Main Page | Modules | Data Structures | File List | Data Fields | Globals | Related Pages

lcas.c

Go to the documentation of this file.
00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*                                                                                                            
00009  * Copyright (c) 2001 EU DataGrid.                                                                             
00010  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00011  *
00012  * Copyright (c) 2001, 2002 by 
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00056 /*****************************************************************************
00057                             Include header files
00058 ******************************************************************************/
00059 #include "lcas_config.h"
00060 #include <stdio.h>
00061 #include <stdlib.h>
00062 #include <string.h>
00063 
00064 #if HAVE_MALLOC_H
00065 #    include <malloc.h>
00066 #endif
00067 
00068 /* Programming interface to dynamic linking loader */
00069 #if HAVE_DLFCN_H
00070 #    include <dlfcn.h>
00071 #endif
00072 
00073 #include <gssapi.h>
00074 
00075 /* LCAS includes */
00076 #include "lcas_types.h"
00077 #include "_lcas_utils.h"
00078 #include "_lcas_defines.h"
00079 #include "_lcas_log.h"
00080 #include "_lcas_db_read.h"
00081 
00082 
00083 /******************************************************************************
00084                              Define constants
00085 ******************************************************************************/
00086 
00087 #ifndef NUL
00088 #define NUL '\0' 
00089 #endif
00090 
00091 /* LCAS authorization module definitions */
00092 #define MAXAUTHMODS 3 
00093 #define MAXPROCS    3 
00095 /*
00096  * LCAS error codes
00097  */
00098 #define FAILED_LCAS_USERALLOW   1 
00100 #define FAILED_LCAS_USERBAN     2 
00102 #define FAILED_LCAS_CLOCKCHECK  3 
00104 #define FAILED_LCAS_OTHER       4 
00105 #define FAILED_LCAS_PLUGIN      5 
00108 #ifndef APIMAJORVERSION
00109 #    define APIMAJORVERSION -1
00110 #endif
00111 #ifndef APIMINORVERSION
00112 #    define APIMINORVERSION -1
00113 #endif
00114 #ifndef APIPATCHVERSION
00115 #    define APIPATCHVERSION -1
00116 #endif
00117 
00118 /******************************************************************************
00119                                Type definitions
00120 ******************************************************************************/
00126 enum lcas_proctype_e
00127 {
00128     INITPROC, 
00129     AUTHPROC, 
00130     TERMPROC, 
00131     ENDOFPROCS /*< this is the last enumeration value */
00132 };
00133 
00139 typedef int (*lcas_proc_t)();
00140 
00151 typedef struct lcas_plugindl_s
00152 {
00153     void *                    handle; 
00154     lcas_proc_t               procs[MAXPROCS]; 
00155     char                      pluginname[LCAS_MAXPATHLEN+1]; 
00156     char                      pluginargs[LCAS_MAXARGSTRING+1]; 
00157     int                       argc; 
00158     char *                    argv[LCAS_MAXARGS]; 
00159     struct lcas_plugindl_s *  next; 
00160 }
00161 lcas_plugindl_t;
00162 
00163 /******************************************************************************
00164                           Module specific prototypes
00165 ******************************************************************************/
00166 static lcas_plugindl_t * PluginInit(lcas_db_entry_t *, lcas_plugindl_t **);
00167 static lcas_proc_t       get_procsymbol(void *, char *);
00168 static int               print_lcas_plugin(int, lcas_plugindl_t *);
00169 static int               parse_args_plugin(const char *, const char *, char **, int *);
00170 static int               clean_plugin_list(lcas_plugindl_t **);
00171 
00172 /******************************************************************************
00173                        Define module specific variables
00174 ******************************************************************************/
00175 static lcas_cred_id_t    lcas_cred; 
00176 static int               lcas_initialized = 0; 
00177 static char *            lcas_db_file_default = NULL; 
00178 static char *            lcas_dir         = NULL; 
00179 static lcas_plugindl_t * plugin_list      = NULL; 
00180 static lcas_plugindl_t * authmod_list     = NULL; 
00181 static char *            authmods[MAXAUTHMODS][2] = {
00182                              {(char *) NULL, (char *) NULL},
00183                              {(char *) NULL, (char *) NULL},
00184                              {(char *) NULL, (char *) NULL}
00185 }; 
00186 /*
00187 static char *            authmods[MAXAUTHMODS][2] =
00188 {
00189                              "lcas_userallow.mod", "allowed_users.db",
00190                              "lcas_userban.mod",   "ban_users.db",
00191                              "lcas_timeslots.mod", "timeslots.db"
00192                          };
00193 */
00194 
00195 int getMajorVersionNumber() { return (int)(APIMAJORVERSION); }
00196 int getMinorVersionNumber() { return (int)(APIMINORVERSION); }
00197 int getPatchVersionNumber() { return (int)(APIPATCHVERSION); }
00198 
00199 /*
00200  * To be done: set up LCAS as a service and communicate with gatekeeper
00201  * in an established security context
00202  */
00203 
00204 /******************************************************************************
