From 9c9085621bf01f9b39e15eb856ff521ecb01fccf Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Tue, 26 Jun 2012 21:52:21 -0500
Subject: [PATCH] Fix krb client/server sockets

---
 clients/tde/src/app/remotemdi.cpp         |  1 +
 lib/libtdekrb/src/tdekrbclientsocket.cpp  | 17 +++++--
 lib/libtdekrb/src/tdekrbserversocket.cpp  | 17 +++++--
 protocol.txt                              |  8 ++-
 servers/auth_server_lin/src/auth_conn.cpp | 62 ++++++++++++++++++++++-
 servers/auth_server_lin/src/auth_conn.h   |  1 +
 servers/fpga_server_lin/src/fpga_conn.cpp | 38 +++++++++-----
 7 files changed, 121 insertions(+), 23 deletions(-)

diff --git a/clients/tde/src/app/remotemdi.cpp b/clients/tde/src/app/remotemdi.cpp
index 9d40365..4d355e3 100644
--- a/clients/tde/src/app/remotemdi.cpp
+++ b/clients/tde/src/app/remotemdi.cpp
@@ -174,6 +174,7 @@ void RemoteMDI::promptForStationType() {
 		ds << TQString("BIND");
 		ds << select.m_selectedStation;
 		ds >> result;
+printf("[RAJA DEBUG 100.0] '%s'\n\r", result.ascii()); fflush(stdout);
 		if (result == "OK") {
 			// Success, do nothing
 		}
diff --git a/lib/libtdekrb/src/tdekrbclientsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp
index 647da73..96833a2 100644
--- a/lib/libtdekrb/src/tdekrbclientsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp
@@ -171,7 +171,7 @@ bool TDEKerberosClientSocket::atEnd() const {
 	bool ret;
 
 	if (m_kerberosRequested) {
-		return (m_buffer->at() >= (unsigned long)m_bufferLength);
+		ret = TQSocket::atEnd();
 	}
 	else {
 		ret = TQSocket::atEnd();
@@ -230,6 +230,9 @@ TQ_LONG TDEKerberosClientSocket::readBlock(char *data, TQ_ULONG maxlen) {
 		}
 		free(buf);
 
+		if (maxlen > (unsigned int)m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
 		ret = m_buffer->readBlock(data, maxlen);
 		if (ret > 0) {
@@ -284,6 +287,9 @@ TQ_LONG TDEKerberosClientSocket::readLine(char *data, TQ_ULONG maxlen) {
 		}
 		free(buf);
 
+		if (maxlen > (unsigned int)m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
 		ret = m_buffer->readLine(data, maxlen);
 		if (ret > 0) {
@@ -310,11 +316,13 @@ TQ_LONG TDEKerberosClientSocket::readLine(char *data, TQ_ULONG maxlen) {
 TQString TDEKerberosClientSocket::readLine() {
 	long i;
 	TQString ret;
+	long maxlen;
 
 	if (m_kerberosRequested) {
 		int reclen;
 		int wrlen;
 		int readlen;
+		maxlen = m_negotiatedMaxBufferSize;
 		char* buf = (char*)malloc(m_negotiatedMaxBufferSize);
 		reclen = receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
 		if (reclen > 0) {
@@ -326,9 +334,12 @@ TQString TDEKerberosClientSocket::readLine() {
 		}
 		free(buf);
 
+		if (maxlen > m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
-		buf = (char*)malloc(m_negotiatedMaxBufferSize);
-		readlen = m_buffer->readLine(buf, m_negotiatedMaxBufferSize);
+		buf = (char*)malloc(maxlen);
+		readlen = m_buffer->readLine(buf, maxlen);
 		if (readlen > 0) {
 			// Remove the read bytes from the buffer
 			m_bufferLength = m_bufferLength-readlen;
diff --git a/lib/libtdekrb/src/tdekrbserversocket.cpp b/lib/libtdekrb/src/tdekrbserversocket.cpp
index 2b4d7d2..d99ddaa 100644
--- a/lib/libtdekrb/src/tdekrbserversocket.cpp
+++ b/lib/libtdekrb/src/tdekrbserversocket.cpp
@@ -171,7 +171,7 @@ bool TDEKerberosServerSocket::atEnd() const {
 	bool ret;
 
 	if (m_kerberosRequested) {
-		return (m_buffer->at() >= (unsigned long)m_bufferLength);
+		ret = TQSocket::atEnd();
 	}
 	else {
 		ret = TQSocket::atEnd();
@@ -230,6 +230,9 @@ TQ_LONG TDEKerberosServerSocket::readBlock(char *data, TQ_ULONG maxlen) {
 		}
 		free(buf);
 
