Add skeleton for missing functions in tde kerberos library

12 years ago · 249a46324f
parent fbfb9b1a49
commit 249a46324f
9 changed files with 282 additions and 37 deletions
--- a/lib/libtdekrb/src/tdekrbclientsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp
@ -22,6 +22,7 @@
 #include <unistd.h>

 #include <tqapplication.h>
+#include <tqbuffer.h>

 #include <sasl.h>
 #include <saslplug.h>
@ -78,12 +79,16 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
 	return SASL_OK;
 }

-TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE), m_criticalSection(0) {
+TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_criticalSection(0), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
 	saslData = new SASLDataPrivate;
 	saslData->m_krbConnection = NULL;
+	m_buffer = new TQBuffer();
+	m_buffer->open(IO_ReadWrite);
 }

 TDEKerberosClientSocket::~TDEKerberosClientSocket() {
+	m_buffer->close();
+	delete m_buffer;
 	delete saslData;
 }

@ -102,6 +107,58 @@ void TDEKerberosClientSocket::close() {
 	}
 }

+void TDEKerberosClientSocket::flush() {
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		TQSocket::flush();
+	}
+}
+
+TQIODevice::Offset TDEKerberosClientSocket::size() const {
+	TQIODevice::Offset ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::size();
+	}
+
+	return ret;
+}
+
+TQIODevice::Offset TDEKerberosClientSocket::at() const {
+	return TQSocket::at();
+}
+
+bool TDEKerberosClientSocket::at(TQIODevice::Offset off) {
+	bool ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::at(off);
+	}
+
+	return ret;
+}
+
+bool TDEKerberosClientSocket::atEnd() const {
+	bool ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::atEnd();
+	}
+
+	return ret;
+}
+
 int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) {
 	int ret = 0;

@ -227,7 +284,9 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned
 	len = strlen(buf);
 	buf[len] = '\n';
 	buf[len+1] = 0;
-	write(netfd, buf, len+1);
+	if (write(netfd, buf, len+1) < 0) {
+		// ERROR
+	}

 	free(buf);
 }
@ -297,7 +356,7 @@ int TDEKerberosClientSocket::transmitEncryptedData(int fd, const char* readbuf,
 	return 0;
 }

-int TDEKerberosClientSocket::receiveEncryptedData(char *buf, int trunclen) {
+int TDEKerberosClientSocket::receiveEncryptedData(char *buf, unsigned int trunclen) {
 	unsigned int recv_len;
 	const char *recv_data;
 	int result;
@ -340,7 +399,6 @@ int TDEKerberosClientSocket::initializeKerberosInterface() {
 	unsigned int len;
 	int slen;
 	const char *data;
-	char user_authorized = 0;
 	sasl_ssf_t *ssf;
 	char *iplocal = NULL;
 	char *ipremote = NULL;
--- a/lib/libtdekrb/src/tdekrbclientsocket.h
+++ b/lib/libtdekrb/src/tdekrbclientsocket.h
@ -25,6 +25,7 @@

 #define N_CALLBACKS 3

+class TQBuffer;
 class SASLDataPrivate;

 class TDEKerberosClientSocket : public TQSocket
@ -37,6 +38,12 @@ class TDEKerberosClientSocket : public TQSocket

 		bool open(int mode);
 		void close();
+		void flush();
+		Offset size() const;
+		Offset at() const;
+		bool at(Offset off);
+		bool atEnd() const;
+
 		TQ_LONG readBlock(char *data, TQ_ULONG maxlen);
 		TQ_LONG writeBlock(const char *data, TQ_ULONG len);
 		TQ_LONG readLine(char *data, TQ_ULONG maxlen);
@ -53,13 +60,14 @@ class TDEKerberosClientSocket : public TQSocket
 		void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
 		int getSASLDataFromNetwork(char *buf, int trunclen);
 		int transmitEncryptedData(int fd, const char* readbuf, int cc);
-		int receiveEncryptedData(char *buf, int trunclen);
+		int receiveEncryptedData(char *buf, unsigned int trunclen);

 	private:
 		bool m_kerberosRequested;
 		TQString m_serviceName;
 		TQString m_serverFQDN;
 		int m_criticalSection;
+		TQBuffer* m_buffer;

 	private:
 		SASLDataPrivate *saslData;
--- a/lib/libtdekrb/src/tdekrbserversocket.cpp
+++ b/lib/libtdekrb/src/tdekrbserversocket.cpp
@ -22,6 +22,7 @@
 #include <unistd.h>

