src/security-srv/server/security-server-main.c

   1 /*
   2  * security-server
   3  *
   4  *  Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
   5  *
   6  *  Contact: Bumjin Im <bj.im@samsung.com>
   7  *
   8  *  Licensed under the Apache License, Version 2.0 (the "License");
   9  *  you may not use this file except in compliance with the License.
  10  *  You may obtain a copy of the License at
  11  *
  12  *      http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  *  Unless required by applicable law or agreed to in writing, software
  15  *  distributed under the License is distributed on an "AS IS" BASIS,
  16  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17  *  See the License for the specific language governing permissions and
  18  *  limitations under the License
  19  *
  20  */
  21
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24 #include <unistd.h>
  25 #include <stdlib.h>
  26 #include <string.h>
  27 #include <sys/types.h>
  28 #include <errno.h>
  29 #include <signal.h>
  30 #include <pthread.h>
  31 #include <limits.h>
  32 #include <fcntl.h>
  33 #include <sys/smack.h>
  34
  35 #include "security-server-cookie.h"
  36 #include "security-server-common.h"
  37 #include "security-server-password.h"
  38 #include "security-server-comm.h"
  39
  40 /* Set cookie as a global variable */
  41 cookie_list *c_list;
  42 pthread_mutex_t cookie_mutex;
  43 int thread_status[SECURITY_SERVER_NUM_THREADS];
  44 struct security_server_thread_param {
  45         int client_sockfd;
  46         int server_sockfd;
  47         int thread_status;
  48 };
  49
  50 /************************************************************************************************/
  51 /* Just for test. This code must be removed on release */
  52 #include "security-server-util.h"
  53 /************************************************************************************************/
  54
  55 #if 0
  56 void printhex(unsigned char *data, int size)
  57 {
  58         int i;
  59         for(i=0;i<size;i++)
  60         {
  61                 if(data[i] < 0xF)
  62                         printf("0");
  63
  64                 printf("%X ", data[i]);
  65                 if(((i+1) % 16) == 0 && i != 0)
  66                         printf("\n");
  67         }
  68         printf("\n");
  69 }
  70
  71 void print_cookie(cookie_list *list)
  72 {
  73         int i;
  74         printf("%s", "cookie:\n");
  75         printhex(list->cookie, SECURITY_SERVER_COOKIE_LEN);
  76         printf("path_len: %d\n", list->path_len);
  77         printf("permission_len: %d\n", list->permission_len);
  78         printf("PID: %d\n", list->pid);
  79         printf("path: %s\n", list->path);
  80         printf("%s", "permissions: ");
  81         for(i=0;i<list->permission_len;i++)
  82         {
  83                 printf("%d ", list->permissions[i]);
  84         }
  85         printf("%s", "\n");
  86         printf("prev: %p\n", list->prev);
  87         printf("next: %p\n", list->next);
  88 }
  89 #endif
  90
  91 /* Object name is actually name of a Group ID *
  92  * This function opens /etc/group file and search group ID and
  93  * returns the string */
  94 int search_object_name(int gid, char *obj, int obj_size)
  95 {
  96         FILE *fp = NULL;
  97         char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
  98         int ret = 0, tmp_gid, bufsize;
  99         fp = fopen("/etc/group", "r");
 100         if(fp == NULL)
 101         {
 102                 /* cannot open /etc/group */
 103                 SEC_SVR_DBG("%s", "Cannot open /etc/group");
 104                 return SECURITY_SERVER_ERROR_FILE_OPERATION;
 105         }
 106
 107         linebuf = malloc(128);
 108         bufsize = 128;
 109         if(linebuf == NULL)
 110         {
 111                 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
 112                 SEC_SVR_DBG("%s", "cannot malloc()");
 113                 goto error;
 114         }
 115
 116         bzero(linebuf, bufsize);
 117         ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT;
 118         while(fgets(linebuf, bufsize, fp) != NULL)
 119         {
 120                 while(linebuf[bufsize -2] != 0)
 121                 {
 122                         linebuf[bufsize -1] = (char) fgetc(fp);
 123                         tempstr = realloc(linebuf, bufsize + 128);
 124                         if(tempstr == NULL)
 125                         {
 126                                 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
 127                                 goto error;
 128                         }
 129                         linebuf = tempstr;
 130                         bzero(linebuf + bufsize, 128);
 131                         fgets(linebuf + bufsize, 128, fp);
 132                         bufsize += 128;
 133                 }
 134
 135                 token = strtok(linebuf, ":");   /* group name */
 136                 if(token == NULL)
 137                 {
 138                         SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
 139                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 140                         goto error;
 141                 }
 142                 token2 = strtok(NULL, ":");     /* group password */
 143                 if(token2== NULL)
 144                 {
 145                         SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
 146                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 147                         goto error;
 148                 }
 149                 token2 = strtok(NULL, ":");     /* gid */
 150                 if(token2 == NULL)
 151                 {
 152                         SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
 153                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 154                         goto error;
 155                 }
 156
 157                 errno = 0;
 158                 tmp_gid = strtoul(token2, 0, 10);
 159                 if (errno != 0)
 160                 {
 161                         SEC_SVR_DBG("cannot change string to integer [%s]", token2);
 162                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 163                         goto error;
 164                 }
 165
 166                 if(tmp_gid == gid)
 167                 {
 168                         /* We found it */
 169                         if(strlen(token) > obj_size)
 170                         {
 171                                 ret = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
 172                                 SEC_SVR_DBG("buffer is too small. %d --> %d", obj_size, strlen(token));
 173                                 goto error;
 174                         }
 175                         strncpy(obj, token, strlen(token));
 176                         obj[strlen(token)] = 0;
 177                         ret = SECURITY_SERVER_SUCCESS;
 178                         break;
 179                 }
 180                 bzero(linebuf, bufsize);
 181         }
 182
 183 error:
 184         if(linebuf != NULL)
 185                 free(linebuf);
 186         if(fp != NULL)
