/*
* Remote Laboratory Authentication Server
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License along
* with this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
*
* ( c ) 2012 Timothy Pearson
* Raptor Engineering
* http : //www.raptorengineeringinc.com
*/
# include <stdlib.h>
# include <klocale.h>
# include "auth_conn.h"
/* exception handling */
struct exit_exception {
int c ;
exit_exception ( int c ) : c ( c ) { }
} ;
/*
The AuthSocket class provides a socket that is connected with a client .
For every client that connects to the server , the server creates a new
instance of this class .
*/
AuthSocket : : AuthSocket ( int sock , TQObject * parent , const char * name ) :
TDEKerberosServerSocket ( parent , name ) , m_criticalSection ( 0 ) , m_stationID ( - 1 ) , m_config ( static_cast < AuthServer * > ( parent ) - > m_config ) , m_database ( NULL ) , m_databaseStationsCursor ( NULL ) ,
m_databaseServicesCursor ( NULL ) , m_databaseServiceTypesCursor ( NULL ) , m_databasePermissionsCursor ( NULL ) , m_databaseActivityCursor ( NULL )
{
setServiceName ( " remotefpga " ) ;
line = 0 ;
connect ( this , SIGNAL ( connectionClosed ( ) ) , SLOT ( connectionClosedHandler ( ) ) ) ;
setSocket ( sock ) ;
if ( connectToDatabase ( ) ! = 0 ) {
exit ( 1 ) ;
}
}
AuthSocket : : ~ AuthSocket ( ) {
if ( m_databaseStationsCursor ) {
delete m_databaseStationsCursor ;
}
if ( m_databaseServicesCursor ) {
delete m_databaseServicesCursor ;
}
if ( m_databaseServiceTypesCursor ) {
delete m_databaseServiceTypesCursor ;
}
if ( m_databasePermissionsCursor ) {
delete m_databasePermissionsCursor ;
}
if ( m_databaseActivityCursor ) {
delete m_databaseActivityCursor ;
}
if ( m_database ) {
m_database - > close ( ) ;
delete m_database ;
}
}
void AuthSocket : : close ( ) {
if ( state ( ) = = TQSocket : : Connected ) {
TDEKerberosServerSocket : : close ( ) ;
connectionClosedHandler ( ) ;
}
}
void AuthSocket : : connectionClosedHandler ( ) {
printf ( " [DEBUG] Connection from %s closed \n \r " , m_remoteHost . ascii ( ) ) ;
// Update database
m_databaseActivityCursor - > select ( TQString ( " station='%1' AND username='%2' AND realmname='%3' " ) . arg ( m_stationID ) . arg ( m_authenticatedUserName ) . arg ( m_authenticatedRealmName ) ) ;
if ( m_databaseActivityCursor - > next ( ) ) {
m_databaseActivityCursor - > primeDelete ( ) ;
m_databaseActivityCursor - > del ( true ) ;
}
if ( m_criticalSection > 0 ) {
throw exit_exception ( - 1 ) ;
}
}
int AuthSocket : : initiateKerberosHandshake ( ) {
if ( setUsingKerberos ( true ) = = 0 ) {
TQ_UINT32 magicnum = MAGIC_NUMBER ;
TQ_UINT32 protover = PROTOCOL_VERSION ;
TQDataStream ds ( this ) ;
ds < < magicnum ;
ds < < protover ;
return 0 ;
}
else {
return - 1 ;
}
}
int AuthSocket : : enterCommandLoop ( ) {
m_criticalSection + + ;
try {
TQString command ;
TQDataStream ds ( this ) ;
while ( state ( ) = = TQSocket : : Connected ) {
ds > > command ;
if ( command ! = " " ) {
printf ( " [DEBUG] Got command %s from user %s@%s \n \r " , command . ascii ( ) , m_authenticatedUserName . ascii ( ) , m_authenticatedRealmName . ascii ( ) ) ; fflush ( stdout ) ;
if ( command = = " LIST " ) {
// Send list of available servers...
