Attachment #77243 for bug #195644

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Lines 29-35 Link Here

(-)src-native-new/src/agentController/AgentController.make (-1 / +1 lines)
29	# (separated by blanks)	29	# (separated by blanks)
30	#-----------------------------------	30	#-----------------------------------
31		31
32	LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread	32	LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread ssl
33		33
34	#-----------------------------------	34	#-----------------------------------
35	# list of additional library directories to search from	35	# list of additional library directories to search from

Lines 59-64 Link Here

(-)src-native-new/src/transport/socketTL/SocketListener.c (-38 / +443 lines)
59		59
60	*********************************************************/	60	*********************************************************/
61		61
		62	#include <stdlib.h>
		63
		64	#ifdef _WIN32
		65	#include <direct.h>
		66	#else
		67	#include <unistd.h>
		68	#include <signal.h>
		69	#include <sys/wait.h>
		70	#include <openssl/ssl.h>
		71	#include <tptp/TPTPConfig.h>
		72	#endif
62		73
63	#include "SocketListener.h"	74	#include "SocketListener.h"
64		75
Lines 69-78 Link Here
69		80
70	#include "tptp/dime.h"	81	#include "tptp/dime.h"
71		82
72	#define DEFAULT_PORT_NUM 10002	83	#define DEFAULT_PORT_NUM 10002
73
74	#define PROTO_VERSION 1	84	#define PROTO_VERSION 1
75		85
		86	#define CONFIGURATION_HOME "TPTP_AC_HOME"
		87
		88	#define CERTF "cert.pem"
		89	#define KEYF "key.pem"
		90
76	/** thread status */	91	/** thread status */
77	enum ThreadStatus { IDLE, RUNNING } ;	92	enum ThreadStatus { IDLE, RUNNING } ;
78		93
Lines 97-105 Link Here
97	int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) ;	112	int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) ;
98		113
99	int handleCONNECT_DATA(request_block_ptr_t pBlk, char *pMsg) ;	114	int handleCONNECT_DATA(request_block_ptr_t pBlk, char *pMsg) ;
100		115	tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length);
		116	tptp_int32 closeConnection(request_block_ptr_t pBlock);
101	int closeSocket (int socket);	117	int closeSocket (int socket);
		118	int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) ;
102		119
		120	BOOL vrfusrpwd(tptp_string userid, tptp_string password);
		121
		122	static int sslinit = 1;
		123	static char* certFile = NULL;
		124	static char* keyFile = NULL;
103		125
104	/**	126	/**
105	*********************************************************	127	*********************************************************
Lines 129-135 Link Here
129	int rc = 0 ;	151	int rc = 0 ;
130	char *buffer = NULL;	152	char *buffer = NULL;
131	int bufferLength = 0 ;	153	int bufferLength = 0 ;
132	BOOL shouldAddHeader = FALSE ;
133	char *pCurr = NULL ;	154	char *pCurr = NULL ;
134	int uuidLength = 0 ;	155	int uuidLength = 0 ;
135		156
Lines 149-157 Link Here
149	pCurr = writeUINTToBuffer(pCurr+1, PROTO_VERSION);	170	pCurr = writeUINTToBuffer(pCurr+1, PROTO_VERSION);
150		171
151	addBasicMsgHeader(cmd, cmdLength, &buffer, &bufferLength, flags) ;	172	addBasicMsgHeader(cmd, cmdLength, &buffer, &bufferLength, flags) ;
152
153	/* send the response */	173	/* send the response */
154	sendThisMessage(pBlk->pServerData, pBlk->connectionId, bufferLength, buffer, shouldAddHeader) ;	174	writeData(pBlk, buffer, bufferLength);
155		175
156	if (cmd) tptp_free(cmd);	176	if (cmd) tptp_free(cmd);
157	if (buffer) tptp_free(buffer);	177	if (buffer) tptp_free(buffer);
Lines 159-164 Link Here
159	return ( rc ) ;	179	return ( rc ) ;
160	}	180	}
161		181
		182	#ifndef _WIN32
		183	int setSSL(request_block_ptr_t pBlk) {
		184	SSL_METHOD *meth;
		185	SSL_CTX* ctx;
		186	SSL* ssl;
		187	int err;
		188
		189	if (sslinit) {
		190	SSL_load_error_strings();
		191	SSL_library_init();
		192	sslinit = 0;
		193	}
		194
		195	meth = SSLv23_server_method();
		196
		197	ctx = SSL_CTX_new (meth);
		198	if (!ctx) {
		199	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
		200	return -1;
		201	}
		202
		203	if (certFile == NULL) {
		204	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
		205	return -1;
		206	}
		207
		208	if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
		209	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
		210	return -1;
		211	}
		212
		213	if (keyFile == NULL) {
		214	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
		215	return -1;
		216	}
		217
		218	if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
		219	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
		220	return -1;
		221	}
		222
		223	if (!SSL_CTX_check_private_key(ctx)) {
		224	TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
		225	keyFile, certFile);
		226	return -1;
		227	}
		228
		229	ssl = SSL_new (ctx);
		230	if (ssl < 0) {
		231	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
		232	return -1;
		233	}
		234
		235	SSL_set_fd (ssl, pBlk->clientSock);
		236	err = SSL_accept (ssl);
		237	if (err < 0) {
		238	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err));
		239	return -1;
		240	}
		241
		242	pBlk->sslCtx = ctx;
		243	pBlk->ssl = ssl;
		244	pBlk->secured = TRUE;
		245
246	return 0;
247	}
248	#endif
162		249
163	/**	250	/**
164	*********************************************************	251	*********************************************************
Lines 169-182 Link Here
169	*********************************************************/	256	*********************************************************/
170	int handleCONNECT(request_block_ptr_t pBlk, char *pMsg)	257	int handleCONNECT(request_block_ptr_t pBlk, char *pMsg)
171	{	258	{
172	HashTable *pTab = NULL ;	259	HashTable *pTab = NULL;
173	int connId = 0 ;	260	int connId = 0;
