remotelaboratory/servers/auth_server_lin/src/auth_conn.cpp

/*
 * Remote Laboratory Authentication Server
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * (c) 2012 Timothy Pearson
 * Raptor Engineering
 * http://www.raptorengineeringinc.com
 */

#include <stdlib.h>

#include <klocale.h>

#include "auth_conn.h"

/* exception handling */
struct exit_exception {
	int c;
	exit_exception(int c):c(c) { }
};

/*
  The AuthSocket class provides a socket that is connected with a client.
  For every client that connects to the server, the server creates a new
  instance of this class.
*/
AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
	TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_config(static_cast<AuthServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL) {

	setServiceName("remotefpga");

	line = 0;
	connect(this, SIGNAL(connectionClosed()), SLOT(connectionClosedHandler()));
	setSocket(sock);

	if (connectToDatabase() != 0) {
		exit(1);
	}
}

AuthSocket::~AuthSocket() {
	if (m_databaseStationsCursor) {
		delete m_databaseStationsCursor;
	}
	if (m_databaseServicesCursor) {
		delete m_databaseServicesCursor;
	}
	if (m_databaseServiceTypesCursor) {
		delete m_databaseServiceTypesCursor;
	}
	if (m_databasePermissionsCursor) {
		delete m_databasePermissionsCursor;
	}
	if (m_databaseActivityCursor) {
		delete m_databaseActivityCursor;
	}

	if (m_database) {
		m_database->close();
		delete m_database;
	}
}

void AuthSocket::close() {
	TDEKerberosServerSocket::close();
	connectionClosedHandler();
}

void AuthSocket::connectionClosedHandler() {
	printf("[DEBUG] Connection from %s closed\n\r", m_remoteHost.ascii());

	// Update database
	m_databaseActivityCursor->select(TQString("station='%1' AND username='%2' AND realmname='%3'").arg(m_stationID).arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
	if (m_databaseActivityCursor->next()) {
		m_databaseActivityCursor->primeDelete();
		m_databaseActivityCursor->del(true);
	}

	if (m_criticalSection > 0) {
		throw exit_exception(-1);
	}
}

int AuthSocket::initiateKerberosHandshake() {
	if (setUsingKerberos(true) == 0) {
		TQ_UINT32 magicnum = MAGIC_NUMBER;
		TQ_UINT32 protover = PROTOCOL_VERSION;

		TQDataStream ds(this);
		ds << magicnum;
		ds << protover;

		return 0;
	}
	else {
		return -1;
	}
}

int AuthSocket::enterCommandLoop() {
	m_criticalSection++;
	try {
		TQString command;
		TQDataStream ds(this);
	
		while (state() == TQSocket::Connected) {
			ds >> command;
			if (command != "") {
				printf("[DEBUG] Got command %s from user %s@%s\n\r", command.ascii(), m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
				if (command == "LIST") {
					// Send list of available servers...
					m_slist.clear();
	
					// Get all stations from the database
					m_databaseStationsCursor->select();
					while (m_databaseStationsCursor->next()) {
						bool authorized = false;
						bool in_use = false;
	
						m_databasePermissionsCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
						while (m_databasePermissionsCursor->next()) {
							if (m_databasePermissionsCursor->value("username").toString() == m_authenticatedUserName) {
								authorized = true;
							}
						}
						m_databaseActivityCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
						while (m_databaseActivityCursor->next()) {
							if (m_databaseActivityCursor->value("username").toString() != "") {
								in_use = true;
							}
						}
	
						if ((authorized) && (!in_use)) {
							StationType st;
							st.id = m_databaseStationsCursor->value("pk").toInt();
							st.name = m_databaseStationsCursor->value("name").toString();
							st.description = m_databaseStationsCursor->value("description").toString();
							m_databaseServicesCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
							while (m_databaseServicesCursor->next()) {
								m_databaseServiceTypesCursor->select(TQString("serviceid=%1").arg(m_databaseServicesCursor->value("servicetype").toInt()));
								ServiceType svt;
								if (m_databaseServiceTypesCursor->next()) {
									svt.name = m_databaseServiceTypesCursor->value("name").toString();
									svt.description = m_databaseServiceTypesCursor->value("description").toString();
								}
								if (svt.name == "") {
									svt.name = i18n("<unknown>");
								}
								if (svt.description == "") {
									svt.description = i18n("<unknown>");
								}
								st.services.append(svt);
							}
	
							m_slist.append(st);
						}
					}
	
					ds << m_slist;
				}
				else if (command == "BIND") {
					// Get desired Station Type from client
					StationType st;
					ds >> st;
	
