FILE_NAME "/var/lib/CASA/authtoken/validate/socket" + //===[ Type definitions ]================================================== //===[ Function prototypes ]=============================================== @@ -41,10 +47,23 @@ int DebugLevel = 0; static bool g_moduleInitialized = false; +// +// Configuration variables +// +bool g_multiThreadedApplication = true; + // // IPC Client Sub-system variables -// -uint32_t atvsEndPointHandle; // Authentication Token Validation Service endpoint handle +// +PFN_IpcClientInit g_ipcInitPtr = NULL; +PFN_IpcClientShutdown g_ipcShutdownPtr = NULL; +//PFN_IpcClientOpenInetRemoteEndPoint g_ipcOpenEndPointPtr = NULL; +PFN_IpcClientOpenUnixRemoteEndPoint g_ipcOpenEndPointPtr = NULL; +PFN_IpcClientCloseRemoteEndPoint g_ipcCloseEndPointPtr = NULL; +PFN_IpcClientSubmitReq g_ipcSubmitReq = NULL; + +uint32_t g_atvsEndPointHandle; // Authentication Token Validation Service endpoint handle + //++======================================================================= CasaStatus SSCS_CALL @@ -131,35 +150,73 @@ ValidateAuthToken( if (CASA_SUCCESS(retStatus)) { // Initialize the Client Ipc Subsystem - if (IpcClientInit("CASA_AuthTokenValidate", - true, - DebugLevel, - false) == 0) + // + // First load the library. We load it itself to keep the system + // from unloading it in-case that the application unloads us. Some + // applications such as PAM application will repeateadly load and + // unload us. + void* libHandle = OpenLibrary(IpcClientLibraryPath); + if (libHandle) { - // Open endpoint for the Authentication Token Validation Service - if (IpcClientOpenInetRemoteEndPoint(5000, - 0x7F000001, - 0, - &atvsEndPointHandle) == 0) + // The Ipc library has been loaded, now get the symbols that we need. + g_ipcInitPtr = GetFunctionPtr(libHandle, "IpcClientInit"); + g_ipcShutdownPtr = GetFunctionPtr(libHandle, "IpcClientShutdown"); + //g_ipcOpenEndPointPtr = GetFunctionPtr(libHandle, "IpcClientOpenInetRemoteEndPoint"); + g_ipcOpenEndPointPtr = GetFunctionPtr(libHandle, "IpcClientOpenUnixRemoteEndPoint"); + g_ipcCloseEndPointPtr = GetFunctionPtr(libHandle, "IpcClientCloseRemoteEndPoint"); + g_ipcSubmitReq = GetFunctionPtr(libHandle, "IpcClientSubmitReq"); + if (g_ipcInitPtr == NULL + || g_ipcShutdownPtr == NULL + || g_ipcOpenEndPointPtr == NULL + || g_ipcCloseEndPointPtr == NULL + || g_ipcSubmitReq == NULL) { - // Success - g_moduleInitialized = true; - } - else - { - DbgTrace(0, "-ValidateAuthToken- Failed to open remote endpoint\n", 0); - IpcClientShutdown(); + DbgTrace(0, "-ValidateAuthToken- Failed to get needed Ipc library function pointer\n", 0); IdenTokenUninit(); PrincipalIfUninit(); ConfigIfUninit(); } + else + { + if ((g_ipcInitPtr)("CASA_AuthTokenValidate", + g_multiThreadedApplication, + DebugLevel, + false) == 0) + { + // Open endpoint for the Authentication Token Validation Service + //if ((g_ipcOpenEndPointPtr)(5000, + // 0x7F000001, + // 0, + // &g_atvsEndPointHandle) == 0) + if ((g_ipcOpenEndPointPtr)(DOMAIN_SOCKET_FILE_NAME, + 0, + &g_atvsEndPointHandle) == 0) + { + // Success + g_moduleInitialized = true; + } + else + { + DbgTrace(0, "-ValidateAuthToken- Failed to open remote endpoint\n", 0); + (g_ipcShutdownPtr)(); + IdenTokenUninit(); + PrincipalIfUninit(); + ConfigIfUninit(); + } + } + else + { + DbgTrace(0, "-ValidateAuthToken- Ipc subsystem initialization failed\n", 0); + (g_ipcShutdownPtr)(); + IdenTokenUninit(); + PrincipalIfUninit(); + ConfigIfUninit(); + } + } } else { - DbgTrace(0, "-ValidateAuthToken- Ipc subsystem initialization failed\n", 0); - IdenTokenUninit(); - PrincipalIfUninit(); - ConfigIfUninit(); + DbgTrace(0, "-ValidateAuthToken- Failed to load Ipc library, error = %d\n", dlerror()); } } else @@ -193,13 +250,18 @@ ValidateAuthToken( char *pIdenTokenData; int idenTokenDataLen; + // Assume failure + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_AUTHENTICATION_FAILURE); + // Token was decoded successfully, now submit the authentication token to the // authentication token validation service. - if (IpcClientSubmitReq(atvsEndPointHandle, - pDecodedTokenBuf, - decodedTokenBufLen, - &pIdenTokenData, - &idenTokenDataLen) == 0) + if ((g_ipcSubmitReq)(g_atvsEndPointHandle, + pDecodedTokenBuf, + decodedTokenBufLen, + &pIdenTokenData, + &idenTokenDataLen) == 0) { // The submit succeeded, make sure that we got some identity data back. if (pIdenTokenData) @@ -287,6 +349,51 @@ exit: } +//++======================================================================= +static void __attribute__((constructor)) +so_init() +// +// Arguments In: None. +// +// Arguments Out: None. +// +// Returns: Nothing. +// +// Abstract: Library initialization routine. +// +// L2 +//=======================================================================-- +{ + // Check for environment variable specifying that the application is + // multi-threaded. + if (getenv(APPLICATION_NOT_MULTI_THREADED) != NULL) + { + // The parameter has been configured, remember it. + g_multiThreadedApplication = false; + } +} + + +//++======================================================================= +static void __attribute__((destructor)) +so_fini() +// +// Arguments In: None. +// +// Arguments Out: None. +// +// Returns: Nothing. +// +// Abstract: Library un-initialization routine. +// +// L2 +//=======================================================================-- +{ + if (g_ipcShutdownPtr) + (g_ipcShutdownPtr)(); +} + + //++======================================================================= //++======================================================================= //++======================================================================= diff --git a/CASA-auth-token/non-java/server/PamSupport/test/README b/CASA-auth-token/non-java/server/PamSupport/test/README index 5f975062..b15463c5 100644 --- a/CASA-auth-token/non-java/server/PamSupport/test/README +++ b/CASA-auth-token/non-java/server/PamSupport/test/README @@ -19,7 +19,7 @@ Execute script: make.sh. RUNNING APPLICATION -Execute the following command: ./pamTest -s testService +Execute the following command: ./pamTest -s testservice diff --git a/CASA-auth-token/non-java/server/PamSupport/test/make.sh b/CASA-auth-token/non-java/server/PamSupport/test/make.sh index bb7d2da9..04f14272 100755 --- a/CASA-auth-token/non-java/server/PamSupport/test/make.sh +++ b/CASA-auth-token/non-java/server/PamSupport/test/make.sh @@ -1,2 +1,2 @@ #!/bin/bash -gcc -o pamTest test.c -g -I"../../.." -I"../../../../include" -DN_PLAT_UNIX -L"../../../lib/Release" -lpam +gcc -o pamTest test.c -g -DN_PLAT_UNIX -L"../../../lib/Release" -lpam diff --git a/CASA-auth-token/non-java/server/PamSupport/test/test.c b/CASA-auth-token/non-java/server/PamSupport/test/test.c index fb1b45b7..00b05921 100644 --- a/CASA-auth-token/non-java/server/PamSupport/test/test.c +++ b/CASA-auth-token/non-java/server/PamSupport/test/test.c @@ -251,7 +251,7 @@ ProcessConnection(int connSock) //=======================================================================-- { char userName[] = "CasaPrincipal"; - char token[4096] = {0}; + char token[8192] = {0}; char helloString[100] = {0}; AppUserData appUserData = {userName, token}; struct pam_conv conv = {Converse, &appUserData}; @@ -389,7 +389,7 @@ ExecuteTests(void) (struct sockaddr*) &boundAddr, &addrLen) != SOCKET_ERROR) { - printf("Listen port = %d\n", boundAddr.sin_port); + printf("Listen port = %d\n", htons(boundAddr.sin_port)); // Now start linstening for connections if (listen(listenSock, SOMAXCONN) != SOCKET_ERROR) diff --git a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/cchannel.cpp b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/cchannel.cpp index 24e0f997..bd7be4ea 100644 --- a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/cchannel.cpp +++ b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/cchannel.cpp @@ -625,7 +625,7 @@ CChannel::connectionThread( // Free SmartCChannel delete pSmartCChannel; - DbgTrace(1, "CChannel::connectionThread- End\n", 0); + DbgTrace(0, "CChannel::connectionThread- End\n", 0); // Exit pthread_exit(NULL); diff --git a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/client.cpp b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/client.cpp index 43fe0ecd..f2c977cf 100644 --- a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/client.cpp +++ b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/client.cpp @@ -38,6 +38,9 @@ extern "C" { //===[ External data ]===================================================== +extern +unsigned long numCChannelObjects; + //===[ External prototypes ]=============================================== //===[ Manifest constants ]================================================ @@ -116,7 +119,7 @@ IpcClientOpenUnixRemoteEndPoint( // Note: The