 #include <tqapplication.h>
+#include <tqbuffer.h>

 #include <sasl.h>
 #include <saslplug.h>
@ -78,12 +79,16 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
 	return SASL_OK;
 }

-TDEKerberosServerSocket::TDEKerberosServerSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE), m_criticalSection(0) {
+TDEKerberosServerSocket::TDEKerberosServerSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_criticalSection(0), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
 	saslData = new SASLDataPrivate;
 	saslData->m_krbConnection = NULL;
+	m_buffer = new TQBuffer();
+	m_buffer->open(IO_ReadWrite);
 }

 TDEKerberosServerSocket::~TDEKerberosServerSocket() {
+	m_buffer->close();
+	delete m_buffer;
 	delete saslData;
 }

@ -102,6 +107,58 @@ void TDEKerberosServerSocket::close() {
 	}
 }

+void TDEKerberosServerSocket::flush() {
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		TQSocket::flush();
+	}
+}
+
+TQIODevice::Offset TDEKerberosServerSocket::size() const {
+	TQIODevice::Offset ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::size();
+	}
+
+	return ret;
+}
+
+TQIODevice::Offset TDEKerberosServerSocket::at() const {
+	return TQSocket::at();
+}
+
+bool TDEKerberosServerSocket::at(TQIODevice::Offset off) {
+	bool ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::at(off);
+	}
+
+	return ret;
+}
+
+bool TDEKerberosServerSocket::atEnd() const {
+	bool ret;
+
+	if (m_kerberosRequested) {
+		// RAJA FIXME
+	}
+	else {
+		ret = TQSocket::atEnd();
+	}
+
+	return ret;
+}
+
 int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) {
 	int ret = 0;

@ -227,7 +284,9 @@ void TDEKerberosServerSocket::sendSASLDataToNetwork(const char *buffer, unsigned
 	len = strlen(buf);
 	buf[len] = '\n';
 	buf[len+1] = 0;
-	write(netfd, buf, len+1);
+	if (write(netfd, buf, len+1) < 0) {
+		// ERROR
+	}

 	free(buf);
 }
@ -297,7 +356,7 @@ int TDEKerberosServerSocket::transmitEncryptedData(int fd, const char* readbuf,
 	return 0;
 }

-int TDEKerberosServerSocket::receiveEncryptedData(char *buf, int trunclen) {
+int TDEKerberosServerSocket::receiveEncryptedData(char *buf, unsigned int trunclen) {
 	unsigned int recv_len;
 	const char *recv_data;
 	int result;
@ -341,7 +400,6 @@ int TDEKerberosServerSocket::initializeKerberosInterface() {
 	int slen;
 	int count;
 	const char *data;
-	char user_authorized = 0;
 	sasl_ssf_t *ssf;

 	// FIXME
--- a/lib/libtdekrb/src/tdekrbserversocket.h
+++ b/lib/libtdekrb/src/tdekrbserversocket.h
@ -25,6 +25,7 @@

 #define N_CALLBACKS 3

+class TQBuffer;
 class SASLDataPrivate;

 class TDEKerberosServerSocket : public TQSocket
@ -37,6 +38,12 @@ class TDEKerberosServerSocket : public TQSocket

 		bool open(int mode);
 		void close();
+		void flush();
+		Offset size() const;
+		Offset at() const;
+		bool at(Offset off);
+		bool atEnd() const;
+
 		TQ_LONG readBlock(char *data, TQ_ULONG maxlen);
 		TQ_LONG writeBlock(const char *data, TQ_ULONG len);
 		TQ_LONG readLine(char *data, TQ_ULONG maxlen);
@ -53,7 +60,7 @@ class TDEKerberosServerSocket : public TQSocket
 		void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
 		int getSASLDataFromNetwork(char *buf, int trunclen);
 		int transmitEncryptedData(int fd, const char* readbuf, int cc);
-		int receiveEncryptedData(char *buf, int trunclen);
+		int receiveEncryptedData(char *buf, unsigned int trunclen);

 	protected:
 		TQString m_authenticatedUserName;
@ -64,6 +71,7 @@ class TDEKerberosServerSocket : public TQSocket
 		TQString m_serviceName;
 		TQString m_serverFQDN;
 		int m_criticalSection;
+		TQBuffer* m_buffer;

