Attachment 77243 Details for Bug 195644 – updated AC patch

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

[patch] updated AC patch

ac.txt (text/plain), 31.48 KB, created by Igor Alelekov

on 2007-08-29 08:26:42 EDT

(hide)

Description:

Filename:

MIME Type:

Creator: Igor Alelekov

Created: 2007-08-29 08:26:42 EDT

Size: 31.48 KB

patch

obsolete

>### Eclipse Workspace Patch 1.0
>#P org.eclipse.tptp.platform.agentcontroller
>Index: src-native-new/src/agentController/AgentController.make
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/agentController/AgentController.make,v
>retrieving revision 1.9
>diff -u -r1.9 AgentController.make
>--- src-native-new/src/agentController/AgentController.make	19 Mar 2007 03:14:38 -0000	1.9
>+++ src-native-new/src/agentController/AgentController.make	29 Aug 2007 12:23:29 -0000
>@@ -29,7 +29,7 @@
> #      (separated by blanks)
> #-----------------------------------
> 
>-LIBS       :=  tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread
>+LIBS       :=  tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread ssl
> 
> #-----------------------------------
> #   list of additional library directories to search from
>Index: src-native-new/src/transport/socketTL/SocketListener.c
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.c,v
>retrieving revision 1.38
>diff -u -r1.38 SocketListener.c
>--- src-native-new/src/transport/socketTL/SocketListener.c	22 Aug 2007 16:47:07 -0000	1.38
>+++ src-native-new/src/transport/socketTL/SocketListener.c	29 Aug 2007 12:23:30 -0000
>@@ -59,6 +59,17 @@
> 
>  *********************************************************/
> 
>+#include <stdlib.h>
>+
>+#ifdef _WIN32
>+  #include <direct.h>
>+#else
>+  #include <unistd.h>
>+  #include <signal.h>
>+  #include <sys/wait.h>
>+  #include <openssl/ssl.h> 
>+  #include <tptp/TPTPConfig.h>
>+#endif
> 
> #include "SocketListener.h"
> 
>@@ -69,10 +80,14 @@
> 
> #include "tptp/dime.h"
> 
>-#define DEFAULT_PORT_NUM  10002
>-
>+#define DEFAULT_PORT_NUM  	10002
> #define PROTO_VERSION	1
> 
>+#define CONFIGURATION_HOME	"TPTP_AC_HOME"
>+
>+#define CERTF "cert.pem"
>+#define KEYF  "key.pem"
>+
> /** thread status */
> enum ThreadStatus { IDLE, RUNNING } ;
> 
>@@ -97,9 +112,16 @@
> int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) ;
> 
> int handleCONNECT_DATA(request_block_ptr_t pBlk, char *pMsg) ;
>-
>+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length); 
>+tptp_int32 closeConnection(request_block_ptr_t pBlock);
> int closeSocket (int socket);
>+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) ;
> 
>+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password);
>+
>+static int sslinit = 1;
>+static char* certFile = NULL;
>+static char* keyFile = NULL;
> 
> /**
>  *********************************************************
>@@ -129,7 +151,6 @@
> 	int rc = 0 ;
> 	char  *buffer = NULL;
> 	int   bufferLength = 0 ;
>-	BOOL  shouldAddHeader = FALSE ;
> 	char *pCurr = NULL ;
> 	int   uuidLength = 0 ;
> 
>@@ -149,9 +170,8 @@
> 	pCurr = writeUINTToBuffer(pCurr+1, PROTO_VERSION);
> 
> 	addBasicMsgHeader(cmd, cmdLength, &buffer, &bufferLength, flags) ;
>-	
> 	/* send the response */
>-	sendThisMessage(pBlk->pServerData, pBlk->connectionId, bufferLength, buffer, shouldAddHeader) ;
>+	writeData(pBlk, buffer, bufferLength);
> 
> 	if (cmd) tptp_free(cmd);
> 	if (buffer) tptp_free(buffer);
>@@ -159,6 +179,73 @@
> 	return ( rc ) ;
> }
> 
>+#ifndef _WIN32
>+int setSSL(request_block_ptr_t pBlk) {
>+  	SSL_METHOD *meth;
>+  	SSL_CTX* ctx;
>+  	SSL*     ssl;
>+  	int err;
>+  	
>+	if (sslinit) {  	
>+  		SSL_load_error_strings();
>+  		SSL_library_init();
>+  		sslinit = 0;
>+	}
>+  	
>+  	meth = SSLv23_server_method();
>+
>+  	ctx = SSL_CTX_new (meth);
>+  	if (!ctx) {
>+		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error");
>+    	return -1;