 187                 fclose(fp);
 188         return ret;
 189 }
 190
 191 /* Search GID from group name *
 192  * This function opens /etc/group and search group name by given gid */
 193 int search_gid(const char *obj)
 194 {
 195         FILE *fp = NULL;
 196         char *linebuf = NULL, *token = NULL, *token2, *tempstr = NULL;
 197         int ret = SECURITY_SERVER_ERROR_NO_SUCH_OBJECT, tmp_gid, bufsize;
 198
 199         SEC_SVR_DBG("Searching for object %s", obj);
 200
 201         fp = fopen("/etc/group", "r");
 202         if(fp == NULL)
 203         {
 204                 /* cannot open /etc/group */
 205                 SEC_SVR_DBG("%s", "cannot open /etc/group");
 206                 return SECURITY_SERVER_ERROR_FILE_OPERATION;
 207         }
 208
 209         linebuf = malloc(128);
 210         bufsize = 128;
 211         if(linebuf == NULL)
 212         {
 213                 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
 214                 SEC_SVR_DBG("%s", "Out Of Memory");
 215                 goto error;
 216         }
 217
 218         bzero(linebuf, bufsize);
 219         while(fgets(linebuf, bufsize, fp) != NULL)
 220         {
 221                 while(linebuf[bufsize -2] != 0 )
 222                 {
 223                         linebuf[bufsize -1] = (char) fgetc(fp);
 224                         tempstr = realloc(linebuf, bufsize + 128);
 225                         if(tempstr == NULL)
 226                         {
 227                                 ret = SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
 228                                 goto error;
 229                         }
 230                         linebuf = tempstr;
 231                         bzero(linebuf + bufsize, 128);
 232                         fgets(linebuf + bufsize, 128, fp);
 233                         bufsize += 128;
 234                 }
 235
 236                 token = strtok(linebuf, ":");   /* group name */
 237                 token2 = strtok(NULL, ":");     /* group password */
 238                 token2 = strtok(NULL, ":");     /* gid */
 239                 if(token2 == NULL)
 240                 {
 241                         SEC_SVR_DBG("/etc/group is not valid. cannot find gid: [%s]", linebuf);
 242                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 243                         goto error;
 244                 }
 245                 errno = 0;
 246                 tmp_gid = strtoul(token2, 0, 10);
 247                 if ( errno != 0 )
 248                 {
 249                         SEC_SVR_DBG("cannot change string to integer [%s]", token2);
 250                         ret = SECURITY_SERVER_ERROR_SERVER_ERROR;
 251                         goto error;
 252                 }
 253
 254                 if(strcmp(obj, token) == 0)
 255                 {
 256                         /* We found it */
 257                         ret = tmp_gid;
 258                         SEC_SVR_DBG("GID of %s is found: %d", obj, ret);
 259                         break;
 260                 }
 261                 bzero(linebuf, bufsize);
 262         }
 263
 264 error:
 265         if(linebuf != NULL)
 266                 free(linebuf);
 267         if(fp != NULL)
 268                 fclose(fp);
 269         return ret;
 270 }
 271
 272 /* Signal handler for processes */
 273 static void security_server_sig_child(int signo, siginfo_t *info, void *data)
 274 {
 275         int status;
 276         pid_t child_pid;
 277         pid_t child_pgid;
 278
 279         child_pgid = getpgid(info->si_pid);
 280         SEC_SVR_DBG("Signal handler: dead_pid=%d, pgid=%d",info->si_pid,child_pgid);
 281
 282         while ((child_pid = waitpid(-1, &status, WNOHANG)) > 0) {
 283                 if(child_pid == child_pgid)
 284                         killpg(child_pgid,SIGKILL);
 285         }
 286
 287         return;
 288 }
 289
 290 /* Execute a debugging tool by fork() and execve() */
 291 int execute_debug_tool(int argc, char *const *argv, int server_sockfd, int client_sockfd)
 292 {
 293         int ret, i;
 294         SEC_SVR_DBG("%s", "Executing tool");
 295
 296         ret = fork();
 297         if(ret == 0)
 298         {
 299                 close(client_sockfd);
 300                 close(server_sockfd);
 301                 setsid();
 302
 303                 for(i=0;i<_NSIG;i++)
 304                         signal(i, SIG_DFL);
 305
 306                 ret = execv(argv[0], argv);
 307                 if(ret == -1)
 308                 {
 309                         SEC_SVR_DBG("Error:Failed to execute [%d]", errno);
 310                         exit(-1);
 311                 }
 312         }
 313         if(ret < 0)
 314         {
 315                 SEC_SVR_DBG("Error: Failed to fork [%d]", errno);
 316                 return SECURITY_SERVER_ERROR_SERVER_ERROR;
 317         }
 318         return SECURITY_SERVER_SUCCESS;
 319 }
 320
 321 int process_cookie_request(int sockfd)
 322 {
 323         int retval, client_pid, client_uid;
 324         cookie_list *created_cookie = NULL;
 325
 326         /* Authenticate client */
 327         retval = authenticate_client_application(sockfd, &client_pid, &client_uid);
 328         if(retval != SECURITY_SERVER_SUCCESS)
 329         {
 330                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 331                 retval = send_generic_response(sockfd,
 332                                 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
 333                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 334                 if(retval != SECURITY_SERVER_SUCCESS)
 335                 {
 336                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 337                 }
 338                 goto error;
 339         }
 340         /* If client application is root process, just respond default cookie */
 341     /*
 342         if( client_uid == 0)
 343         {
 344                 SEC_SVR_DBG("%s", "Requested application is a root process");
 345                 created_cookie = c_list;
 346                 if(c_list == NULL)
 347                 {
 348                         SEC_SVR_DBG("%s", "Cannot read default cookie");
 349                         goto error;
 350                 }
 351         }
 352         else
 353         {
 354     */
 355         //TODO: Remove above code if there will be no crashes without it
 356         //All process should be treaded the same
 357                 /* Create a new cookie. or find existing one */
 358                 pthread_mutex_lock(&cookie_mutex);
 359                 created_cookie = create_cookie_item(client_pid, sockfd, c_list);
 360                 pthread_mutex_unlock(&cookie_mutex);
 361                 if(created_cookie == NULL)
 362                 {
 363                         SEC_SVR_DBG("%s","Cannot create a cookie");
 364                         goto error;
 365                 }
 366
 367     //let others know if this cookie belongs to root process
 368     if(client_uid == 0)
 369         created_cookie->is_roots_process = 1;
 370     else
 371         created_cookie->is_roots_process = 0;
 372
 373         //}
