remotelaboratory/servers/auth_server_lin/src/auth_conn.cpp

/*
 * Remote Laboratory Authentication Server
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * (c) 2012 Timothy Pearson
 * Raptor Engineering
 * http://www.raptorengineeringinc.com
 */

#include <stdlib.h>

#include <tqtimer.h>

#include <klocale.h>

#include "auth_conn.h"

#define ABORT_SOCKET(s) 		s->close();						\
					s->disconnect();					\
					delete s;						\
					s = NULL;

/* exception handling */
struct exit_exception {
	int c;
	exit_exception(int c):c(c) { }
};

/*
  The AuthSocket class provides a socket that is connected with a client.
  For every client that connects to the server, the server creates a new
  instance of this class.
*/
AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_bound(false), m_servActive(false), m_servState(0), m_servClientSocket(NULL), m_servClientTimeout(NULL), m_config(static_cast<AuthServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL),
	m_databaseServicesCursor(NULL), m_databaseServiceTypesCursor(NULL), m_databasePermissionsCursor(NULL), m_databaseActivityCursor(NULL)
{

	setServiceName("remotefpga");

	line = 0;
	connect(this, SIGNAL(connectionClosed()), SLOT(connectionClosedHandler()));
	setSocket(sock);

	if (connectToDatabase() != 0) {
		exit(1);
	}
}

AuthSocket::~AuthSocket() {
	if (m_databaseStationsCursor) {
		delete m_databaseStationsCursor;
	}
	if (m_databaseServicesCursor) {
		delete m_databaseServicesCursor;
	}
	if (m_databaseServiceTypesCursor) {
		delete m_databaseServiceTypesCursor;
	}
	if (m_databasePermissionsCursor) {
		delete m_databasePermissionsCursor;
	}
	if (m_databaseActivityCursor) {
		delete m_databaseActivityCursor;
	}
	if (m_servClientSocket) {
		delete m_servClientSocket;
	}
}

void AuthSocket::close() {
	if (state() == TQSocket::Connected) {
		TDEKerberosServerSocket::close();
		connectionClosedHandler();
	}
}

void AuthSocket::connectionClosedHandler() {
	printf("[DEBUG] Connection from %s closed\n\r", m_remoteHost.ascii());

	if (m_bound) {
		// Update database
		m_databaseActivityCursor->select(TQString("station='%1' AND username='%2' AND realmname='%3'").arg(m_stationID).arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
		if (m_databaseActivityCursor->next()) {
			m_databaseActivityCursor->primeDelete();
			m_databaseActivityCursor->del(true);
		}
	}

	if (m_criticalSection > 0) {
		throw exit_exception(-1);
	}
}

int AuthSocket::initiateKerberosHandshake() {
	// RAJA FIXME
	setUsingKerberos(true);
	while (kerberosStatus() == TDEKerberosServerSocket::KerberosInitializing) {
		tqApp->processEvents();
	}
	if (kerberosStatus() == TDEKerberosServerSocket::KerberosInUse) {
		TQ_UINT32 magicnum = MAGIC_NUMBER;
		TQ_UINT32 protover = PROTOCOL_VERSION;

		TQDataStream ds(this);
		ds << magicnum;
		ds << protover;

		return 0;
	}
	else {
		return -1;
	}
}

void AuthSocket::servLoop() {
	if (m_servActive) {
		TQString command;
		TQDataStream ds(this);
		TDEKerberosClientSocket::KerberosStatus krbstat;

