You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
479 lines
16 KiB
479 lines
16 KiB
/*
|
|
* Remote Laboratory Authentication Server
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* (c) 2012 Timothy Pearson
|
|
* Raptor Engineering
|
|
* http://www.raptorengineeringinc.com
|
|
*/
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <tqtimer.h>
|
|
|
|
#include <klocale.h>
|
|
|
|
#include "auth_conn.h"
|
|
|
|
#define ABORT_SOCKET(s) s->close(); \
|
|
tqApp->processEvents(); \
|
|
while (s->state() == TQSocket::Closing) { \
|
|
tqApp->processEvents(); \
|
|
} \
|
|
s->disconnect(); \
|
|
delete s; \
|
|
s = NULL;
|
|
|
|
/* exception handling */
|
|
struct exit_exception {
|
|
int c;
|
|
exit_exception(int c):c(c) { }
|
|
};
|
|
|
|
/*
|
|
The AuthSocket class provides a socket that is connected with a client.
|
|
For every client that connects to the server, the server creates a new
|
|
instance of this class.
|
|
*/
|
|
AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
|
|
TDEKerberosServerSocket(parent, name), m_criticalSection(0), m_stationID(-1), m_bound(false), m_config(static_cast<AuthServer*>(parent)->m_config), m_database(NULL), m_databaseStationsCursor(NULL),
|
|
m_databaseServicesCursor(NULL), m_databaseServiceTypesCursor(NULL), m_databasePermissionsCursor(NULL), m_databaseActivityCursor(NULL)
|
|
{
|
|
|
|
setServiceName("remotefpga");
|
|
|
|
line = 0;
|
|
connect(this, SIGNAL(connectionClosed()), SLOT(connectionClosedHandler()));
|
|
setSocket(sock);
|
|
|
|
if (connectToDatabase() != 0) {
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
AuthSocket::~AuthSocket() {
|
|
if (m_databaseStationsCursor) {
|
|
delete m_databaseStationsCursor;
|
|
}
|
|
if (m_databaseServicesCursor) {
|
|
delete m_databaseServicesCursor;
|
|
}
|
|
if (m_databaseServiceTypesCursor) {
|
|
delete m_databaseServiceTypesCursor;
|
|
}
|
|
if (m_databasePermissionsCursor) {
|
|
delete m_databasePermissionsCursor;
|
|
}
|
|
if (m_databaseActivityCursor) {
|
|
delete m_databaseActivityCursor;
|
|
}
|
|
}
|
|
|
|
void AuthSocket::close() {
|
|
if (state() == TQSocket::Connected) {
|
|
TDEKerberosServerSocket::close();
|
|
connectionClosedHandler();
|
|
}
|
|
}
|
|
|
|
void AuthSocket::connectionClosedHandler() {
|
|
printf("[DEBUG] Connection from %s closed\n\r", m_remoteHost.ascii());
|
|
|
|
if (m_bound) {
|
|
// Update database
|
|
m_databaseActivityCursor->select(TQString("station='%1' AND username='%2' AND realmname='%3'").arg(m_stationID).arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
|
|
if (m_databaseActivityCursor->next()) {
|
|
m_databaseActivityCursor->primeDelete();
|
|
m_databaseActivityCursor->del(true);
|
|
}
|
|
}
|
|
|
|
if (m_criticalSection > 0) {
|
|
throw exit_exception(-1);
|
|
}
|
|
}
|
|
|
|
int AuthSocket::initiateKerberosHandshake() {
|
|
if (setUsingKerberos(true) == 0) {
|
|
TQ_UINT32 magicnum = MAGIC_NUMBER;
|
|
TQ_UINT32 protover = PROTOCOL_VERSION;
|
|
|
|
TQDataStream ds(this);
|
|
ds << magicnum;
|
|
ds << protover;
|
|
|
|
return 0;
|
|
}
|
|
else {
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
int AuthSocket::enterCommandLoop() {
|
|
m_criticalSection++;
|
|
try {
|
|
TQString command;
|
|
TQDataStream ds(this);
|
|
|
|
while (state() == TQSocket::Connected) {
|
|
ds >> command;
|
|
if (command != "") {
|
|
printf("[DEBUG] Got command %s from user %s@%s\n\r", command.ascii(), m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
|
|
if (command == "LIST") {
|
|
// Send list of available servers...