 374         /* send cookie as response */
 375         retval = send_cookie(sockfd, created_cookie->cookie);
 376         if(retval != SECURITY_SERVER_SUCCESS)
 377         {
 378                 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 379         }
 380         SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
 381                     created_cookie->pid,
 382                     (created_cookie->smack_label)?(created_cookie->smack_label):"NULL");
 383
 384         SEC_SVR_DBG("%s", "Server: Cookie has been sent to client");
 385
 386 error:
 387         return retval;
 388 }
 389
 390 int process_check_privilege_request(int sockfd)
 391 {
 392         /* Authenticate client */
 393         int retval, client_pid, requested_privilege;
 394         unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
 395         cookie_list *search_result = NULL;
 396
 397         retval = authenticate_client_middleware(sockfd, &client_pid);
 398         if(retval != SECURITY_SERVER_SUCCESS)
 399         {
 400                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 401                 retval = send_generic_response(sockfd,
 402                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
 403                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 404                 if(retval != SECURITY_SERVER_SUCCESS)
 405                 {
 406                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 407                 }
 408                 goto error;;
 409         }
 410
 411         retval = recv_check_privilege_request(sockfd,
 412                                 requested_cookie, &requested_privilege);
 413         if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
 414         {
 415                 SEC_SVR_DBG("%s", "Receiving request failed");
 416                 retval = send_generic_response(sockfd,
 417                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
 418                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 419                 if(retval != SECURITY_SERVER_SUCCESS)
 420                 {
 421                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 422                 }
 423                 goto error;;
 424         }
 425
 426         if(requested_privilege < 1)
 427         {
 428                 SEC_SVR_DBG("Requiring bad privilege [%d]", requested_privilege);
 429                 retval = send_generic_response(sockfd,
 430                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
 431                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 432                 if(retval != SECURITY_SERVER_SUCCESS)
 433                 {
 434                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 435                 }
 436                 goto error;
 437         }
 438
 439         /* Search cookie list */
 440         pthread_mutex_lock(&cookie_mutex);
 441         search_result = search_cookie(c_list, requested_cookie, requested_privilege);
 442         pthread_mutex_unlock(&cookie_mutex);
 443         if(search_result != NULL)
 444         {
 445                 /* We found */
 446                 SEC_SVR_DBG("We found the cookie with %d privilege and pid:%d", requested_privilege, client_pid);
 447                 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
 448                 retval = send_generic_response(sockfd,
 449                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
 450                                 SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
 451                 if(retval != SECURITY_SERVER_SUCCESS)
 452                 {
 453                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 454                 }
 455         }
 456         else
 457         {
 458                 /* It's not exist */
 459                 SEC_SVR_DBG("Could not find the cookie with %d privilege", requested_privilege);
 460                 retval = send_generic_response(sockfd,
 461                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
 462                                 SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
 463                 if(retval != SECURITY_SERVER_SUCCESS)
 464                 {
 465                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 466                 }
 467         }
 468 error:
 469         return retval;
 470 }
 471
 472 int process_check_privilege_new_request(int sockfd)
 473 {
 474         /* Authenticate client */
 475         int retval, client_pid, requested_privilege;
 476         unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
 477         cookie_list *search_result = NULL;
 478         char object_label[MAX_OBJECT_LABEL_LEN+1];
 479         char access_rights[MAX_MODE_STR_LEN+1];
 480
 481         retval = authenticate_client_middleware(sockfd, &client_pid);
 482         if(retval != SECURITY_SERVER_SUCCESS)
 483         {
 484                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 485                 retval = send_generic_response(sockfd,
 486                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
 487                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 488                 if(retval != SECURITY_SERVER_SUCCESS)
 489                 {
 490                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 491                 }
 492                 goto error;;
 493         }
 494
 495         retval = recv_check_privilege_new_request(
 496                      sockfd, requested_cookie, object_label, access_rights);
 497         if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
 498         {
 499                 SEC_SVR_DBG("%s", "Receiving request failed");
 500                 retval = send_generic_response(sockfd,
 501                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
 502                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 503                 if(retval != SECURITY_SERVER_SUCCESS)
 504                 {
 505                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 506                 }
 507                 goto error;;
 508         }
 509
 510         /* Search cookie list */
 511         pthread_mutex_lock(&cookie_mutex);
 512         search_result = search_cookie_new(c_list, requested_cookie, object_label, access_rights);
 513         pthread_mutex_unlock(&cookie_mutex);
 514
 515         if(search_result != NULL)
 516     {
 517                 /* We found */
 518                 SEC_SVR_DBG("We found the cookie with %s rights and pid:%d", access_rights, client_pid);
 519                 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
 520                 retval = send_generic_response(sockfd,
 521                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
 522                                 SECURITY_SERVER_RETURN_CODE_ACCESS_GRANTED);
 523                 if(retval != SECURITY_SERVER_SUCCESS)
 524                 {
 525                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 526                 }
 527         }
 528         else
 529         {
 530                 /* It's not exist */
 531                 SEC_SVR_DBG("Could not find the cookie with %s rights", access_rights);