>+    }
>+
>+  	if (certFile == NULL) {
>+		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found");
>+    	return -1;
>+  	}
>+
>+  	if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) {
>+		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile);
>+    	return -1;
>+  	}
>+
>+  	if (keyFile == NULL) {
>+		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found");
>+    	return -1;
>+  	}
>+
>+  	if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) {
>+		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile);
>+    	return -1;
>+  	}
>+
>+  	if (!SSL_CTX_check_private_key(ctx)) { 
>+		TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s",
>+			keyFile, certFile);
>+    	return -1;
>+  	}
>+    
>+  	ssl = SSL_new (ctx);
>+  	if (ssl < 0) {
>+		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error");
>+  		return -1;
>+  	}
>+  	                          
>+  	SSL_set_fd (ssl, pBlk->clientSock);
>+  	err = SSL_accept (ssl);
>+	if (err < 0) {
>+		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err));
>+		return -1;
>+	}  	
>+
>+	pBlk->sslCtx = ctx;
>+	pBlk->ssl = ssl;
>+	pBlk->secured = TRUE;
>+
>+	return 0;
>+}
>+#endif
> 
> /**
>  *********************************************************
>@@ -169,14 +256,22 @@
>  *********************************************************/
> int handleCONNECT(request_block_ptr_t pBlk, char *pMsg)
> {
>-	HashTable           *pTab = NULL ;
>-	int  connId = 0 ;
>+	HashTable *pTab = NULL;
>+	int  connId = 0;
> 
> 	addConnectionEntry_ptr_t pFunc = NULL ;
> 
> 	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT request (Control channel).");
> 	pBlk->connectionType = CONTROL_CHANNEL ;
> 
>+#ifndef _WIN32
>+	if (pBlk->pServerData->securityEnabled && !pBlk->secured) {
>+		processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED);
>+										// no race condition here since incoming ssl request
>+		return setSSL(pBlk);			// will wait for processing in input buffer
>+	}
>+#endif	
>+
> 	/* tell the agent controller about the new connection  */
> 	/*    and receive the assigned connection id           */
> 	pFunc = pBlk->pServerData->agentControllerDataBlk.addConnectionEntry ;
>@@ -193,8 +288,19 @@
> 	pTab = pBlk->pServerData->connectionTable ;
> 	tablePut(pTab, connId, (Entry_value_ptr_t) pBlk) ;
> 
>+#ifndef _WIN32
> 	/* CONNECT command. Go handle it. */
>-	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE) ;
>+	if (pBlk->pServerData->securityEnabled) {
>+		processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE | AUTHENTICATION_FAILED);
>+	}
>+	else {
>+		processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE);
>+		pBlk->authenticated = TRUE;
>+	}
>+#else
>+	processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE);
>+	pBlk->authenticated = TRUE;
>+#endif
> 
> 	return 0 ;
> }
>@@ -203,6 +309,51 @@
>  *********************************************************
>  *
>  * @brief
>+ *    handle the AUTHENTICATE request
>+ *
>+ *********************************************************/
>+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) {
>+	char *name=NULL, *psw=NULL;
>+	BOOL success;
>+
>+	pMsg = readStringFromBuffer(pMsg, &name);
>+	pMsg = readStringFromBuffer(pMsg, &psw);
>+
>+	if (name != NULL && psw != NULL){
>+		success = vrfusrpwd(name, psw);
>+	}
>+	else{
>+		success = FALSE;
>+	}
>+			
>+	if (success) {			
>+		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is authenticated", name);
>+	}
>+	else if (name != NULL) {
>+		TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is not authenticated", name);
>+	}
>+	else {
>+		TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "User <null> is not authenticated");
>+	}
>+	
>+	pBlk->authenticated = success;
>+	if (success) {
>+	 	processCONNECTCall(pBlk, pMsg, AUTHENTICATION_SUCCESSFUL);
>+	}
>+	else {