 	private:
 		SASLDataPrivate *saslData;
--- a/servers/auth_server_lin/src/auth_conn.cpp
+++ b/servers/auth_server_lin/src/auth_conn.cpp
@ -38,7 +38,9 @@ struct exit_exception {
  instance of this class.
 */
 AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
-	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_config(static_cast<AuthServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL) {
+	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_config(static_cast<AuthServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL),
+	m_databaseServicesCursor(NULL), m_databaseServiceTypesCursor(NULL), m_databasePermissionsCursor(NULL), m_databaseActivityCursor(NULL)
+{

 	setServiceName("remotefpga");

@ -75,8 +77,10 @@ AuthSocket::~AuthSocket() {
 }

 void AuthSocket::close() {
-	TDEKerberosServerSocket::close();
-	connectionClosedHandler();
+	if (state() == TQSocket::Connected) {
+		TDEKerberosServerSocket::close();
+		connectionClosedHandler();
+	}
 }

 void AuthSocket::connectionClosedHandler() {
@ -215,7 +219,6 @@ int AuthSocket::enterCommandLoop() {
 		m_criticalSection--;
 		return -1;
 	}
-
 }

 int AuthSocket::connectToDatabase() {
@ -314,9 +317,11 @@ void AuthServer::newConnection(int socket) {
 	s->m_remoteHost = s->peerAddress().toString();
 	printf("[DEBUG] New connection from %s\n\r", s->m_remoteHost.ascii());
 	if (s->initiateKerberosHandshake() != 0) {
+		printf("[DEBUG] Connection from %s closed due to Kerberos failure\n\r", s->m_remoteHost.ascii());
 		s->close();
 		delete s;
 		s = NULL;
+		return;
 	}
 	else {
 		connect(s, SIGNAL(connectionClosed()), s, SLOT(deleteLater()));
--- a/servers/fpga_server_lin/acinclude.m4
+++ b/servers/fpga_server_lin/acinclude.m4
@ -244,9 +244,9 @@ AC_DEFUN([KDE_FIND_PATH],

 AC_DEFUN([KDE_MOC_ERROR_MESSAGE],
 [
-    AC_MSG_ERROR([No Qt meta object compiler (moc) found!
+    AC_MSG_ERROR([No TQt meta object compiler (tqmoc) found!
 Please check whether you installed Qt correctly.
-You need to have a running moc binary.
+You need to have a running tqmoc binary.
 configure tried to run $ac_cv_path_moc and the test didn't
 succeed. If configure shouldn't have tried this one, set
 the environment variable MOC to the right one before running
@ -268,8 +268,8 @@ configure.

 AC_DEFUN([KDE_UIC_ERROR_MESSAGE],
 [
-    AC_MSG_WARN([No Qt ui compiler (uic) found!
-Please check whether you installed Qt correctly.
+    AC_MSG_WARN([No TQt ui compiler (tquic) found!
+Please check whether you installed TQt correctly.
 You need to have a running uic binary.
 configure tried to run $ac_cv_path_uic and the test didn't
 succeed. If configure shouldn't have tried this one, set
@ -334,7 +334,7 @@ AC_DEFUN([AC_PATH_QT_MOC_UIC],
     qt_bindirs="/usr/share/qt4/bin $qt_bindirs"
   fi

-   KDE_FIND_PATH(moc, MOC, [$qt_bindirs], [KDE_MOC_ERROR_MESSAGE])
+   KDE_FIND_PATH(tqmoc, MOC, [$qt_bindirs], [KDE_MOC_ERROR_MESSAGE])
   if test -z "$UIC_NOT_NEEDED"; then
     if test $kde_qtver = 3; then
       KDE_FIND_PATH(uic-tqt, UIC_PATH, [$qt_bindirs], [UIC_PATH=""])
--- a/servers/fpga_server_lin/src/fpga_conn.cpp
+++ b/servers/fpga_server_lin/src/fpga_conn.cpp
@ -20,7 +20,21 @@
 * http://www.raptorengineeringinc.com
 */

-#include <stdlib.h>
+#include <stdio.h>                /* perror() */
+#include <stdlib.h>               /* atoi() */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <unistd.h>               /* read() */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <termios.h>
+#include <unistd.h>
+#include <sys/signal.h>
+#include <sys/types.h>
+
+#include <tqtimer.h>