00205 Function:   lcas_init_and_logfile
00206 Description:
00207     Select logging type
00208     Setup logging by providing a file handle or file name, error handling (not yet).
00209     Read from LCAS database the plugins to be loaded.
00210     Initialize the plugins
00211 
00212 Parameters:
00213     logfile: name of logfile 
00214     fp: file handle for logging (from gatekeeper or other previously opened file handle)
00215         If the file handle is zero, assume that only syslogging is requested
00216     logtype: type of logging (usrlog and/or syslog)
00217 
00218 Returns:
00219     0: initialization succeeded
00220     1: initialization failed
00221 ******************************************************************************/
00222 int lcas_init_and_logfile(
00223         char * logfile,
00224         FILE* fp,
00225         unsigned short logtype
00226 )
00227 {
00228     lcas_db_entry_t **  lcas_db_handle=NULL;
00229     lcas_db_entry_t **  lcas_mod_handle=NULL;
00230     lcas_db_entry_t *   lcas_mod_db=NULL;
00231     lcas_db_entry_t     lcas_mod_entry;
00232     lcas_db_entry_t *   ihandle=NULL;
00233     lcas_plugindl_t *   plugin_entry=NULL;
00234     lcas_plugindl_t *   authmod_entry=NULL;
00235     char *              lcas_db_file=NULL;
00236     int                 ientry;
00237     int                 i;
00238 
00239     if (lcas_initialized)
00240     {
00241         if (lcas_log(0,"LCAS already initialized\n") != 0)
00242         {
00243             fprintf(stderr,"LCAS already initialized, but wrongly\n");
00244             goto fail_lcas_init_and_logfile;
00245         }
00246         return 0;
00247     }
00248 
00249     /* set logging file descriptor, for the moment the gatekeeper logfile */
00250     if (lcas_log_open(logfile,fp,logtype))
00251         goto fail_lcas_init_and_logfile;
00252     lcas_log_debug(0,"\n");
00253     lcas_log_time(LOG_DEBUG,"Initialization LCAS version %s\n",VERSION);
00254 
00255     /* get LCAS (database) home directory and set lcas_db_file */
00256     lcas_dir = getenv("LCAS_DIR");
00257     lcas_dir = (lcas_dir ? lcas_dir : getenv("LCAS_ETC_DIR") );
00258     lcas_dir = (lcas_dir ? lcas_dir : LCAS_ETC_HOME );
00259 
00260     lcas_db_file_default = getenv("LCAS_DB_FILE");
00261     lcas_db_file_default = (lcas_db_file_default ? lcas_db_file_default : "lcas.db" );
00262 
00263     lcas_db_file=lcas_genfilename(lcas_dir, lcas_db_file_default, NULL);
00264 
00265     /*
00266      * To be done: obtain the LCAS policy database which is stored within the
00267      * Configuration Management subsystem
00268      */
00269 
00270     /* put the STANDARD AUTHORIZATION MODULE info in lcas_db-like structure */
00271     lcas_mod_entry.next=NULL;
00272     lcas_mod_handle=&lcas_mod_db;
00273     for (i=0; i < MAXAUTHMODS; ++i)
00274     {
00275         if (authmods[i][0] == NULL) break; /* No standard, default authorization modules */
00276         *(lcas_mod_entry.pluginname)=NUL;
00277         *(lcas_mod_entry.pluginargs)=NUL;
00278         if (authmods[i][0] != NULL)
00279         {
00280             strncpy(lcas_mod_entry.pluginname,authmods[i][0],LCAS_MAXPATHLEN);
00281             (lcas_mod_entry.pluginname)[LCAS_MAXPATHLEN]=NUL;
00282         }
00283         if (authmods[i][1] != NULL)
00284         {
00285             strncpy(lcas_mod_entry.pluginargs,authmods[i][1],LCAS_MAXARGSTRING);
00286             (lcas_mod_entry.pluginargs)[LCAS_MAXARGSTRING]=NUL;
00287         }
00288         lcas_log_debug(1,"lcas.mod-lcas_init(): creating db structure for authorization module %s\n",
00289                  authmods[i][0]);
00290         if (lcas_db_fill_entry(lcas_mod_handle, &lcas_mod_entry) == NULL)
00291         {