		switch (m_servState) {
			case 0:
				if (!m_servClientTimeout) {
					m_servClientTimeout = new TQTimer();
					m_servClientTimeout->start(5000, TRUE);
				}
				if ((m_servClientSocket->state() == TQSocket::Connecting) || (m_servClientSocket->state() == TQSocket::HostLookup)) {
					if (!m_servClientTimeout->isActive()) {
						m_servClientSocket->close();
						ds << TQString("ERRNOTAVL");
						printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
						m_servActive = false;
						delete m_servClientTimeout;
						m_servClientTimeout = NULL;
					}
				}
				else {
					if (m_servClientTimeout) {
						m_servClientTimeout->stop();
						delete m_servClientTimeout;
						m_servClientTimeout = NULL;
					}
					m_servState = 1;
				}
				break;
			case 1:
				if (m_servClientSocket->state() == TQSocket::Connected) {
					m_servClientSocket->setUsingKerberos(true);
					m_servState = 2;
				}
				else {
					m_servClientSocket->close();
					ds << TQString("ERRNOTAVL");
					printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
					m_servActive = false;
					delete m_servClientTimeout;
					m_servClientTimeout = NULL;
				}
				break;
			case 2:
				krbstat = m_servClientSocket->kerberosStatus();
				if ((krbstat == TDEKerberosClientSocket::KerberosInitializing) || (krbstat == TDEKerberosClientSocket::KerberosInUse)) {
					if (krbstat == TDEKerberosClientSocket::KerberosInUse) {
						m_servState = 3;
					}
				}
				else {
					m_servClientSocket->close();
					ds << TQString("ERRNOTAVL");
					printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
					m_servActive = false;
					delete m_servClientTimeout;
					m_servClientTimeout = NULL;
				}
				break;
			case 3:
				if (!m_servClientTimeout) {
					m_servClientTimeout = new TQTimer();
					m_servClientTimeout->start(5000, TRUE);
				}
				if (m_servClientSocket->state() == TQSocket::Connected) {
					if (m_servClientSocket->canReadLine()) {
						TQDataStream clientDS(m_servClientSocket);
						TQString server_reply;
	
						clientDS >> server_reply;
						if (server_reply == "OK") {
							ds << TQString("OK");
							m_servState = 4;
						}
						else {
							m_servClientSocket->close();
							ds << TQString("ERRNOTAVL");
							printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to remote server returning %s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii(), server_reply.ascii()); fflush(stdout);
							m_servActive = false;
							delete m_servClientTimeout;
							m_servClientTimeout = NULL;
						}
					}
					else {
						if (!m_servClientTimeout->isActive()) {
							// Timeout!
							m_servClientSocket->close();
							ds << TQString("ERRNOTAVL");
							printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
							m_servActive = false;
							delete m_servClientTimeout;
							m_servClientTimeout = NULL;
						}
					}
				}
				else {
					m_servClientSocket->close();
					ds << TQString("ERRNOTAVL");
					printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
					m_servActive = false;
					delete m_servClientTimeout;
					m_servClientTimeout = NULL;
				}
				break;
			case 4:
				if (m_servClientSocket->state() == TQSocket::Connected) {
					TQByteArray ba(8192);
					TQ_ULONG reclen;

					if (canReadLine()) {
						reclen = readBlock(ba.data(), 8192);
						m_servClientSocket->writeBlock(ba.data(), reclen);
					}
					if (m_servClientSocket->canReadLine()) {
						reclen = m_servClientSocket->readBlock(ba.data(), 8192);
						writeBlock(ba.data(), reclen);
					}
				}
				else {
					m_servClientSocket->close();
					ds << TQString("ERRNOTAVL");
					printf("[DEBUG] Connection terminated by remote host %s:%d for user %s@%s\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
					m_servActive = false;
				}
				break;
		}
	}
}

void AuthSocket::commandLoop() {
	if (m_servActive) {
		servLoop();
		TQTimer::singleShot(0, this, SLOT(commandLoop()));
		return;
	}

	m_criticalSection++;
	try {
		if (state() == TQSocket::Connected) {
			if (canReadLine()) {
				TQString command;
				TQDataStream ds(this);

				ds >> command;
				if (command != "") {
					printf("[DEBUG] Got command %s from user %s@%s\n\r", command.ascii(), m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
					if (command == "LIST") {
						// Send list of available servers...
						m_slist.clear();
		