174		261
175	addConnectionEntry_ptr_t pFunc = NULL ;	262	addConnectionEntry_ptr_t pFunc = NULL ;
176		263
177	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT request (Control channel).");	264	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT request (Control channel).");
178	pBlk->connectionType = CONTROL_CHANNEL ;	265	pBlk->connectionType = CONTROL_CHANNEL ;
179		266
		267	#ifndef _WIN32
		268	if (pBlk->pServerData->securityEnabled && !pBlk->secured) {
		269	processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED \| SECURITY_REQUIRED);
		270	// no race condition here since incoming ssl request
		271	return setSSL(pBlk); // will wait for processing in input buffer
		272	}
		273	#endif
		274
180	/* tell the agent controller about the new connection */	275	/* tell the agent controller about the new connection */
181	/* and receive the assigned connection id */	276	/* and receive the assigned connection id */
182	pFunc = pBlk->pServerData->agentControllerDataBlk.addConnectionEntry ;	277	pFunc = pBlk->pServerData->agentControllerDataBlk.addConnectionEntry ;
Lines 193-200 Link Here
193	pTab = pBlk->pServerData->connectionTable ;	288	pTab = pBlk->pServerData->connectionTable ;
194	tablePut(pTab, connId, (Entry_value_ptr_t) pBlk) ;	289	tablePut(pTab, connId, (Entry_value_ptr_t) pBlk) ;
195		290
		291	#ifndef _WIN32
196	/* CONNECT command. Go handle it. */	292	/* CONNECT command. Go handle it. */
197	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE) ;	293	if (pBlk->pServerData->securityEnabled) {
		294	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE \| AUTHENTICATION_FAILED);
		295	}
		296	else {
		297	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE);
		298	pBlk->authenticated = TRUE;
		299	}
		300	#else
		301	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE);
		302	pBlk->authenticated = TRUE;
		303	#endif
198		304
199	return 0 ;	305	return 0 ;
200	}	306	}
Lines 203-208 Link Here
203	*********************************************************	309	*********************************************************
204	*	310	*
205	* @brief	311	* @brief
		312	* handle the AUTHENTICATE request
		313	*
		314	*********************************************************/
		315	int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) {
		316	char name=NULL, psw=NULL;
		317	BOOL success;
		318
		319	pMsg = readStringFromBuffer(pMsg, &name);
		320	pMsg = readStringFromBuffer(pMsg, &psw);
		321
		322	if (name != NULL && psw != NULL){
		323	success = vrfusrpwd(name, psw);
		324	}
		325	else{
		326	success = FALSE;
		327	}
		328
		329	if (success) {
		330	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is authenticated", name);
		331	}
		332	else if (name != NULL) {
		333	TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is not authenticated", name);
		334	}
		335	else {
		336	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "User <null> is not authenticated");
		337	}
		338
		339	pBlk->authenticated = success;
		340	if (success) {
		341	processCONNECTCall(pBlk, pMsg, AUTHENTICATION_SUCCESSFUL);
		342	}
		343	else {
		344	processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED);
		345	}
		346
		347	if (name != NULL) tptp_free(name);
		348	if (psw != NULL) tptp_free(psw);
		349
		350	return 0 ;
		351	}
		352
		353	/**
		354	*********************************************************
		355	*
		356	* @brief
206	* handle the CONNECT_DATA or CONNECT_CONSOLE request	357	* handle the CONNECT_DATA or CONNECT_CONSOLE request
207	*	358	*
208	*********************************************************/	359	*********************************************************/
Lines 214-219 Link Here
214	addDataConnectionEntry_ptr_t pFunc = NULL ;	365	addDataConnectionEntry_ptr_t pFunc = NULL ;
215		366
216	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT_DATA/CONNECT_CONSOLE request (Data channel).");	367	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT_DATA/CONNECT_CONSOLE request (Data channel).");
		368
		369	#ifndef _WIN32
		370	if (pBlk->pServerData->securityEnabled && !pBlk->secured) {
		371	processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED \| SECURITY_REQUIRED);
		372	// no race condition here since incoming ssl request
		373	return setSSL(pBlk); // will wait for processing in input buffer
		374	}
		375	#endif
		376
217	pBlk->connectionType = DATA_CHANNEL ;	377	pBlk->connectionType = DATA_CHANNEL ;
218		378
219	/* tell the agent controller about the new connection */	379	/* tell the agent controller about the new connection */
Lines 310-322 Link Here
310	((flags & CONNECT_CONSOLE) != 0))	470	((flags & CONNECT_CONSOLE) != 0))
311	{	471	{
312	if ((flags & CONNECT_CONSOLE) != 0)	472	if ((flags & CONNECT_CONSOLE) != 0)
313	pBlk->isForConsole = TRUE ;	473	pBlk->isForConsole = TRUE;
314		474
315	handleCONNECT_DATA(pBlk, pMsg) ;	475	handleCONNECT_DATA(pBlk, pMsg) ;
316		476
317	/* prevent it from forwarding to the AC */	477	/* prevent it from forwarding to the AC */
318	pMsg = NULL ;	478	pMsg = NULL ;
319	}	479	}
		480	#ifndef _WIN32
		481	else if (pBlk->pServerData->securityEnabled && !pBlk->secured) {
		482	pMsg = NULL ;
		483	}
		484	else if ((flags & AUTHENTICATE) != 0) {
		485	handleAUTHENTICATE(pBlk, pMsg) ;
		486
		487	/* prevent it from forwarding to the AC */
		488	pMsg = NULL ;
		489	}
		490	else if (pBlk->pServerData->securityEnabled && !pBlk->authenticated) {
		491	processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED);
		492	pMsg = NULL ;
		493	}
		494	#endif
320	else if ((flags & DISCONNECT) != 0)	495	else if ((flags & DISCONNECT) != 0)
321	{	496	{
322	handleDISCONNECT(pBlk, pMsg) ;	497	handleDISCONNECT(pBlk, pMsg) ;
Lines 377-382 Link Here
