/***********************************************************************
*
* Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
***********************************************************************/
//===[ Include files ]=====================================================
#include "internal.h"
//===[ Type definitions ]==================================================
//
// AuthModule definition
//
typedef struct _AuthModule
{
LIST_ENTRY listEntry;
char *pAuthTypeName;
int authTypeNameLen;
void *libHandle;
AuthTokenIf *pAuthTokenIf;
} AuthModule, *PAuthModule;
//===[ Function prototypes ]===============================================
//===[ Global variables ]==================================================
// Debug Level
int DebugLevel = 1;
// AuthModule List and syncronizing mutex
static
LIST_ENTRY g_authModuleListHead = {&g_authModuleListHead, &g_authModuleListHead};
static
pthread_mutex_t g_authModuleMutex = PTHREAD_MUTEX_INITIALIZER;
//++=======================================================================
static
CasaStatus
GetAuthTokenInterface(
IN const char *pAuthTypeName,
INOUT AuthTokenIf **ppAuthTokenIf)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// Environment:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
ConfigIf *pModuleConfigIf;
DbgTrace(2, "auth_token -GetAuthTokenInterface- Start\n", 0);
// Get the configuration for the module
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/modules.d",
pAuthTypeName,
&pModuleConfigIf);
if (CASA_SUCCESS(retStatus)
&& CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
{
LIST_ENTRY *pListEntry;
AuthModule *pAuthModule = NULL;
int32_t authTypeNameLen = strlen(pAuthTypeName);
// Gain exclusive access to our mutex
pthread_mutex_lock(&g_authModuleMutex);
// Look if we already have the module in our list
pListEntry = g_authModuleListHead.Flink;
while (pListEntry != &g_authModuleListHead)
{
// Get pointer to the current entry
pAuthModule = CONTAINING_RECORD(pListEntry, AuthModule, listEntry);
// Check if this is the module that we need
if (pAuthModule->authTypeNameLen == authTypeNameLen
&& memcmp(pAuthTypeName, pAuthModule->pAuthTypeName, authTypeNameLen) == 0)
{
// This is the module that we need, stop looking.
break;
}
else
{
// This is not the module that we are looking for
pAuthModule = NULL;
}
// Advance to the next entry
pListEntry = pListEntry->Flink;
}
// Proceed based on whether or not a module was found
if (pAuthModule)
{
// Module found in our list, provide the caller with its AuthTokenIf
// instance after we have incremented its reference count.
pAuthModule->pAuthTokenIf->addReference(pAuthModule->pAuthTokenIf);
*ppAuthTokenIf = pAuthModule->pAuthTokenIf;
// Success
retStatus = CASA_STATUS_SUCCESS;
}
else
{
// Needed module not found in our list, create an entry.
pAuthModule = malloc(sizeof(*pAuthModule));
if (pAuthModule)
{
// Allocate buffer to contain the authentication type name within the module entry
pAuthModule->pAuthTypeName = malloc(authTypeNameLen + 1);
if (pAuthModule->pAuthTypeName)
{
char *pLibraryName;
// Initialize the library handle field
pAuthModule->libHandle = NULL;
// Save the auth type name within the entry
strcpy(pAuthModule->pAuthTypeName, pAuthTypeName);
pAuthModule->authTypeNameLen = authTypeNameLen;
// Obtain the name of the library that we must load
pLibraryName = pModuleConfigIf->getEntryValue(pModuleConfigIf, "LibraryName");
if (pLibraryName)
{
// Load the library
pAuthModule->libHandle = dlopen(pLibraryName, RTLD_LAZY);
if (pAuthModule->libHandle)
{
PFN_GetAuthTokenIfRtn pGetAuthTokenIfRtn;
// Library has been loaded, now get a pointer to its GetAuthTokenInterface routine
pGetAuthTokenIfRtn = dlsym(pAuthModule->libHandle, GET_AUTH_TOKEN_INTERFACE_RTN_SYMBOL);
if (pGetAuthTokenIfRtn)
{
// Now, obtain the modules AuthTokenIf.