>+		processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED);
>+	}
>+
>+	if (name != NULL) tptp_free(name);
>+	if (psw != NULL) tptp_free(psw);
>+	
>+	return 0 ;
>+}
>+
>+/**
>+ *********************************************************
>+ *
>+ * @brief
>  *    handle the CONNECT_DATA or CONNECT_CONSOLE request
>  *
>  *********************************************************/
>@@ -214,6 +365,15 @@
> 	addDataConnectionEntry_ptr_t pFunc = NULL ;
> 
> 	TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT_DATA/CONNECT_CONSOLE request (Data channel).");
>+
>+#ifndef _WIN32	
>+	if (pBlk->pServerData->securityEnabled && !pBlk->secured) {
>+		processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED);
>+										// no race condition here since incoming ssl request
>+		return setSSL(pBlk);			// will wait for processing in input buffer 
>+	}
>+#endif
>+
> 	pBlk->connectionType = DATA_CHANNEL ;
> 
> 	/* tell the agent controller about the new connection  */
>@@ -310,13 +470,28 @@
> 		     ((flags & CONNECT_CONSOLE) != 0))
> 	{
> 		if ((flags & CONNECT_CONSOLE) != 0)
>-			pBlk->isForConsole = TRUE ;
>+			pBlk->isForConsole = TRUE;
> 
> 		handleCONNECT_DATA(pBlk, pMsg) ;
> 
> 		/* prevent it from forwarding to the AC */
> 		pMsg = NULL ;
> 	}
>+#ifndef _WIN32	
>+	else if (pBlk->pServerData->securityEnabled && !pBlk->secured) { 
>+		pMsg = NULL ;
>+	}
>+	else if ((flags & AUTHENTICATE) != 0) {
>+		handleAUTHENTICATE(pBlk, pMsg) ;
>+
>+		/* prevent it from forwarding to the AC */
>+		pMsg = NULL ;
>+	}
>+	else if (pBlk->pServerData->securityEnabled && !pBlk->authenticated) {
>+		processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED);
>+		pMsg = NULL ;
>+	}
>+#endif	
> 	else if ((flags & DISCONNECT) != 0)
> 	{
> 		handleDISCONNECT(pBlk, pMsg) ;
>@@ -377,6 +552,7 @@
> 	return 0 ;
> }
> 
>+
> /**
>  *********************************************************
>  *
>@@ -438,7 +614,7 @@
> 
> 			/* read in the magic number */
> 			pMsg = readUINTFromBuffer(pBuffer, &magicNumber);
>-			
>+
> 			/* Compare against the magic number of the AC which is 0x54b674de */
> 			if (magicNumber != 0x54b674de) {
> 				/* Compare against the magic number of the RAC which is 0x82656780 */
>@@ -511,6 +687,28 @@
> 	return ( bytesToBeProcessed ) ;
> }
> 
>+#ifndef _WIN32
>+
>+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) {
>+	int result;
>+	if (pRdb->secured) {
>+		 result = SSL_read (pRdb->ssl, buffer, length);
>+		 *bytesRead = result;
>+	}
>+	else {
>+		result = readFromSocket(pRdb->clientSock, buffer, length, bytesRead);
>+	}
>+		
>+	return result;
>+}
>+
>+#else
>+
>+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) {
>+	return readFromSocket(pRdb->clientSock, buffer, length, bytesRead);
>+}
>+
>+#endif
> 
> /**
>  *********************************************************
>@@ -525,9 +723,6 @@
> THREAD_USER_FUNC_RET_TYPE processClientRequest(LPVOID args) 
> {
> 	int    rc = 1;
>-
>-	SOCKET clientSock ;
>-
> 	unsigned int  bytesRead;
> 	unsigned char buffer[TPTP_DEFAULT_BUFFER_MAX_LENGTH];
> 	unsigned int  bufferLength = TPTP_DEFAULT_BUFFER_LENGTH ;
>@@ -537,7 +732,6 @@
> 
> 	/* set up environmental info for this incoming message */
> 	request_block_ptr_t pRdb = (request_block_ptr_t) args ;
>-	clientSock = pRdb->clientSock ;
> 
> 	/* initial status before the thread is running */
> 	pRdb->threadStatus = RUNNING ;
>@@ -549,7 +743,7 @@
> 
> 		/* Another message might come in while we're processing
> 		 *    so we read until the pipe is empty                 */
>-		while ( (rc = readFromSocket(clientSock, buffer, bufferLength, &bytesRead)) > 0)
>+		while ( (rc = recvData(pRdb, buffer, bufferLength, &bytesRead)) > 0)
> 		{
> 			TPTP_LOG_DEBUG_MSG1(pRdb->pServerData, "Socket processClientRequest: Read %d bytes.", bytesRead) ;
> 
>@@ -577,8 +771,8 @@
> 		pFunc(pRdb->pServerData->cmo, pRdb->connectionId);