377	return 0 ;	552	return 0 ;
378	}	553	}
379		554
		555
380	/**	556	/**
381	*********************************************************	557	*********************************************************
382	*	558	*
Lines 438-444 Link Here
438		614
439	/* read in the magic number */	615	/* read in the magic number */
440	pMsg = readUINTFromBuffer(pBuffer, &magicNumber);	616	pMsg = readUINTFromBuffer(pBuffer, &magicNumber);
441		617
442	/* Compare against the magic number of the AC which is 0x54b674de */	618	/* Compare against the magic number of the AC which is 0x54b674de */
443	if (magicNumber != 0x54b674de) {	619	if (magicNumber != 0x54b674de) {
444	/* Compare against the magic number of the RAC which is 0x82656780 */	620	/* Compare against the magic number of the RAC which is 0x82656780 */
Lines 511-516 Link Here
511	return ( bytesToBeProcessed ) ;	687	return ( bytesToBeProcessed ) ;
512	}	688	}
513		689
		690	#ifndef _WIN32
		691
		692	int recvData (request_block_ptr_t pRdb, char buffer, int length, int bytesRead) {
		693	int result;
		694	if (pRdb->secured) {
		695	result = SSL_read (pRdb->ssl, buffer, length);
		696	*bytesRead = result;
		697	}
		698	else {
		699	result = readFromSocket(pRdb->clientSock, buffer, length, bytesRead);
		700	}
		701
		702	return result;
		703	}
		704
		705	#else
		706
		707	int recvData (request_block_ptr_t pRdb, char buffer, int length, int bytesRead) {
		708	return readFromSocket(pRdb->clientSock, buffer, length, bytesRead);
		709	}
		710
		711	#endif
514		712
515	/**	713	/**
516	*********************************************************	714	*********************************************************
Lines 525-533 Link Here
525	THREAD_USER_FUNC_RET_TYPE processClientRequest(LPVOID args)	723	THREAD_USER_FUNC_RET_TYPE processClientRequest(LPVOID args)
526	{	724	{
527	int rc = 1;	725	int rc = 1;
528
529	SOCKET clientSock ;
530
531	unsigned int bytesRead;	726	unsigned int bytesRead;
532	unsigned char buffer[TPTP_DEFAULT_BUFFER_MAX_LENGTH];	727	unsigned char buffer[TPTP_DEFAULT_BUFFER_MAX_LENGTH];
533	unsigned int bufferLength = TPTP_DEFAULT_BUFFER_LENGTH ;	728	unsigned int bufferLength = TPTP_DEFAULT_BUFFER_LENGTH ;
Lines 537-543 Link Here
537		732
538	/* set up environmental info for this incoming message */	733	/* set up environmental info for this incoming message */
539	request_block_ptr_t pRdb = (request_block_ptr_t) args ;	734	request_block_ptr_t pRdb = (request_block_ptr_t) args ;
540	clientSock = pRdb->clientSock ;
541		735
542	/* initial status before the thread is running */	736	/* initial status before the thread is running */
543	pRdb->threadStatus = RUNNING ;	737	pRdb->threadStatus = RUNNING ;
Lines 549-555 Link Here
549		743
550	/* Another message might come in while we're processing	744	/* Another message might come in while we're processing
551	* so we read until the pipe is empty */	745	* so we read until the pipe is empty */
552	while ( (rc = readFromSocket(clientSock, buffer, bufferLength, &bytesRead)) > 0)	746	while ( (rc = recvData(pRdb, buffer, bufferLength, &bytesRead)) > 0)
553	{	747	{
554	TPTP_LOG_DEBUG_MSG1(pRdb->pServerData, "Socket processClientRequest: Read %d bytes.", bytesRead) ;	748	TPTP_LOG_DEBUG_MSG1(pRdb->pServerData, "Socket processClientRequest: Read %d bytes.", bytesRead) ;
555		749
Lines 577-584 Link Here
577	pFunc(pRdb->pServerData->cmo, pRdb->connectionId);	771	pFunc(pRdb->pServerData->cmo, pRdb->connectionId);
578	}	772	}
579		773
580	freeRequestBlock( pRdb );	774	closeConnection(pRdb);
581	closeSocket(clientSock);	775	freeRequestBlock(pRdb);
582		776
583	return ( 0 ) ;	777	return ( 0 ) ;
584	}	778	}
Lines 606-611 Link Here
606	pRequestDataBlock->connectionType = 0 ;	800	pRequestDataBlock->connectionType = 0 ;
607		801
608	pRequestDataBlock->isForConsole = FALSE ;	802	pRequestDataBlock->isForConsole = FALSE ;
		803
		804	pRequestDataBlock->authenticated = FALSE;
		805	pRequestDataBlock->secured = FALSE;
		806
		807	#ifndef _WIN32
		808	pRequestDataBlock->ssl = NULL;
		809	pRequestDataBlock->sslCtx = NULL;
		810	#endif
609		811
610	pRequestDataBlock->pSendFunc = NULL ;	812	pRequestDataBlock->pSendFunc = NULL ;
611		813
Lines 650-656 Link Here
650		852
651	else	853	else
652	{	854	{
653	setHandleInherited((HANDLE) clientSock) ;	855	setHandleInherited((HANDLE) clientSock);
654		856
655	/* set up the data block for each request */	857	/* set up the data block for each request */
656	pRequestDataBlock = getInitRequestDataBlock(clientSock, pServerData) ;	858	pRequestDataBlock = getInitRequestDataBlock(clientSock, pServerData) ;
Lines 707-713 Link Here
707	return ( 0 );	909	return ( 0 );
708	}	910	}
709		911
		912	int getACHome (char* buf, int len) {
		913	char* acHome;
		914
		915	acHome = getenv(CONFIGURATION_HOME);
		916	if (acHome != NULL) {
		917	strncpy(buf, acHome, len);
		918	return 0;
		919	}
		920
		921	#ifdef _WIN32
		922	acHome = _getcwd(buf, 1024);
		923	if (acHome == NULL) return -1;
		924
		925	strcat(buf, "\\..");
		926	#else
		927	acHome = getcwd(buf, 1024);
		928	if (acHome == NULL) return -1;
		929
		930	strcat(buf, "/..");
		931	#endif
		932
		933	return 0;
		934	}
		935
		936	int initSSL() {
		937	char buf[1024];
		938
		939	if (getACHome(buf, 1024) < 0) {
		940	certFile = (char*) malloc(strlen(CERTF) + 1);
		941	strcpy(certFile, CERTF);
		942
		943	keyFile = (char*) malloc(strlen(KEYF) + 1);
		944	strcpy(keyFile, CERTF);
		945	}
		946	else {
		947	#ifdef _WIN32
		948	strcat(buf, "\\security\\");
		949	#else
		950	strcat(buf, "/security/");
		951	#endif
710		952
		953	certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
		954	strcpy(certFile, buf);
		955	strcat(certFile, CERTF);
		956
		957	keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