+		if (maxlen > (unsigned int)m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
 		ret = m_buffer->readBlock(data, maxlen);
 		if (ret > 0) {
@@ -284,6 +287,9 @@ TQ_LONG TDEKerberosServerSocket::readLine(char *data, TQ_ULONG maxlen) {
 		}
 		free(buf);
 
+		if (maxlen > (unsigned int)m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
 		ret = m_buffer->readLine(data, maxlen);
 		if (ret > 0) {
@@ -310,11 +316,13 @@ TQ_LONG TDEKerberosServerSocket::readLine(char *data, TQ_ULONG maxlen) {
 TQString TDEKerberosServerSocket::readLine() {
 	long i;
 	TQString ret;
+	long maxlen;
 
 	if (m_kerberosRequested) {
 		int reclen;
 		int wrlen;
 		int readlen;
+		maxlen = m_negotiatedMaxBufferSize;
 		char* buf = (char*)malloc(m_negotiatedMaxBufferSize);
 		reclen = receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
 		if (reclen > 0) {
@@ -326,9 +334,12 @@ TQString TDEKerberosServerSocket::readLine() {
 		}
 		free(buf);
 
+		if (maxlen > m_bufferLength) {
+			maxlen = m_bufferLength;
+		}
 		m_buffer->at(0);
-		buf = (char*)malloc(m_negotiatedMaxBufferSize);
-		readlen = m_buffer->readLine(buf, m_negotiatedMaxBufferSize);
+		buf = (char*)malloc(maxlen);
+		readlen = m_buffer->readLine(buf, maxlen);
 		if (readlen > 0) {
 			// Remove the read bytes from the buffer
 			m_bufferLength = m_bufferLength-readlen;
diff --git a/protocol.txt b/protocol.txt
index 184906e..f01b23d 100644
--- a/protocol.txt
+++ b/protocol.txt
@@ -58,4 +58,10 @@ Example: SERV
 
 QUIT:
 Gracefully terminates the connection.
-The server should return the case-sensitive text "OK" and must immediately close all active connections for the current user.
\ No newline at end of file
+The server should return the case-sensitive text "OK" and must immediately close all active connections for the current user.
+
+==================================================================================
+Backend Server
+==================================================================================
+
+On initial connection from the client container, the master server must negotiate a successful Kerberos connection.  Once this connection is established, the server must transmit a string containing the case-sensitive text "OK".  The server has now fully established a secure bidirectional channel to the client and may proceeed to use the channel for any purpose.  If the server wishes to reject the connection, for example due to a hardware failure, it must transmit a string containing the case-sensitive text "ERRNOTAVL", after which the server should close the client connection.
\ No newline at end of file
diff --git a/servers/auth_server_lin/src/auth_conn.cpp b/servers/auth_server_lin/src/auth_conn.cpp
index b71b608..e531099 100644
--- a/servers/auth_server_lin/src/auth_conn.cpp
+++ b/servers/auth_server_lin/src/auth_conn.cpp
@@ -115,6 +115,8 @@ int AuthSocket::initiateKerberosHandshake() {
 }
 
