Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 73425 Details for
Bug 195644
Add security support to New Agent Controller
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
Agent Controller patch for Linux
ac.txt (text/plain), 27.02 KB, created by
Igor Alelekov
on 2007-07-10 10:36:31 EDT
(
hide
)
Description:
Agent Controller patch for Linux
Filename:
MIME Type:
Creator:
Igor Alelekov
Created:
2007-07-10 10:36:31 EDT
Size:
27.02 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P org.eclipse.tptp.platform.agentcontroller >Index: src-native-new/src/transport/socketTL/SocketListener.c >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.c,v >retrieving revision 1.36 >diff -u -r1.36 SocketListener.c >--- src-native-new/src/transport/socketTL/SocketListener.c 13 Apr 2007 16:13:43 -0000 1.36 >+++ src-native-new/src/transport/socketTL/SocketListener.c 10 Jul 2007 14:17:50 -0000 >@@ -59,6 +59,17 @@ > > *********************************************************/ > >+#include <stdlib.h> >+ >+#ifdef _WIN32 >+ #include <direct.h> >+#else >+ #include <unistd.h> >+ #include <signal.h> >+ #include <sys/wait.h> >+ #include <openssl/ssl.h> >+ #include <tptp/TPTPConfig.h> >+#endif > > #include "SocketListener.h" > >@@ -69,7 +80,11 @@ > > #include "tptp/dime.h" > >-#define DEFAULT_PORT_NUM 10002 >+#define DEFAULT_PORT_NUM 10002 >+#define CONFIGURATION_HOME "TPTP_AC_HOME" >+ >+#define CERTF "cert.pem" >+#define KEYF "key.pem" > > /** thread status */ > enum ThreadStatus { IDLE, RUNNING } ; >@@ -95,7 +110,15 @@ > int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) ; > > int handleCONNECT_DATA(request_block_ptr_t pBlk, char *pMsg) ; >- >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length); >+tptp_int32 closeSocket(request_block_ptr_t pBlock); >+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) ; >+ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password); >+ >+static int sslinit = 1; >+static char* certFile = NULL; >+static char* keyFile = NULL; > > /** > ********************************************************* >@@ -125,7 +148,6 @@ > int rc = 0 ; > char *buffer = NULL; > int bufferLength = 0 ; >- BOOL shouldAddHeader = FALSE ; > char *pCurr = NULL ; > int uuidLength = 0 ; > >@@ -144,9 +166,8 @@ > strcpy(pCurr, ""); /* null uuid string */ > > addBasicMsgHeader(cmd, cmdLength, &buffer, &bufferLength, flags) ; >- > /* send the response */ >- sendThisMessage(pBlk->pServerData, pBlk->connectionId, bufferLength, buffer, shouldAddHeader) ; >+ writeData(pBlk, buffer, bufferLength); > > if (cmd) tptp_free(cmd); > if (buffer) tptp_free(buffer); >@@ -154,6 +175,73 @@ > return ( rc ) ; > } > >+#ifndef _WIN32 >+int setSSL(request_block_ptr_t pBlk) { >+ SSL_METHOD *meth; >+ SSL_CTX* ctx; >+ SSL* ssl; >+ int err; >+ >+ if (sslinit) { >+ SSL_load_error_strings(); >+ SSL_library_init(); >+ sslinit = 0; >+ } >+ >+ meth = SSLv23_server_method(); >+ >+ ctx = SSL_CTX_new (meth); >+ if (!ctx) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error"); >+ return -1; >+ } >+ >+ if (certFile == NULL) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found"); >+ return -1; >+ } >+ >+ if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile); >+ return -1; >+ } >+ >+ if (keyFile == NULL) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found"); >+ return -1; >+ } >+ >+ if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile); >+ return -1; >+ } >+ >+ if (!SSL_CTX_check_private_key(ctx)) { >+ TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s", >+ keyFile, certFile); >+ return -1; >+ } >+ >+ ssl = SSL_new (ctx); >+ if (ssl < 0) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error"); >+ return -1; >+ } >+ >+ SSL_set_fd (ssl, pBlk->clientSock); >+ err = SSL_accept (ssl); >+ if (err < 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err)); >+ return -1; >+ } >+ >+ pBlk->sslCtx = ctx; >+ pBlk->ssl = ssl; >+ pBlk->secured = TRUE; >+ >+ return 0; >+} >+#endif > > /** > ********************************************************* >@@ -164,14 +252,22 @@ > *********************************************************/ > int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) > { >- HashTable *pTab = NULL ; >- int connId = 0 ; >+ HashTable *pTab = NULL; >+ int connId = 0; > > addConnectionEntry_ptr_t pFunc = NULL ; > > TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT request (Control channel)."); > pBlk->connectionType = CONTROL_CHANNEL ; > >+#ifndef _WIN32 >+ if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED); >+ // no race condition here since incoming ssl request >+ return setSSL(pBlk); // will wait for processing in input buffer >+ } >+#endif >+ > /* tell the agent controller about the new connection */ > /* and receive the assigned connection id */ > pFunc = pBlk->pServerData->agentControllerDataBlk.addConnectionEntry ; >@@ -188,9 +284,63 @@ > pTab = pBlk->pServerData->connectionTable ; > tablePut(pTab, connId, (Entry_value_ptr_t) pBlk) ; > >+#ifndef _WIN32 > /* CONNECT command. Go handle it. */ >- processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE) ; >+ if (pBlk->pServerData->securityEnabled) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE | AUTHENTICATION_FAILED); >+ } >+ else { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE); >+ pBlk->authenticated = TRUE; >+ } >+#else >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE); >+ pBlk->authenticated = TRUE; >+#endif >+ >+ return 0 ; >+} >+ >+/** >+ ********************************************************* >+ * >+ * @brief >+ * handle the AUTHENTICATE request >+ * >+ *********************************************************/ >+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) { >+ char *name=NULL, *psw=NULL; >+ BOOL success; >+ >+ pMsg = readStringFromBuffer(pMsg, &name); >+ pMsg = readStringFromBuffer(pMsg, &psw); >+ >+ if (name != NULL && psw != NULL) >+ success = vrfusrpwd(name, psw); >+ else >+ success = FALSE; >+ >+ if (success) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is authenticated", name); >+ } >+ else if (name != NULL) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is not authenticated", name); >+ } >+ else { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "User <null> is not authenticated"); >+ } >+ >+ pBlk->authenticated = success; >+ if (success) { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_SUCCESSFUL); >+ } >+ else { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED); >+ } > >+ if (name != NULL) tptp_free(name); >+ if (psw != NULL) tptp_free(psw); >+ > return 0 ; > } > >@@ -209,6 +359,15 @@ > addDataConnectionEntry_ptr_t pFunc = NULL ; > > TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT_DATA/CONNECT_CONSOLE request (Data channel)."); >+ >+#ifndef _WIN32 >+ if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED); >+ // no race condition here since incoming ssl request >+ return setSSL(pBlk); // will wait for processing in input buffer >+ } >+#endif >+ > pBlk->connectionType = DATA_CHANNEL ; > > /* tell the agent controller about the new connection */ >@@ -305,13 +464,29 @@ > ((flags & CONNECT_CONSOLE) != 0)) > { > if ((flags & CONNECT_CONSOLE) != 0) >- pBlk->isForConsole = TRUE ; >+ pBlk->isForConsole = TRUE; > > handleCONNECT_DATA(pBlk, pMsg) ; > > /* prevent it from forwarding to the AC */ > pMsg = NULL ; > } >+#ifndef _WIN32 >+ else if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ pMsg = NULL ; >+ } >+ else if ((flags & AUTHENTICATE) != 