		958	strcpy(keyFile, buf);
		959	strcat(keyFile, KEYF);
		960	}
		961
		962	return 0;
		963	}
711		964
712	/**	965	/**
713	*********************************************************	966	*********************************************************
Lines 723-728 Link Here
723	{	976	{
724	int rc = 0 ;	977	int rc = 0 ;
725		978
		979	initSSL();
		980
726	rc = initForSocketCalls() ;	981	rc = initForSocketCalls() ;
727		982
728	if (rc == 0)	983	if (rc == 0)
Lines 742-752 Link Here
742	rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);	997	rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
743	if (rc != -1)	998	if (rc != -1)
744	{	999	{
		1000	int d;
745	pServerData->port = socketInfo.portNumber;	1001	pServerData->port = socketInfo.portNumber;
		1002	pServerData->securityEnabled = socketInfo.securityEnabled;
746	}	1003	}
747	else	1004	else
748	{	1005	{
749	pServerData->port = DEFAULT_PORT_NUM;	1006	pServerData->port = DEFAULT_PORT_NUM;
		1007	pServerData->securityEnabled = 0;
750	}	1008	}
751		1009
752	tlo->data = pServerData;	1010	tlo->data = pServerData;
Lines 845-850 Link Here
845	return ( rc ) ;	1103	return ( rc ) ;
846	}	1104	}
847		1105
		1106	tptp_int32 closeConnection(request_block_ptr_t pBlock) {
		1107	if (pBlock == NULL) return -1;
		1108
		1109	#ifndef _WIN32
		1110	if (pBlock->ssl != NULL) {
		1111	SSL_free(pBlock->ssl);
		1112	pBlock->ssl = NULL;
		1113	}
		1114
		1115	if (pBlock->sslCtx != NULL) {
		1116	SSL_CTX_free(pBlock->sslCtx);
		1117	pBlock->sslCtx = NULL;
		1118	}
		1119	#endif
		1120
		1121	pBlock->secured = FALSE;
		1122
		1123	return closeSocket(pBlock->clientSock);
		1124	}
848		1125
849	/**	1126	/**
850	*********************************************************	1127	*********************************************************
Lines 859-866 Link Here
859		1136
860	tptp_int32 terminateSocketConnection(server_block_t* pServerData, tptp_uint32 connectionID)	1137	tptp_int32 terminateSocketConnection(server_block_t* pServerData, tptp_uint32 connectionID)
861	{	1138	{
862	int rc = 0 ;
863	SOCKET sock ;
864	request_block_ptr_t pBlock ;	1139	request_block_ptr_t pBlock ;
865		1140
866	TPTP_LOG_DEBUG_MSG1(pServerData, "terminateConnection (socket): connection id(%d)", connectionID) ;	1141	TPTP_LOG_DEBUG_MSG1(pServerData, "terminateConnection (socket): connection id(%d)", connectionID) ;
Lines 868-879 Link Here
868	/* retrieve the corresponding socket */	1143	/* retrieve the corresponding socket */
869	pBlock = (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;	1144	pBlock = (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
870		1145
871	sock = pBlock->clientSock ;
872
873	/* go close it down */	1146	/* go close it down */
874	rc = closeSocket(sock) ;	1147	return closeConnection(pBlock) ;
875
876	return ( rc ) ;
877	}	1148	}
878		1149
879		1150
Lines 896-901 Link Here
896	return ( sendThisMessage(pServerData, connectionID, cmdSize, pCmdBlock, TRUE ) ) ;	1167	return ( sendThisMessage(pServerData, connectionID, cmdSize, pCmdBlock, TRUE ) ) ;
897	}	1168	}
898		1169
		1170	#ifndef _WIN32
		1171
		1172	tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) {
		1173	if (pBlock->secured) {
		1174	return SSL_write(pBlock->ssl, buffer, length);
		1175	}
		1176	else {
		1177	return writeToSocket(pBlock->clientSock, buffer, length);
		1178	}
		1179	}
		1180
		1181	#else
		1182
		1183	tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) {
		1184	return writeToSocket(pBlock->clientSock, buffer, length);
		1185	}
		1186
		1187	#endif
899		1188
900	/**	1189	/**
901	*********************************************************	1190	*********************************************************
Lines 912-918 Link Here
912	tptp_int32 sendThisMessage( server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 cmdSize, tptp_string* pCmdBlock, BOOL shouldAddHeader)	1201	tptp_int32 sendThisMessage( server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 cmdSize, tptp_string* pCmdBlock, BOOL shouldAddHeader)
913	{	1202	{
914	int rc = 0 ;	1203	int rc = 0 ;
915	SOCKET sock ;
916	int bytesSent = 0 ;	1204	int bytesSent = 0 ;
917	char *buffer = NULL;	1205	char *buffer = NULL;
918	int bufferLength = 0 ;	1206	int bufferLength = 0 ;
Lines 924-930 Link Here
924	request_block_ptr_t pBlock =	1212	request_block_ptr_t pBlock =
925	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;	1213	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
926		1214
927		1215	if (pBlock == NULL) {
		1216	return -1;
		1217	}
928		1218
929	if (shouldAddHeader == TRUE)	1219	if (shouldAddHeader == TRUE)
930	{	1220	{
Lines 941-951 Link Here
941	/* synchronizing among threads. Single writer. */	1231	/* synchronizing among threads. Single writer. */
942	tptp_getWriteLock( & pBlock->locker );	1232	tptp_getWriteLock( & pBlock->locker );
943		1233
944	/* locate the socket to send */
945	sock = pBlock->clientSock ;
946
947	/* go send the message */	1234	/* go send the message */
948	bytesSent = writeToSocket(sock, pSendBuffer, bufferLength);	1235	bytesSent = writeData(pBlock, pSendBuffer, bufferLength);
949	if (bytesSent < 0)	1236	if (bytesSent < 0)
950	{	1237	{
951	TPTP_LOG_ERROR_MSG1(pServerData, "Socket: Failed to send data on connection ID %d", connectionID);	1238	TPTP_LOG_ERROR_MSG1(pServerData, "Socket: Failed to send data on connection ID %d", connectionID);
Lines 1153-1159 Link Here
1153	request_block_ptr_t pBlock =	1440	request_block_ptr_t pBlock =
1154	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;	1441	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
1155		1442
1156
1157	TPTP_LOG_DEBUG_MSG2(pServerData, "setIncomingDataFunc(socket) connectionID(%d) partnerID(%d)",	1443	TPTP_LOG_DEBUG_MSG2(pServerData, "setIncomingDataFunc(socket) connectionID(%d) partnerID(%d)",
