Fix krb client/server sockets

master
Timothy Pearson 13 years ago
parent b2f2dba837
commit 9c9085621b

@ -174,6 +174,7 @@ void RemoteMDI::promptForStationType() {
ds << TQString("BIND");
ds << select.m_selectedStation;
ds >> result;
printf("[RAJA DEBUG 100.0] '%s'\n\r", result.ascii()); fflush(stdout);
if (result == "OK") {
// Success, do nothing
}

@ -171,7 +171,7 @@ bool TDEKerberosClientSocket::atEnd() const {
bool ret;
if (m_kerberosRequested) {
return (m_buffer->at() >= (unsigned long)m_bufferLength);
ret = TQSocket::atEnd();
}
else {
ret = TQSocket::atEnd();
@ -230,6 +230,9 @@ TQ_LONG TDEKerberosClientSocket::readBlock(char *data, TQ_ULONG maxlen) {
}
free(buf);
if (maxlen > (unsigned int)m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
ret = m_buffer->readBlock(data, maxlen);
if (ret > 0) {
@ -284,6 +287,9 @@ TQ_LONG TDEKerberosClientSocket::readLine(char *data, TQ_ULONG maxlen) {
}
free(buf);
if (maxlen > (unsigned int)m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
ret = m_buffer->readLine(data, maxlen);
if (ret > 0) {
@ -310,11 +316,13 @@ TQ_LONG TDEKerberosClientSocket::readLine(char *data, TQ_ULONG maxlen) {
TQString TDEKerberosClientSocket::readLine() {
long i;
TQString ret;
long maxlen;
if (m_kerberosRequested) {
int reclen;
int wrlen;
int readlen;
maxlen = m_negotiatedMaxBufferSize;
char* buf = (char*)malloc(m_negotiatedMaxBufferSize);
reclen = receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
if (reclen > 0) {
@ -326,9 +334,12 @@ TQString TDEKerberosClientSocket::readLine() {
}
free(buf);
if (maxlen > m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
buf = (char*)malloc(m_negotiatedMaxBufferSize);
readlen = m_buffer->readLine(buf, m_negotiatedMaxBufferSize);
buf = (char*)malloc(maxlen);
readlen = m_buffer->readLine(buf, maxlen);
if (readlen > 0) {
// Remove the read bytes from the buffer
m_bufferLength = m_bufferLength-readlen;

@ -171,7 +171,7 @@ bool TDEKerberosServerSocket::atEnd() const {
bool ret;
if (m_kerberosRequested) {
return (m_buffer->at() >= (unsigned long)m_bufferLength);
ret = TQSocket::atEnd();
}
else {
ret = TQSocket::atEnd();
@ -230,6 +230,9 @@ TQ_LONG TDEKerberosServerSocket::readBlock(char *data, TQ_ULONG maxlen) {
}
free(buf);
if (maxlen > (unsigned int)m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
ret = m_buffer->readBlock(data, maxlen);
if (ret > 0) {
@ -284,6 +287,9 @@ TQ_LONG TDEKerberosServerSocket::readLine(char *data, TQ_ULONG maxlen) {
}
free(buf);
if (maxlen > (unsigned int)m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
ret = m_buffer->readLine(data, maxlen);
if (ret > 0) {
@ -310,11 +316,13 @@ TQ_LONG TDEKerberosServerSocket::readLine(char *data, TQ_ULONG maxlen) {
TQString TDEKerberosServerSocket::readLine() {
long i;
TQString ret;
long maxlen;
if (m_kerberosRequested) {
int reclen;
int wrlen;
int readlen;
maxlen = m_negotiatedMaxBufferSize;
char* buf = (char*)malloc(m_negotiatedMaxBufferSize);
reclen = receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
if (reclen > 0) {
@ -326,9 +334,12 @@ TQString TDEKerberosServerSocket::readLine() {
}
free(buf);
if (maxlen > m_bufferLength) {
maxlen = m_bufferLength;
}
m_buffer->at(0);
buf = (char*)malloc(m_negotiatedMaxBufferSize);
readlen = m_buffer->readLine(buf, m_negotiatedMaxBufferSize);
buf = (char*)malloc(maxlen);
readlen = m_buffer->readLine(buf, maxlen);
if (readlen > 0) {
// Remove the read bytes from the buffer
m_bufferLength = m_bufferLength-readlen;

@ -59,3 +59,9 @@ Example: SERV
QUIT:
Gracefully terminates the connection.
The server should return the case-sensitive text "OK" and must immediately close all active connections for the current user.
==================================================================================
Backend Server
==================================================================================
On initial connection from the client container, the master server must negotiate a successful Kerberos connection. Once this connection is established, the server must transmit a string containing the case-sensitive text "OK". The server has now fully established a secure bidirectional channel to the client and may proceeed to use the channel for any purpose. If the server wishes to reject the connection, for example due to a hardware failure, it must transmit a string containing the case-sensitive text "ERRNOTAVL", after which the server should close the client connection.