> 	}
> 
>-	freeRequestBlock( pRdb );
>-	closeSocket(clientSock);
>+	closeConnection(pRdb);
>+	freeRequestBlock(pRdb);
> 
> 	return ( 0 ) ;
> }
>@@ -606,6 +800,14 @@
> 	pRequestDataBlock->connectionType = 0 ;
> 
> 	pRequestDataBlock->isForConsole = FALSE ;
>+	
>+	pRequestDataBlock->authenticated = FALSE;
>+	pRequestDataBlock->secured = FALSE;
>+
>+#ifndef _WIN32
>+	pRequestDataBlock->ssl = NULL;
>+	pRequestDataBlock->sslCtx = NULL;
>+#endif	
> 
> 	pRequestDataBlock->pSendFunc = NULL ;
> 
>@@ -650,7 +852,7 @@
> 
> 		else
> 		{
>-			setHandleInherited((HANDLE) clientSock) ;
>+			setHandleInherited((HANDLE) clientSock);
> 
> 			/* set up the data block for each request */
> 			pRequestDataBlock = getInitRequestDataBlock(clientSock, pServerData) ;
>@@ -707,7 +909,58 @@
> 	return ( 0 );
> }
> 
>+int getACHome (char* buf, int len) {
>+	char* acHome;
>+	
>+	acHome = getenv(CONFIGURATION_HOME);
>+	if (acHome != NULL) {
>+		strncpy(buf, acHome, len);
>+		return 0;
>+	}
>+	
>+#ifdef _WIN32
>+	acHome = _getcwd(buf, 1024);
>+	if (acHome == NULL) return -1;
>+
>+	strcat(buf, "\\..");
>+#else
>+	acHome = getcwd(buf, 1024);
>+	if (acHome == NULL) return -1;
>+
>+	strcat(buf, "/..");
>+#endif
>+	
>+	return 0;
>+}
>+
>+int initSSL() {
>+	char buf[1024];
>+	
>+	if (getACHome(buf, 1024) < 0) {
>+		certFile = (char*) malloc(strlen(CERTF) + 1);
>+		strcpy(certFile, CERTF);
>+		
>+		keyFile = (char*) malloc(strlen(KEYF) + 1);
>+		strcpy(keyFile, CERTF);
>+	}
>+	else {
>+#ifdef _WIN32
>+		strcat(buf, "\\security\\");
>+#else
>+		strcat(buf, "/security/");
>+#endif		
> 
>+		certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1);
>+		strcpy(certFile, buf);
>+		strcat(certFile, CERTF);
>+
>+		keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1);
>+		strcpy(keyFile, buf);
>+		strcat(keyFile, KEYF);
>+	}
>+	
>+	return 0;	
>+}
> 
> /**
>  *********************************************************
>@@ -723,6 +976,8 @@
> {
> 	int       rc = 0 ;
> 
>+	initSSL();
>+	
> 	rc = initForSocketCalls() ;
> 
> 	if (rc == 0)
>@@ -742,11 +997,14 @@
> 		rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo);
> 		if (rc != -1) 
> 		{
>+			int d;
> 			pServerData->port = socketInfo.portNumber;
>+			pServerData->securityEnabled = socketInfo.securityEnabled; 
> 		} 
> 		else 
> 		{
> 			pServerData->port = DEFAULT_PORT_NUM;
>+			pServerData->securityEnabled = 0;
> 		}
> 
> 		tlo->data = pServerData;
>@@ -845,6 +1103,25 @@
> 	return ( rc ) ;
> }
> 
>+tptp_int32 closeConnection(request_block_ptr_t pBlock) {
>+	if (pBlock == NULL) return -1;
>+
>+#ifndef _WIN32	
>+	if (pBlock->ssl != NULL) { 
>+		SSL_free(pBlock->ssl);  
>+		pBlock->ssl = NULL; 
>+	}
>+	
>+	if (pBlock->sslCtx != NULL) { 
>+		SSL_CTX_free(pBlock->sslCtx);  
>+		pBlock->sslCtx = NULL; 
>+	}
>+#endif
>+	
>+  	pBlock->secured = FALSE;
>+  	
>+  	return closeSocket(pBlock->clientSock);
>+}
> 
> /**
>  *********************************************************
>@@ -859,8 +1136,6 @@
> 
> tptp_int32   terminateSocketConnection(server_block_t* pServerData, tptp_uint32  connectionID)
> {
>-	int rc = 0 ;
>-	SOCKET sock ;
> 	request_block_ptr_t pBlock ;
> 
> 	TPTP_LOG_DEBUG_MSG1(pServerData, "terminateConnection (socket): connection id(%d)", connectionID) ;
>@@ -868,12 +1143,8 @@
> 	/* retrieve the corresponding socket */
> 	pBlock = (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
> 
>-	sock = pBlock->clientSock ;
>-
> 	/* go close it down */
>-	rc = closeSocket(sock) ;
>-
>-	return ( rc ) ;
>+	return closeConnection(pBlock) ;
> }
> 
> 
>@@ -896,6 +1167,24 @@
> 	return ( sendThisMessage(pServerData, connectionID, cmdSize, pCmdBlock, TRUE ) ) ;
> }
> 
>+#ifndef _WIN32
>+
>+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { 
>+	if (pBlock->secured) {
>+		return SSL_write(pBlock->ssl, buffer, length);
>+	}
>+	else {
>+		return writeToSocket(pBlock->clientSock, buffer, length);