 #include <klocale.h>

@ -38,12 +52,13 @@ struct exit_exception {
  instance of this class.
 */
 FPGASocket::FPGASocket(int sock, TQObject *parent, const char *name) :
-	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_config(static_cast<FPGAServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL) {
+	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_config(static_cast<FPGAServer*>(parent)->m_config) {

 	setServiceName("remotefpga");

 	line = 0;
 	connect(this, SIGNAL(connectionClosed()), SLOT(connectionClosedHandler()));
+	connect(this, SIGNAL(connectionClosed()), parent, SLOT(remoteConnectionClosed()));
 	setSocket(sock);
 }

@ -52,8 +67,11 @@ FPGASocket::~FPGASocket() {
 }

 void FPGASocket::close() {
-	TDEKerberosServerSocket::close();
-	connectionClosedHandler();
+	if (state() == TQSocket::Connected) {
+		TDEKerberosServerSocket::close();
+		connectionClosedHandler();
+		TQTimer::singleShot(0, parent(), SLOT(remoteConnectionClosed()));
+	}
 }

 void FPGASocket::connectionClosedHandler() {
@ -76,8 +94,76 @@ int FPGASocket::initiateKerberosHandshake() {
 	}
 }

-void FPGASocket::enterCommandLoop() {
-	// RAJA FIXME
+int FPGASocket::setupSerial() {
+	struct termios oldtio, newtio;
+
+	m_config->setGroup("FPGA");
+	TQString serialDevice = m_config->readEntry("serialdevice", "/dev/ttyS0");
+	TQString desiredBaudRate = m_config->readEntry("baudrate", "9600");
+
+	m_fd_tty = ::open(serialDevice.ascii(), O_RDWR | O_NOCTTY | O_NONBLOCK | O_APPEND);
+	if (m_fd_tty < 0) {
+		printf("[FAIL] Unable to open serial device %s\n\r", serialDevice.ascii()); fflush(stdout);
+		return 1;
+	}
+
+	tcgetattr(m_fd_tty, &oldtio);	// Save current port settings
+
+	long serialBaud;
+	if (desiredBaudRate == "9600") {
+		serialBaud = B9600;
+	}
+	else if (desiredBaudRate == "115200") {
+		serialBaud = B115200;
+	}
+	else {
+		printf("[WARNING] Invalid baudrate %s specified, selecting 9600 instead\n\r", desiredBaudRate.ascii()); fflush(stdout);
+		serialBaud = B9600;
+	}
+
+	bzero(&newtio, sizeof(newtio));
+	newtio.c_cflag = serialBaud | CS8 | CLOCAL | CREAD;
+	newtio.c_iflag = IGNPAR;
+	newtio.c_oflag = 0;
+
+	// Set input mode (non-canonical, no echo,...)
+	newtio.c_lflag = 0;
+
+	newtio.c_cc[VTIME] = 0;	// Inter-character timer unused
+	newtio.c_cc[VMIN]  = 0;	// Blocking read unused
+	
+	tcflush(m_fd_tty, TCIFLUSH);
+	tcsetattr(m_fd_tty, TCSANOW, &newtio);
+
+	return 0;
+}
+
+int FPGASocket::enterCommandLoop() {
+	m_criticalSection++;
+	try {
+		while (state() == TQSocket::Connected) {
+			// RAJA FIXME
+// 			cc = read(fd_tty, readbuf, 100000);
+// 			if (cc > 0) {
+// 				write_data_to_client(fd, readbuf, cc);
+// 				fsync(fd_tty);
+// 				printf("[DEBUG] Got %d bytes from the serial port\n\r", cc); fflush(stdout);
+// 			}
+// 			cc = read(fd, writebuf, 100000);
+// 			if (cc > 0) {
+// 				write(fd_tty, writebuf, cc);
+// 				fsync(fd);
+// 				printf("[DEBUG] Got %d bytes from the network interface\n\r", cc); fflush(stdout);
+// 			}
+		}
+
+		m_criticalSection--;
+		return 0;
+	}
+	catch (...) {
+		m_criticalSection--;
+		return -1;
+	}
 }

