fixed compiler warnings; minor refactoring
authorVictor Kirhenshtein <victor@netxms.org>
Sun, 8 Oct 2017 11:08:31 +0000 (14:08 +0300)
committerVictor Kirhenshtein <victor@netxms.org>
Sun, 8 Oct 2017 11:08:31 +0000 (14:08 +0300)
src/server/core/cert.cpp
src/server/core/dctcolumn.cpp
src/server/core/mdsession.cpp
src/server/core/radius.cpp
src/server/core/session.cpp
src/server/core/userdb.cpp
src/server/include/nms_core.h
src/server/include/nms_users.h

index 749a86d..1505af0 100644 (file)
@@ -366,13 +366,13 @@ static BOOL CheckCommonName(X509 *cert, const TCHAR *cn)
 /**
  * Validate user's certificate
  */
-BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChallenge, BYTE *pSignature,
-                                                                         UINT32 dwSigLen, int nMappingMethod, const TCHAR *pszMappingData)
+bool ValidateUserCertificate(X509 *cert, const TCHAR *login, const BYTE *challenge, const BYTE *signature,
+                                                                         size_t sigLen, int mappingMethod, const TCHAR *mappingData)
 {
    BOOL bValid = FALSE;
 
    char subjectName[1024];
-   X509_NAME_oneline(X509_get_subject_name(pCert), subjectName, 1024);
+   X509_NAME_oneline(X509_get_subject_name(cert), subjectName, 1024);
 #ifdef UNICODE
    WCHAR certSubject[1024];
    MultiByteToWideChar(CP_UTF8, 0, subjectName, -1, certSubject, 1024);
@@ -380,7 +380,7 @@ BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChalleng
    const char *certSubject = subjectName;
 #endif
 
-       DbgPrintf(3, _T("Validating certificate \"%s\" for user %s"), certSubject, pszLogin);
+       DbgPrintf(3, _T("Validating certificate \"%s\" for user %s"), certSubject, login);
        s_certificateStoreLock.lock();
 
        if (s_trustedCertificateStore == NULL)
@@ -391,18 +391,18 @@ BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChalleng
        }
 
        // Validate signature
-       EVP_PKEY *pKey = X509_get_pubkey(pCert);
+       EVP_PKEY *pKey = X509_get_pubkey(cert);
        if (pKey != NULL)
        {
       BYTE hash[SHA1_DIGEST_SIZE];
-               CalculateSHA1Hash(pChallenge, CLIENT_CHALLENGE_SIZE, hash);
+               CalculateSHA1Hash(challenge, CLIENT_CHALLENGE_SIZE, hash);
                switch(EVP_PKEY_id(pKey))
                {
                        case EVP_PKEY_RSA:
-                               bValid = RSA_verify(NID_sha1, hash, SHA1_DIGEST_SIZE, pSignature, dwSigLen, EVP_PKEY_get1_RSA(pKey));
+                               bValid = RSA_verify(NID_sha1, hash, SHA1_DIGEST_SIZE, signature, static_cast<unsigned int>(sigLen), EVP_PKEY_get1_RSA(pKey));
                                break;
                        default:
-                               DbgPrintf(3, _T("Unknown key type %d in certificate \"%s\" for user %s"), EVP_PKEY_id(pKey), certSubject, pszLogin);
+                               DbgPrintf(3, _T("Unknown key type %d in certificate \"%s\" for user %s"), EVP_PKEY_id(pKey), certSubject, login);
                                break;
                }
        }
@@ -413,16 +413,15 @@ BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChalleng
                X509_STORE_CTX *pStore = X509_STORE_CTX_new();
                if (pStore != NULL)
                {
-                       X509_STORE_CTX_init(pStore, s_trustedCertificateStore, pCert, NULL);
+                       X509_STORE_CTX_init(pStore, s_trustedCertificateStore, cert, NULL);
                        bValid = X509_verify_cert(pStore);
                        X509_STORE_CTX_free(pStore);
                        DbgPrintf(3, _T("Certificate \"%s\" for user %s - validation %s"),
-                                 certSubject, pszLogin, bValid ? _T("successful") : _T("failed"));
+                                 certSubject, login, bValid ? _T("successful") : _T("failed"));
                }
                else
                {
                        TCHAR szBuffer[256];
-
                        DbgPrintf(3, _T("X509_STORE_CTX_new() failed: %s"), _ERR_error_tstring(ERR_get_error(), szBuffer));
                        bValid = FALSE;
                }
@@ -431,26 +430,25 @@ BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChalleng
        // Check user mapping
        if (bValid)
        {
-               switch(nMappingMethod)
+               switch(mappingMethod)
                {
                        case USER_MAP_CERT_BY_SUBJECT:
-                               bValid = !_tcsicmp(certSubject, CHECK_NULL_EX(pszMappingData));
+                               bValid = !_tcsicmp(certSubject, CHECK_NULL_EX(mappingData));
                                break;
                        case USER_MAP_CERT_BY_PUBKEY:
-                               bValid = CheckPublicKey(pKey, CHECK_NULL_EX(pszMappingData));
+                               bValid = CheckPublicKey(pKey, CHECK_NULL_EX(mappingData));
                                break;
                        case USER_MAP_CERT_BY_CN:
-            bValid = CheckCommonName(pCert, ((pszMappingData != NULL) && (*pszMappingData != 0)) ? pszMappingData : pszLogin);
+            bValid = CheckCommonName(cert, ((mappingData != NULL) && (*mappingData != 0)) ? mappingData : login);
                                break;
                        default:
-                               DbgPrintf(3, _T("Invalid certificate mapping method %d for user %s"), nMappingMethod, pszLogin);
+                               DbgPrintf(3, _T("Invalid certificate mapping method %d for user %s"), mappingMethod, login);
                                bValid = FALSE;
                                break;
                }
        }
 