@ -115,6 +115,8 @@ int AuthSocket::initiateKerberosHandshake() {
}
int AuthSocket::enterCommandLoop() {
bool bound = false;
m_criticalSection++;
try {
TQString command;
@ -194,6 +196,8 @@ int AuthSocket::enterCommandLoop() {
ds << TQString("ERRUNAVAL");
}
else {
bound = true;
// Update database
TQSqlRecord *buffer = m_databaseActivityCursor->primeInsert();
buffer->setValue("station", m_stationID);
@ -205,8 +209,62 @@ int AuthSocket::enterCommandLoop() {
ds << TQString("OK");
}
}
else if (command == "SERV") {
// Get desired Service ID from client
TQ_UINT32 sid;
ds >> sid;
m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
if (m_databaseActivityCursor->next()) {
m_stationID = m_databaseActivityCursor->value("station").toInt();
}
if (bound == true) {
ds << TQString("ERRINVCMD");
}
if (m_stationID < 0) {
ds << TQString("ERRNOCONN");
}
// Attempt to connect to the backend server
m_databaseServicesCursor->select(TQString("pk=%1 AND station=%2").arg(sid).arg(m_stationID));
if (m_databaseServicesCursor->next()) {
TQString serviceHostName = m_databaseServicesCursor->value("hostname").toString();
int servicePort = m_databaseServicesCursor->value("port").toInt();
TDEKerberosClientSocket clientSocket;
clientSocket.setServiceName("remotefpga");
clientSocket.setServerFQDN(serviceHostName);
clientSocket.connectToHost(serviceHostName, servicePort);
while ((clientSocket.state() == TQSocket::Connecting) || (clientSocket.state() == TQSocket::HostLookup)) {
tqApp->processEvents();
}
if (clientSocket.state() == TQSocket::Connected) {
if (clientSocket.setUsingKerberos(true) != 0) {
clientSocket.close();
ds << TQString("ERRNOTAVL");
printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
}
else {
printf("[RAJA DEBUG 600.0] Connect OK!\n\r"); fflush(stdout);
// RAJA FIXME
}
}
else {
clientSocket.close();
ds << TQString("ERRNOTAVL");
printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
}
}
else {
ds << TQString("ERRNOTAVL");
}
}
else {
ds << "ERRINVCMD";
ds << TQString("ERRINVCMD");
}
}
tqApp->processEvents();

@ -34,6 +34,7 @@
#include <ksimpleconfig.h>
#include <tdekrbserversocket.h>
#include <tdekrbclientsocket.h>
#include <tqtrla.h>

@ -110,9 +110,15 @@ int FPGASocket::setupSerial() {
tcgetattr(m_fd_tty, &oldtio); // Save current port settings
long serialBaud;
if (desiredBaudRate == "9600") {
if (desiredBaudRate == "1200") {
serialBaud = B1200;
}
else if (desiredBaudRate == "9600") {
serialBaud = B9600;
}
else if (desiredBaudRate == "19200") {
serialBaud = B19200;
}
else if (desiredBaudRate == "115200") {
serialBaud = B115200;
}
@ -139,22 +145,26 @@ int FPGASocket::setupSerial() {
}
int FPGASocket::enterCommandLoop() {
int cc;
char buffer[10000];
m_criticalSection++;
try {
while (state() == TQSocket::Connected) {
// RAJA FIXME
// cc = read(fd_tty, readbuf, 100000);
// if (cc > 0) {
// write_data_to_client(fd, readbuf, cc);
// fsync(fd_tty);
// printf("[DEBUG] Got %d bytes from the serial port\n\r", cc); fflush(stdout);
// }
// cc = read(fd, writebuf, 100000);
// if (cc > 0) {
// write(fd_tty, writebuf, cc);
// fsync(fd);
// printf("[DEBUG] Got %d bytes from the network interface\n\r", cc); fflush(stdout);
// }
cc = read(m_fd_tty, buffer, 10000);
if (cc > 0) {
writeBlock(buffer, cc);
printf("[DEBUG] Got %d bytes from the serial port\n\r", cc); fflush(stdout);
}
if (canReadLine()) {
cc = readBlock(buffer, 10000);
if (cc > 0) {
if (write(m_fd_tty, buffer, cc) < 0) {
// ERROR
}
printf("[DEBUG] Got %d bytes from the network interface\n\r", cc); fflush(stdout);
}
}
}
m_criticalSection--;

Loading…
Cancel
Save