0) >+ { >+ handleAUTHENTICATE(pBlk, pMsg) ; >+ >+ /* prevent it from forwarding to the AC */ >+ pMsg = NULL ; >+ } >+ else if (pBlk->pServerData->securityEnabled && !pBlk->authenticated) { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED); >+ pMsg = NULL ; >+ } >+#endif > else if ((flags & DISCONNECT) != 0) > { > handleDISCONNECT(pBlk, pMsg) ; >@@ -503,6 +678,28 @@ > return ( bytesToBeProcessed ) ; > } > >+#ifndef _WIN32 >+ >+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) { >+ int result; >+ if (pRdb->secured) { >+ result = SSL_read (pRdb->ssl, buffer, length); >+ *bytesRead = result; >+ } >+ else { >+ result = readFromSocket(pRdb->clientSock, buffer, length, bytesRead); >+ } >+ >+ return result; >+} >+ >+#else >+ >+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) { >+ return readFromSocket(pRdb->clientSock, buffer, length, bytesRead); >+} >+ >+#endif > > /** > ********************************************************* >@@ -517,9 +714,6 @@ > THREAD_USER_FUNC_RET_TYPE processClientRequest(LPVOID args) > { > int rc = 1; >- >- SOCKET clientSock ; >- > unsigned int bytesRead; > unsigned char buffer[TPTP_DEFAULT_BUFFER_MAX_LENGTH]; > unsigned int bufferLength = TPTP_DEFAULT_BUFFER_LENGTH ; >@@ -529,7 +723,6 @@ > > /* set up environmental info for this incoming message */ > request_block_ptr_t pRdb = (request_block_ptr_t) args ; >- clientSock = pRdb->clientSock ; > > /* initial status before the thread is running */ > pRdb->threadStatus = RUNNING ; >@@ -541,7 +734,7 @@ > > /* Another message might come in while we're processing > * so we read until the pipe is empty */ >- while ( (rc = readFromSocket(clientSock, buffer, bufferLength, &bytesRead)) > 0) >+ while ( (rc = recvData(pRdb, buffer, bufferLength, &bytesRead)) > 0) > { > TPTP_LOG_DEBUG_MSG1(pRdb->pServerData, "Socket processClientRequest: Read %d bytes.", bytesRead) ; > >@@ -565,7 +758,8 @@ > pFunc(pRdb->pServerData->cmo, pRdb->connectionId); > } > >- freeRequestBlock( pRdb ); >+ closeSocket(pRdb); >+ freeRequestBlock(pRdb); > > return ( 0 ) ; > } >@@ -593,6 +787,14 @@ > pRequestDataBlock->connectionType = 0 ; > > pRequestDataBlock->isForConsole = FALSE ; >+ >+ pRequestDataBlock->authenticated = FALSE; >+ pRequestDataBlock->secured = FALSE; >+ >+#ifndef _WIN32 >+ pRequestDataBlock->ssl = NULL; >+ pRequestDataBlock->sslCtx = NULL; >+#endif > > pRequestDataBlock->pSendFunc = NULL ; > >@@ -694,7 +896,58 @@ > return ( 0 ); > } > >+int getACHome (char* buf, int len) { >+ char* acHome; >+ >+ acHome = getenv(CONFIGURATION_HOME); >+ if (acHome != NULL) { >+ strncpy(buf, acHome, len); >+ return 0; >+ } >+ >+#ifdef _WIN32 >+ acHome = _getcwd(buf, 1024); >+ if (acHome == NULL) return -1; >+ >+ strcat(buf, "\\.."); >+#else >+ acHome = getcwd(buf, 1024); >+ if (acHome == NULL) return -1; >+ >+ strcat(buf, "/.."); >+#endif >+ >+ return 0; >+} > >+int initSSL() { >+ char buf[1024]; >+ >+ if (getACHome(buf, 1024) < 0) { >+ certFile = (char*) malloc(strlen(CERTF) + 1); >+ strcpy(certFile, CERTF); >+ >+ keyFile = (char*) malloc(strlen(KEYF) + 1); >+ strcpy(keyFile, CERTF); >+ } >+ else { >+#ifdef _WIN32 >+ strcat(buf, "\\security\\"); >+#else >+ strcat(buf, "/security/"); >+#endif >+ >+ certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1); >+ strcpy(certFile, buf); >+ strcat(certFile, CERTF); >+ >+ keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1); >+ strcpy(keyFile, buf); >+ strcat(keyFile, KEYF); >+ } >+ >+ return 0; >+} > > /** > ********************************************************* >@@ -710,6 +963,8 @@ > { > int rc = 0 ; > >+ initSSL(); >+ > rc = initForSocketCalls() ; > > if (rc == 0) >@@ -730,10 +985,12 @@ > if (rc != -1) > { > pServerData->port = socketInfo.portNumber; >+ pServerData->securityEnabled = socketInfo.securityEnabled; > } > else > { > pServerData->port = DEFAULT_PORT_NUM; >+ pServerData->securityEnabled = 0; > } > > tlo->data = pServerData; >@@ -832,6 +1089,25 @@ > return ( rc ) ; > } > >+tptp_int32 closeSocket(request_block_ptr_t pBlock) { >+ if (pBlock == NULL) return -1; >+ >+#ifndef _WIN32 >+ if (pBlock->ssl != NULL) { >+ SSL_free(pBlock->ssl); >+ pBlock->ssl = NULL; >+ } >+ >+ if (pBlock->sslCtx != NULL) { >+ SSL_CTX_free(pBlock->sslCtx); >+ pBlock->sslCtx = NULL; >+ } >+#endif >+ >+ pBlock->secured = FALSE; >+ >+ return closeThisSocket(pBlock->clientSock); >+} > > /** > ********************************************************* >@@ -846,8 +1122,6 @@ > > tptp_int32 terminateSocketConnection(server_block_t* pServerData, tptp_uint32 connectionID) > { >- int rc = 0 ; >- SOCKET sock ; > request_block_ptr_t pBlock ; > > TPTP_LOG_DEBUG_MSG1(pServerData, "terminateConnection (socket): connection id(%d)", connectionID) ; >@@ -855,12 +1129,8 @@ > /* retrieve the corresponding socket */ > pBlock = (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- sock = pBlock->clientSock ; >- > /* go close it down */ >- rc = closeThisSocket(sock) ; >- >- return ( rc ) ; >+ return closeSocket(pBlock) ; > } > > >@@ -883,6 +1153,24 @@ > return ( sendThisMessage(pServerData, connectionID, cmdSize, pCmdBlock, TRUE ) ) ; > } > >+#ifndef _WIN32 >+ >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { >+ if (pBlock->secured) { >+ return SSL_write(pBlock->ssl, buffer, length); >+ } >+ else { >+ return writeToSocket(pBlock->clientSock, buffer, length); >+ } >+} >+ >+#else >+ >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { >+ return writeToSocket(pBlock->clientSock, buffer, length); >+} >+ >+#endif > > /** > ********************************************************* >@@ -899,7 +1187,6 @@ > tptp_int32 sendThisMessage( server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 cmdSize, tptp_string* pCmdBlock, BOOL shouldAddHeader) > { > int rc = 0 ; >- SOCKET sock ; > int bytesSent = 0 ; > char *buffer = NULL; > int bufferLength = 0 ; >@@ -911,7 +1198,9 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- >+ if (pBlock == NULL) { >+ return -1; >+ } > > if (shouldAddHeader == TRUE) > { >@@ -928,11 +1217,8 @@ > /* synchronizing among threads. Single writer. */ > tptp_getWriteLock( & pBlock->locker ); > >- /* locate the socket to send */ >- sock = pBlock->clientSock ; >- > /* go send the message */ >- bytesSent = writeToSocket(sock, pSendBuffer, bufferLength); >+ bytesSent = writeData(pBlock, pSendBuffer, bufferLength); > if (bytesSent < 0) > { > TPTP_LOG_ERROR_MSG1(pServerData, "Socket: Failed to send data on connection ID %d", connectionID); >@@ -1140,7 +1426,6 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- > TPTP_LOG_DEBUG_MSG2(pServerData, "setIncomingDataFunc(socket) connectionID(%d) partnerID(%d)", > connectionID, partnerID) ; > >@@ -1166,8 +1451,6 @@ > > tptp_int32 sendSocketData(server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 dataSize, tptp_string* pDataBlock) > { >- SOCKET sock ; >- > int bytesSent = 0 ; > > int rc = 0 ; >@@ -1176,11 +1459,10 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- /* locate the socket to send */ >- sock = pBlock->clientSock ; >+ if (pBlock == NULL) return -1; > > /* go send the message */ >- bytesSent = writeToSocket(sock, pDataBlock, dataSize); >+ bytesSent = writeData(pBlock, pDataBlock, dataSize); > if (bytesSent < 0) > { > TPTP_LOG_ERROR_MSG1(pServerData,"Socket: Failed to send data on connection ID %d", connectionID); >@@ -1246,3 +1528,124 @@ > return (forwardDataToPartner(pBlk, dataLen, pBuffer)) ; > } > >+/* >+ * -------------------------------------------------------------------------------- >+ * All the platform-dependent vrfusrpwd() functions below >+ * -------------------------------------------------------------------------------- >+ */ >+ >+ >+#if defined(_WIN32) >+/* >+ * Windows/IA32 section, in-process authentication >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ HANDLE handle; >+ >+ return LogonUser(userid, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle); >+} >+#elif defined(__MVS__) >+/* >+ * OS/390 section, in-process authentication. BPX.DAEMON is needed. >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ return __passwd(userid, password, NULL) ? FALSE : TRUE; >+} >+#elif defined(__OS400__) >+/* >+ * OS/400 section, in-process authentication >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ struct error_code_t errorCode; >+ char profileHandle[12]; /* profile handle, required by QSYGETPH API */ >+ char useridBuf[10] = " "; >+ >+ /* In descrypted case, the password is in code page of 437 */ >+ errorCode.bytesProvided = 64; >+ errorCode.bytesAvailable = 0; >+ >+ if(userid[0] == '*') { >+ return FALSE; >+ } >+ else if(strlen(userid) > 10) { >+ return FALSE; >+ } >+ else { >+ int i; >+ for(i = 0; i < strlen(userid); i++) { >+ useridBuf[i] = toupper(userid[i]); /* change it all to upper case */ >+ } >+ } >+ >+ QSYGETPH(useridBuf, password, profileHandle, &errorCode, strlen(password), 37); /* CCSID of password is 37 (EBCDIC) */ >+ >+ if(errorCode.bytesAvailable > 0) { >+ char *exc = (char*)ra_malloc(sizeof(char) * 8); >+ BZERO(exc, 8); >+ strncpy(exc, errorCode.exceptionID, 7); >+ ra_free(exc); >+ >+ return FALSE; >+ } >+ else { >+ return TRUE; /* authentication successful */ >+ } >+} >+#else /* non-Windows, non-OS/400 */ >+/* >+ * Launch a separate process to authenticate user name and password >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ FILE *fp; >+ BOOL success = FALSE; >+ char *serverHome; >+ char *authCmd; >+ int authLen; >+ int status; >+ int rc = 0; >+ >+ struct sigaction ignoreHandler; /* Use this handler for bypassing pre-configured signal handler */ >+ struct sigaction oldHandler; /* Used to temporary storing the configured signal handler */ >+ >+ serverHome = getCacheEnv("default", "RASERVER_HOME"); >+ /* Do not pass user ID and password since they will be shown by running 'ps' */ >+ authLen = strlen(serverHome) + 1 + strlen("bin") + 1 + strlen("ChkPass") + 1; /* Bug 168705 : need a null at the end for strcat() */ >+ authCmd = (char*)malloc(sizeof(char) * authLen); >+ BZERO(authCmd, authLen); >+ strcpy(authCmd, serverHome); >+ strcat(authCmd, "/"); >+ strcat(authCmd, "bin"); >+ strcat(authCmd, "/"); >+ strcat(authCmd, "ChkPass"); >+ >+ /* Disable default SIGCHLD handler since system() call doesn't work with user-supplied signal handlers */ >+ BZERO(&ignoreHandler, sizeof(struct sigaction)); >+ BZERO(&oldHandler, sizeof(struct sigaction)); >+ >+ ignoreHandler.sa_handler = SIG_DFL; /* Reset to default SIGCHLD handler */ >+ sigaction(SIGCHLD, &ignoreHandler, &oldHandler); /* Store the previous signal handler */ >+ >+ fp = popen(authCmd, "w"); >+ fprintf(fp, "%s\n", userid); >+ fprintf(fp, "%s\n", password); >+ status = pclose(fp); >+ if(WIFEXITED(status)) { >+ rc = WEXITSTATUS(status); >+ } >+ >+ if(rc == 100) { /* 100 indicates success */ >+ success = TRUE; >+ } >+ else { >+ success = FALSE; >+ } >+ >+ /* Re-enable the user-specified SIGCHLD handler */ >+ sigaction(SIGCHLD, &oldHandler, NULL); >+ >+ free(authCmd); >+ >+ return success; >+} >+ >+#endif >Index: src-native-new/src/transport/socketTL/SocketListener.