						// Get all stations from the database
						m_databaseStationsCursor->select();
						while (m_databaseStationsCursor->next()) {
							bool authorized = false;
							bool in_use = false;
		
							m_databasePermissionsCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
							while (m_databasePermissionsCursor->next()) {
								if (m_databasePermissionsCursor->value("username").toString() == m_authenticatedUserName) {
									authorized = true;
								}
							}
							m_databaseActivityCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
							while (m_databaseActivityCursor->next()) {
								if (m_databaseActivityCursor->value("username").toString() != "") {
									in_use = true;
								}
							}
		
							if ((authorized) && (!in_use)) {
								StationType st;
								st.id = m_databaseStationsCursor->value("pk").toInt();
								st.name = m_databaseStationsCursor->value("name").toString();
								st.description = m_databaseStationsCursor->value("description").toString();
								m_databaseServicesCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
								while (m_databaseServicesCursor->next()) {
									m_databaseServiceTypesCursor->select(TQString("serviceid=%1").arg(m_databaseServicesCursor->value("servicetype").toInt()));
									ServiceType svt;
									if (m_databaseServiceTypesCursor->next()) {
										svt.name = m_databaseServiceTypesCursor->value("name").toString();
										svt.description = m_databaseServiceTypesCursor->value("description").toString();
										svt.clientLibrary = m_databaseServiceTypesCursor->value("client_library").toString();
										svt.version = m_databaseServiceTypesCursor->value("version").toInt();
									}
									if (svt.name == "") {
										svt.name = i18n("<unknown>");
									}
									if (svt.description == "") {
										svt.description = i18n("<unknown>");
									}
									st.services.append(svt);
								}
		
								m_slist.append(st);
							}
						}
		
						ds << m_slist;
					}
					else if (command == "BIND") {
						// Get desired Station Type from client
						StationType st;
						ds >> st;
		
						// Attempt to bind to station matching desired Service Type list...
						m_stationID = -1;
	
						// Ensure that this user is not already connected
						int activeID = -1;
						m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
						if (m_databaseActivityCursor->next()) {
							activeID = m_databaseActivityCursor->value("station").toInt();
						}
						if (activeID < 0) {
							for (StationList::Iterator it(m_slist.begin()); it != m_slist.end(); ++it) {
								if ((*it).services == st.services) {
									m_stationID = (*it).id;
									break;
								}
							}
			
							if (m_stationID < 0) {
								ds << TQString("ERRUNAVAL");
							}
							else {
								m_bound = true;
		
								// Update database
								TQSqlRecord *buffer = m_databaseActivityCursor->primeInsert();
								buffer->setValue("station", m_stationID);
								buffer->setValue("username", m_authenticatedUserName);
								buffer->setValue("realmname", m_authenticatedRealmName);
								buffer->setValue("logontime", TQDateTime::currentDateTime().toTime_t());
								m_databaseActivityCursor->insert();
		
								ds << TQString("OK");
							}
						}
						else {
							ds << TQString("ERRPREVCN");
						}
					}
					else if (command == "SERV") {
						// Get client library name from the client
						TQString libname;
						ds >> libname;
	
						m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
						if (m_databaseActivityCursor->next()) {
							m_stationID = m_databaseActivityCursor->value("station").toInt();
						}
	
						if (m_bound == true) {
							ds << TQString("ERRINVCMD");
						}
						else {
							if (m_stationID < 0) {
								ds << TQString("ERRNOCONN");
							}
							else {
								// Find the service ID for the specified client library name
								TQ_INT32 sid = -1;
								m_databaseServiceTypesCursor->select(TQString("client_library='%1'").arg(libname));
								if (m_databaseServiceTypesCursor->next()) {
									sid = m_databaseServiceTypesCursor->value("serviceid").toInt();
								}
								if (sid < 0) {
									ds << TQString("ERRNOSERV");
								}
								else {
									// Attempt to connect to the backend server
									m_databaseServicesCursor->select(TQString("pk=%1 AND station=%2").arg(sid).arg(m_stationID));
									if (m_databaseServicesCursor->next()) {
										m_srvServiceHostName = m_databaseServicesCursor->value("hostname").toString();
										m_srvServicePort = m_databaseServicesCursor->value("port").toInt();

