Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 77243 Details for
Bug 195644
Add security support to New Agent Controller
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
updated AC patch
ac.txt (text/plain), 31.48 KB, created by
Igor Alelekov
on 2007-08-29 08:26:42 EDT
(
hide
)
Description:
updated AC patch
Filename:
MIME Type:
Creator:
Igor Alelekov
Created:
2007-08-29 08:26:42 EDT
Size:
31.48 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P org.eclipse.tptp.platform.agentcontroller >Index: src-native-new/src/agentController/AgentController.make >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/agentController/AgentController.make,v >retrieving revision 1.9 >diff -u -r1.9 AgentController.make >--- src-native-new/src/agentController/AgentController.make 19 Mar 2007 03:14:38 -0000 1.9 >+++ src-native-new/src/agentController/AgentController.make 29 Aug 2007 12:23:29 -0000 >@@ -29,7 +29,7 @@ > # (separated by blanks) > #----------------------------------- > >-LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread >+LIBS := tptpUtils tptpLogUtils tptpConfig processControlUtil xerces-c pthread ssl > > #----------------------------------- > # list of additional library directories to search from >Index: src-native-new/src/transport/socketTL/SocketListener.c >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.c,v >retrieving revision 1.38 >diff -u -r1.38 SocketListener.c >--- src-native-new/src/transport/socketTL/SocketListener.c 22 Aug 2007 16:47:07 -0000 1.38 >+++ src-native-new/src/transport/socketTL/SocketListener.c 29 Aug 2007 12:23:30 -0000 >@@ -59,6 +59,17 @@ > > *********************************************************/ > >+#include <stdlib.h> >+ >+#ifdef _WIN32 >+ #include <direct.h> >+#else >+ #include <unistd.h> >+ #include <signal.h> >+ #include <sys/wait.h> >+ #include <openssl/ssl.h> >+ #include <tptp/TPTPConfig.h> >+#endif > > #include "SocketListener.h" > >@@ -69,10 +80,14 @@ > > #include "tptp/dime.h" > >-#define DEFAULT_PORT_NUM 10002 >- >+#define DEFAULT_PORT_NUM 10002 > #define PROTO_VERSION 1 > >+#define CONFIGURATION_HOME "TPTP_AC_HOME" >+ >+#define CERTF "cert.pem" >+#define KEYF "key.pem" >+ > /** thread status */ > enum ThreadStatus { IDLE, RUNNING } ; > >@@ -97,9 +112,16 @@ > int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) ; > > int handleCONNECT_DATA(request_block_ptr_t pBlk, char *pMsg) ; >- >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length); >+tptp_int32 closeConnection(request_block_ptr_t pBlock); > int closeSocket (int socket); >+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) ; > >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password); >+ >+static int sslinit = 1; >+static char* certFile = NULL; >+static char* keyFile = NULL; > > /** > ********************************************************* >@@ -129,7 +151,6 @@ > int rc = 0 ; > char *buffer = NULL; > int bufferLength = 0 ; >- BOOL shouldAddHeader = FALSE ; > char *pCurr = NULL ; > int uuidLength = 0 ; > >@@ -149,9 +170,8 @@ > pCurr = writeUINTToBuffer(pCurr+1, PROTO_VERSION); > > addBasicMsgHeader(cmd, cmdLength, &buffer, &bufferLength, flags) ; >- > /* send the response */ >- sendThisMessage(pBlk->pServerData, pBlk->connectionId, bufferLength, buffer, shouldAddHeader) ; >+ writeData(pBlk, buffer, bufferLength); > > if (cmd) tptp_free(cmd); > if (buffer) tptp_free(buffer); >@@ -159,6 +179,73 @@ > return ( rc ) ; > } > >+#ifndef _WIN32 >+int setSSL(request_block_ptr_t pBlk) { >+ SSL_METHOD *meth; >+ SSL_CTX* ctx; >+ SSL* ssl; >+ int err; >+ >+ if (sslinit) { >+ SSL_load_error_strings(); >+ SSL_library_init(); >+ sslinit = 0; >+ } >+ >+ meth = SSLv23_server_method(); >+ >+ ctx = SSL_CTX_new (meth); >+ if (!ctx) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: context error"); >+ return -1; >+ } >+ >+ if (certFile == NULL) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no certificate file found"); >+ return -1; >+ } >+ >+ if (SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal certificate file %s", certFile); >+ return -1; >+ } >+ >+ if (keyFile == NULL) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL: no key file found"); >+ return -1; >+ } >+ >+ if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: illegal key file %s", keyFile); >+ return -1; >+ } >+ >+ if (!SSL_CTX_check_private_key(ctx)) { >+ TPTP_LOG_DEBUG_MSG2(pBlk->pServerData, "SSL: Private key %s does not match the certificate public key %s", >+ keyFile, certFile); >+ return -1; >+ } >+ >+ ssl = SSL_new (ctx); >+ if (ssl < 0) { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "SSL.new error"); >+ return -1; >+ } >+ >+ SSL_set_fd (ssl, pBlk->clientSock); >+ err = SSL_accept (ssl); >+ if (err < 0) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "SSL: ssl_accept error %d", SSL_get_error(ssl, err)); >+ return -1; >+ } >+ >+ pBlk->sslCtx = ctx; >+ pBlk->ssl = ssl; >+ pBlk->secured = TRUE; >+ >+ return 0; >+} >+#endif > > /** > ********************************************************* >@@ -169,14 +256,22 @@ > *********************************************************/ > int handleCONNECT(request_block_ptr_t pBlk, char *pMsg) > { >- HashTable *pTab = NULL ; >- int connId = 0 ; >+ HashTable *pTab = NULL; >+ int connId = 0; > > addConnectionEntry_ptr_t pFunc = NULL ; > > TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT request (Control channel)."); > pBlk->connectionType = CONTROL_CHANNEL ; > >+#ifndef _WIN32 >+ if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED); >+ // no race condition here since incoming ssl request >+ return setSSL(pBlk); // will wait for processing in input buffer >+ } >+#endif >+ > /* tell the agent controller about the new connection */ > /* and receive the assigned connection id */ > pFunc = pBlk->pServerData->agentControllerDataBlk.addConnectionEntry ; >@@ -193,8 +288,19 @@ > pTab = pBlk->pServerData->connectionTable ; > tablePut(pTab, connId, (Entry_value_ptr_t) pBlk) ; > >+#ifndef _WIN32 > /* CONNECT command. Go handle it. */ >- processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE) ; >+ if (pBlk->pServerData->securityEnabled) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE | AUTHENTICATION_FAILED); >+ } >+ else { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE); >+ pBlk->authenticated = TRUE; >+ } >+#else >+ processCONNECTCall(pBlk, pMsg, CONNECTION_COMPLETE); >+ pBlk->authenticated = TRUE; >+#endif > > return 0 ; > } >@@ -203,6 +309,51 @@ > ********************************************************* > * > * @brief >+ * handle the AUTHENTICATE request >+ * >+ *********************************************************/ >+int handleAUTHENTICATE(request_block_ptr_t pBlk, char *pMsg) { >+ char *name=NULL, *psw=NULL; >+ BOOL success; >+ >+ pMsg = readStringFromBuffer(pMsg, &name); >+ pMsg = readStringFromBuffer(pMsg, &psw); >+ >+ if (name != NULL && psw != NULL){ >+ success = vrfusrpwd(name, psw); >+ } >+ else{ >+ success = FALSE; >+ } >+ >+ if (success) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is authenticated", name); >+ } >+ else if (name != NULL) { >+ TPTP_LOG_DEBUG_MSG1(pBlk->pServerData, "User %s is not authenticated", name); >+ } >+ else { >+ TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "User <null> is not authenticated"); >+ } >+ >+ pBlk->authenticated = success; >+ if (success) { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_SUCCESSFUL); >+ } >+ else { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED); >+ } >+ >+ if (name != NULL) tptp_free(name); >+ if (psw != NULL) tptp_free(psw); >+ >+ return 0 ; >+} >+ >+/** >+ ********************************************************* >+ * >+ * @brief > * handle the CONNECT_DATA or CONNECT_CONSOLE request > * > *********************************************************/ >@@ -214,6 +365,15 @@ > addDataConnectionEntry_ptr_t pFunc = NULL ; > > TPTP_LOG_DEBUG_MSG(pBlk->pServerData, "Socket: handle CONNECT_DATA/CONNECT_CONSOLE request (Data channel)."); >+ >+#ifndef _WIN32 >+ if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ processCONNECTCall(pBlk, pMsg, CONNECTION_REFUSED | SECURITY_REQUIRED); >+ // no race condition here since incoming ssl request >+ return setSSL(pBlk); // will wait for processing in input buffer >+ } >+#endif >+ > pBlk->connectionType = DATA_CHANNEL ; > > /* tell the agent controller about the new connection */ >@@ -310,13 +470,28 @@ > ((flags & CONNECT_CONSOLE) != 0)) > { > if ((flags & CONNECT_CONSOLE) != 0) >- pBlk->isForConsole = TRUE ; >+ pBlk->isForConsole = TRUE; > > handleCONNECT_DATA(pBlk, pMsg) ; > > /* prevent it from forwarding to the AC */ > pMsg = NULL ; > } >+#ifndef _WIN32 >+ else if (pBlk->pServerData->securityEnabled && !pBlk->secured) { >+ pMsg = NULL ; >+ } >+ else if ((flags & AUTHENTICATE) != 0) { >+ handleAUTHENTICATE(pBlk, pMsg) ; >+ >+ /* prevent it from forwarding to the AC */ >+ pMsg = NULL ; >+ } >+ else if (pBlk->pServerData->securityEnabled && !pBlk->authenticated) { >+ processCONNECTCall(pBlk, pMsg, AUTHENTICATION_FAILED); >+ pMsg = NULL ; >+ } >+#endif > else if ((flags & DISCONNECT) != 0) > { > handleDISCONNECT(pBlk, pMsg) ; >@@ -377,6 +552,7 @@ > return 0 ; > } > >+ > /** > ********************************************************* > * >@@ -438,7 +614,7 @@ > > /* read in the magic number */ > pMsg = readUINTFromBuffer(pBuffer, &magicNumber); >- >+ > /* Compare against the magic number of the AC which is 0x54b674de */ > if (magicNumber != 0x54b674de) { > /* Compare against the magic number of the RAC which is 0x82656780 */ >@@ -511,6 +687,28 @@ > return ( bytesToBeProcessed ) ; > } > >+#ifndef _WIN32 >+ >+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) { >+ int result; >+ if (pRdb->secured) { >+ result = SSL_read (pRdb->ssl, buffer, length); >+ *bytesRead = result; >+ } >+ else { >+ result = readFromSocket(pRdb->clientSock, buffer, length, bytesRead); >+ } >+ >+ return result; >+} >+ >+#else >+ >+int recvData (request_block_ptr_t pRdb, char *buffer, int length, int *bytesRead) { >+ return readFromSocket(pRdb->clientSock, buffer, length, bytesRead); >+} >+ >+#endif > > /** > ********************************************************* >@@ -525,9 +723,6 @@ > THREAD_USER_FUNC_RET_TYPE processClientRequest(LPVOID args) > { > int rc = 1; >- >- SOCKET clientSock ; >- > unsigned int bytesRead; > unsigned char buffer[TPTP_DEFAULT_BUFFER_MAX_LENGTH]; > unsigned int bufferLength = TPTP_DEFAULT_BUFFER_LENGTH ; >@@ -537,7 +732,6 @@ > > /* set up environmental info for this incoming message */ > request_block_ptr_t pRdb = (request_block_ptr_t) args ; >- clientSock = pRdb->clientSock ; > > /* initial status before the thread is running */ > pRdb->threadStatus = RUNNING ; >@@ -549,7 +743,7 @@ > > /* Another message might come in while we're processing > * so we read until the pipe is empty */ >- while ( (rc = readFromSocket(clientSock, buffer, bufferLength, &bytesRead)) > 0) >+ while ( (rc = recvData(pRdb, buffer, bufferLength, &bytesRead)) > 0) > { > TPTP_LOG_DEBUG_MSG1(pRdb->pServerData, "Socket processClientRequest: Read %d bytes.", bytesRead) ; > >@@ -577,8 +771,8 @@ > pFunc(pRdb->pServerData->cmo, pRdb->connectionId); > } > >- freeRequestBlock( pRdb ); >- closeSocket(clientSock); >+ closeConnection(pRdb); >+ freeRequestBlock(pRdb); > > return ( 0 ) ; > } >@@ -606,6 +800,14 @@ > pRequestDataBlock->connectionType = 0 ; > > pRequestDataBlock->isForConsole = FALSE ; >+ >+ pRequestDataBlock->authenticated = FALSE; >+ pRequestDataBlock->secured = FALSE; >+ >+#ifndef _WIN32 >+ pRequestDataBlock->ssl = NULL; >+ pRequestDataBlock->sslCtx = NULL; >+#endif > > pRequestDataBlock->pSendFunc = NULL ; > >@@ -650,7 +852,7 @@ > > else > { >- setHandleInherited((HANDLE) clientSock) ; >+ setHandleInherited((HANDLE) clientSock); > > /* set up the data block for each request */ > pRequestDataBlock = getInitRequestDataBlock(clientSock, pServerData) ; >@@ -707,7 +909,58 @@ > return ( 0 ); > } > >+int getACHome (char* buf, int len) { >+ char* acHome; >+ >+ acHome = getenv(CONFIGURATION_HOME); >+ if (acHome != NULL) { >+ strncpy(buf, acHome, len); >+ return 0; >+ } >+ >+#ifdef _WIN32 >+ acHome = _getcwd(buf, 1024); >+ if (acHome == NULL) return -1; >+ >+ strcat(buf, "\\.."); >+#else >+ acHome = getcwd(buf, 1024); >+ if (acHome == NULL) return -1; >+ >+ strcat(buf, "/.."); >+#endif >+ >+ return 0; >+} >+ >+int initSSL() { >+ char buf[1024]; >+ >+ if (getACHome(buf, 1024) < 0) { >+ certFile = (char*) malloc(strlen(CERTF) + 1); >+ strcpy(certFile, CERTF); >+ >+ keyFile = (char*) malloc(strlen(KEYF) + 1); >+ strcpy(keyFile, CERTF); >+ } >+ else { >+#ifdef _WIN32 >+ strcat(buf, "\\security\\"); >+#else >+ strcat(buf, "/security/"); >+#endif > >+ certFile = (char*) malloc(strlen(buf) + strlen(CERTF) + 1); >+ strcpy(certFile, buf); >+ strcat(certFile, CERTF); >+ >+ keyFile = (char*) malloc(strlen(buf) + strlen(KEYF) + 1); >+ strcpy(keyFile, buf); >+ strcat(keyFile, KEYF); >+ } >+ >+ return 0; >+} > > /** > ********************************************************* >@@ -723,6 +976,8 @@ > { > int rc = 0 ; > >+ initSSL(); >+ > rc = initForSocketCalls() ; > > if (rc == 0) >@@ -742,11 +997,14 @@ > rc = getSocketConfigInfo(pTransportData->configurationData, &socketInfo); > if (rc != -1) > { >+ int d; > pServerData->port = socketInfo.portNumber; >+ pServerData->securityEnabled = socketInfo.securityEnabled; > } > else > { > pServerData->port = DEFAULT_PORT_NUM; >+ pServerData->securityEnabled = 0; > } > > tlo->data = pServerData; >@@ -845,6 +1103,25 @@ > return ( rc ) ; > } > >+tptp_int32 closeConnection(request_block_ptr_t pBlock) { >+ if (pBlock == NULL) return -1; >+ >+#ifndef _WIN32 >+ if (pBlock->ssl != NULL) { >+ SSL_free(pBlock->ssl); >+ pBlock->ssl = NULL; >+ } >+ >+ if (pBlock->sslCtx != NULL) { >+ SSL_CTX_free(pBlock->sslCtx); >+ pBlock->sslCtx = NULL; >+ } >+#endif >+ >+ pBlock->secured = FALSE; >+ >+ return closeSocket(pBlock->clientSock); >+} > > /** > ********************************************************* >@@ -859,8 +1136,6 @@ > > tptp_int32 terminateSocketConnection(server_block_t* pServerData, tptp_uint32 connectionID) > { >- int rc = 0 ; >- SOCKET sock ; > request_block_ptr_t pBlock ; > > TPTP_LOG_DEBUG_MSG1(pServerData, "terminateConnection (socket): connection id(%d)", connectionID) ; >@@ -868,12 +1143,8 @@ > /* retrieve the corresponding socket */ > pBlock = (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- sock = pBlock->clientSock ; >- > /* go close it down */ >- rc = closeSocket(sock) ; >- >- return ( rc ) ; >+ return closeConnection(pBlock) ; > } > > >@@ -896,6 +1167,24 @@ > return ( sendThisMessage(pServerData, connectionID, cmdSize, pCmdBlock, TRUE ) ) ; > } > >+#ifndef _WIN32 >+ >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { >+ if (pBlock->secured) { >+ return SSL_write(pBlock->ssl, buffer, length); >+ } >+ else { >+ return writeToSocket(pBlock->clientSock, buffer, length); >+ } >+} >+ >+#else >+ >+tptp_int32 writeData(request_block_ptr_t