|
|
m_slist.clear();
|
|
|
|
// Get all stations from the database
|
|
m_databaseStationsCursor->select();
|
|
while (m_databaseStationsCursor->next()) {
|
|
bool authorized = false;
|
|
bool in_use = false;
|
|
|
|
m_databasePermissionsCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
|
|
while (m_databasePermissionsCursor->next()) {
|
|
if (m_databasePermissionsCursor->value("username").toString() == m_authenticatedUserName) {
|
|
authorized = true;
|
|
}
|
|
}
|
|
m_databaseActivityCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
|
|
while (m_databaseActivityCursor->next()) {
|
|
if (m_databaseActivityCursor->value("username").toString() != "") {
|
|
in_use = true;
|
|
}
|
|
}
|
|
|
|
if ((authorized) && (!in_use)) {
|
|
StationType st;
|
|
st.id = m_databaseStationsCursor->value("pk").toInt();
|
|
st.name = m_databaseStationsCursor->value("name").toString();
|
|
st.description = m_databaseStationsCursor->value("description").toString();
|
|
m_databaseServicesCursor->select(TQString("station=%1").arg(m_databaseStationsCursor->value("pk").toInt()));
|
|
while (m_databaseServicesCursor->next()) {
|
|
m_databaseServiceTypesCursor->select(TQString("serviceid=%1").arg(m_databaseServicesCursor->value("servicetype").toInt()));
|
|
ServiceType svt;
|
|
if (m_databaseServiceTypesCursor->next()) {
|
|
svt.name = m_databaseServiceTypesCursor->value("name").toString();
|
|
svt.description = m_databaseServiceTypesCursor->value("description").toString();
|
|
svt.clientLibrary = m_databaseServiceTypesCursor->value("client_library").toString();
|
|
svt.version = m_databaseServiceTypesCursor->value("version").toInt();
|
|
}
|
|
if (svt.name == "") {
|
|
svt.name = i18n("<unknown>");
|
|
}
|
|
if (svt.description == "") {
|
|
svt.description = i18n("<unknown>");
|
|
}
|
|
st.services.append(svt);
|
|
}
|
|
|
|
m_slist.append(st);
|
|
}
|
|
}
|
|
|
|
ds << m_slist;
|
|
}
|
|
else if (command == "BIND") {
|
|
// Get desired Station Type from client
|
|
StationType st;
|
|
ds >> st;
|
|
|
|
// Attempt to bind to station matching desired Service Type list...
|
|
m_stationID = -1;
|
|
|
|
// Ensure that this user is not already connected
|
|
int activeID = -1;
|
|
m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
|
|
if (m_databaseActivityCursor->next()) {
|
|
activeID = m_databaseActivityCursor->value("station").toInt();
|
|
}
|
|
if (activeID < 0) {
|
|
for (StationList::Iterator it(m_slist.begin()); it != m_slist.end(); ++it) {
|
|
if ((*it).services == st.services) {
|
|
m_stationID = (*it).id;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (m_stationID < 0) {
|
|
ds << TQString("ERRUNAVAL");
|
|
}
|
|
else {
|
|
m_bound = true;
|
|
|
|
// Update database
|
|
TQSqlRecord *buffer = m_databaseActivityCursor->primeInsert();
|
|
buffer->setValue("station", m_stationID);
|
|
buffer->setValue("username", m_authenticatedUserName);
|
|
buffer->setValue("realmname", m_authenticatedRealmName);
|
|
buffer->setValue("logontime", TQDateTime::currentDateTime().toTime_t());
|
|
m_databaseActivityCursor->insert();
|
|
|
|
ds << TQString("OK");
|
|
}
|
|
}
|
|
else {
|
|
ds << TQString("ERRPREVCN");
|
|
}
|
|
}
|
|
else if (command == "SERV") {
|
|
// Get client library name from the client
|
|
TQString libname;
|
|
ds >> libname;
|
|
|
|
m_databaseActivityCursor->select(TQString("username='%1' AND realmname='%2'").arg(m_authenticatedUserName).arg(m_authenticatedRealmName));
|
|
if (m_databaseActivityCursor->next()) {
|
|
m_stationID = m_databaseActivityCursor->value("station").toInt();
|
|
}
|
|
|
|
if (m_bound == true) {
|
|
ds << TQString("ERRINVCMD");
|
|
}
|
|
else {
|
|
if (m_stationID < 0) {
|
|
ds << TQString("ERRNOCONN");
|
|
}
|
|
else {
|
|
// Find the service ID for the specified client library name
|
|
TQ_INT32 sid = -1;
|
|
m_databaseServiceTypesCursor->select(TQString("client_library='%1'").arg(libname));
|
|
if (m_databaseServiceTypesCursor->next()) {
|
|
sid = m_databaseServiceTypesCursor->value("serviceid").toInt();