 532                 retval = send_generic_response(sockfd,
 533                                 SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
 534                                 SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
 535                 if(retval != SECURITY_SERVER_SUCCESS)
 536                 {
 537                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 538                 }
 539         }
 540 error:
 541         return retval;
 542
 543
 544 }
 545
 546 int process_object_name_request(int sockfd)
 547 {
 548         int retval, client_pid, requested_privilege;
 549         char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
 550
 551         /* Authenticate client */
 552         retval = authenticate_client_middleware(sockfd, &client_pid);
 553         if(retval != SECURITY_SERVER_SUCCESS)
 554         {
 555                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 556                 retval = send_generic_response(sockfd,
 557                                 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
 558                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 559                 if(retval != SECURITY_SERVER_SUCCESS)
 560                 {
 561                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 562                 }
 563                 goto error;
 564         }
 565
 566         /* Receive GID */
 567         retval = read(sockfd, &requested_privilege, sizeof(requested_privilege));
 568         if (retval < sizeof(requested_privilege))
 569         {
 570                 SEC_SVR_DBG("%s", "Receiving request failed");
 571                 retval = send_generic_response(sockfd,
 572                                 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
 573                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 574                 if(retval != SECURITY_SERVER_SUCCESS)
 575                 {
 576                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 577                 }
 578                 goto error;
 579         }
 580
 581         /* Search from /etc/group */
 582         retval = search_object_name(requested_privilege,
 583                         object_name,
 584                         SECURITY_SERVER_MAX_OBJ_NAME);
 585         if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
 586         {
 587                 /* It's not exist */
 588                 SEC_SVR_DBG("There is no such object for gid [%d]", requested_privilege);
 589                 retval = send_generic_response(sockfd,
 590                                 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
 591                                 SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
 592                 if(retval != SECURITY_SERVER_SUCCESS)
 593                 {
 594                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 595                 }
 596                 goto error;
 597         }
 598         if(retval != SECURITY_SERVER_SUCCESS)
 599         {
 600                 /* Error occurred */
 601                 SEC_SVR_DBG("Error on searching object name [%d]", retval);
 602                 retval = send_generic_response(sockfd,
 603                                 SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE,
 604                                 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
 605                 if(retval != SECURITY_SERVER_SUCCESS)
 606                 {
 607                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 608                 }
 609                 goto error;
 610         }
 611
 612         /* We found */
 613         SEC_SVR_DBG("We found object: %s", object_name);
 614         retval = send_object_name(sockfd, object_name);
 615         if(retval != SECURITY_SERVER_SUCCESS)
 616         {
 617                 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 618         }
 619
 620 error:
 621         return retval;
 622 }
 623
 624 int process_gid_request(int sockfd, int msg_len)
 625 {
 626         int retval, client_pid;
 627         char object_name[SECURITY_SERVER_MAX_OBJ_NAME];
 628         /* Authenticate client as middleware daemon */
 629         retval = authenticate_client_middleware(sockfd, &client_pid);
 630         if(retval != SECURITY_SERVER_SUCCESS)
 631         {
 632                 SEC_SVR_DBG("%s", "Client authentication failed");
 633                 retval = send_generic_response(sockfd,
 634                                 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
 635                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 636                 if(retval != SECURITY_SERVER_SUCCESS)
 637                 {
 638                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 639                 }
 640                 goto error;
 641         }
 642
 643         if(msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
 644         {
 645                 /* Too big ojbect name */
 646                 SEC_SVR_DBG("%s", "Object name is too big");
 647                 retval = send_generic_response(sockfd,
 648                                 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
 649                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 650                 if(retval != SECURITY_SERVER_SUCCESS)
 651                 {
 652                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 653                 }
 654                 goto error;
 655         }
 656
 657         /* Receive group name */
 658         retval = read(sockfd, object_name, msg_len);
 659         if (retval < msg_len )
 660         {
 661                 SEC_SVR_DBG("%s", "Failed to read object name");
 662                 retval = send_generic_response(sockfd,
 663                                 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
 664                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 665                 if(retval != SECURITY_SERVER_SUCCESS)
 666                 {
 667                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 668                 }
 669                 goto error;
 670         }
 671         object_name[msg_len] = 0;
 672
 673         /* Search /etc/group for the given group name */
 674         retval = search_gid(object_name);
 675         if (retval == SECURITY_SERVER_ERROR_NO_SUCH_OBJECT)
 676         {
 677                 /* Not exist */
 678                 SEC_SVR_DBG("The object [%s] is not exist", object_name);
 679                 retval = send_generic_response(sockfd,
 680                                 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
 681                                 SECURITY_SERVER_RETURN_CODE_NO_SUCH_OBJECT);
 682                 if(retval != SECURITY_SERVER_SUCCESS)
 683                 {
 684                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 685                 }
 686                 goto error;
 687         }
 688
 689         if(retval < 0)
 690         {
 691                 /* Error occurred */
 692                 SEC_SVR_DBG("Cannot send the response. %d", retval);