pBlock, char* buffer, int length) { >+ return writeToSocket(pBlock->clientSock, buffer, length); >+} >+ >+#endif > > /** > ********************************************************* >@@ -912,7 +1201,6 @@ > tptp_int32 sendThisMessage( server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 cmdSize, tptp_string* pCmdBlock, BOOL shouldAddHeader) > { > int rc = 0 ; >- SOCKET sock ; > int bytesSent = 0 ; > char *buffer = NULL; > int bufferLength = 0 ; >@@ -924,7 +1212,9 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- >+ if (pBlock == NULL) { >+ return -1; >+ } > > if (shouldAddHeader == TRUE) > { >@@ -941,11 +1231,8 @@ > /* synchronizing among threads. Single writer. */ > tptp_getWriteLock( & pBlock->locker ); > >- /* locate the socket to send */ >- sock = pBlock->clientSock ; >- > /* go send the message */ >- bytesSent = writeToSocket(sock, pSendBuffer, bufferLength); >+ bytesSent = writeData(pBlock, pSendBuffer, bufferLength); > if (bytesSent < 0) > { > TPTP_LOG_ERROR_MSG1(pServerData, "Socket: Failed to send data on connection ID %d", connectionID); >@@ -1153,7 +1440,6 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- > TPTP_LOG_DEBUG_MSG2(pServerData, "setIncomingDataFunc(socket) connectionID(%d) partnerID(%d)", > connectionID, partnerID) ; > >@@ -1179,8 +1465,6 @@ > > tptp_int32 sendSocketData(server_block_t* pServerData, tptp_uint32 connectionID, tptp_uint32 dataSize, tptp_string* pDataBlock) > { >- SOCKET sock ; >- > int bytesSent = 0 ; > > int rc = 0 ; >@@ -1189,11 +1473,10 @@ > request_block_ptr_t pBlock = > (request_block_ptr_t) tableGet(pServerData->connectionTable, connectionID) ; > >- /* locate the socket to send */ >- sock = pBlock->clientSock ; >+ if (pBlock == NULL) return -1; > > /* go send the message */ >- bytesSent = writeToSocket(sock, pDataBlock, dataSize); >+ bytesSent = writeData(pBlock, pDataBlock, dataSize); > if (bytesSent < 0) > { > TPTP_LOG_ERROR_MSG1(pServerData,"Socket: Failed to send data on connection ID %d", connectionID); >@@ -1259,6 +1542,128 @@ > return (forwardDataToPartner(pBlk, dataLen, pBuffer)) ; > } > >+/* >+ * -------------------------------------------------------------------------------- >+ * All the platform-dependent vrfusrpwd() functions below >+ * -------------------------------------------------------------------------------- >+ */ >+ >+ >+#if defined(_WIN32) >+/* >+ * Windows/IA32 section, in-process authentication >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ HANDLE handle; >+ >+ return LogonUser(userid, NULL, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle); >+} >+#elif defined(__MVS__) >+/* >+ * OS/390 section, in-process authentication. BPX.DAEMON is needed. >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ return __passwd(userid, password, NULL) ? FALSE : TRUE; >+} >+#elif defined(__OS400__) >+/* >+ * OS/400 section, in-process authentication >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ struct error_code_t errorCode; >+ char profileHandle[12]; /* profile handle, required by QSYGETPH API */ >+ char useridBuf[10] = " "; >+ >+ /* In descrypted case, the password is in code page of 437 */ >+ errorCode.bytesProvided = 64; >+ errorCode.bytesAvailable = 0; >+ >+ if(userid[0] == '*') { >+ return FALSE; >+ } >+ else if(strlen(userid) > 10) { >+ return FALSE; >+ } >+ else { >+ int i; >+ for(i = 0; i < strlen(userid); i++) { >+ useridBuf[i] = toupper(userid[i]); /* change it all to upper case */ >+ } >+ } >+ >+ QSYGETPH(useridBuf, password, profileHandle, &errorCode, strlen(password), 37); /* CCSID of password is 37 (EBCDIC) */ >+ >+ if(errorCode.bytesAvailable > 0) { >+ char *exc = (char*)ra_malloc(sizeof(char) * 8); >+ BZERO(exc, 8); >+ strncpy(exc, errorCode.exceptionID, 