1158	connectionID, partnerID) ;	1444	connectionID, partnerID) ;
1159		1445
Lines 1179-1186 Link Here
1179		1465
1180	tptp_int32 sendSocketData(server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 dataSize, tptp_string* pDataBlock)	1466	tptp_int32 sendSocketData(server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 dataSize, tptp_string* pDataBlock)
1181	{	1467	{
1182	SOCKET sock ;
1183
1184	int bytesSent = 0 ;	1468	int bytesSent = 0 ;
1185		1469
1186	int rc = 0 ;	1470	int rc = 0 ;
Lines 1189-1199 Link Here
1189	request_block_ptr_t pBlock =	1473	request_block_ptr_t pBlock =
1190	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;	1474	(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
1191		1475
1192	/* locate the socket to send */	1476	if (pBlock == NULL) return -1;
1193	sock = pBlock->clientSock ;
1194		1477
1195	/* go send the message */	1478	/* go send the message */
1196	bytesSent = writeToSocket(sock, pDataBlock, dataSize);	1479	bytesSent = writeData(pBlock, pDataBlock, dataSize);
1197	if (bytesSent < 0)	1480	if (bytesSent < 0)
1198	{	1481	{
1199	TPTP_LOG_ERROR_MSG1(pServerData,"Socket: Failed to send data on connection ID %d", connectionID);	1482	TPTP_LOG_ERROR_MSG1(pServerData,"Socket: Failed to send data on connection ID %d", connectionID);
Lines 1259-1264 Link Here
1259	return (forwardDataToPartner(pBlk, dataLen, pBuffer)) ;	1542	return (forwardDataToPartner(pBlk, dataLen, pBuffer)) ;
1260	}	1543	}
1261		1544
		1545	/*
		1546	* --------------------------------------------------------------------------------
		1547	* All the platform-dependent vrfusrpwd() functions below
		1548	* --------------------------------------------------------------------------------
		1549	*/
		1550
		1551
		1552	#if defined(_WIN32)
		1553	/*
		1554	* Windows/IA32 section, in-process authentication
		1555	*/
		1556	BOOL vrfusrpwd(tptp_string userid, tptp_string password) {
		1557	HANDLE handle;
		1558
		1559	return LogonUser(userid, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle);
		1560	}
		1561	#elif defined(__MVS__)
		1562	/*
		1563	* OS/390 section, in-process authentication. BPX.DAEMON is needed.
		1564	*/
		1565	BOOL vrfusrpwd(tptp_string userid, tptp_string password) {
		1566	return __passwd(userid, password, NULL) ? FALSE : TRUE;
		1567	}
		1568	#elif defined(__OS400__)
		1569	/*
		1570	* OS/400 section, in-process authentication
		1571	*/
		1572	BOOL vrfusrpwd(tptp_string userid, tptp_string password) {
		1573	struct error_code_t errorCode;
		1574	char profileHandle[12]; /* profile handle, required by QSYGETPH API */
		1575	char useridBuf[10] = " ";
		1576
		1577	/* In descrypted case, the password is in code page of 437 */
		1578	errorCode.bytesProvided = 64;
		1579	errorCode.bytesAvailable = 0;
		1580
		1581	if(userid[0] == '*') {
		1582	return FALSE;
		1583	}
		1584	else if(strlen(userid) > 10) {
		1585	return FALSE;
		1586	}
		1587	else {
		1588	int i;
		1589	for(i = 0; i < strlen(userid); i++) {
		1590	useridBuf[i] = toupper(userid[i]); /* change it all to upper case */
		1591	}
		1592	}
		1593
		1594	QSYGETPH(useridBuf, password, profileHandle, &errorCode, strlen(password), 37); /* CCSID of password is 37 (EBCDIC) */
		1595
		1596	if(errorCode.bytesAvailable > 0) {
		1597	char exc = (char)ra_malloc(sizeof(char) * 8);
		1598	BZERO(exc, 8);
		1599	strncpy(exc, errorCode.exceptionID, 7);
		1600	ra_free(exc);
		1601
		1602	return FALSE;
		1603	}
		1604	else {
		1605	return TRUE; /* authentication successful */
		1606	}
		1607	}
		1608	#else /* non-Windows, non-OS/400 */
1609	/*
1610	* Launch a separate process to authenticate user name and password
1611	*/
1612	BOOL vrfusrpwd(tptp_string userid, tptp_string password) {
1613	FILE *fp;
1614	BOOL success = FALSE;
1615	char *serverHome;
1616	char *authCmd;
1617	int authLen;
1618	int status;
1619	int rc = 0;
1620
1621	struct sigaction ignoreHandler; /* Use this handler for bypassing pre-configured signal handler */
1622	struct sigaction oldHandler; /* Used to temporary storing the configured signal handler */
1623
1624	serverHome = getCacheEnv("default", "RASERVER_HOME");
1625	/* Do not pass user ID and password since they will be shown by running 'ps' */
1626	authLen = strlen(serverHome) + 1 + strlen("bin") + 1 + strlen("ChkPass") + 1; /* Bug 168705 : need a null at the end for strcat() */
1627	authCmd = (char)malloc(sizeof(char) authLen);
1628	BZERO(authCmd, authLen);
1629	strcpy(authCmd, serverHome);
1630	strcat(authCmd, "/");
1631	strcat(authCmd, "bin");
1632	strcat(authCmd, "/");
1633	strcat(authCmd, "ChkPass");
1634
1635	/* Disable default SIGCHLD handler since system() call doesn't work with user-supplied signal handlers */
1636	BZERO(&ignoreHandler, sizeof(struct sigaction));
1637	BZERO(&oldHandler, sizeof(struct sigaction));
1638
1639	ignoreHandler.sa_handler = SIG_DFL; /* Reset to default SIGCHLD handler */
1640	sigaction(SIGCHLD, &ignoreHandler, &oldHandler); /* Store the previous signal handler */
1641
1642	fp = popen(authCmd, "w");
1643	fprintf(fp, "%s\n", userid);
1644	fprintf(fp, "%s\n", password);
1645	status = pclose(fp);
1646	if(WIFEXITED(status)) {
1647	rc = WEXITSTATUS(status);
1648	}
1649
1650	if(rc == 100) { /* 100 indicates success */
1651	success = TRUE;
1652	}
1653	else {
1654	success = FALSE;
1655	}
1656
1657	/* Re-enable the user-specified SIGCHLD handler */
1658	sigaction(SIGCHLD, &oldHandler, NULL);
1659
1660	free(authCmd);
1661
1662	return success;
1663	}
1664
1665	#endif
1666
1262	#ifdef __linux__	1667	#ifdef __linux__
1263	int closeSocket (int socket) {	1668	int closeSocket (int socket) {
1264	struct linger linger;	1669	struct linger linger;