        s_certificateStoreLock.unlock();
-
        return bValid;
 }
 
index 965b70e..9052e29 100644 (file)
@@ -45,7 +45,7 @@ DCTableColumn::DCTableColumn(NXCPMessage *msg, UINT32 baseId)
    if (msg->isFieldExist(baseId + 2))
        {
                UINT32 oid[256];
-               UINT32 len = msg->getFieldAsInt32Array(baseId + 2, 256, oid);
+               size_t len = msg->getFieldAsInt32Array(baseId + 2, 256, oid);
                if (len > 0)
                {
                        m_snmpOid = new SNMP_ObjectId(oid, len);
index 783b8aa..c7500a1 100644 (file)
@@ -498,14 +498,19 @@ void MobileDeviceSession::login(NXCPMessage *pRequest)
                                pCert = CertificateFromLoginMessage(pRequest);
                                if (pCert != NULL)
                                {
-                                       BYTE signature[256];
-                                       UINT32 dwSigLen;
-
-                                       dwSigLen = pRequest->getFieldAsBinary(VID_SIGNATURE, signature, 256);
-                                       dwResult = AuthenticateUser(szLogin, (TCHAR *)signature, dwSigLen, pCert,
-                                                                                                                m_challenge, &m_dwUserId, &userRights,
-                                                                                                                &changePasswd, &intruderLockout,
-                                                                                                                &closeOtherSessions, false, &graceLogins);
+               size_t sigLen;
+                                       const BYTE *signature = pRequest->getBinaryFieldPtr(VID_SIGNATURE, &sigLen);
+               if (signature != NULL)
+               {
+                  dwResult = AuthenticateUser(szLogin, reinterpret_cast<const TCHAR *>(signature), sigLen,
+                     pCert, m_challenge, &m_dwUserId, &userRights,
+                     &changePasswd, &intruderLockout,
+                     &closeOtherSessions, false, &graceLogins);
+               }
+               else
+               {
+                  dwResult = RCC_INVALID_REQUEST;
+               }
                                        X509_free(pCert);
                                }
                                else
index 62322e2..427cd57 100644 (file)
@@ -357,7 +357,11 @@ static void encrypt_attr_style_1(char *secret, char *vector, VALUE_PAIR *vp)
         * Oh, and sizeof(long) always == sizeof(void*) in our part of the
         * universe, right? (*BSD, Solaris, Linux, DEC Unix...)
         */
+#ifdef _WIN32
+   salt = htons((WORD)((((ULONG_PTR)vp ^ *(ULONG_PTR *)vector) & 0xffff) | 0x8000));
+#else
        salt = htons((WORD)((((long)vp ^ *(long *)vector) & 0xffff) | 0x8000));
+#endif
        memcpy(o, &salt, sizeof(salt));
        o += sizeof(salt);
 