7); >+ ra_free(exc); >+ >+ return FALSE; >+ } >+ else { >+ return TRUE; /* authentication successful */ >+ } >+} >+#else /* non-Windows, non-OS/400 */ >+/* >+ * Launch a separate process to authenticate user name and password >+ */ >+BOOL vrfusrpwd(tptp_string *userid, tptp_string *password) { >+ FILE *fp; >+ BOOL success = FALSE; >+ char *serverHome; >+ char *authCmd; >+ int authLen; >+ int status; >+ int rc = 0; >+ >+ struct sigaction ignoreHandler; /* Use this handler for bypassing pre-configured signal handler */ >+ struct sigaction oldHandler; /* Used to temporary storing the configured signal handler */ >+ >+ serverHome = getCacheEnv("default", "RASERVER_HOME"); >+ /* Do not pass user ID and password since they will be shown by running 'ps' */ >+ authLen = strlen(serverHome) + 1 + strlen("bin") + 1 + strlen("ChkPass") + 1; /* Bug 168705 : need a null at the end for strcat() */ >+ authCmd = (char*)malloc(sizeof(char) * authLen); >+ BZERO(authCmd, authLen); >+ strcpy(authCmd, serverHome); >+ strcat(authCmd, "/"); >+ strcat(authCmd, "bin"); >+ strcat(authCmd, "/"); >+ strcat(authCmd, "ChkPass"); >+ >+ /* Disable default SIGCHLD handler since system() call doesn't work with user-supplied signal handlers */ >+ BZERO(&ignoreHandler, sizeof(struct sigaction)); >+ BZERO(&oldHandler, sizeof(struct sigaction)); >+ >+ ignoreHandler.sa_handler = SIG_DFL; /* Reset to default SIGCHLD handler */ >+ sigaction(SIGCHLD, &ignoreHandler, &oldHandler); /* Store the previous signal handler */ >+ >+ fp = popen(authCmd, "w"); >+ fprintf(fp, "%s\n", userid); >+ fprintf(fp, "%s\n", password); >+ status = pclose(fp); >+ if(WIFEXITED(status)) { >+ rc = WEXITSTATUS(status); >+ } >+ >+ if(rc == 100) { /* 100 indicates success */ >+ success = TRUE; >+ } >+ else { >+ success = FALSE; >+ } >+ >+ /* Re-enable the user-specified SIGCHLD handler */ >+ sigaction(SIGCHLD, &oldHandler, NULL); >+ >+ free(authCmd); >+ >+ return success; >+} >+ >+#endif >+ > #ifdef __linux__ > int closeSocket (int socket) { > struct linger linger; >Index: src-native-new/src/transport/socketTL/SocketListener.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketListener.h,v >retrieving revision 1.11 >diff -u -r1.11 SocketListener.h >--- src-native-new/src/transport/socketTL/SocketListener.h 16 May 2006 17:36:47 -0000 1.11 >+++ src-native-new/src/transport/socketTL/SocketListener.h 29 Aug 2007 12:23:30 -0000 >@@ -22,6 +22,10 @@ > #include "tptp/TPTPMessageHeader.h" > #include "tptp/hashtable.h" > >+#ifndef _WIN32 >+ #include <openssl/ssl.h> >+#endif >+ > #define SOCKET_LISTENER_OBJECT_ID 20001 > > /** instance-specific data block */ >@@ -33,6 +37,7 @@ > transport_layer_data_t agentControllerDataBlk ; > processMessage_ptr_t processMessage; > tptp_object* nexto; >+ int securityEnabled; > > /* hash table of connections for easy and fast search */ > HashTable * connectionTable ; >@@ -199,6 +204,14 @@ > int connectionPartnerID ; > > BOOL isForConsole ; >+ >+ BOOL authenticated; >+ BOOL secured; >+ >+#ifndef _WIN32 >+ SSL* ssl; >+ SSL_CTX* sslCtx; >+#endif > > Lock_t locker ; > >Index: src-native-new/src/transport/socketTL/SocketTL.make >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/transport/socketTL/SocketTL.make,v >retrieving revision 1.6 >diff -u -r1.6 SocketTL.make >--- src-native-new/src/transport/socketTL/SocketTL.make 19 Mar 2007 03:14:37 -0000 1.6 >+++ src-native-new/src/transport/socketTL/SocketTL.make 29 Aug 2007 12:23:30 -0000 >@@ -44,7 +44,7 @@ > # list of additional libraries to be linked with > # (separated by blanks) > #----------------------------------- >-LIBS := dl tptpUtils transportSupport >+LIBS := dl tptpUtils transportSupport ssl > > #----------------------------------- > # list of additional