										if (!m_servClientSocket) m_servClientSocket = new TDEKerberosClientSocket;
										m_servClientSocket->setServiceName("remotefpga");
	
										m_servClientSocket->setServerFQDN(m_srvServiceHostName);
										m_servClientSocket->connectToHost(m_srvServiceHostName, m_srvServicePort);

										m_servState = 0;
										m_servActive = true;
									}
									else {
										ds << TQString("ERRNOSERV");
									}
								}
							}
						}
					}
					else {
						ds << TQString("ERRINVCMD");
					}
				}
			}

			m_criticalSection--;
			TQTimer::singleShot(0, this, SLOT(commandLoop()));
			return;
		}
	}
	catch (...) {
		m_criticalSection--;
		return;
	}
}

int AuthSocket::enterCommandLoop() {
	TQTimer::singleShot(0, this, SLOT(commandLoop()));
	return 0;
}

int AuthSocket::connectToDatabase() {
	if (m_database) {
		return -2;
	}

	m_database = TQSqlDatabase::database();
	if (!m_database) {
		printf("[ERROR] Database was not constructed by the application\n\r"); fflush(stdout);
		return -1;
	}

	m_databaseStationsCursor = new TQSqlCursor("stations", TRUE, m_database);
	m_databaseServicesCursor = new TQSqlCursor("services", TRUE, m_database);
	m_databaseServiceTypesCursor = new TQSqlCursor("servicetypes", TRUE, m_database);
	m_databasePermissionsCursor = new TQSqlCursor("permissions", TRUE, m_database);
	m_databaseActivityCursor = new TQSqlCursor("activity", TRUE, m_database);

	return 0;
}

/*
  The AuthServer class handles new connections to the server. For every
  client that connects, it creates a new AuthSocket -- that instance is now
  responsible for the communication with that client.
*/
AuthServer::AuthServer(TQObject* parent) :
	TQServerSocket( 4004, 1, parent ), m_database(NULL) {

	m_config = new KSimpleConfig("remotefpga_authserver.conf", false);

	if (connectToDatabase() != 0) {
		exit(1);
	}

	if ( !ok() ) {
		printf("[ERROR] Failed to bind to port 4004\n\r");
		exit(1);
	}

	printf("[INFO] Server started on port 4004\n\r"); fflush(stdout);
}

AuthServer::~AuthServer() {
	if (m_database) {
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
	}

	delete m_config;
}

int AuthServer::connectToDatabase() {
	m_config->setGroup("Database");

	m_database = TQSqlDatabase::addDatabase(m_config->readEntry("driver"));
	m_database->setDatabaseName(m_config->readEntry("database"));
	m_database->setUserName(m_config->readEntry("username"));
	m_database->setPassword(m_config->readEntry("password"));
	m_database->setHostName(m_config->readEntry("server"));

	if(!m_database->open()) {
		printf("[ERROR] Failed to connect to control database on server '%s' [%s]\n\r", m_database->hostName().ascii(), m_database->lastError().text().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("stations")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'stations' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("services")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'services' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("servicetypes")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'servicetypes' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("permissions")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'permissions' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("activity")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'activity' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		TQSqlDatabase::removeDatabase(m_database);
		m_database = NULL;
		return -1;
	}

	return 0;
}

void AuthServer::newConnection(int socket) {
	AuthSocket *s = new AuthSocket(socket, this);
	s->m_remoteHost = s->peerAddress().toString();
	printf("[DEBUG] New connection from %s\n\r", s->m_remoteHost.ascii());
	if (s->initiateKerberosHandshake() != 0) {
		printf("[DEBUG] Connection from %s closed due to Kerberos failure\n\r", s->m_remoteHost.ascii()); fflush(stdout);
		ABORT_SOCKET(s)
		return;
	}
	else {
		connect(s, SIGNAL(connectionClosed()), s, SLOT(deleteLater()));
		emit newConnect(s);
		s->enterCommandLoop();
	}
}