 693                 retval = send_generic_response(sockfd,
 694                                 SECURITY_SERVER_MSG_TYPE_GID_RESPONSE,
 695                                 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
 696                 if(retval != SECURITY_SERVER_SUCCESS)
 697                 {
 698                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 699                 }
 700
 701                 goto error;
 702         }
 703         /* We found */
 704         retval = send_gid(sockfd, retval);
 705         if(retval != SECURITY_SERVER_SUCCESS)
 706         {
 707                 SEC_SVR_DBG("ERROR: Cannot gid response: %d", retval);
 708         }
 709 error:
 710         return retval;
 711 }
 712
 713 int process_pid_request(int sockfd)
 714 {
 715         int retval, client_pid;
 716         unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
 717         cookie_list *search_result = NULL;
 718
 719         /* Authenticate client */
 720         retval = authenticate_client_middleware(sockfd, &client_pid);
 721         if(retval != SECURITY_SERVER_SUCCESS)
 722         {
 723                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 724                 retval = send_generic_response(sockfd,
 725                                 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
 726                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 727                 if(retval != SECURITY_SERVER_SUCCESS)
 728                 {
 729                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 730                 }
 731                 goto error;
 732         }
 733
 734         retval = recv_pid_request(sockfd, requested_cookie);
 735         if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
 736         {
 737                 SEC_SVR_DBG("%s", "Receiving request failed");
 738                 retval = send_generic_response(sockfd,
 739                                 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
 740                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 741                 if(retval != SECURITY_SERVER_SUCCESS)
 742                 {
 743                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 744                 }
 745                 goto error;
 746         }
 747
 748         /* Search cookie list */
 749         pthread_mutex_lock(&cookie_mutex);
 750         search_result = search_cookie(c_list, requested_cookie, 0);
 751         pthread_mutex_unlock(&cookie_mutex);
 752         if(search_result != NULL)
 753         {
 754                 /* We found */
 755                 SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid);
 756                 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
 757                 retval = send_pid(sockfd, search_result->pid);
 758
 759                 if(retval != SECURITY_SERVER_SUCCESS)
 760                 {
 761                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 762                 }
 763         }
 764         else
 765         {
 766                 /* It's not exist */
 767                 SEC_SVR_DBG("%s", "Could not find the cookie");
 768                 retval = send_generic_response(sockfd,
 769                                 SECURITY_SERVER_MSG_TYPE_PID_RESPONSE,
 770                                 SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
 771                 if(retval != SECURITY_SERVER_SUCCESS)
 772                 {
 773                         SEC_SVR_DBG("ERROR: Cannot send pid response: %d", retval);
 774                 }
 775         }
 776 error:
 777         return retval;
 778 }
 779
 780 int process_smack_request(int sockfd)
 781 {
 782         int retval, client_pid;
 783         unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
 784         cookie_list *search_result = NULL;
 785     //handler for SMACK label
 786     char * label = NULL;
 787     //buffer for storing file path
 788     const int BUFFSIZE = 30;
 789     char path[BUFFSIZE];
 790     int fd;
 791
 792         /* Authenticate client */
 793         retval = authenticate_client_middleware(sockfd, &client_pid);
 794         if(retval != SECURITY_SERVER_SUCCESS)
 795         {
 796                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 797                 retval = send_generic_response(sockfd,
 798                                 SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
 799                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 800                 if(retval != SECURITY_SERVER_SUCCESS)
 801                 {
 802                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 803                 }
 804                 goto error;
 805         }
 806
 807         retval = recv_smack_request(sockfd, requested_cookie);
 808         if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
 809         {
 810                 SEC_SVR_DBG("%s", "Receiving request failed");
 811                 retval = send_generic_response(sockfd,
 812                                 SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
 813                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 814                 if(retval != SECURITY_SERVER_SUCCESS)
 815                 {
 816                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 817                 }
 818                 goto error;
 819         }
 820
 821         /* Search cookie list */
 822         pthread_mutex_lock(&cookie_mutex);
 823         search_result = search_cookie(c_list, requested_cookie, 0);
 824         pthread_mutex_unlock(&cookie_mutex);
 825         if(search_result != NULL)
 826         {
 827                 /* We found */
 828                 SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid);
 829                 SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
 830
 831         //clearing buffer
 832         memset(path, 0x00, BUFFSIZE);
 833
 834         //preparing file path
 835         snprintf(path, BUFFSIZE, "/proc/%d/attr/current", search_result->pid);
 836         SEC_SVR_DBG("Path to file: %s\n", path);
 837
 838         //allocation place for label
 839         label = calloc(SMACK_LABEL_LEN, 1);
 840         if(NULL == label)
 841         {
 842             SEC_SVR_DBG("Client ERROR: Memory allocation error");
 843             goto error;
 844         }
 845
 846         //clearing buffer for label
 847         memset(label, 0x00, SMACK_LABEL_LEN);
 848
 849         //opening file /proc/<pid>/attr/curent with SMACK label
 850         fd = open(path, O_RDONLY);
 851         if(fd < 0)
 852         {
 853             SEC_SVR_DBG("Client ERROR: Unable to open file in /proc");
 854             goto error;
 855         }
 856
 857         //reading label from file, it is NOT NULL TERMINATED
 858         retval = read(fd, label, SMACK_LABEL_LEN);
 859         close(fd);
 860         if(retval < 0)
 861         {
 862             SEC_SVR_DBG("Client ERROR: Unable to read from file");
 863             goto error;
 864         }
 865
 866         SEC_SVR_DBG("Readed label is: %s\n", label);
 867
 868                 retval = send_smack(sockfd, label);