retStatus = (pGetAuthTokenIfRtn)(pModuleConfigIf, &pAuthModule->pAuthTokenIf);
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- dlsym error = %s\n", dlerror());
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_LIBRARY_LOAD_FAILURE);
}
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- dlopen error = %s\n", dlerror());
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
// Free the buffer holding the library name
free(pLibraryName);
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- Library name not configured\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_CONFIGURATION_ERROR);
}
// Check if we were successful at obtaining the AuthTokenIf instance for the
// module.
if (CASA_SUCCESS(retStatus))
{
// Insert the entry in the list, provide the caller with its AuthTokenIf
// instance after we have incremented its reference count.
InsertTailList(&g_authModuleListHead, &pAuthModule->listEntry);
pAuthModule->pAuthTokenIf->addReference(pAuthModule->pAuthTokenIf);
*ppAuthTokenIf = pAuthModule->pAuthTokenIf;
}
else
{
// Failed, free resources.
free(pAuthModule->pAuthTypeName);
if (pAuthModule->libHandle)
dlclose(pAuthModule->libHandle);
free(pAuthModule);
}
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to allocate buffer\n", 0);
// Free buffer allocated for entry
free(pAuthModule);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to allocate buffer\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
// Release exclusive access to our mutex
pthread_mutex_unlock(&g_authModuleMutex);
// Release config interface instance
pModuleConfigIf->releaseReference(pModuleConfigIf);
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to obtain config interface\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_CONFIGURATION_ERROR);
}
DbgTrace(2, "auth_token -GetAuthTokenInterface- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
CasaStatus SSCS_CALL
GetAuthTokenCredentials(
IN const char *pServiceName,
INOUT const char *pUserNameBuf,
INOUT int *pUserNameBufLen,
INOUT const char *pTokenBuf,
INOUT int *pTokenBufLen)
//
// Arguments:
// pServiceName -
// Pointer to NULL terminated string that contains the
// name of the service to which the client is trying to
// authenticate.
//
// pUserNameBuf -
// Pointer to buffer that will receive a string with the
// username that should used when authenticating to the
// service. The length of this buffer is specified by the
// pUserNameBufLen parameter. Note that the string
// returned will be NULL terminated.
//
// pUserNameBufLen -
// Pointer to integer that contains the length of the
// buffer pointed at by pUserNameBuf. Upon return of the
// function, the integer will contain the actual length
// of the username string (including the NULL terminator)
// if the function successfully completes or the buffer
// length required if the function fails because the buffer
// pointed at by either pUserNameBuf or pTokenBuf is not
// large enough.
//
// pTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
// pTokenBufLen parameter. Note that the the authentication
// token will be in the form of a NULL terminated string.
//
// pTokenBufLen -
// Pointer to integer that contains the length of the
// buffer pointed at by pTokenBuf. Upon return of the
// function, the integer will contain the actual length
// of the authentication token if the function successfully
// completes or the buffer length required if the function
// fails because the buffer pointed at by either pUserNameBuf
// or pTokenBuf is not large enough.
//
// Returns:
// Casa Status
//
// Description:
// Get authentication token credentials to authenticate user to specified
// service.
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
ConfigIf *pServiceConfigIf;
AuthTokenIf *pAuthTokenIf;
DbgTrace(1, "auth_token -GetAuthTokenCredentials- Start\n", 0);
// Validate input parameters
if (pServiceName == NULL
|| pUserNameBufLen == NULL
|| (pUserNameBuf == NULL && *pUserNameBufLen != 0)
|| pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0))
{
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Invalid input parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Check if we have a configuration entry for the service
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/services.d",
pServiceName,
&pServiceConfigIf);
if (CASA_SUCCESS(retStatus)
&& CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
{
char *pAuthType;
// Obtain the configured authentication type for the service
pAuthType = pServiceConfigIf->getEntryValue(pServiceConfigIf, "AuthType");
if (pAuthType)
{
// Obtain the appropriate token interface for the authentication type
retStatus = GetAuthTokenInterface(pAuthType,
&pAuthTokenIf);
if (CASA_SUCCESS(retStatus))
{
// We found a provider for the service, query it for credentials.