00292             lcas_log(0,"lcas.mod-lcas_init() error: Cannot create standard authorization module (%d-%s) db structure\n",
00293                     i,authmods[i][0]);
00294             goto fail_lcas_init_and_logfile;
00295         }
00296     }
00297 
00298     /*
00299      * init the STANDARD AUTHORIZATION MODULES (PluginInit)
00300      * - open plugins and check the symbols plugin_init and confirm_authorization
00301      * - run plugin_init
00302      */
00303     ientry=0;
00304     ihandle=*lcas_mod_handle;
00305     while (ihandle)
00306     {
00307         if (strlen(ihandle->pluginname) > 0)
00308         {
00309             lcas_log_debug(1,"lcas.mod-lcas_init(): initializing standard module %s (db entry %d)\n",
00310                      ihandle->pluginname, ientry);
00311             if ((authmod_entry=PluginInit(ihandle,&authmod_list)) == NULL)
00312             {
00313                 lcas_log(0,"lcas.mod-lcas_init(): error initializing standard module : %s\n",
00314                          ihandle->pluginname);
00315                 goto fail_lcas_init_and_logfile;
00316             }
00317         }
00318         ientry++;
00319         ihandle=ihandle->next;
00320     }
00321 
00322     /* 
00323      * read PLUGIN AUTHORIZATION MODULE info from LCAS database and store
00324      * the info in a lcas_db structure
00325      */
00326     lcas_log_debug(0,"lcas.mod-lcas_init(): Reading LCAS database %s\n",
00327             lcas_db_file);
00328     lcas_db_handle=lcas_db_read(lcas_db_file);
00329     if (lcas_db_handle == NULL)
00330     {
00331         lcas_log(0,"lcas.mod-lcas_init(): Failed to read LCAS database %s\n",
00332                  lcas_db_file);
00333         goto fail_lcas_init_and_logfile;
00334     }
00335     /*
00336      * init the PLUGIN AUTHORIZATION MODULES (PluginInit)
00337      * - open plugins and check the symbols plugin_init and confirm_authorization
00338      * - run plugin_init
00339      */
00340     ientry=0;
00341     ihandle=*lcas_db_handle;
00342     while (ihandle)
00343     {
00344         if (strlen(ihandle->pluginname) > 0)
00345         {
00346             lcas_log_debug(1,"lcas.mod-lcas_init(): initializing plugin %s (db entry %d)\n",
00347                      ihandle->pluginname, ientry);
00348             if ((plugin_entry=PluginInit(ihandle,&plugin_list)) == NULL)
00349             {
00350                 lcas_log(0,"lcas.mod-lcas_init(): error initializing plugin: %s\n",ihandle->pluginname);
00351                 goto fail_lcas_init_and_logfile;
00352             }
00353             /* 
00354              * Check if plugin module is already registered as standard authorization module,
00355              * by comparing the complete path names of the plugin and modules
00356              */
00357             authmod_entry=authmod_list;
00358             while (authmod_entry)
00359             {
00360                 if ( (strncmp(authmod_entry->pluginname,
00361                               plugin_entry->pluginname,
00362                               LCAS_MAXPATHLEN) == 0)
00363                    )
00364                 {
00365                     lcas_log(0,"lcas.mod-lcas_init() error: plugin %s already registered as\n",
00366                              plugin_entry->pluginname);
00367                     lcas_log(0,"    standard authorization module\n");
00368                     goto fail_lcas_init_and_logfile;
00369                 }
00370                 authmod_entry=authmod_entry->next;
00371             }
00372             
00373         }
00374         ientry++;
00375         ihandle=ihandle->next;
00376     }
00377 
00378     authmod_entry=authmod_list;
00379     while (authmod_entry)
00380     {
00381         print_lcas_plugin(2,authmod_entry);