Lines 22-27 Link Here

(-)src-native-new/src/transport/socketTL/SocketListener.h (+13 lines)
22	#include "tptp/TPTPMessageHeader.h"	22	#include "tptp/TPTPMessageHeader.h"
23	#include "tptp/hashtable.h"	23	#include "tptp/hashtable.h"
24		24
		25	#ifndef _WIN32
		26	#include <openssl/ssl.h>
		27	#endif
		28
25	#define SOCKET_LISTENER_OBJECT_ID 20001	29	#define SOCKET_LISTENER_OBJECT_ID 20001
26		30
27	/** instance-specific data block */	31	/** instance-specific data block */
Lines 33-38 Link Here
33	transport_layer_data_t agentControllerDataBlk ;	37	transport_layer_data_t agentControllerDataBlk ;
34	processMessage_ptr_t processMessage;	38	processMessage_ptr_t processMessage;
35	tptp_object* nexto;	39	tptp_object* nexto;
		40	int securityEnabled;
36		41
37	/* hash table of connections for easy and fast search */	42	/* hash table of connections for easy and fast search */
38	HashTable * connectionTable ;	43	HashTable * connectionTable ;
Lines 199-204 Link Here
199	int connectionPartnerID ;	204	int connectionPartnerID ;
200		205
201	BOOL isForConsole ;	206	BOOL isForConsole ;
		207
		208	BOOL authenticated;
		209	BOOL secured;
		210
		211	#ifndef _WIN32
		212	SSL* ssl;
		213	SSL_CTX* sslCtx;
		214	#endif
202		215
203	Lock_t locker ;	216	Lock_t locker ;
204		217

Lines 44-50 Link Here

(-)src-native-new/src/transport/socketTL/SocketTL.make (-1 / +1 lines)
44	# list of additional libraries to be linked with	44	# list of additional libraries to be linked with
45	# (separated by blanks)	45	# (separated by blanks)
46	#-----------------------------------	46	#-----------------------------------
47	LIBS := dl tptpUtils transportSupport	47	LIBS := dl tptpUtils transportSupport ssl
48		48
49	#-----------------------------------	49	#-----------------------------------
50	# list of additional library directories to search from	50	# list of additional library directories to search from

Lines 99-101 Link Here

(-)src-native-new/src/shared/TPTPUtil/TPTUtil.def (+1 lines)
99	terminateXMLPlatformUtils	99	terminateXMLPlatformUtils
100	parseHostList	100	parseHostList
101	getExecutableName	101	getExecutableName
		102	readStringFromBuffer