service should have been initialized before calling // this procedure. // -// L1 +// L2 //=======================================================================-- { int retStatus = -1; @@ -241,6 +244,8 @@ IpcClientOpenInetRemoteEndPoint( pthread_mutex_lock(&clientMutex); try { + // tbd - add code to allow us to share endpoints to the same destination that are already opened + // // Instantiate a RemoteEndPoint object and keep track of it // with a smart pointer. SmartRemoteEndPoint *pSmartRemoteEndPoint = new SmartRemoteEndPoint(new RemoteEndPoint(appMultithreaded, @@ -583,6 +588,11 @@ IpcClientShutdown(void) delete[] pAppName; pAppName = unInitialized; } + + // Wait until all of the channels are gone + while (numCChannelObjects) + sleep(0); // Only suffer a time-slice + sleep(0); } else { @@ -593,6 +603,26 @@ IpcClientShutdown(void) } +//++======================================================================= +static void __attribute__((destructor)) +so_fini() +// +// Arguments In: None. +// +// Arguments Out: None. +// +// Returns: Nothing. +// +// Abstract: Library un-initialization routine. +// +// L2 +//=======================================================================-- +{ + DbgTrace(0, "so_fini- Start\n", 0); + IpcClientShutdown(); +} + + //========================================================================= //========================================================================= diff --git a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/remoteendpoint.cpp b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/remoteendpoint.cpp index ead1dac4..49919dfa 100644 --- a/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/remoteendpoint.cpp +++ b/CASA-auth-token/non-java/utilities/IpcLibs/linux/client/remoteendpoint.cpp @@ -37,7 +37,7 @@ //===[ Manifest constants ]================================================ -#define REMOTE_ENDPOINT_SIGNATURE 0x54525653 // SVRT +#define REMOTE_ENDPOINT_SIGNATURE 0X50454D52 // RMEP //===[ Type definitions ]================================================== @@ -75,7 +75,7 @@ RemoteEndPoint::RemoteEndPoint( // // Notes: // -// L1 +// L2 //=======================================================================-- { DbgTrace(1, "RemoteEndPoint::RemoteEndPoint- Start, Obj = %08X\n", this); @@ -349,6 +349,7 @@ RemoteEndPoint::submitReq( // Perform the following in a loop to deal with abnormal connection terminations unsigned long rpcRetryCount = 0; + bool okToRetry = true; while (rpcRetryCount < m_maxRpcRetries) { // Get SmartCChannel @@ -372,19 +373,30 @@ RemoteEndPoint::submitReq( { // Request submission over the channel succeeded, now // wait for the completion of the request. - clientReq.waitForCompletion(ppServerData, - pServerDataLen); + if (clientReq.waitForCompletion(ppServerData, + pServerDataLen) == 0) + { + // Now proceed based on the completion status + ClientReq::CompletionStatus compStatus = clientReq.completionStatus(); + if (compStatus == ClientReq::SuccessCompletionStatus) + { + // Success + retStatus = 0; + } + else + { + // Received a failure from the server, do not retry. + okToRetry = false; + } + } + else + { + // Error waiting for the completion. + okToRetry = false; + } // Remove the request from the channel pCChannel->removeReq(reqId); - - // Now proceed based on the completion status - ClientReq::CompletionStatus compStatus = clientReq.completionStatus(); - if (compStatus == ClientReq::SuccessCompletionStatus) - { - // Success - retStatus = 0; - } } else { @@ -402,8 +414,9 @@ RemoteEndPoint::submitReq( DbgTrace(0, "RemoteEndPoint::submitReq- Channel unavailable\n", 0); } - // Stop trying if the RPC succeeded - if (retStatus == 0) + // Stop trying if the RPC succeeded or if it is not ok to retry + if (retStatus == 0 + || !okToRetry) break; // Account for this RPC try diff --git a/CASA-auth-token/non-java/utilities/IpcLibs/linux/server/server.cpp b/CASA-auth-token/non-java/utilities/IpcLibs/linux/server/server.cpp index 0c4195d5..f562ccd9 100644 --- a/CASA-auth-token/non-java/utilities/IpcLibs/linux/server/server.cpp +++ b/CASA-auth-token/non-java/utilities/IpcLibs/linux/server/server.cpp @@ -1089,7 +1089,7 @@ IpcServerSetUnAddress( // // Note: The service needs to be initialized before calling this procedure. // -// L1 +// L2 //=======================================================================-- { int retStatus = -1;