 869
 870                 if(retval != SECURITY_SERVER_SUCCESS)
 871                 {
 872                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 873                 }
 874         }
 875         else
 876         {
 877                 /* It's not exist */
 878                 SEC_SVR_DBG("%s", "Could not find the cookie");
 879                 retval = send_generic_response(sockfd,
 880                                 SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
 881                                 SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
 882                 if(retval != SECURITY_SERVER_SUCCESS)
 883                 {
 884                         SEC_SVR_DBG("ERROR: Cannot send SMACK label response: %d", retval);
 885                 }
 886         }
 887 error:
 888     if(NULL != label)
 889         free(label);
 890
 891         return retval;
 892 }
 893
 894 int process_tool_request(int client_sockfd, int server_sockfd)
 895 {
 896         int retval, argcnum;
 897         char **recved_argv = NULL;
 898
 899         /* Authenticate client */
 900         retval = authenticate_developer_shell(client_sockfd);
 901         if(retval != SECURITY_SERVER_SUCCESS)
 902         {
 903                 SEC_SVR_DBG("%s", "Client Authentication Failed");
 904                 retval = send_generic_response(client_sockfd,
 905                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 906                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
 907                 if(retval != SECURITY_SERVER_SUCCESS)
 908                 {
 909                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 910                 }
 911                 goto error;
 912         }
 913
 914         /* Receive Total number of argv */
 915         argcnum = 0;
 916         retval = read(client_sockfd, &argcnum, sizeof(int));
 917         if((retval < sizeof(int)) || argcnum > (UINT_MAX/sizeof(char *))-2 || argcnum < 0)
 918         {
 919                 SEC_SVR_DBG("Error: argc recieve failed: %d", retval);
 920                 retval = send_generic_response(client_sockfd,
 921                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 922                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 923                 if(retval != SECURITY_SERVER_SUCCESS)
 924                 {
 925                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 926                 }
 927                 goto error;
 928         }
 929         argcnum += 2;
 930         recved_argv = (char **)malloc(sizeof(char *) * argcnum);
 931         if(recved_argv == NULL)
 932         {
 933                 SEC_SVR_DBG("Error: malloc() failed: %d", retval);
 934                 retval = send_generic_response(client_sockfd,
 935                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 936                                 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
 937                 if(retval != SECURITY_SERVER_SUCCESS)
 938                 {
 939                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 940                 }
 941                 goto error;
 942         }
 943         memset(recved_argv, 0, sizeof(char *) * argcnum);
 944
 945         retval = recv_launch_tool_request(client_sockfd, argcnum -1, recved_argv);
 946         if(retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY)
 947         {
 948                 SEC_SVR_DBG("%s", "Receiving request failed");
 949                 recved_argv = NULL;
 950                 retval = send_generic_response(client_sockfd,
 951                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 952                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 953                 if(retval != SECURITY_SERVER_SUCCESS)
 954                 {
 955                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 956                 }
 957                 goto error;
 958         }
 959         if(argcnum < 2)
 960         {
 961                 SEC_SVR_DBG("Error: Too small number of argv [%d]", argcnum);
 962                 retval = send_generic_response(client_sockfd,
 963                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 964                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
 965                 if(retval != SECURITY_SERVER_SUCCESS)
 966                 {
 967                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 968                 }
 969                 goto error;
 970         }
 971         /* Execute the command */
 972         retval = execute_debug_tool(argcnum, recved_argv, server_sockfd, client_sockfd);
 973         if(retval != SECURITY_SERVER_SUCCESS)
 974         {
 975                 SEC_SVR_DBG("Error: Cannot execute debug tool [%d]", retval);
 976                 retval = send_generic_response(client_sockfd,
 977                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 978                                 SECURITY_SERVER_RETURN_CODE_SERVER_ERROR);
 979                 if(retval != SECURITY_SERVER_SUCCESS)
 980                 {
 981                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 982                 }
 983         }
 984         else
 985         {
 986                 SEC_SVR_DBG("%s", "Tool has been executed");
 987                 retval = send_generic_response(client_sockfd,
 988                                 SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE,
 989                                 SECURITY_SERVER_RETURN_CODE_SUCCESS);
 990                 if(retval != SECURITY_SERVER_SUCCESS)
 991                 {
 992                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
 993                 }
 994         }
 995 error:
 996         if(recved_argv != NULL)
 997         {
 998                 /* Free */
 999                 free_argv(recved_argv, argcnum);
1000                 recved_argv = NULL;
1001                 argcnum =0;;
1002         }
1003         return retval;
1004 }
1005
1006 void *security_server_thread(void *param)
1007 {
1008         int client_sockfd = -1, client_uid, client_pid;
1009         int server_sockfd, retval, argcnum;
1010         basic_header basic_hdr;
1011         struct security_server_thread_param *my_param;
1012
1013         my_param = (struct security_server_thread_param *) param;
1014         client_sockfd = my_param->client_sockfd;
1015         server_sockfd = my_param->server_sockfd;
1016
1017         /* Receive request header */
1018         retval = recv_hdr(client_sockfd, &basic_hdr);
1019         if(retval == SECURITY_SERVER_ERROR_TIMEOUT || retval == SECURITY_SERVER_ERROR_RECV_FAILED
1020                 || retval == SECURITY_SERVER_ERROR_SOCKET)
1021         {
1022                 SEC_SVR_DBG("Receiving header error [%d]",retval);
1023                 close(client_sockfd);
1024                 client_sockfd = -1;
1025                 goto error;;
1026         }
1027
1028         if(retval != SECURITY_SERVER_SUCCESS)
1029         {
1030                 /* Response */
1031                 SEC_SVR_DBG("Receiving header error [%d]",retval);
1032                 retval = send_generic_response(client_sockfd,