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.h,v >retrieving revision 1.11 >diff -u -r1.11 SocketListener.h >--- src-native-new/src/transport/socketTL/SocketListener.h 16 May 2006 17:36:47 -0000 1.11 >+++ src-native-new/src/transport/socketTL/SocketListener.h 10 Jul 2007 14:17:50 -0000 >@@ -22,6 +22,10 @@ > #include "tptp/TPTPMessageHeader.h" > #include "tptp/hashtable.h" > >+#ifndef _WIN32 >+ #include <openssl/ssl.h> >+#endif >+ > #define SOCKET_LISTENER_OBJECT_ID 20001 > > /** instance-specific data block */ >@@ -33,6 +37,7 @@ > transport_layer_data_t agentControllerDataBlk ; > processMessage_ptr_t processMessage; > tptp_object* nexto; >+ int securityEnabled; > > /* hash table of connections for easy and fast search */ > HashTable * connectionTable ; >@@ -199,6 +204,14 @@ > int connectionPartnerID ; > > BOOL isForConsole ; >+ >+ BOOL authenticated; >+ BOOL secured; >+ >+#ifndef _WIN32 >+ SSL* ssl; >+ SSL_CTX* sslCtx; >+#endif > > Lock_t locker ; > >Index: src-native-new/src/shared/TPTPUtil/TPTUtil.def >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTUtil.def,v >retrieving revision 1.28 >diff -u -r1.28 TPTUtil.def >--- src-native-new/src/shared/TPTPUtil/TPTUtil.def 9 Apr 2007 17:01:24 -0000 1.28 >+++ src-native-new/src/shared/TPTPUtil/TPTUtil.def 10 Jul 2007 14:17:50 -0000 >@@ -99,3 +99,4 @@ > terminateXMLPlatformUtils > parseHostList > getExecutableName >+ readStringFromBuffer >\ No newline at end of file >Index: src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp,v >retrieving revision 1.35 >diff -u -r1.35 TPTPUtil.cpp >--- src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp 18 Apr 2007 17:44:37 -0000 1.35 >+++ src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp 10 Jul 2007 14:17:50 -0000 >@@ -956,6 +956,7 @@ > char* elementValue=NULL; > int mstrIdx=0; > int nextIdx=0; >+ int endIdx = strlen(config); > > nextIdx = getTagName(config, &tagName); > if ((nextIdx == -1) || (tagName == NULL)) goto errorReturn; //Error: badly formed cmd >@@ -965,12 +966,16 @@ > mstrIdx++; > tptp_free(tagName); tagName=NULL; > >+ socketInfo->securityEnabled = 0; // default >+ > while (1) >- { >+ { > nextIdx = getConfigElementName(&(config[mstrIdx]), &elementName); >+ if (isEqualString(elementName, "/Configuration")) break; >+ > if ((nextIdx == -1) || (elementName == NULL)) goto errorReturn; //Error: badly formed cmd > mstrIdx += nextIdx; >- >+ > nextIdx = getConfigElementValue(&(config[mstrIdx]), &elementValue); > if ((nextIdx == -1) || (elementValue == NULL)) goto errorReturn; //Error: badly formed cmd > mstrIdx += nextIdx; >@@ -982,13 +987,16 @@ > if (isEqualString(elementName, "Port")) > { > socketInfo->portNumber = atoi(elementValue); >- break; > } >- if (isEqualString(elementName, "Hosts Configuration")) >+ else if (isEqualString(elementName, "SecurityEnabled")) >+ { >+ socketInfo->securityEnabled = isEqualString(elementValue, "true"); >+ } >+ else if (isEqualString(elementName, "Hosts Configuration")) > { > socketInfo->hostConfig = elementValue; > } >- if (isEqualString(elementName, "Allow host")) >+ else if (isEqualString(elementName, "Allow host")) > { > socketInfo->allowHosts = elementValue; > } >Index: src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c,v >retrieving revision 1.2 >diff -u -r1.2 TPTPSupportUtils.c >--- src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c 1 Jun 2005 20:19:04 -0000 1.2 >+++ src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c 10 Jul 2007 14:17:50 -0000 >@@ -56,9 +56,6 @@ > return ( getGlobalUniqueId() ) ; > } > >- >- >- > unsigned char* writeUINTToBuffer(unsigned char *buffer, > unsigned int uintData) { > buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff); >@@ -77,3 +74,18 @@ > return &buffer[sizeof(unsigned int)]; > } > >+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str) { >+ int len; >+ >+ buffer = readUINTFromBuffer(buffer, &len); >+ if (len == 0) >+ *str = NULL; >+ else { >+ *str = (char*) tptp_malloc(len+1); >+ memcpy(*str, buffer, len); >+ *((*str) + len) = '\0'; >+ buffer += len; >+ } >+ >+ return buffer; >+} >Index: src-native-new/include/tptp/TPTPSupportUtils.