library directories to search from >Index: src-native-new/src/shared/TPTPUtil/TPTUtil.def >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTUtil.def,v >retrieving revision 1.28 >diff -u -r1.28 TPTUtil.def >--- src-native-new/src/shared/TPTPUtil/TPTUtil.def 9 Apr 2007 17:01:24 -0000 1.28 >+++ src-native-new/src/shared/TPTPUtil/TPTUtil.def 29 Aug 2007 12:23:30 -0000 >@@ -99,3 +99,4 @@ > terminateXMLPlatformUtils > parseHostList > getExecutableName >+ readStringFromBuffer >\ No newline at end of file >Index: src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp,v >retrieving revision 1.35 >diff -u -r1.35 TPTPUtil.cpp >--- src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp 18 Apr 2007 17:44:37 -0000 1.35 >+++ src-native-new/src/shared/TPTPUtil/TPTPUtil.cpp 29 Aug 2007 12:23:30 -0000 >@@ -956,6 +956,7 @@ > char* elementValue=NULL; > int mstrIdx=0; > int nextIdx=0; >+ int endIdx = strlen(config); > > nextIdx = getTagName(config, &tagName); > if ((nextIdx == -1) || (tagName == NULL)) goto errorReturn; //Error: badly formed cmd >@@ -965,12 +966,16 @@ > mstrIdx++; > tptp_free(tagName); tagName=NULL; > >+ socketInfo->securityEnabled = 0; // default >+ > while (1) >- { >+ { > nextIdx = getConfigElementName(&(config[mstrIdx]), &elementName); >+ if (isEqualString(elementName, "/Configuration")) break; >+ > if ((nextIdx == -1) || (elementName == NULL)) goto errorReturn; //Error: badly formed cmd > mstrIdx += nextIdx; >- >+ > nextIdx = getConfigElementValue(&(config[mstrIdx]), &elementValue); > if ((nextIdx == -1) || (elementValue == NULL)) goto errorReturn; //Error: badly formed cmd > mstrIdx += nextIdx; >@@ -982,13 +987,16 @@ > if (isEqualString(elementName, "Port")) > { > socketInfo->portNumber = atoi(elementValue); >- break; > } >- if (isEqualString(elementName, "Hosts Configuration")) >+ else if (isEqualString(elementName, "SecurityEnabled")) >+ { >+ socketInfo->securityEnabled = isEqualString(elementValue, "true"); >+ } >+ else if (isEqualString(elementName, "Hosts Configuration")) > { > socketInfo->hostConfig = elementValue; > } >- if (isEqualString(elementName, "Allow host")) >+ else if (isEqualString(elementName, "Allow host")) > { > socketInfo->allowHosts = elementValue; > } >Index: src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c,v >retrieving revision 1.2 >diff -u -r1.2 TPTPSupportUtils.c >--- src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c 1 Jun 2005 20:19:04 -0000 1.2 >+++ src-native-new/src/shared/TPTPUtil/TPTPSupportUtils.c 29 Aug 2007 12:23:29 -0000 >@@ -56,9 +56,6 @@ > return ( getGlobalUniqueId() ) ; > } > >- >- >- > unsigned char* writeUINTToBuffer(unsigned char *buffer, > unsigned int uintData) { > buffer[0]=(unsigned char)(uintData>>24 & 0x000000ff); >@@ -77,3 +74,18 @@ > return &buffer[sizeof(unsigned int)]; > } > >+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str) { >+ int len; >+ >+ buffer = readUINTFromBuffer(buffer, &len); >+ if (len == 0) >+ *str = NULL; >+ else { >+ *str = (char*) tptp_malloc(len+1); >+ memcpy(*str, buffer, len); >+ *((*str) + len) = '\0'; >+ buffer += len; >+ } >+ >+ return buffer; >+} >Index: src-native/collection/packaging/security/generateKey.sh >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native/collection/packaging/security/generateKey.sh,v >retrieving revision 1.1 >diff -u -r1.1 generateKey.sh >--- src-native/collection/packaging/security/generateKey.sh 14 Mar 2006 16:44:49 -0000 1.1 >+++ src-native/collection/packaging/security/generateKey.sh 29 Aug 2007 12:23:30 -0000 >@@ -9,3 +9,13 @@ > > $KEYTOOL -genkey -alias sample -keyalg RSA -sigalg MD5withRSA -dname "CN=Sample, OU=Sample, O=Sample, C=US" -validity 3650 -keypass $PASSWORD -storetype jks -keystore $KEYSTORE -storepass $PASSWORD > $KEYTOOL -export -alias sample -file $CERT -keystore $KEYSTORE -storepass $PASSWORD >+ >+CERTF=cert.pem >+KEYF=key.pem >+REQF=req.pem >+LOG=openssl.log >+ >+echo `date` > $LOG >+openssl genrsa -out $KEYF 1024 >> $LOG 2>&1 >+openssl req -new -key $KEYF -out $REQF -batch >> $LOG 2>&1 >+openssl x509 -req -in $REQF -signkey $KEYF -out $CERTF >> $LOG 2>&1 >Index: src-native-new/include/tptp/TPTPSupportUtils.