|
|
}
|
|
if (sid < 0) {
|
|
ds << TQString("ERRNOSERV");
|
|
}
|
|
else {
|
|
// Attempt to connect to the backend server
|
|
m_databaseServicesCursor->select(TQString("pk=%1 AND station=%2").arg(sid).arg(m_stationID));
|
|
if (m_databaseServicesCursor->next()) {
|
|
TQString serviceHostName = m_databaseServicesCursor->value("hostname").toString();
|
|
int servicePort = m_databaseServicesCursor->value("port").toInt();
|
|
|
|
TDEKerberosClientSocket clientSocket;
|
|
clientSocket.setServiceName("remotefpga");
|
|
|
|
clientSocket.setServerFQDN(serviceHostName);
|
|
clientSocket.connectToHost(serviceHostName, servicePort);
|
|
|
|
TQTimer connectionTimeout;
|
|
connectionTimeout.start(5000, TRUE);
|
|
while ((clientSocket.state() == TQSocket::Connecting) || (clientSocket.state() == TQSocket::HostLookup)) {
|
|
tqApp->processEvents();
|
|
if (!connectionTimeout.isActive()) {
|
|
break;
|
|
}
|
|
}
|
|
connectionTimeout.stop();
|
|
if (clientSocket.state() == TQSocket::Connected) {
|
|
if (clientSocket.setUsingKerberos(true) != 0) {
|
|
clientSocket.close();
|
|
ds << TQString("ERRNOTAVL");
|
|
printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
|
|
}
|
|
else {
|
|
TQDataStream clientDS(&clientSocket);
|
|
TQString server_reply;
|
|
connectionTimeout.start(5000, TRUE);
|
|
while ((!clientSocket.canReadLine()) && (clientSocket.state() == TQSocket::Connected)) {
|
|
tqApp->processEvents();
|
|
if (!connectionTimeout.isActive()) {
|
|
break;
|
|
}
|
|
}
|
|
connectionTimeout.stop();
|
|
if ((clientSocket.canReadLine()) && (clientSocket.state() == TQSocket::Connected)) {
|
|
clientDS >> server_reply;
|
|
}
|
|
if (server_reply == "OK") {
|
|
ds << TQString("OK");
|
|
TQByteArray ba(8192);
|
|
TQ_ULONG reclen;
|
|
while ((state() == TQSocket::Connected) && (clientSocket.state() == TQSocket::Connected)) {
|
|
// RAJA FIXME
|
|
if (canReadLine()) {
|
|
reclen = readBlock(ba.data(), 8192);
|
|
clientSocket.writeBlock(ba.data(), reclen);
|
|
}
|
|
if (clientSocket.canReadLine()) {
|
|
reclen = clientSocket.readBlock(ba.data(), 8192);
|
|
writeBlock(ba.data(), reclen);
|
|
}
|
|
tqApp->processEvents();
|
|
}
|
|
clientSocket.close();
|
|
}
|
|
else {
|
|
clientSocket.close();
|
|
ds << TQString("ERRNOTAVL");
|
|
printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to remote server returning %s\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii(), server_reply.ascii()); fflush(stdout);
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
clientSocket.close();
|
|
ds << TQString("ERRNOTAVL");
|
|
printf("[DEBUG] Connection failed to %s:%d for user %s@%s\n\r", serviceHostName.ascii(), servicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout);
|
|
}
|
|
}
|
|
else {
|
|
ds << TQString("ERRNOSERV");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
ds << TQString("ERRINVCMD");
|
|
}
|
|
}
|
|
tqApp->processEvents();
|
|
}
|
|
|
|
m_criticalSection--;
|
|
return 0;
|
|
}
|
|
catch (...) {
|
|
m_criticalSection--;
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
int AuthSocket::connectToDatabase() {
|
|
if (m_database) {
|
|
return -2;
|
|
}
|
|
|
|
m_database = TQSqlDatabase::database();
|
|
if (!m_database) {
|
|
printf("[ERROR] Database was not constructed by the application\n\r"); fflush(stdout);
|
|
return -1;
|
|
}
|
|
|
|
m_databaseStationsCursor = new TQSqlCursor("stations", TRUE, m_database);
|
|
m_databaseServicesCursor = new TQSqlCursor("services", TRUE, m_database);
|
|
m_databaseServiceTypesCursor = new TQSqlCursor("servicetypes", TRUE, m_database);
|
|
m_databasePermissionsCursor = new TQSqlCursor("permissions", TRUE, m_database);
|
|
m_databaseActivityCursor = new TQSqlCursor("activity", TRUE, m_database);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
The AuthServer class handles new connections to the server. For every
|
|
client that connects, it creates a new AuthSocket -- that instance is now
|
|
responsible for the communication with that client.