00382         lcas_log_debug(2,"\n");
00383         authmod_entry=authmod_entry->next;
00384     }
00385 
00386     plugin_entry=plugin_list;
00387     while (plugin_entry)
00388     {
00389         print_lcas_plugin(2,plugin_entry);
00390         lcas_log_debug(2,"\n");
00391         plugin_entry=plugin_entry->next;
00392     }
00393 
00394     /* clean STANDARD authorization module database structure */
00395     if(lcas_db_clean_list(&lcas_mod_db))
00396     {
00397         lcas_log(0,"lcas.mod-lcas_init() error: could not clean up authmod db structure\n");
00398         goto fail_lcas_init_and_logfile;
00399     }
00400     /* clean PLUGIN authorization module database structure */
00401     if (lcas_db_clean())
00402     {
00403         lcas_log(0,"lcas.mod-lcas_init() error: could not clean up plugin db structure\n");
00404         goto fail_lcas_init_and_logfile;
00405     }
00406 
00407     /* success */
00408     if (lcas_db_file) free(lcas_db_file);
00409     lcas_initialized++;
00410     return 0;
00411 
00412  fail_lcas_init_and_logfile:
00413     /* failure */
00414     lcas_db_clean_list(&lcas_mod_db);
00415     lcas_db_clean();
00416     if (clean_plugin_list(&plugin_list)!=0)
00417     {
00418         lcas_log(0,"lmas.mod-lcas_init() error: could not clean up plugin list\n");
00419     }
00420     if (lcas_db_file) free(lcas_db_file);
00421 
00422     return 1;
00423 }
00424 
00425 
00426 /******************************************************************************
00427 Function:   lcas_init_and_log
00428 Description:
00429     Select logging type
00430     Setup logging by providing a file handle, error handling (not yet).
00431     Read from LCAS database the plugins to be loaded.
00432     Initialize the plugins
00433 
00434 Parameters:
00435     fp: file handle for logging (from gatekeeper or other previously opened file handle)
00436         If the file handle is zero, assume that only syslogging is requested
00437     logtype: type of logging (usrlog and/or syslog)
00438 
00439 Returns:
00440     0: initialization succeeded
00441     1: initialization failed
00442 ******************************************************************************/
00443 int lcas_init_and_log(
00444         FILE* fp,
00445         unsigned short logtype
00446 )
00447 {
00448     return lcas_init_and_logfile(NULL, fp, logtype);
00449 }
00450 
00451 
00452 /******************************************************************************
00453 Function:   lcas_init
00454 Description:
00455     Initialize LCAS module: 
00456     setup logging, error handling
00457     read from LCAS database the plugins to be loaded
00458 
00459 Parameters:
00460     fp: file handle for logging (from gatekeeper)
00461 Returns:
00462     0: initialization succeeded
00463     1: initialization failed
00464 ******************************************************************************/
00465 int lcas_init(
00466         FILE* fp
00467 )
00468 {
00469     /* set logging file descriptor, for the moment the gatekeeper logfile */
00470     /* if fp == NULL --> syslogging, otherwise only DO_USRLOG */
00471     if (fp)
00472     {
00473         return lcas_init_and_log(fp,DO_USRLOG);
00474     }
00475     else
00476     {
00477         return lcas_init_and_log(NULL,DO_SYSLOG);
00478     }
00479 }
00480 
00481 
00482 /******************************************************************************
00483 Function:   PluginInit
00484 Description:
00485     Initialize the plugin
00486     - Create entry in (plugin)list
00487     - Open plugins and check the symbols plugin_init and confirm_authorization
00488     - run plugin_init
00489 
00490 Parameters:
00491     db_handle: handle to LCAS db (containing pluginname and pluginargs)