 /*
@ -93,8 +179,6 @@ FPGAServer::FPGAServer(TQObject* parent, int port, KSimpleConfig* config) :
 		exit(1);
 	}

-	socketDevice()->setAddressReusable(false);
-
 	printf("[INFO] Server started on port %d\n\r", port); fflush(stdout);
 }

@ -107,21 +191,42 @@ void FPGAServer::newConnection(int socket) {
 	s->m_remoteHost = s->peerAddress().toString();
 	printf("[DEBUG] New connection from %s\n\r", s->m_remoteHost.ascii());
 	if (m_numberOfConnections > 0) {
-		printf("[DEBUG] Connection from %s closed due to multiple access attempt\n\r", m_remoteHost.ascii());
+		printf("[DEBUG] Connection from %s closed due to multiple access attempt\n\r", s->m_remoteHost.ascii());
 		s->close();
 		delete s;
 		s = NULL;
+		return;
 	}
 	if (s->initiateKerberosHandshake() != 0) {
-		printf("[DEBUG] Connection from %s closed due to Kerberos failure\n\r", m_remoteHost.ascii());
+		printf("[DEBUG] Connection from %s closed due to Kerberos failure\n\r", s->m_remoteHost.ascii());
+		s->close();
+		delete s;
+		s = NULL;
+		return;
+	}
+	m_config->setGroup("Security");
+	TQString masterUser = m_config->readEntry("masteruser");
+	TQString masterRealm = m_config->readEntry("masterrealm");
+	if (masterRealm == "") {
+		masterRealm = "(NULL)";
+	}
+	if ((s->m_authenticatedUserName != masterUser) || (s->m_authenticatedRealmName != masterRealm)) {
+		printf("[DEBUG] Connection from %s closed due to authentication failure (attempted connection as user %s@%s)\n\r", s->m_remoteHost.ascii(), masterUser.ascii(), masterRealm.ascii());
+		s->close();
+		delete s;
+		s = NULL;
+		return;
+	}
+	if (s->setupSerial() != 0) {
+		printf("[DEBUG] Connection from %s closed due to serial port initialization failure\n\r", s->m_remoteHost.ascii());
 		s->close();
 		delete s;
 		s = NULL;
+		return;
 	}
 	else {
 		m_numberOfConnections++;
 		connect(s, SIGNAL(connectionClosed()), s, SLOT(deleteLater()));
-		connect(s, SIGNAL(connectionClosed()), this, SLOT(remoteConnectionClosed()));
 		emit newConnect(s);
 		s->enterCommandLoop();
 	}
--- a/servers/fpga_server_lin/src/fpga_conn.h
+++ b/servers/fpga_server_lin/src/fpga_conn.h
@ -49,15 +49,17 @@ class FPGASocket : public TDEKerberosServerSocket
 	public:
 		void close();
 		int initiateKerberosHandshake();
-		void enterCommandLoop();
+		int enterCommandLoop();

 	private slots:
 		void connectionClosedHandler();
+		int setupSerial();
 	
 	private:
 		int line;
 		int m_criticalSection;
 		TQString m_remoteHost;
+		int m_fd_tty;

 		KSimpleConfig* m_config;

--- a/servers/fpga_server_lin/src/main.cpp
+++ b/servers/fpga_server_lin/src/main.cpp
@ -27,16 +27,16 @@
 #include <unistd.h>
 #include <stdlib.h>

+#include <tqdatetime.h>
+#include <tqfile.h>
+#include <tqdir.h>
+
 #include <kapplication.h>
 #include <kstartupinfo.h>
 #include <kcmdlineargs.h>
 #include <kaboutdata.h>
-
 #include <ksimpleconfig.h>

-#include <tqdatetime.h>
-#include <tqfile.h>
-
 #include "fpga_conn.h"

 static const char description[] = I18N_NOOP("RemoteFPGA Kerberos Authentication Server");
@ -56,8 +56,9 @@ int main(int argc, char *argv[])

 	KStartupInfo::appStarted();

-	KSimpleConfig config("./remotefpga_fpgaserver.conf", false);
-	AuthServer authsvr(0, config);
+	KSimpleConfig config(TQDir::currentDirPath() + "/remotefpga_fpgaserver.conf", false);
+	config.setGroup("Server");
+	FPGAServer fpgasvr(0, config.readNumEntry("port", 4010), &config);
 	return app.exec();

 }