1033                                 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1034                                 SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
1035                 if(retval != SECURITY_SERVER_SUCCESS)
1036                 {
1037                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1038                         goto error;
1039                 }
1040                 safe_server_sock_close(client_sockfd);
1041                 client_sockfd = -1;
1042                 goto error;
1043         }
1044
1045         /* Act different for request message ID */
1046         switch(basic_hdr.msg_id)
1047         {
1048                 case SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST:
1049                         SEC_SVR_DBG("%s", "Cookie request received");
1050                         process_cookie_request(client_sockfd);
1051                         break;
1052
1053                 case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST:
1054                         SEC_SVR_DBG("%s", "Privilege check received");
1055                         process_check_privilege_request(client_sockfd);
1056                         break;
1057
1058                 case SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_REQUEST:
1059                         SEC_SVR_DBG("%s", "Privilege check (new mode) received");
1060                         process_check_privilege_new_request(client_sockfd);
1061                         break;
1062
1063                 case SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_REQUEST:
1064                         SEC_SVR_DBG("%s", "Get object name request received");
1065                         process_object_name_request(client_sockfd);
1066                         break;
1067
1068                 case SECURITY_SERVER_MSG_TYPE_GID_REQUEST:
1069                         SEC_SVR_DBG("%s", "Get GID received");
1070                         process_gid_request(client_sockfd, (int)basic_hdr.msg_len);
1071                         break;
1072
1073                 case SECURITY_SERVER_MSG_TYPE_PID_REQUEST:
1074                         SEC_SVR_DBG("%s", "pid request received");
1075                         process_pid_request(client_sockfd);
1076                         break;
1077
1078                 case SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST:
1079                         SEC_SVR_DBG("%s", "SMACK label request received");
1080                         process_smack_request(client_sockfd);
1081                         break;
1082
1083                 case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST:
1084                         SEC_SVR_DBG("%s", "launch tool request received");
1085                         process_tool_request(client_sockfd, server_sockfd);
1086                         break;
1087
1088                 case SECURITY_SERVER_MSG_TYPE_VALID_PWD_REQUEST:
1089                         SEC_SVR_DBG("%s", "Server: validate password request received");
1090                         process_valid_pwd_request(client_sockfd);
1091                         break;
1092
1093                 case SECURITY_SERVER_MSG_TYPE_SET_PWD_REQUEST:
1094                         SEC_SVR_DBG("%s", "Server: set password request received");
1095                         process_set_pwd_request(client_sockfd);
1096                         break;
1097
1098                 case SECURITY_SERVER_MSG_TYPE_RESET_PWD_REQUEST:
1099                         SEC_SVR_DBG("%s", "Server: reset password request received");
1100                         process_reset_pwd_request(client_sockfd);
1101                         break;
1102
1103                 case SECURITY_SERVER_MSG_TYPE_CHK_PWD_REQUEST:
1104                         SEC_SVR_DBG("%s", "Server: check password request received");
1105                         process_chk_pwd_request(client_sockfd);
1106                         break;
1107
1108                 case SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_REQUEST:
1109                         SEC_SVR_DBG("%s", "Server: set password histroy request received");
1110                         process_set_pwd_history_request(client_sockfd);
1111                         break;
1112
1113                 case SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_REQUEST:
1114                     SEC_SVR_DBG("%s", "Server: set password max challenge request received");
1115                     process_set_pwd_max_challenge_request(client_sockfd);
1116                     break;
1117
1118         case SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST:
1119             SEC_SVR_DBG("%s", "Server: set password validity request received");
1120             process_set_pwd_validity_request(client_sockfd);
1121             break;
1122
1123 /************************************************************************************************/
1124 /* Just for test. This code must be removed on release */
1125                 case SECURITY_SERVER_MSG_TYPE_GET_ALL_COOKIES_REQUEST:
1126                         SEC_SVR_DBG("%s", "all cookie info request received -- NEED TO BE DELETED ON RELEASE");
1127                         retval = authenticate_client_application(client_sockfd, &client_pid, &client_uid);
1128                         if(retval != SECURITY_SERVER_SUCCESS)
1129                         {
1130                                 SEC_SVR_DBG("%s", "Client Authentication Failed");
1131                                 retval = send_generic_response(client_sockfd,
1132                                                 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1133                                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1134                                 if(retval != SECURITY_SERVER_SUCCESS)
1135                                 {
1136                                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1137                                 }
1138                                 break;
1139                         }
1140                         retval = util_process_all_cookie(client_sockfd, c_list);
1141                         if(retval != SECURITY_SERVER_SUCCESS)
1142                         {
1143                                 SEC_SVR_DBG("ERROR: Cannot send all cookie info: %d", retval);
1144                         }
1145                         break;
1146
1147                 case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_PID_REQUEST:
1148                         SEC_SVR_DBG("%s", "cookie info from pid request received -- NEED TO BE DELETED ON RELEASE");
1149                         if(retval != SECURITY_SERVER_SUCCESS)
1150                         {
1151                                 SEC_SVR_DBG("%s", "Client Authentication Failed");
1152                                 retval = send_generic_response(client_sockfd,
1153                                                 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1154                                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1155                                 if(retval != SECURITY_SERVER_SUCCESS)
1156                                 {