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPSupportUtils.h,v >retrieving revision 1.1 >diff -u -r1.1 TPTPSupportUtils.h >--- src-native-new/include/tptp/TPTPSupportUtils.h 1 Jun 2005 17:41:01 -0000 1.1 >+++ src-native-new/include/tptp/TPTPSupportUtils.h 10 Jul 2007 14:17:50 -0000 >@@ -65,6 +65,7 @@ > > unsigned char* writeUINTToBuffer(unsigned char *buffer, unsigned int uintData); > unsigned char* readUINTFromBuffer(unsigned char *buffer, unsigned int *uint); >+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str); > > #ifdef __cplusplus > } >Index: src-native-new/include/tptp/TPTPMessageHeader.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPMessageHeader.h,v >retrieving revision 1.13 >diff -u -r1.13 TPTPMessageHeader.h >--- src-native-new/include/tptp/TPTPMessageHeader.h 26 Apr 2006 22:39:29 -0000 1.13 >+++ src-native-new/include/tptp/TPTPMessageHeader.h 10 Jul 2007 14:17:50 -0000 >@@ -53,12 +53,18 @@ > #define CONNECT_DATA 0x10000000 > #define DATA_CONNECTION_COMPLETE 0x20000000 > #define DATA_CONNECTION_REFUSED 0x40000000 >+ >+#define SECURITY_REQUIRED 0x00010000 >+#define AUTHENTICATE 0x00020000 >+#define AUTHENTICATION_FAILED 0x00040000 >+#define AUTHENTICATION_SUCCESSFUL 0x00080000 >+ > #define CONNECT_CONSOLE 0x00100000 > #define CONSOLE_CONNECT_COMPLETE 0x00200000 > #define CONSOLE_CONNECT_FAILED 0x00400000 > #define CONSOLE_PROCESS_LAUNCHED 0x00800000 > >-/* Byte stream identifier: looks like "T�t�" */ >+/* Byte stream identifier: looks like "T�t�" */ > #define MAGIC_NUMBER 0x54B674DE > > /* the following definition is for flag settings for data connection request */ >Index: src-native-new/include/tptp/TPTPUtils.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPUtils.h,v >retrieving revision 1.21 >diff -u -r1.21 TPTPUtils.h >--- src-native-new/include/tptp/TPTPUtils.h 18 Apr 2007 17:44:37 -0000 1.21 >+++ src-native-new/include/tptp/TPTPUtils.h 10 Jul 2007 14:17:50 -0000 >@@ -79,6 +79,7 @@ > int portNumber; > char *hostConfig; > char *allowHosts; >+ int securityEnabled; > } SocketConfigInfo; > > /* Define the various types of host addressing wildcards and types */ >Index: src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java,v >retrieving revision 1.58 >diff -u -r1.58 SetConfig.java >--- src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java 14 May 2007 17:11:43 -0000 1.58 >+++ src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java 10 Jul 2007 14:17:50 -0000 >@@ -952,7 +952,7 @@ > } > } > } >- } >+ } // !isNewAC > > // > // Plugins >@@ -1003,6 +1003,20 @@ > configuration.appendChild(port); > n = doc.createTextNode("10006"); > port.appendChild(n); >+ >+ Element newAcSecurityEnabled = doc.createElement(SecurityEnabled.TAG); >+ configuration.appendChild(newAcSecurityEnabled); >+ // >+ // Security section >+ // >+ String sec = configFile.getValue(Constants.SECURITY); >+ if (sec != null && sec.toUpperCase().equals(Constants.SECURITY_ON)) { >+ n = doc.createTextNode("true"); >+ } else { >+ n = doc.createTextNode("false"); >+ } >+ newAcSecurityEnabled.appendChild(n); >+ > commandExtractor = doc.createElement(CommandExtractor.TAG); > transportLayer.appendChild(commandExtractor); > n = doc.createTextNode("tptpCmdExtr");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=73425">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 195644
:
73419
|
73421
|
73422
|
73423
|
73425
|
73429
|
77241
|
77242
|
77243
|
80051
|
80132
|
80870
|
84612
|
84631