					// Attempt to bind to station matching desired Service Type list...
					m_stationID = -1;
	
					for (StationList::Iterator it(m_slist.begin()); it != m_slist.end(); ++it) {
						if ((*it).services == st.services) {
							m_stationID = (*it).id;
							break;
						}
					}
	
					if (m_stationID < 0) {
						ds << TQString("ERRUNAVAL");
					}
					else {
						// Update database
						TQSqlRecord *buffer = m_databaseActivityCursor->primeInsert();
						buffer->setValue("station", m_stationID);
						buffer->setValue("username", m_authenticatedUserName);
						buffer->setValue("realmname", m_authenticatedRealmName);
						buffer->setValue("logontime", TQDateTime::currentDateTime().toTime_t());
						m_databaseActivityCursor->insert();
	
						ds << TQString("OK");
					}
				}
				else {
					ds << "ERRINVCMD";
				}
			}
			tqApp->processEvents();
		}

		m_criticalSection--;
		return 0;
	}
	catch (...) {
		m_criticalSection--;
		return -1;
	}

}

int AuthSocket::connectToDatabase() {
	if (m_database) {
		return -2;
	}

	m_config->setGroup("Database");

	m_database = TQSqlDatabase::addDatabase(m_config->readEntry("driver"));
	m_database->setDatabaseName(m_config->readEntry("database"));
	m_database->setUserName(m_config->readEntry("username"));
	m_database->setPassword(m_config->readEntry("password"));
	m_database->setHostName(m_config->readEntry("server"));

	if(!m_database->open()) {
		printf("[ERROR] Failed to connect to control database on server '%s' [%s]\n\r", m_database->hostName().ascii(), m_database->lastError().text().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("stations")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'stations' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("services")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'services' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("servicetypes")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'servicetypes' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("permissions")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'permissions' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	if (!m_database->tables().contains("activity")) {
		m_database->close();
		printf("[ERROR] Control database '%s' on '%s' does not contain the required 'activity' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
		delete m_database;
		m_database = NULL;
		return -1;
	}

	m_databaseStationsCursor = new TQSqlCursor("stations");
	m_databaseServicesCursor = new TQSqlCursor("services");
	m_databaseServiceTypesCursor = new TQSqlCursor("servicetypes");
	m_databasePermissionsCursor = new TQSqlCursor("permissions");
	m_databaseActivityCursor = new TQSqlCursor("activity");

	return 0;
}

/*
  The AuthServer class handles new connections to the server. For every
  client that connects, it creates a new AuthSocket -- that instance is now
  responsible for the communication with that client.
*/
AuthServer::AuthServer(TQObject* parent) :
	TQServerSocket( 4004, 1, parent ) {

	m_config = new KSimpleConfig("remotefpga_authserver.conf", false);

	if ( !ok() ) {
		printf("[ERROR] Failed to bind to port 4004\n\r");
		exit(1);
	}

	printf("[INFO] Server started on port 4004\n\r"); fflush(stdout);
}

AuthServer::~AuthServer() {
	delete m_config;
}

void AuthServer::newConnection(int socket) {
	AuthSocket *s = new AuthSocket(socket, this);
	s->m_remoteHost = s->peerAddress().toString();
	printf("[DEBUG] New connection from %s\n\r", s->m_remoteHost.ascii());
	if (s->initiateKerberosHandshake() != 0) {
		s->close();
		delete s;
		s = NULL;
	}
	else {
		connect(s, SIGNAL(connectionClosed()), s, SLOT(deleteLater()));
		emit newConnect(s);
		s->enterCommandLoop();
	}
}