1157                                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1158                                 }
1159                                 break;
1160                         }
1161                         util_process_cookie_from_pid(client_sockfd, c_list);
1162                         break;
1163
1164                 case SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_FROM_COOKIE_REQUEST:
1165                         SEC_SVR_DBG("%s", "cookie info from cookie request received -- NEED TO BE DELETED ON RELEASE");
1166                         if(retval != SECURITY_SERVER_SUCCESS)
1167                         {
1168                                 SEC_SVR_DBG("%s", "Client Authentication Failed");
1169                                 retval = send_generic_response(client_sockfd,
1170                                                 SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1171                                                 SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
1172                                 if(retval != SECURITY_SERVER_SUCCESS)
1173                                 {
1174                                         SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1175                                 }
1176                                 break;
1177                         }
1178                         util_process_cookie_from_cookie(client_sockfd, c_list);
1179                         break;
1180 /************************************************************************************************/
1181
1182
1183                 default:
1184                         SEC_SVR_DBG("Unknown msg ID :%d", basic_hdr.msg_id);
1185                         /* Unknown message ID */
1186                         retval = send_generic_response(client_sockfd,
1187                         SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE,
1188                         SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
1189                         if(retval != SECURITY_SERVER_SUCCESS)
1190                         {
1191                                 SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
1192                         }
1193                         break;
1194         }
1195
1196         if(client_sockfd > 0)
1197         {
1198                 safe_server_sock_close(client_sockfd);
1199                 client_sockfd = -1;
1200         }
1201
1202 error:
1203         if(client_sockfd > 0)
1204                 close(client_sockfd);
1205         thread_status[my_param->thread_status] = 0;
1206         pthread_detach(pthread_self());
1207         pthread_exit(NULL);
1208 }
1209
1210 void *security_server_main_thread(void *data)
1211 {
1212         int server_sockfd = 0, retval, client_sockfd = -1, args[2], rc;
1213         struct sigaction act, dummy;
1214         pthread_t threads[SECURITY_SERVER_NUM_THREADS];
1215         struct security_server_thread_param param[SECURITY_SERVER_NUM_THREADS];
1216
1217         SEC_SVR_DBG("%s", "Starting Security Server main thread");
1218
1219         /* security server must be executed by root */
1220         if(getuid() != 0)
1221         {
1222                 fprintf(stderr, "%s\n", "You are not root. exiting...");
1223                 goto error;
1224         }
1225
1226         for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++)
1227                 thread_status[retval] = 0;
1228         initiate_try();
1229
1230         /* Create and bind a Unix domain socket */
1231         retval = create_new_socket(&server_sockfd);
1232         if(retval != SECURITY_SERVER_SUCCESS)
1233         {
1234                 SEC_SVR_DBG("%s", "cannot create socket. exiting...");
1235                 goto error;
1236         }
1237
1238         if(listen(server_sockfd, 5) < 0)
1239         {
1240                 SEC_SVR_DBG("%s", "listen() failed. exiting...");
1241                 goto error;
1242         }
1243
1244         /* Create a default cookie --> Cookie for root process */
1245         c_list = create_default_cookie();
1246         if(c_list == NULL)
1247         {
1248                 SEC_SVR_DBG("%s", "cannot make a default cookie. exiting...");
1249                 goto error;
1250         }
1251
1252         /* Init signal handler */
1253         act.sa_handler = NULL;
1254         act.sa_sigaction = security_server_sig_child;
1255         sigemptyset(&act.sa_mask);
1256         act.sa_flags = SA_NOCLDSTOP | SA_SIGINFO;
1257
1258         if (sigaction(SIGCHLD, &act, &dummy) < 0)
1259         {
1260                 SEC_SVR_DBG("%s", "cannot change session");
1261         }
1262
1263         pthread_mutex_init(&cookie_mutex, NULL);
1264
1265         while(1)
1266         {
1267                 /* Accept a new client */
1268                 if(client_sockfd < 0)
1269                         client_sockfd = accept_client(server_sockfd);
1270
1271                 if(client_sockfd == SECURITY_SERVER_ERROR_TIMEOUT)
1272                         continue;
1273                 if(client_sockfd < 0)
1274                         goto error;
1275                 SEC_SVR_DBG("Server: new connection has been accepted: %d", client_sockfd);
1276                 retval = 0;
1277                 while(1)
1278                 {
1279                         if(thread_status[retval] == 0)
1280                         {
1281                                 thread_status[retval] = 1;
1282                                 param[retval].client_sockfd = client_sockfd;
1283                                 param[retval].server_sockfd = server_sockfd;
1284                                 param[retval].thread_status= retval;
1285                                 SEC_SVR_DBG("Server: Creating a new thread: %d", retval);
1286                                 rc =pthread_create(&threads[retval], NULL, security_server_thread, (void *)&param[retval]);
1287                                 if (rc)
1288                                 {
1289                                         SEC_SVR_DBG("Error: Server: Cannot create thread:%d", rc);
1290                                         goto error;
1291                                 }
1292                                 break;
1293                         }
1294                         retval++;
1295                         if(retval >= SECURITY_SERVER_NUM_THREADS)
1296                                 retval = 0;
1297                 }
1298                 client_sockfd = -1;
1299         }
1300 error:
1301         if(server_sockfd > 0)
1302                 close(server_sockfd);
1303
1304         pthread_detach(pthread_self());
1305         pthread_exit(NULL);
1306 }
1307
1308 int main(int argc, char* argv[])
1309 {
1310         int res;
1311         pthread_t main_thread;
1312
1313         res = pthread_create(&main_thread, NULL, security_server_main_thread, NULL);
1314         if (res == 0)
1315         {
1316                 while (1)
1317                         sleep(60);
1318         }
1319         else
1320         {
1321                 SEC_SVR_DBG("Error: Server: Cannot create main security server thread: %d", res);
1322         }
1323         pthread_exit(NULL);
1324         return 0;
1325 }
1326