m_slist . clear ( ) ;
// Get all stations from the database
m_databaseStationsCursor - > select ( ) ;
while ( m_databaseStationsCursor - > next ( ) ) {
bool authorized = false ;
bool in_use = false ;
m_databasePermissionsCursor - > select ( TQString ( " station=%1 " ) . arg ( m_databaseStationsCursor - > value ( " pk " ) . toInt ( ) ) ) ;
while ( m_databasePermissionsCursor - > next ( ) ) {
if ( m_databasePermissionsCursor - > value ( " username " ) . toString ( ) = = m_authenticatedUserName ) {
authorized = true ;
}
}
m_databaseActivityCursor - > select ( TQString ( " station=%1 " ) . arg ( m_databaseStationsCursor - > value ( " pk " ) . toInt ( ) ) ) ;
while ( m_databaseActivityCursor - > next ( ) ) {
if ( m_databaseActivityCursor - > value ( " username " ) . toString ( ) ! = " " ) {
in_use = true ;
}
}
if ( ( authorized ) & & ( ! in_use ) ) {
StationType st ;
st . id = m_databaseStationsCursor - > value ( " pk " ) . toInt ( ) ;
st . name = m_databaseStationsCursor - > value ( " name " ) . toString ( ) ;
st . description = m_databaseStationsCursor - > value ( " description " ) . toString ( ) ;
m_databaseServicesCursor - > select ( TQString ( " station=%1 " ) . arg ( m_databaseStationsCursor - > value ( " pk " ) . toInt ( ) ) ) ;
while ( m_databaseServicesCursor - > next ( ) ) {
m_databaseServiceTypesCursor - > select ( TQString ( " serviceid=%1 " ) . arg ( m_databaseServicesCursor - > value ( " servicetype " ) . toInt ( ) ) ) ;
ServiceType svt ;
if ( m_databaseServiceTypesCursor - > next ( ) ) {
svt . name = m_databaseServiceTypesCursor - > value ( " name " ) . toString ( ) ;
svt . description = m_databaseServiceTypesCursor - > value ( " description " ) . toString ( ) ;
}
if ( svt . name = = " " ) {
svt . name = i18n ( " <unknown> " ) ;
}
if ( svt . description = = " " ) {
svt . description = i18n ( " <unknown> " ) ;
}
st . services . append ( svt ) ;
}
m_slist . append ( st ) ;
}
}
ds < < m_slist ;
}
else if ( command = = " BIND " ) {
// Get desired Station Type from client
StationType st ;
ds > > st ;
// Attempt to bind to station matching desired Service Type list...
m_stationID = - 1 ;
for ( StationList : : Iterator it ( m_slist . begin ( ) ) ; it ! = m_slist . end ( ) ; + + it ) {
if ( ( * it ) . services = = st . services ) {
m_stationID = ( * it ) . id ;
break ;
}
}
if ( m_stationID < 0 ) {
ds < < TQString ( " ERRUNAVAL " ) ;
}
else {
// Update database
TQSqlRecord * buffer = m_databaseActivityCursor - > primeInsert ( ) ;
buffer - > setValue ( " station " , m_stationID ) ;
buffer - > setValue ( " username " , m_authenticatedUserName ) ;
buffer - > setValue ( " realmname " , m_authenticatedRealmName ) ;
buffer - > setValue ( " logontime " , TQDateTime : : currentDateTime ( ) . toTime_t ( ) ) ;
m_databaseActivityCursor - > insert ( ) ;
ds < < TQString ( " OK " ) ;
}
}
else {
ds < < " ERRINVCMD " ;
}
}
tqApp - > processEvents ( ) ;
}
m_criticalSection - - ;
return 0 ;
}
catch ( . . . ) {
m_criticalSection - - ;
return - 1 ;
}
}
int AuthSocket : : connectToDatabase ( ) {
if ( m_database ) {
return - 2 ;
}
m_config - > setGroup ( " Database " ) ;
m_database = TQSqlDatabase : : addDatabase ( m_config - > readEntry ( " driver " ) ) ;
m_database - > setDatabaseName ( m_config - > readEntry ( " database " ) ) ;
m_database - > setUserName ( m_config - > readEntry ( " username " ) ) ;
m_database - > setPassword ( m_config - > readEntry ( " password " ) ) ;
m_database - > setHostName ( m_config - > readEntry ( " server " ) ) ;