>+	}
>+}
>+
>+#else
>+
>+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { 
>+	return writeToSocket(pBlock->clientSock, buffer, length);
>+}
>+
>+#endif
> 
> /**
>  *********************************************************
>@@ -912,7 +1201,6 @@
> tptp_int32 sendThisMessage( server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 cmdSize, tptp_string* pCmdBlock, BOOL shouldAddHeader)
> {
> 	int rc = 0 ;
>-	SOCKET sock ;
> 	int  bytesSent  = 0 ;
> 	char *buffer = NULL;
> 	int  bufferLength = 0 ;
>@@ -924,7 +1212,9 @@
> 	request_block_ptr_t pBlock = 
> 		(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
> 
>-
>+	if (pBlock == NULL) {
>+		return -1;
>+	}
> 
> 	if (shouldAddHeader == TRUE)
> 	{
>@@ -941,11 +1231,8 @@
> 	/* synchronizing among threads. Single writer. */
> 	tptp_getWriteLock( & pBlock->locker );
> 
>-	/* locate the socket to send */
>-	sock = pBlock->clientSock ;
>-
> 	/* go send the message */
>-	bytesSent = writeToSocket(sock, pSendBuffer, bufferLength);
>+	bytesSent = writeData(pBlock, pSendBuffer, bufferLength);
> 	if (bytesSent < 0)
> 	{
> 		TPTP_LOG_ERROR_MSG1(pServerData, "Socket: Failed to send data on connection ID %d", connectionID);
>@@ -1153,7 +1440,6 @@
> 	request_block_ptr_t pBlock = 
> 		(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
> 
>-
> 	TPTP_LOG_DEBUG_MSG2(pServerData, "setIncomingDataFunc(socket) connectionID(%d) partnerID(%d)",
> 		connectionID, partnerID) ;
> 
>@@ -1179,8 +1465,6 @@
> 
> tptp_int32 sendSocketData(server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 dataSize, tptp_string* pDataBlock)
> {
>-	SOCKET sock ;
>-
> 	int bytesSent = 0 ;
> 
> 	int rc = 0 ;
>@@ -1189,11 +1473,10 @@
> 	request_block_ptr_t pBlock = 
> 		(request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ;
> 
>-	/* locate the socket to send */
>-	sock = pBlock->clientSock ;
>+	if (pBlock == NULL) return -1;
> 
> 	/* go send the message */
>-	bytesSent = writeToSocket(sock, pDataBlock, dataSize);
>+	bytesSent = writeData(pBlock, pDataBlock, dataSize); 
> 	if (bytesSent < 0)
> 	{
> 		TPTP_LOG_ERROR_MSG1(pServerData,"Socket: Failed to send data on connection ID %d", connectionID);
>@@ -1259,6 +1542,128 @@
> 	return (forwardDataToPartner(pBlk, dataLen, pBuffer)) ;
> }
> 
>+/*
>+ * --------------------------------------------------------------------------------
>+ * All the platform-dependent vrfusrpwd() functions below
>+ * --------------------------------------------------------------------------------
>+ */
>+
>+
>+#if defined(_WIN32)
>+/*
>+ *	Windows/IA32 section, in-process authentication
>+ */
>+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) {
>+	HANDLE handle;
>+
>+	return LogonUser(userid, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle);
>+}
>+#elif defined(__MVS__)
>+/*
>+ *	OS/390 section, in-process authentication. BPX.DAEMON is needed.
>+ */
>+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) {
>+	return __passwd(userid, password, NULL) ? FALSE : TRUE;
>+}
>+#elif defined(__OS400__)
>+/*
>+ *	OS/400 section, in-process authentication
>+ */
>+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) {
>+	struct error_code_t errorCode;
>+	char profileHandle[12];  /* profile handle, required by QSYGETPH API */
>+	char useridBuf[10] = "          ";
>+
>+	/* In descrypted case, the password is in code page of 437 */
>+	errorCode.bytesProvided = 64;
>+	errorCode.bytesAvailable = 0;
>+
>+	if(userid[0] == '*') {
>+		return FALSE;
>+	}
>+	else if(strlen(userid) > 10) {
>+		return FALSE;
>+	}
>+	else {
>+		int i;
>+		for(i = 0; i < strlen(userid); i++) {
>+			useridBuf[i] = toupper(userid[i]); /* change it all to upper case */
>+		}
>+	}
>+
>+	QSYGETPH(useridBuf, password, profileHandle, &errorCode, strlen(password), 37); /* CCSID of password is 37 (EBCDIC) */
>+
>+	if(errorCode.bytesAvailable > 0) {