index e2fe0db..de45bb2 100644 (file)
@@ -1748,14 +1748,18 @@ void ClientSession::login(NXCPMessage *pRequest)
                                pCert = CertificateFromLoginMessage(pRequest);
                                if (pCert != NULL)
                                {
-                                       BYTE signature[256];
-                                       UINT32 dwSigLen;
-
-                                       dwSigLen = pRequest->getFieldAsBinary(VID_SIGNATURE, signature, 256);
-                                       dwResult = AuthenticateUser(szLogin, (TCHAR *)signature, dwSigLen, pCert,
-                                                                                                                m_challenge, &m_dwUserId, &m_dwSystemAccess,
-                                                                                                                &changePasswd, &intruderLockout,
-                                                                                                                &closeOtherSessions, false, &graceLogins);
+               size_t sigLen;
+                                       const BYTE *signature = pRequest->getBinaryFieldPtr(VID_SIGNATURE, &sigLen);
+               if (signature != NULL)
+               {
+                  dwResult = AuthenticateUser(szLogin, reinterpret_cast<const TCHAR*>(signature), sigLen, 
+                        pCert, m_challenge, &m_dwUserId, &m_dwSystemAccess, &changePasswd, &intruderLockout,
+                        &closeOtherSessions, false, &graceLogins);
+               }
+               else
+               {
+                  dwResult = RCC_INVALID_REQUEST;
+               }
                                        X509_free(pCert);
                                }
                                else
index 996a7eb..eb8d4a9 100644 (file)
@@ -316,7 +316,7 @@ void SaveUsers(DB_HANDLE hdb, UINT32 watchdogId)
  * SSO server, ssoAuth must be set to true. Password expiration, change flag and grace
  * count ignored for SSO logins.
  */
-UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigLen, void *pCert,
+UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, size_t sigLen, void *pCert,
                         BYTE *pChallenge, UINT32 *pdwId, UINT64 *pdwSystemRights,
                                                           bool *pbChangePasswd, bool *pbIntruderLockout, bool *closeOtherSessions,
                                                           bool ssoAuth, UINT32 *graceLogins)
@@ -351,7 +351,7 @@ UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigL
          int method = user->getAuthMethod();
          if ((method == AUTH_CERT_OR_PASSWD) || (method == AUTH_CERT_OR_RADIUS))
          {
-            if (dwSigLen > 0)
+            if (sigLen > 0)
             {
                // certificate auth
                method = AUTH_CERTIFICATE;
@@ -365,7 +365,7 @@ UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigL
          switch(method)
          {
             case AUTH_NETXMS_PASSWORD:
-               if (dwSigLen == 0)
+               if (sigLen == 0)
                {
                   bPasswordValid = user->validatePassword(password);
                }
@@ -376,7 +376,7 @@ UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigL
                }
                break;
             case AUTH_RADIUS:
-               if (dwSigLen == 0)
+               if (sigLen == 0)
                {
                   bPasswordValid = RadiusAuth(login, password);
                }
@@ -387,11 +387,11 @@ UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigL
                }
                break;
             case AUTH_CERTIFICATE:
-               if ((dwSigLen != 0) && (pCert != NULL))
+               if ((sigLen != 0) && (pCert != NULL))
                {
 #ifdef _WITH_ENCRYPTION
-                  bPasswordValid = ValidateUserCertificate((X509 *)pCert, login, pChallenge,
-                                                           (BYTE *)password, dwSigLen,
+                  bPasswordValid = ValidateUserCertificate(static_cast<X509*>(pCert), login, pChallenge,
+                                                           reinterpret_cast<const BYTE*>(password), sigLen,
                                                            user->getCertMappingMethod(),
                                                            user->getCertMappingData());
 #else
index affa5b0..41124ee 100644 (file)
@@ -1161,9 +1161,9 @@ UINT32 ImportConfig(Config *config, UINT32 flags);
 
 #ifdef _WITH_ENCRYPTION
 X509 *CertificateFromLoginMessage(NXCPMessage *pMsg);
-BOOL ValidateUserCertificate(X509 *pCert, const TCHAR *pszLogin, BYTE *pChallenge,
-                                                                         BYTE *pSignature, UINT32 dwSigLen, int nMappingMethod,
-                                                                         const TCHAR *pszMappingData);
+bool ValidateUserCertificate(X509 *cert, const TCHAR *login, const BYTE *challenge,
+                                                                         const BYTE *signature, size_t sigLen, int mappingMethod,
+                                                                         const TCHAR *mappingData);
 bool ValidateAgentCertificate(X509 *cert);
 void ReloadCertificates();
 bool GetCertificateSubjectField(X509 *cert, int nid, TCHAR *buffer, size_t size);
index 380a395..043a710 100644 (file)
@@ -399,7 +399,7 @@ BOOL LoadUsers();
 void SaveUsers(DB_HANDLE hdb, UINT32 watchdogId);
 void SendUserDBUpdate(int code, UINT32 id, UserDatabaseObject *object);
 void SendUserDBUpdate(int code, UINT32 id);
-UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, UINT32 dwSigLen, void *pCert,
+UINT32 AuthenticateUser(const TCHAR *login, const TCHAR *password, size_t sigLen, void *pCert,
                         BYTE *pChallenge, UINT32 *pdwId, UINT64 *pdwSystemRights,
                                                           bool *pbChangePasswd, bool *pbIntruderLockout, bool *closeOtherSessions,
                                                           bool ssoAuth, UINT32 *graceLogins);