 int AuthSocket::enterCommandLoop() {
+	bool bound = false;
+
 	m_criticalSection++;
 	try {
 		TQString command;
@@ -194,6 +196,8 @@ int AuthSocket::enterCommandLoop() {
 						ds << TQString("ERRUNAVAL");
 					}
 					else {
+						bound = true;
+
 						// Update database
 						TQSqlRecord *buffer = m_databaseActivityCursor->primeInsert();
 						buffer->setValue("station", m_stationID);
@@ -201,12 +205,66 @@ int AuthSocket::enterCommandLoop() {
 						buffer->setValue("realmname", m_authenticatedRealmName);
 						buffer->setValue("logontime", TQDateTime::currentDateTime().toTime_t());
 						m_databaseActivityCursor->insert();
-	
+
 						ds << TQString("OK");
 					}
 				}
+				else if (command == "SERV") {
+					// Get desired Service ID from client
+					TQ_UINT32 sid;
+					ds >> sid;
+
+					m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
+					if (m_databaseActivityCursor->next()) {
+						m_stationID = m_databaseActivityCursor->value("station").toInt();
+					}
+
+					if (bound == true) {
+						ds << TQString("ERRINVCMD");
+					}
+
+					if (m_stationID < 0) {
+						ds << TQString("ERRNOCONN");
+					}
+
+					// Attempt to connect to the backend server
+					m_databaseServicesCursor->select(TQString("pk=%1 AND station=%2").arg(sid).arg(m_stationID));
+					if (m_databaseServicesCursor->next()) {
+						TQString serviceHostName = m_databaseServicesCursor->value("hostname").toString();
+						int servicePort = m_databaseServicesCursor->value("port").toInt();
+
+						TDEKerberosClientSocket clientSocket;
+						clientSocket.setServiceName("remotefpga");
+
+						clientSocket.setServerFQDN(serviceHostName);
+						clientSocket.connectToHost(serviceHostName, servicePort);
+
+						while ((clientSocket.state() == TQSocket::Connecting) || (clientSocket.state() == TQSocket::HostLookup)) {
+							tqApp->processEvents();
+						}
+						if (clientSocket.state() == TQSocket::Connected) {
+							if (clientSocket.setUsingKerberos(true) != 0) {
+								clientSocket.close();
+								ds << TQString("ERRNOTAVL");
+								printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
+							}
+							else {
+								printf("[RAJA DEBUG 600.0] Connect OK!\n\r"); fflush(stdout);
+								// RAJA FIXME
+							}
+						}
+						else {
+							clientSocket.close();
+							ds << TQString("ERRNOTAVL");
+							printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
+						}
+					}
+					else {
+						ds << TQString("ERRNOTAVL");
+					}
+				}
 				else {
-					ds << "ERRINVCMD";
+					ds << TQString("ERRINVCMD");
 				}
 			}
 			tqApp->processEvents();
diff --git a/servers/auth_server_lin/src/auth_conn.h b/servers/auth_server_lin/src/auth_conn.h
index 710b4c0..aea8a48 100644
--- a/servers/auth_server_lin/src/auth_conn.h
+++ b/servers/auth_server_lin/src/auth_conn.h
@@ -34,6 +34,7 @@
 #include <ksimpleconfig.h>
 
 #include <tdekrbserversocket.h>
+#include <tdekrbclientsocket.h>
 
 #include <tqtrla.h>
 
diff --git a/servers/fpga_server_lin/src/fpga_conn.cpp b/servers/fpga_server_lin/src/fpga_conn.cpp
index 1b0927c..1335a5a 100644
--- a/servers/fpga_server_lin/src/fpga_conn.cpp
+++ b/servers/fpga_server_lin/src/fpga_conn.cpp
@@ -110,9 +110,15 @@ int FPGASocket::setupSerial() {
 	tcgetattr(m_fd_tty, &oldtio);	// Save current port settings
 
 	long serialBaud;
-	if (desiredBaudRate == "9600") {
+	if (desiredBaudRate == "1200") {
+		serialBaud = B1200;
+	}
+	else if (desiredBaudRate == "9600") {
 		serialBaud = B9600;
 	}
+	else if (desiredBaudRate == "19200") {
+		serialBaud = B19200;
+	}
 	else if (desiredBaudRate == "115200") {
 		serialBaud = B115200;
 	}
@@ -139,22 +145,26 @@ int FPGASocket::setupSerial() {
 }
 
 int FPGASocket::enterCommandLoop() {
+	int cc;
+	char buffer[10000];
+
 	m_criticalSection++;
 	try {
 		while (state() == TQSocket::Connected) {
-			// RAJA FIXME
-// 			cc = read(fd_tty, readbuf, 100000);
-// 			if (cc > 0) {
-// 				write_data_to_client(fd, readbuf, cc);
-// 				fsync(fd_tty);
-// 				printf("[DEBUG] Got %d bytes from the serial port\n\r", cc); fflush(stdout);
-// 			}
-// 			cc = read(fd, writebuf, 100000);
-// 			if (cc > 0) {
-// 				write(fd_tty, writebuf, cc);
-// 				fsync(fd);
-// 				printf("[DEBUG] Got %d bytes from the network interface\n\r", cc); fflush(stdout);
-// 			}
+			cc = read(m_fd_tty, buffer, 10000);
+			if (cc > 0) {
+				writeBlock(buffer, cc);
+				printf("[DEBUG] Got %d bytes from the serial port\n\r", cc); fflush(stdout);
+			}
+			if (canReadLine()) {
+				cc = readBlock(buffer, 10000);
+				if (cc > 0) {
+					if (write(m_fd_tty, buffer, cc) < 0) {
+						// ERROR
+					}
+					printf("[DEBUG] Got %d bytes from the network interface\n\r", cc); fflush(stdout);
+				}
+			}
 		}
 
 		m_criticalSection--;