Lines 956-961 Link Here

(-)src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp (-5 / +13 lines)
956	char* elementValue=NULL;	956	char* elementValue=NULL;
957	int mstrIdx=0;	957	int mstrIdx=0;
958	int nextIdx=0;	958	int nextIdx=0;
		959	int endIdx = strlen(config);
959		960
960	nextIdx = getTagName(config, &tagName);	961	nextIdx = getTagName(config, &tagName);
961	if ((nextIdx == -1) \|\| (tagName == NULL)) goto errorReturn; //Error: badly formed cmd	962	if ((nextIdx == -1) \|\| (tagName == NULL)) goto errorReturn; //Error: badly formed cmd
Lines 965-976 Link Here
965	mstrIdx++;	966	mstrIdx++;
966	tptp_free(tagName); tagName=NULL;	967	tptp_free(tagName); tagName=NULL;
967		968
		969	socketInfo->securityEnabled = 0; // default
		970
968	while (1)	971	while (1)
969	{	972	{
970	nextIdx = getConfigElementName(&(config[mstrIdx]), &elementName);	973	nextIdx = getConfigElementName(&(config[mstrIdx]), &elementName);
		974	if (isEqualString(elementName, "/Configuration")) break;
		975
971	if ((nextIdx == -1) \|\| (elementName == NULL)) goto errorReturn; //Error: badly formed cmd	976	if ((nextIdx == -1) \|\| (elementName == NULL)) goto errorReturn; //Error: badly formed cmd
972	mstrIdx += nextIdx;	977	mstrIdx += nextIdx;
973		978
974	nextIdx = getConfigElementValue(&(config[mstrIdx]), &elementValue);	979	nextIdx = getConfigElementValue(&(config[mstrIdx]), &elementValue);
975	if ((nextIdx == -1) \|\| (elementValue == NULL)) goto errorReturn; //Error: badly formed cmd	980	if ((nextIdx == -1) \|\| (elementValue == NULL)) goto errorReturn; //Error: badly formed cmd
976	mstrIdx += nextIdx;	981	mstrIdx += nextIdx;
Lines 982-994 Link Here
982	if (isEqualString(elementName, "Port"))	987	if (isEqualString(elementName, "Port"))
983	{	988	{
984	socketInfo->portNumber = atoi(elementValue);	989	socketInfo->portNumber = atoi(elementValue);
985	break;
986	}	990	}
987	if (isEqualString(elementName, "Hosts Configuration"))	991	else if (isEqualString(elementName, "SecurityEnabled"))
		992	{
		993	socketInfo->securityEnabled = isEqualString(elementValue, "true");
		994	}
		995	else if (isEqualString(elementName, "Hosts Configuration"))
988	{	996	{
989	socketInfo->hostConfig = elementValue;	997	socketInfo->hostConfig = elementValue;
990	}	998	}
991	if (isEqualString(elementName, "Allow host"))	999	else if (isEqualString(elementName, "Allow host"))
992	{	1000	{
993	socketInfo->allowHosts = elementValue;	1001	socketInfo->allowHosts = elementValue;
994	}	1002	}




	return ( getGlobalUniqueId() ) ;
}




unsigned char* writeUINTToBuffer(unsigned char *buffer,
							   unsigned int uintData) {
	buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff);

	return &buffer[sizeof(unsigned int)];
}

unsigned char* readStringFromBuffer(unsigned char *buffer, char** str) {
	int len;
	
	buffer = readUINTFromBuffer(buffer, &len);
	if (len == 0)
		*str = NULL;
	else {
		*str = (char*) tptp_malloc(len+1);
		memcpy(*str, buffer, len);
		*((*str) + len) = '\0';
		buffer += len;
	}
	
	return buffer;
}




	
$KEYTOOL -genkey -alias sample -keyalg RSA -sigalg MD5withRSA -dname "CN=Sample, OU=Sample, O=Sample, C=US" -validity 3650 -keypass $PASSWORD -storetype jks -keystore $KEYSTORE -storepass $PASSWORD
$KEYTOOL -export -alias sample -file $CERT -keystore $KEYSTORE -storepass $PASSWORD

CERTF=cert.pem
KEYF=key.pem
REQF=req.pem
LOG=openssl.log

echo `date` > $LOG
openssl genrsa -out $KEYF 1024 >> $LOG 2>&1
openssl req -new -key $KEYF -out $REQF -batch >> $LOG 2>&1
openssl x509 -req -in $REQF -signkey $KEYF -out $CERTF >> $LOG 2>&1

Lines 65-70 Link Here

(-)src-native-new/include/tptp/TPTPSupportUtils.h (+1 lines)
65		65
66	unsigned char* writeUINTToBuffer(unsigned char *buffer, unsigned int uintData);	66	unsigned char* writeUINTToBuffer(unsigned char *buffer, unsigned int uintData);
67	unsigned char* readUINTFromBuffer(unsigned char buffer, unsigned int uint);	67	unsigned char* readUINTFromBuffer(unsigned char buffer, unsigned int uint);
		68	unsigned char* readStringFromBuffer(unsigned char buffer, char* str);
68		69
69	#ifdef __cplusplus	70	#ifdef __cplusplus
70	}	71	}