>+		char *exc = (char*)ra_malloc(sizeof(char) * 8);
>+		BZERO(exc, 8);
>+		strncpy(exc, errorCode.exceptionID, 7);
>+		ra_free(exc);
>+
>+		return FALSE;
>+	}
>+	else {
>+		return TRUE;  /* authentication successful */
>+	}
>+}
>+#else /* non-Windows, non-OS/400 */
>+/*
>+ * Launch a separate process to authenticate user name and password
>+ */
>+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) {
>+	FILE *fp;
>+	BOOL success = FALSE;
>+	char *serverHome;
>+	char *authCmd;
>+	int authLen;
>+	int status;
>+	int rc = 0;
>+
>+	struct sigaction ignoreHandler; /* Use this handler for bypassing pre-configured signal handler */
>+	struct sigaction oldHandler; /* Used to temporary storing the configured signal handler */
>+
>+	serverHome = getCacheEnv("default", "RASERVER_HOME");
>+	/* Do not pass user ID and password since they will be shown by running 'ps' */
>+	authLen = strlen(serverHome) + 1 + strlen("bin") + 1 + strlen("ChkPass") + 1; /* Bug 168705 : need a null at the end for strcat() */
>+	authCmd = (char*)malloc(sizeof(char) * authLen);
>+	BZERO(authCmd, authLen);
>+	strcpy(authCmd, serverHome);
>+	strcat(authCmd, "/");
>+	strcat(authCmd, "bin");
>+	strcat(authCmd, "/");
>+	strcat(authCmd, "ChkPass");
>+
>+	/* Disable default SIGCHLD handler since system() call doesn't work with user-supplied signal handlers */
>+	BZERO(&ignoreHandler, sizeof(struct sigaction));
>+	BZERO(&oldHandler, sizeof(struct sigaction));
>+
>+	ignoreHandler.sa_handler = SIG_DFL; /* Reset to default SIGCHLD handler */
>+	sigaction(SIGCHLD, &ignoreHandler, &oldHandler); /* Store the previous signal handler */
>+
>+	fp = popen(authCmd, "w");
>+	fprintf(fp, "%s\n", userid);
>+	fprintf(fp, "%s\n", password);
>+	status = pclose(fp);
>+	if(WIFEXITED(status)) {
>+		rc = WEXITSTATUS(status);
>+	}
>+
>+	if(rc == 100) { /* 100 indicates success */
>+		success = TRUE;
>+	}
>+	else {
>+		success = FALSE;
>+	}
>+
>+	/* Re-enable the user-specified SIGCHLD handler */
>+	sigaction(SIGCHLD, &oldHandler, NULL);
>+
>+	free(authCmd);
>+
>+	return success;
>+}
>+
>+#endif
>+
> #ifdef __linux__
> int closeSocket (int socket) {
> 	struct linger linger;
>Index: src-native-new/src/transport/socketTL/SocketListener.h
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.h,v
>retrieving revision 1.11
>diff -u -r1.11 SocketListener.h
>--- src-native-new/src/transport/socketTL/SocketListener.h	16 May 2006 17:36:47 -0000	1.11
>+++ src-native-new/src/transport/socketTL/SocketListener.h	29 Aug 2007 12:23:30 -0000
>@@ -22,6 +22,10 @@
> #include "tptp/TPTPMessageHeader.h"
> #include "tptp/hashtable.h"
> 
>+#ifndef _WIN32
>+	#include <openssl/ssl.h>
>+#endif
>+
> #define SOCKET_LISTENER_OBJECT_ID  20001
> 
> /** instance-specific data block */
>@@ -33,6 +37,7 @@
> 	transport_layer_data_t	agentControllerDataBlk ;
> 	processMessage_ptr_t    processMessage;
> 	tptp_object*            nexto;
>+	int						securityEnabled;
> 
> 	/* hash table of connections for easy and fast search */
>     HashTable               *  connectionTable ;
>@@ -199,6 +204,14 @@
> 	int                 connectionPartnerID ;
> 
> 	BOOL                isForConsole ;
>+	
>+	BOOL                authenticated;
>+	BOOL                secured;
>+
>+#ifndef _WIN32
>+  	SSL*    			ssl;
>+  	SSL_CTX* 			sslCtx;
>+#endif
> 
> 	Lock_t				locker ; 
> 
>Index: src-native-new/src/transport/socketTL/SocketTL.make
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketTL.make,v
>retrieving revision 1.6
>diff -u -r1.6 SocketTL.make
>--- src-native-new/src/transport/socketTL/SocketTL.make	19 Mar 2007 03:14:37 -0000	1.6
>+++ src-native-new/src/transport/socketTL/SocketTL.make	29 Aug 2007 12:23:30 -0000
>@@ -44,7 +44,7 @@
> #   list of additional libraries to be linked with
> #      (separated by blanks)
> #-----------------------------------