retStatus = pAuthTokenIf->getAuthTokenCredentials(pAuthTokenIf,
pServiceConfigIf,
pUserNameBuf,
pUserNameBufLen,
pTokenBuf,
pTokenBufLen);
// Release token interface
pAuthTokenIf->releaseReference(pAuthTokenIf);
}
else
{
// No authentication token interface available for authentication type
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Failed to obtain authentication token interface\n", 0);
}
// Free the buffer holding the authentication type string
free(pAuthType);
}
else
{
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Authentication type not configured\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_CONFIGURATION_ERROR);
}
// Release service config interface
pServiceConfigIf->releaseReference(pServiceConfigIf);
}
else
{
// We are not providing authentication services for the service
DbgTrace(1, "auth_token -GetAuthTokenCredentials- Service not configured\n", 0);
}
exit:
DbgTrace(1, "auth_token -GetAuthTokenCredentials- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
CasaStatus SSCS_CALL
ValidateAuthTokenCredentials(
IN const char *pServiceName,
IN const char *pUserName,
IN const int userNameLen,
IN const char *pTokenBuf,
IN const int tokenBufLen)
//
// Arguments:
// pServiceName -
// Pointer to NULL terminated string that contains the
// name of the service to which the client is trying to
// authenticate.
//
// pUserName -
// Pointer to string with the username that is being
// authenticated to the service. The length of the name
// is specified by the pUserNameLen parameter. Note that
// the string does not need to be NULL terminated.
//
// userNameLen -
// Length of the user name contained within the buffer
// pointed at by pUserNameBuf (Does not include the NULL
// terminator). If this parameter is set to -1 then the
// function assumes that the username string is NULL
// terminated.
//
// pTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
// pTokenBufLen parameter. Note that the the authentication
// token will be in the form of a NULL terminated string.
//
// tokenBufLen -
// Length of the data contained within the buffer pointed
// at by pTokenBuf.
//
// Returns:
// Casa status.
//
// Description:
// Validates authentication token credentials.
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
ConfigIf *pServiceConfigIf;
AuthTokenIf *pAuthTokenIf;
DbgTrace(1, "auth_token -ValidateAuthTokenCredentials- Start\n", 0);
// Validate input parameters
if (pServiceName == NULL
|| pUserName == NULL
|| userNameLen == 0
|| pTokenBuf == NULL
|| tokenBufLen == 0)
{
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Invalid input parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
// Check if we have a configuration entry for the service
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/services.d",
pServiceName,
&pServiceConfigIf);
if (CASA_SUCCESS(retStatus))
{
// Check if the configuration entry was not found
if (CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
{
char *pAuthType;
// Obtain the configured authentication type for the service
pAuthType = pServiceConfigIf->getEntryValue(pServiceConfigIf, "AuthType");
if (pAuthType)
{
// Obtain the appropriate token interface for the authentication type
retStatus = GetAuthTokenInterface(pAuthType,
&pAuthTokenIf);
if (CASA_SUCCESS(retStatus))
{
// We found a provider for the service, validate the credentials.
retStatus = pAuthTokenIf->validateAuthTokenCredentials(pAuthTokenIf,
pServiceConfigIf,
pUserName,
userNameLen,
pTokenBuf,
tokenBufLen);
// Release token interface
pAuthTokenIf->releaseReference(pAuthTokenIf);
}
else
{
// No authentication token interface available for authentication type
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Failed to obtain authentication token interface\n", 0);
}
// Free the buffer holding the authentication type string
free(pAuthType);
}
else
{
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Authentication type not configured\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_CONFIGURATION_ERROR);
}
// Release service config interface
pServiceConfigIf->releaseReference(pServiceConfigIf);
}
else
{
// We need to return an error
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Service not configured\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_CONFIGURATION_ERROR);
}
}
else
{
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Error obtaining service configuration\n", 0);
}
exit:
DbgTrace(1, "auth_token -ValidateAuthTokenCredentials- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
//++=======================================================================
//++=======================================================================