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPSupportUtils.h,v >retrieving revision 1.1 >diff -u -r1.1 TPTPSupportUtils.h >--- src-native-new/include/tptp/TPTPSupportUtils.h 1 Jun 2005 17:41:01 -0000 1.1 >+++ src-native-new/include/tptp/TPTPSupportUtils.h 29 Aug 2007 12:23:29 -0000 >@@ -65,6 +65,7 @@ > > unsigned char* writeUINTToBuffer(unsigned char *buffer, unsigned int uintData); > unsigned char* readUINTFromBuffer(unsigned char *buffer, unsigned int *uint); >+unsigned char* readStringFromBuffer(unsigned char *buffer, char** str); > > #ifdef __cplusplus > } >Index: src-native-new/include/tptp/TPTPMessageHeader.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPMessageHeader.h,v >retrieving revision 1.13 >diff -u -r1.13 TPTPMessageHeader.h >--- src-native-new/include/tptp/TPTPMessageHeader.h 26 Apr 2006 22:39:29 -0000 1.13 >+++ src-native-new/include/tptp/TPTPMessageHeader.h 29 Aug 2007 12:23:29 -0000 >@@ -53,6 +53,12 @@ > #define CONNECT_DATA 0x10000000 > #define DATA_CONNECTION_COMPLETE 0x20000000 > #define DATA_CONNECTION_REFUSED 0x40000000 >+ >+#define SECURITY_REQUIRED 0x00010000 >+#define AUTHENTICATE 0x00020000 >+#define AUTHENTICATION_FAILED 0x00040000 >+#define AUTHENTICATION_SUCCESSFUL 0x00080000 >+ > #define CONNECT_CONSOLE 0x00100000 > #define CONSOLE_CONNECT_COMPLETE 0x00200000 > #define CONSOLE_CONNECT_FAILED 0x00400000 >Index: src-native-new/include/tptp/TPTPUtils.h >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-native-new/include/tptp/TPTPUtils.h,v >retrieving revision 1.21 >diff -u -r1.21 TPTPUtils.h >--- src-native-new/include/tptp/TPTPUtils.h 18 Apr 2007 17:44:37 -0000 1.21 >+++ src-native-new/include/tptp/TPTPUtils.h 29 Aug 2007 12:23:29 -0000 >@@ -79,6 +79,7 @@ > int portNumber; > char *hostConfig; > char *allowHosts; >+ int securityEnabled; > } SocketConfigInfo; > > /* Define the various types of host addressing wildcards and types */ >Index: src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java >=================================================================== >RCS file: /cvsroot/tptp/platform/org.eclipse.tptp.platform.agentcontroller/src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java,v >retrieving revision 1.58 >diff -u -r1.58 SetConfig.java >--- src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java 14 May 2007 17:11:43 -0000 1.58 >+++ src-config/org/eclipse/tptp/platform/agentcontroller/config/SetConfig.java 29 Aug 2007 12:23:29 -0000 >@@ -1003,6 +1003,20 @@ > configuration.appendChild(port); > n = doc.createTextNode("10006"); > port.appendChild(n); >+ >+ Element newAcSecurityEnabled = doc.createElement(SecurityEnabled.TAG); >+ configuration.appendChild(newAcSecurityEnabled); >+ // >+ // Security section >+ // >+ String sec = configFile.getValue(Constants.SECURITY); >+ if (sec != null && sec.toUpperCase().equals(Constants.SECURITY_ON)) { >+ n = doc.createTextNode("true"); >+ } else { >+ n = doc.createTextNode("false"); >+ } >+ newAcSecurityEnabled.appendChild(n); >+ > commandExtractor = doc.createElement(CommandExtractor.TAG); > transportLayer.appendChild(commandExtractor); > n = doc.createTextNode("tptpCmdExtr");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 195644
:
73419
|
73421
|
73422
|
73423
|
73425
|
73429
|
77241
|
77242
| 77243 |
80051
|
80132
|
80870
|
84612
|
84631