>-LIBS       :=  dl tptpUtils transportSupport
>+LIBS       :=  dl tptpUtils transportSupport ssl
> 
> #-----------------------------------
> #   list of additional library directories to search from
>Index: src-native-new/src/shared/TPTPUtil/TPTUtil.def
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTUtil.def,v
>retrieving revision 1.28
>diff -u -r1.28 TPTUtil.def
>--- src-native-new/src/shared/TPTPUtil/TPTUtil.def	9 Apr 2007 17:01:24 -0000	1.28
>+++ src-native-new/src/shared/TPTPUtil/TPTUtil.def	29 Aug 2007 12:23:30 -0000
>@@ -99,3 +99,4 @@
> 	terminateXMLPlatformUtils
> 	parseHostList
> 	getExecutableName
>+	readStringFromBuffer
>\ No newline at end of file
>Index: src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp,v
>retrieving revision 1.35
>diff -u -r1.35 TPTPUtil.cpp
>--- src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp	18 Apr 2007 17:44:37 -0000	1.35
>+++ src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp	29 Aug 2007 12:23:30 -0000
>@@ -956,6 +956,7 @@
> 	char* elementValue=NULL;
> 	int mstrIdx=0;
> 	int nextIdx=0;
>+	int endIdx = strlen(config);
> 
> 	nextIdx = getTagName(config, &tagName);
> 	if ((nextIdx == -1) || (tagName == NULL)) goto errorReturn; //Error: badly formed cmd
>@@ -965,12 +966,16 @@
> 	mstrIdx++;
> 	tptp_free(tagName); tagName=NULL;
> 
>+	socketInfo->securityEnabled = 0;	// default
>+	
> 	while (1)
>-	{
>+	{ 
> 		nextIdx = getConfigElementName(&(config[mstrIdx]), &elementName);
>+		if (isEqualString(elementName, "/Configuration")) break;
>+		
> 		if ((nextIdx == -1) || (elementName == NULL)) goto errorReturn; //Error: badly formed cmd
> 		mstrIdx += nextIdx;
>-
>+ 
> 		nextIdx = getConfigElementValue(&(config[mstrIdx]), &elementValue);
> 		if ((nextIdx == -1) || (elementValue == NULL)) goto errorReturn; //Error: badly formed cmd
> 		mstrIdx += nextIdx;
>@@ -982,13 +987,16 @@
> 		if (isEqualString(elementName, "Port"))
> 		{
> 			socketInfo->portNumber = atoi(elementValue);
>-			break;
> 		}
>-		if (isEqualString(elementName, "Hosts Configuration"))
>+		else if (isEqualString(elementName, "SecurityEnabled"))
>+		{
>+			socketInfo->securityEnabled = isEqualString(elementValue, "true");
>+		}
>+		else if (isEqualString(elementName, "Hosts Configuration"))
> 		{
> 			socketInfo->hostConfig = elementValue;
> 		}
>-		if (isEqualString(elementName, "Allow host"))
>+		else if (isEqualString(elementName, "Allow host"))
> 		{
> 			socketInfo->allowHosts = elementValue;
> 		}
>Index: src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c,v
>retrieving revision 1.2
>diff -u -r1.2 TPTPSupportUtils.c
>--- src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c	1 Jun 2005 20:19:04 -0000	1.2
>+++ src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c	29 Aug 2007 12:23:29 -0000
>@@ -56,9 +56,6 @@
> 	return ( getGlobalUniqueId() ) ;
> }
> 
>-
>-
>-
> unsigned char* writeUINTToBuffer(unsigned char *buffer,
> 							   unsigned int uintData) {
> 	buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff);
>@@ -77,3 +74,18 @@
> 	return &buffer[sizeof(unsigned int)];
> }
> 
>+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str) {
>+	int len;
>+	
>+	buffer = readUINTFromBuffer(buffer, &len);
>+	if (len == 0)
>+		*str = NULL;
>+	else {
>+		*str = (char*) tptp_malloc(len+1);
>+		memcpy(*str, buffer, len);
>+		*((*str) + len) = '\0';
>+		buffer += len;
>+	}
>+	
>+	return buffer;
>+}
>Index: src-native/collection/packaging/security/generateKey.sh
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native/collection/packaging/security/generateKey.sh,v
>retrieving revision 1.1
>diff -u -r1.1 generateKey.sh
>--- src-native/collection/packaging/security/generateKey.sh	14 Mar 2006 16:44:49 -0000	1.1
>+++ src-native/collection/packaging/security/generateKey.sh	29 Aug 2007 12:23:30 -0000
>@@ -9,3 +9,13 @@
> 	