|
|
*/
|
|
AuthServer::AuthServer(TQObject* parent) :
|
|
TQServerSocket( 4004, 1, parent ), m_database(NULL) {
|
|
|
|
m_config = new KSimpleConfig("remotefpga_authserver.conf", false);
|
|
|
|
if (connectToDatabase() != 0) {
|
|
exit(1);
|
|
}
|
|
|
|
if ( !ok() ) {
|
|
printf("[ERROR] Failed to bind to port 4004\n\r");
|
|
exit(1);
|
|
}
|
|
|
|
printf("[INFO] Server started on port 4004\n\r"); fflush(stdout);
|
|
}
|
|
|
|
AuthServer::~AuthServer() {
|
|
if (m_database) {
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
}
|
|
|
|
delete m_config;
|
|
}
|
|
|
|
int AuthServer::connectToDatabase() {
|
|
m_config->setGroup("Database");
|
|
|
|
m_database = TQSqlDatabase::addDatabase(m_config->readEntry("driver"));
|
|
m_database->setDatabaseName(m_config->readEntry("database"));
|
|
m_database->setUserName(m_config->readEntry("username"));
|
|
m_database->setPassword(m_config->readEntry("password"));
|
|
m_database->setHostName(m_config->readEntry("server"));
|
|
|
|
if(!m_database->open()) {
|
|
printf("[ERROR] Failed to connect to control database on server '%s' [%s]\n\r", m_database->hostName().ascii(), m_database->lastError().text().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
if (!m_database->tables().contains("stations")) {
|
|
m_database->close();
|
|
printf("[ERROR] Control database '%s' on '%s' does not contain the required 'stations' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
if (!m_database->tables().contains("services")) {
|
|
m_database->close();
|
|
printf("[ERROR] Control database '%s' on '%s' does not contain the required 'services' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
if (!m_database->tables().contains("servicetypes")) {
|
|
m_database->close();
|
|
printf("[ERROR] Control database '%s' on '%s' does not contain the required 'servicetypes' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
if (!m_database->tables().contains("permissions")) {
|
|
m_database->close();
|
|
printf("[ERROR] Control database '%s' on '%s' does not contain the required 'permissions' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
if (!m_database->tables().contains("activity")) {
|
|
m_database->close();
|
|
printf("[ERROR] Control database '%s' on '%s' does not contain the required 'activity' table\n\r", m_database->databaseName().ascii(), m_database->hostName().ascii()); fflush(stdout);
|
|
TQSqlDatabase::removeDatabase(m_database);
|
|
m_database = NULL;
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
void AuthServer::newConnection(int socket) {
|
|
AuthSocket *s = new AuthSocket(socket, this);
|
|
s->m_remoteHost = s->peerAddress().toString();
|
|
printf("[DEBUG] New connection from %s\n\r", s->m_remoteHost.ascii());
|
|
if (s->initiateKerberosHandshake() != 0) {
|
|
printf("[DEBUG] Connection from %s closed due to Kerberos failure\n\r", s->m_remoteHost.ascii()); fflush(stdout);
|
|
ABORT_SOCKET(s)
|
|
return;
|
|
}
|
|
else {
|
|
connect(s, SIGNAL(connectionClosed()), s, SLOT(deleteLater()));
|
|
emit newConnect(s);
|
|
s->enterCommandLoop();
|
|
}
|
|
}
|