Lines 53-58 Link Here

(-)src-native-new/include/tptp/TPTPMessageHeader.h (+6 lines)
53	#define CONNECT_DATA 0x10000000	53	#define CONNECT_DATA 0x10000000
54	#define DATA_CONNECTION_COMPLETE 0x20000000	54	#define DATA_CONNECTION_COMPLETE 0x20000000
55	#define DATA_CONNECTION_REFUSED 0x40000000	55	#define DATA_CONNECTION_REFUSED 0x40000000
		56
		57	#define SECURITY_REQUIRED 0x00010000
		58	#define AUTHENTICATE 0x00020000
		59	#define AUTHENTICATION_FAILED 0x00040000
		60	#define AUTHENTICATION_SUCCESSFUL 0x00080000
		61
56	#define CONNECT_CONSOLE 0x00100000	62	#define CONNECT_CONSOLE 0x00100000
57	#define CONSOLE_CONNECT_COMPLETE 0x00200000	63	#define CONSOLE_CONNECT_COMPLETE 0x00200000
58	#define CONSOLE_CONNECT_FAILED 0x00400000	64	#define CONSOLE_CONNECT_FAILED 0x00400000

Lines 79-84 Link Here

(-)src-native-new/include/tptp/TPTPUtils.h (+1 lines)
79	int portNumber;	79	int portNumber;
80	char *hostConfig;	80	char *hostConfig;
81	char *allowHosts;	81	char *allowHosts;
		82	int securityEnabled;
82	} SocketConfigInfo;	83	} SocketConfigInfo;
83		84
84	/* Define the various types of host addressing wildcards and types */	85	/* Define the various types of host addressing wildcards and types */




			configuration.appendChild(port);
			n = doc.createTextNode("10006");
			port.appendChild(n);
			
			Element newAcSecurityEnabled = doc.createElement(SecurityEnabled.TAG);
			configuration.appendChild(newAcSecurityEnabled);
			//
			// Security section
			//
			String sec = configFile.getValue(Constants.SECURITY);
			if (sec != null && sec.toUpperCase().equals(Constants.SECURITY_ON)) {
				n = doc.createTextNode("true");
			} else {
				n = doc.createTextNode("false");
			}
			newAcSecurityEnabled.appendChild(n);
			
			commandExtractor = doc.createElement(CommandExtractor.TAG);
			transportLayer.appendChild(commandExtractor);
			n = doc.createTextNode("tptpCmdExtr");

Return to bug 195644

Lines 56-64 Link Here

(-)src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c (-3 / +15 lines)
56	return ( getGlobalUniqueId() ) ;	56	return ( getGlobalUniqueId() ) ;
57	}	57	}
58		58
59
60
61
62	unsigned char* writeUINTToBuffer(unsigned char *buffer,	59	unsigned char* writeUINTToBuffer(unsigned char *buffer,
63	unsigned int uintData) {	60	unsigned int uintData) {
64	buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff);	61	buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff);
Lines 77-79 Link Here
77	return &buffer[sizeof(unsigned int)];	74	return &buffer[sizeof(unsigned int)];
78	}	75	}
79		76
		77	unsigned char* readStringFromBuffer(unsigned char buffer, char* str) {
		78	int len;
		79
		80	buffer = readUINTFromBuffer(buffer, &len);
		81	if (len == 0)
		82	*str = NULL;
		83	else {
		84	str = (char) tptp_malloc(len+1);
		85	memcpy(*str, buffer, len);
		86	((str) + len) = '\0';
		87	buffer += len;
		88	}
		89
		90	return buffer;
		91	}

Lines 9-11 Link Here

(-)src-native/collection/packaging/security/generateKey.sh (+10 lines)
9		9
10	$KEYTOOL -genkey -alias sample -keyalg RSA -sigalg MD5withRSA -dname "CN=Sample, OU=Sample, O=Sample, C=US" -validity 3650 -keypass $PASSWORD -storetype jks -keystore $KEYSTORE -storepass $PASSWORD	10	$KEYTOOL -genkey -alias sample -keyalg RSA -sigalg MD5withRSA -dname "CN=Sample, OU=Sample, O=Sample, C=US" -validity 3650 -keypass $PASSWORD -storetype jks -keystore $KEYSTORE -storepass $PASSWORD
11	$KEYTOOL -export -alias sample -file $CERT -keystore $KEYSTORE -storepass $PASSWORD	11	$KEYTOOL -export -alias sample -file $CERT -keystore $KEYSTORE -storepass $PASSWORD
		12
		13	CERTF=cert.pem
		14	KEYF=key.pem
		15	REQF=req.pem
		16	LOG=openssl.log
		17
		18	echo `date` > $LOG
		19	openssl genrsa -out $KEYF 1024 >> $LOG 2>&1
		20	openssl req -new -key $KEYF -out $REQF -batch >> $LOG 2>&1
		21	openssl x509 -req -in $REQF -signkey $KEYF -out $CERTF >> $LOG 2>&1

Lines 1003-1008 Link Here

(-)src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java (+14 lines)
1003	configuration.appendChild(port);	1003	configuration.appendChild(port);
1004	n = doc.createTextNode("10006");	1004	n = doc.createTextNode("10006");
1005	port.appendChild(n);	1005	port.appendChild(n);
		1006
		1007	Element newAcSecurityEnabled = doc.createElement(SecurityEnabled.TAG);
		1008	configuration.appendChild(newAcSecurityEnabled);
		1009	//
		1010	// Security section
		1011	//
		1012	String sec = configFile.getValue(Constants.SECURITY);
		1013	if (sec != null && sec.toUpperCase().equals(Constants.SECURITY_ON)) {
		1014	n = doc.createTextNode("true");
		1015	} else {
		1016	n = doc.createTextNode("false");
		1017	}
		1018	newAcSecurityEnabled.appendChild(n);
		1019
1006	commandExtractor = doc.createElement(CommandExtractor.TAG);	1020	commandExtractor = doc.createElement(CommandExtractor.TAG);
1007	transportLayer.appendChild(commandExtractor);	1021	transportLayer.appendChild(commandExtractor);
1008	n = doc.createTextNode("tptpCmdExtr");	1022	n = doc.createTextNode("tptpCmdExtr");