00001
00002
00003
00004
00005
00006 #include "authRequest.h"
00007 #include "authCheck.h"
00008 #include "icatHighLevelRoutines.h"
00009 #include "miscServerFunct.h"
00010
00011
00012
00013 #include <string>
00014
00015
00016
00017 #include "eirods_kvp_string_parser.h"
00018 #include "eirods_auth_constants.h"
00019
00020 int
00021 rsAuthCheck (rsComm_t *rsComm, authCheckInp_t *authCheckInp,
00022 authCheckOut_t **authCheckOut)
00023 {
00024 #ifdef RODS_CAT
00025 int status;
00026 int privLevel;
00027 int clientPrivLevel;
00028 authCheckOut_t *result;
00029 unsigned char *digest;
00030 char md5Buf[CHALLENGE_LEN+MAX_PASSWORD_LEN+2];
00031 MD5_CTX context;
00032 char ServerID[MAX_PASSWORD_LEN+2];
00033
00034 *authCheckOut = (authCheckOut_t*)malloc(sizeof(authCheckOut_t));
00035 memset((char *)*authCheckOut, 0, sizeof(authCheckOut_t));
00036
00037
00038
00039
00040
00041 std::string orig_resp = authCheckInp->response;
00042 eirods::kvp_map_t kvp;
00043 eirods::error ret = eirods::parse_kvp_string(
00044 orig_resp,
00045 kvp );
00046 std::string scheme;
00047 std::string response = authCheckInp->response;
00048 if( ret.ok() ) {
00049 if( kvp.end() != kvp.find( eirods::AUTH_SCHEME_KEY ) &&
00050 kvp.end() != kvp.find( eirods::AUTH_RESPONSE_KEY ) ) {
00051 response = kvp[ eirods::AUTH_RESPONSE_KEY ];
00052 scheme = kvp[ eirods::AUTH_SCHEME_KEY ];
00053 }
00054 }
00055 status = chlCheckAuth(
00056 rsComm,
00057 scheme.c_str(),
00058 authCheckInp->challenge,
00059 const_cast< char* >( response.c_str() ),
00060 authCheckInp->username,
00061 &privLevel,
00062 &clientPrivLevel );
00063 if (status < 0) {
00064 rodsLog (LOG_NOTICE,
00065 "rsAuthCheck: chlCheckAuth status = %d", status);
00066 }
00067
00068 if (status == 0) {
00069 int len, i;
00070 result = *authCheckOut;
00071 result->privLevel = privLevel;
00072 result->clientPrivLevel = clientPrivLevel;
00073
00074
00075 memset(md5Buf, 0, sizeof(md5Buf));
00076 strncpy(md5Buf, authCheckInp->challenge, CHALLENGE_LEN);
00077
00078 getZoneServerId("", ServerID);
00079 len = strlen(ServerID);
00080 digest = ( unsigned char* )malloc(RESPONSE_LEN+2);
00081 if (len <=0) {
00082 rodsLog (LOG_DEBUG,
00083 "rsAuthCheck: Warning, cannot authenticate this server to remote server, no LocalZoneSID defined in server.config", status);
00084 memset(digest, 0, RESPONSE_LEN);
00085 }
00086 else {
00087 strncpy(md5Buf+CHALLENGE_LEN, ServerID, len);
00088
00089 MD5Init (&context);
00090 MD5Update (&context, (unsigned char*)md5Buf,
00091 CHALLENGE_LEN+MAX_PASSWORD_LEN);
00092 MD5Final (digest, &context);
00093 for (i=0;i<RESPONSE_LEN;i++) {
00094 if (digest[i]=='\0') digest[i]++;
00095
00096 }
00097 }
00098 result->serverResponse = (char*)digest;
00099 }
00100
00101 return (status);
00102 #else
00103
00104 rodsServerHost_t *rodsServerHost;
00105 int status;
00106
00107 status = getAndConnRcatHostNoLogin (rsComm, MASTER_RCAT,
00108 rsComm->proxyUser.rodsZone, &rodsServerHost);
00109
00110 if (status < 0) {
00111 rodsLog (LOG_NOTICE,
00112 "rsAuthCheck:getAndConnRcatHostNoLogin() failed. erro=%d", status);
00113 return (status);
00114 }
00115
00116 if (rodsServerHost->localFlag == LOCAL_HOST) {
00117 return ( SYS_NO_ICAT_SERVER_ERR);
00118 } else {
00119 status = rcAuthCheck (rodsServerHost->conn, authCheckInp, authCheckOut);
00120 }
00121 return status;
00122 #endif
00123 }
00124