Hello All,
I think I am too close to my problem.
We are trying to implement security using the following configuration:
UBBConfig:
====================================
*Resources
...
SECURITY ACL (or MANDATORY_ACL or USER_AUTH)
AUTHSVC "..AUTHSVC" ("AUTHSVC" for USER_AUTH)
...
*Groups
"AUTHGRP" LMID="simple" GRPNO=1
...
*Servers
"AUTHSVR" SRVGRP="AUTHGRP" SRVID=1 CLOPT="-A"
simpsrv ...
...
====================================
tmloadcf UBBConfig
asks for application password:
I set it = app1234
I add a group: tpgrpadd -g 10 TPGRP1
I add a user: tpusradd -g 10 -c TPCLI1 TPUSR1
assign password: usr1234
Then tmboot -y
In simpcl.c I do the following before making a tpcall to TOUPPER in simpsrv:
strcpy(userID, argv[2]);
strcpy(appPassword, argv[3]);
strcpy(clientID, argv[4]);
/* Attach to System/T as a Client Process */
int sizeOfTPINIT = sizeof (TPINIT);
TPINIT *pTPINIT = (TPINIT*) tpalloc("TPINIT", NULL, sizeOfTPINIT);
strcpy(pTPINIT->usrname, userID);
strcpy(pTPINIT->passwd, appPassword);
strcpy(pTPINIT->cltname, clientID);
int retVal = tpinit(pTPINIT);
if (retVal == -1)
return ERROR;
else
go ahead and do tpcall to TOUPPER
on executing the client like the following I get authentication failure.
Cannot find any solution. Is there something I am missing?
$ ./simpcl hello TPUSR1 app1234 TPCLI1
234321.voyager!AUTHSVR.3191.2183915264.0: CMDTUX_CAT:4130: INFO: Authentication failed for user TPUSR1/TPCLI1
234321.voyager!?proc.3818.1365624576.0: 03-26-2012: tuxedo Version 11.1.1.2.0, 64-bit
234321.voyager!?proc.3818.1365624576.0: LIBTUX_CAT:6311: ERROR: tpcall(authsvc) failed in init_sec_context, TPESVCFAIL - application level service failure
234321.voyager!?proc.3818.1365624576.0: LIBTUX_CAT:6247: ERROR: Unable to establish security context. Error code 70, minor_status 4294967289
234321.voyager!?proc.3818.1365624576.0: LIBTUX_CAT:6234: ERROR: Authentication fails with error code 70
Tpinit failed: TPEPERM - bad permissions
Thanks and Regards,
Mrugendra
P.S.
The above trial was on Linux (Debian 64bit).
I have tried it on TUXEDO10gR3 (32bit) on Solaris as well with the same result
Edited by: user1912100 on Mar 26, 2012 11:56 PM中间件技术社区-Tuxedo论坛
Hi Mrugendra,
If you are using user authentication, then you need to pass in the user's password in the data field of the TPINIT structure and the length of the password in the datalen field.
Regards,
Todd Little
Oracle Tuxedo Chief Architect
Hello Todd.
Appreciate your quick reply.
I read the documentation and thought that it was so.
However since the TPINIT->data is a long, so I tried putting the password as before calling tpinit():
char userPassword[] = "usr1234";
pTPINIT->datalen = strlen(userPassword);
pTPINIT->data = (long)userPassword;
This is the correct way of passing the password?
Since this also did not work.
I still get the same set of errors.
Thank you again.
Sincere Regards,
Mrugendra
The tpinit->data is a pointer. The following example has worked for me in the past.
tpbuf = (TPINIT *)tpalloc("TPINIT", "", TPINITNEED(100));
if (tpbuf == NULL) {
ERROR("tpalloc of TPINIT buffer failed");
}
memset((char *)tpbuf, 0, sizeof(TPINIT));
strncpy(tpbuf->usrname, usrname, sizeof(tpbuf->usrname));
tpbuf->usrname[sizeof(tpbuf->usrname)-1] = '\0';
strncpy(tpbuf->cltname, aclgroup, sizeof(tpbuf->cltname));
tpbuf->cltname[sizeof(tpbuf->cltname)-1] = '\0';
strncpy(tpbuf->passwd, apppw, sizeof(tpbuf->passwd));
tpbuf->passwd[sizeof(tpbuf->passwd)-1] = '\0';
strncpy(&(tpbuf->data), usrpw, 99);
tpbuf->datalen = strlen(usrpw)+1;
if (tpinit(tpbuf) == -1) {
ERROR("tpinit failed");
}
Wonderful!
Thank you so much both of your comments helped me a lot.
It worked, populated the TPINIT as per user734005!
I am 1 step closer to our solution now.
It worked seamlessly with SECURITY = USER_AUTH
However when I set SECUTITY=MANDATORY_ACL I am getting on tpcall to TOUPPER:
simpserv.2420.1.0: LIBTUX_CAT:6309: WARN: Access control violation - unknown user on simple tried to access SERVICE TOUPPER
This is even after adding ACL using the following and rebooting
tpacladd -g 10 -t SERVICE TOUPPER
the tp* files in APPDIR are:
tpgrp:
TPGRP1::10:
tpusr:
TPUSR1:ZGlzkY.TWSU0M:1:10:TPCLTNM,TPCLI1::
tpacl
#0000000003
TOUPPER:SERVICE:10:
What else am I missing? I thought adding the ACL should have been good enough.
While I am searching for a solution, if you have some suggestions - the are very welcome!
Thank you Again,
Sincere Regards,
Mrugendra
Cleaned up the current TUXCONFIG, tp* from APPDIR.
Recompiled the ubbconfig ensuring SECURITY was MANDATORY_ACL
Added group, user and acls.
It worked correctly. Probably I had some stale tuxconfig in my environment.
Thank you all for all who helped.
Appreciate it.
Sincere Regards,
Mrugendra
--转自