if ( ! m_database - > open ( ) ) {
printf ( " [ERROR] Failed to connect to control database on server '%s' [%s] \n \r " , m_database - > hostName ( ) . ascii ( ) , m_database - > lastError ( ) . text ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
if ( ! m_database - > tables ( ) . contains ( " stations " ) ) {
m_database - > close ( ) ;
printf ( " [ERROR] Control database '%s' on '%s' does not contain the required 'stations' table \n \r " , m_database - > databaseName ( ) . ascii ( ) , m_database - > hostName ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
if ( ! m_database - > tables ( ) . contains ( " services " ) ) {
m_database - > close ( ) ;
printf ( " [ERROR] Control database '%s' on '%s' does not contain the required 'services' table \n \r " , m_database - > databaseName ( ) . ascii ( ) , m_database - > hostName ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
if ( ! m_database - > tables ( ) . contains ( " servicetypes " ) ) {
m_database - > close ( ) ;
printf ( " [ERROR] Control database '%s' on '%s' does not contain the required 'servicetypes' table \n \r " , m_database - > databaseName ( ) . ascii ( ) , m_database - > hostName ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
if ( ! m_database - > tables ( ) . contains ( " permissions " ) ) {
m_database - > close ( ) ;
printf ( " [ERROR] Control database '%s' on '%s' does not contain the required 'permissions' table \n \r " , m_database - > databaseName ( ) . ascii ( ) , m_database - > hostName ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
if ( ! m_database - > tables ( ) . contains ( " activity " ) ) {
m_database - > close ( ) ;
printf ( " [ERROR] Control database '%s' on '%s' does not contain the required 'activity' table \n \r " , m_database - > databaseName ( ) . ascii ( ) , m_database - > hostName ( ) . ascii ( ) ) ; fflush ( stdout ) ;
delete m_database ;
m_database = NULL ;
return - 1 ;
}
m_databaseStationsCursor = new TQSqlCursor ( " stations " ) ;
m_databaseServicesCursor = new TQSqlCursor ( " services " ) ;
m_databaseServiceTypesCursor = new TQSqlCursor ( " servicetypes " ) ;
m_databasePermissionsCursor = new TQSqlCursor ( " permissions " ) ;
m_databaseActivityCursor = new TQSqlCursor ( " activity " ) ;
return 0 ;
}
/*
The AuthServer class handles new connections to the server . For every
client that connects , it creates a new AuthSocket - - that instance is now
responsible for the communication with that client .
*/
AuthServer : : AuthServer ( TQObject * parent ) :
TQServerSocket ( 4004 , 1 , parent ) {
m_config = new KSimpleConfig ( " remotefpga_authserver.conf " , false ) ;
if ( ! ok ( ) ) {
printf ( " [ERROR] Failed to bind to port 4004 \n \r " ) ;
exit ( 1 ) ;
}
printf ( " [INFO] Server started on port 4004 \n \r " ) ; fflush ( stdout ) ;
}
AuthServer : : ~ AuthServer ( ) {
delete m_config ;
}
void AuthServer : : newConnection ( int socket ) {
AuthSocket * s = new AuthSocket ( socket , this ) ;
s - > m_remoteHost = s - > peerAddress ( ) . toString ( ) ;
printf ( " [DEBUG] New connection from %s \n \r " , s - > m_remoteHost . ascii ( ) ) ;
if ( s - > initiateKerberosHandshake ( ) ! = 0 ) {
printf ( " [DEBUG] Connection from %s closed due to Kerberos failure \n \r " , s - > m_remoteHost . ascii ( ) ) ;
s - > close ( ) ;
delete s ;
s = NULL ;
return ;
}
else {
connect ( s , SIGNAL ( connectionClosed ( ) ) , s , SLOT ( deleteLater ( ) ) ) ;
emit newConnect ( s ) ;
s - > enterCommandLoop ( ) ;
}
}