> $KEYTOOL -genkey -alias sample -keyalg RSA -sigalg MD5withRSA -dname "CN=Sample, OU=Sample, O=Sample, C=US" -validity 3650 -keypass $PASSWORD -storetype jks -keystore $KEYSTORE -storepass $PASSWORD
> $KEYTOOL -export -alias sample -file $CERT -keystore $KEYSTORE -storepass $PASSWORD
>+
>+CERTF=cert.pem
>+KEYF=key.pem
>+REQF=req.pem
>+LOG=openssl.log
>+
>+echo `date` > $LOG
>+openssl genrsa -out $KEYF 1024 >> $LOG 2>&1
>+openssl req -new -key $KEYF -out $REQF -batch >> $LOG 2>&1
>+openssl x509 -req -in $REQF -signkey $KEYF -out $CERTF >> $LOG 2>&1
>Index: src-native-new/include/tptp/TPTPSupportUtils.h
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPSupportUtils.h,v
>retrieving revision 1.1
>diff -u -r1.1 TPTPSupportUtils.h
>--- src-native-new/include/tptp/TPTPSupportUtils.h	1 Jun 2005 17:41:01 -0000	1.1
>+++ src-native-new/include/tptp/TPTPSupportUtils.h	29 Aug 2007 12:23:29 -0000
>@@ -65,6 +65,7 @@
> 
> unsigned char* writeUINTToBuffer(unsigned char *buffer, unsigned int uintData);
> unsigned char* readUINTFromBuffer(unsigned char *buffer, unsigned int *uint);
>+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str);
> 
> #ifdef __cplusplus
> }
>Index: src-native-new/include/tptp/TPTPMessageHeader.h
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPMessageHeader.h,v
>retrieving revision 1.13
>diff -u -r1.13 TPTPMessageHeader.h
>--- src-native-new/include/tptp/TPTPMessageHeader.h	26 Apr 2006 22:39:29 -0000	1.13
>+++ src-native-new/include/tptp/TPTPMessageHeader.h	29 Aug 2007 12:23:29 -0000
>@@ -53,6 +53,12 @@
> #define  CONNECT_DATA               0x10000000
> #define  DATA_CONNECTION_COMPLETE   0x20000000
> #define  DATA_CONNECTION_REFUSED    0x40000000
>+
>+#define  SECURITY_REQUIRED        	0x00010000
>+#define  AUTHENTICATE        		0x00020000
>+#define  AUTHENTICATION_FAILED     	0x00040000
>+#define  AUTHENTICATION_SUCCESSFUL 	0x00080000
>+
> #define  CONNECT_CONSOLE		    0x00100000
> #define  CONSOLE_CONNECT_COMPLETE	0x00200000
> #define  CONSOLE_CONNECT_FAILED		0x00400000
>Index: src-native-new/include/tptp/TPTPUtils.h
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPUtils.h,v
>retrieving revision 1.21
>diff -u -r1.21 TPTPUtils.h
>--- src-native-new/include/tptp/TPTPUtils.h	18 Apr 2007 17:44:37 -0000	1.21
>+++ src-native-new/include/tptp/TPTPUtils.h	29 Aug 2007 12:23:29 -0000
>@@ -79,6 +79,7 @@
> 	int portNumber;
> 	char *hostConfig;
> 	char *allowHosts;
>+	int securityEnabled;
> } SocketConfigInfo;
> 
> /* Define the various types of host addressing wildcards and types */
>Index: src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java
>===================================================================
>RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java,v
>retrieving revision 1.58
>diff -u -r1.58 SetConfig.java
>--- src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java	14 May 2007 17:11:43 -0000	1.58
>+++ src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java	29 Aug 2007 12:23:29 -0000
>@@ -1003,6 +1003,20 @@
> 			configuration.appendChild(port);
> 			n = doc.createTextNode("10006");
> 			port.appendChild(n);
>+			
>+			Element newAcSecurityEnabled = doc.createElement(SecurityEnabled.TAG);
>+			configuration.appendChild(newAcSecurityEnabled);
>+			//
>+			// Security section
>+			//
>+			String sec = configFile.getValue(Constants.SECURITY);
>+			if (sec != null && sec.toUpperCase().equals(Constants.SECURITY_ON)) {
>+				n = doc.createTextNode("true");
>+			} else {
>+				n = doc.createTextNode("false");
>+			}
>+			newAcSecurityEnabled.appendChild(n);
>+			
> 			commandExtractor = doc.createElement(CommandExtractor.TAG);
> 			transportLayer.appendChild(commandExtractor);
> 			n = doc.createTextNode("tptpCmdExtr");

Actions: View | Diff

Attachments on bug 195644: 73419 | 73421 | 73422 | 73423 | 73425 | 73429 | 77241 | 77242 | 77243 | 80051 | 80132 | 80870 | 84612 | 84631