00492     list:      pointer to list to which (plugin) module has to be added
00493 Returns:
00494     pointer to plugin structure
00495     NULL: could not initialize plugin
00496 ******************************************************************************/
00515 static lcas_plugindl_t * PluginInit(
00516         lcas_db_entry_t * db_handle,
00517         lcas_plugindl_t ** list
00518 )
00519 {
00520     char *                 name;
00521 #if 0
00522     char *                 names[5]={NULL,NULL,NULL,NULL,NULL};
00523 #endif
00524     char *                 pname=NULL;
00525     char *                 args=NULL;
00526 #if 0
00527     char *                 db;
00528     char *                 dbs[5]={NULL,NULL,NULL,NULL,NULL};
00529     char *                 pdb=NULL;
00530 #endif
00531     void *                 plugin_handle;
00532     lcas_proc_t            plugin_procs[MAXPROCS];
00533     lcas_plugindl_t *      pplugin=NULL;
00534     int                    i;
00535     int                    retval;
00536 
00537     name = db_handle->pluginname;
00538 #if 0
00539     db = db_handle->pluginargs;
00540 #endif
00541     args = db_handle->pluginargs;
00542 
00543     /* Find plugin module */
00544 #if 0
00545     names[0]=lcas_genfilename(NULL,name,NULL);
00546     names[1]=lcas_genfilename("modules",name,NULL);
00547     names[2]=lcas_genfilename(LCAS_MOD_HOME,name,NULL);
00548     names[3]=lcas_genfilename(LCAS_LIB_HOME,name,NULL);
00549     names[4]=lcas_genfilename(LCAS_ETC_HOME,name,NULL);
00550     pname=lcas_getfexist(5,names[0],
00551                       names[1],names[2],
00552                       names[3],names[4]
00553           );
00554 #endif
00555     pname = lcas_findfile(name);
00556     if (pname == NULL)
00557     {
00558         lcas_log(0,
00559             "lcas.mod-PluginInit(): plugin %s not found\n",
00560             name
00561         );
00562         goto fail_PluginInit;
00563     }
00564 
00565 #if 0
00566     /* Find database */
00567     if (strlen(db) > 0)
00568     {
00569         dbs[0]=lcas_genfilename(NULL,db,NULL);
00570         dbs[1]=lcas_genfilename("modules",db,NULL);
00571         dbs[2]=lcas_genfilename(LCAS_ETC_HOME,db,NULL);
00572         dbs[3]=lcas_genfilename(LCAS_MOD_HOME,db,NULL);
00573         dbs[4]=lcas_genfilename(LCAS_LIB_HOME,db,NULL);
00574         pdb=lcas_getfexist(5,dbs[0],
00575                         dbs[1],dbs[2],
00576                         dbs[3],dbs[4]
00577             );
00578     }
00579 #endif
00580 
00581     /* Try a dlopen() */
00582     plugin_handle=dlopen(pname,RTLD_NOW);
00583 //    plugin_handle=dlopen(pname,RTLD_NOW|RTLD_GLOBAL);
00584     if (!plugin_handle)
00585     {
00586         lcas_log(0,"lcas.mod-PluginInit(): dlopen error for %s:\n    %s\n",
00587             pname,dlerror()
00588         );
00589         goto fail_PluginInit;
00590     }
00591 
00592     /* Check symbols */
00593     for (i=0; i < MAXPROCS; ++i)
00594     {
00595         switch (i)
00596         {
00597             case INITPROC:
00598                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_initialize");
00599                 if (plugin_procs[i] == NULL)
00600                 {
00601                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00602                         name);
00603                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_initialize()\"\n");
00604                     goto fail_PluginInit;
00605                 }
00606                 else
00607                 {
00608                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_initialize()\"\n");
00609                 }
00610                 break;
00611             case AUTHPROC:
00612                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_confirm_authorization");
00613                 if (plugin_procs[i] == NULL)
00614                 {
00615                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00616                         name);
00617                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_confirm_authorization()\"\n");
00618                     goto fail_PluginInit;
00619                 }
00620                 else
00621                 {
00622                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_confirm_authorization()\"\n");
00623                 }
00624                 break;
00625             case TERMPROC:
00626                 plugin_procs[i]=get_procsymbol(plugin_handle,"plugin_terminate");
00627                 if (plugin_procs[i] == NULL)
00628                 {
00629                     lcas_log(0,"lcas.mod-PluginInit(): plugin %s not compliant\n",
00630                         name);
00631                     lcas_log(0,"lcas.mod-PluginInit(): missing function \"plugin_terminate()\"\n");
00632                     goto fail_PluginInit;
00633                 }
00634                 else
00635                 {
00636                     lcas_log_debug(2,"lcas.mod-PluginInit(): found \"plugin_terminate()\"\n");
00637                 }
00638                 break;
00639             default:
00640                 /* do nothing */
00641                 plugin_procs[i]=NULL;
00642                 break;
00643         }
00644     }
00645     /* Make a new entry at end of plugin list */
00646     if (!*list)
00647     {
00648         lcas_log_debug(2,"lcas.mod-PluginInit(): creating first pluginlist entry\n");
00649         *list=pplugin=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00650     }
00651     else
00652     {
00653         lcas_log_debug(2,"lcas.mod-PluginInit(): creating new pluginlist entry\n");
00654         pplugin=*list;
00655         while (pplugin->next) pplugin=pplugin->next;
00656         pplugin=pplugin->next=(lcas_plugindl_t *)malloc(sizeof(lcas_plugindl_t));
00657     }
00658     if (!pplugin)
00659     {
00660         lcas_log(0,"lcas.mod-PluginInit(): error creating new pluginlist entry\n");
00661         goto fail_PluginInit;
00662     }
00663     /* Set plugin list elements */
00664     pplugin->next=NULL;
00665     pplugin->handle=plugin_handle;
00666     for (i=0; i < MAXPROCS; ++i)
00667         pplugin->procs[i]=plugin_procs[i];
00668     if (pname != NULL)
00669     {
00670         strncpy(pplugin->pluginname,pname,LCAS_MAXPATHLEN);
00671         (pplugin->pluginname)[LCAS_MAXPATHLEN]=NUL;
00672     }
00673     else
00674         strncpy(pplugin->pluginname,"",LCAS_MAXPATHLEN);
00675 
00676     if (args != NULL)
00677     {
00678         strncpy(pplugin->pluginargs,args,LCAS_MAXARGSTRING);
00679         (pplugin->pluginargs)[LCAS_MAXARGSTRING]=NUL;
00680     }
00681     else
00682         strncpy(pplugin->pluginargs,"",LCAS_MAXARGSTRING);
00683 
00684     /* Parse options */
00685     if (parse_args_plugin(pname,args,pplugin->argv,&(pplugin->argc)) )
00686     {
00687         lcas_log(0,"lcas.mod-PluginInit(): Could not parse arguments for plugin module %s\n",
00688         pname);
00689         goto fail_PluginInit;
00690     }
00691     for (i=0; i < pplugin->argc; ++i)
00692         lcas_log_debug(4,"%s arg %d = %s\n",pname,i,(pplugin->argv)[i]);
00693 
00694 
00695     /* Run plugin_initialize() */
00696 #if 0
00697     retval=(*(pplugin->procs[INITPROC]))(pplugin->pluginargs);
00698 #endif
00699     retval=(*(pplugin->procs[INITPROC]))(pplugin->argc,pplugin->argv);
00700     if (retval != LCAS_MOD_SUCCESS )
00701     {
00702         lcas_log(0,"lcas.mod-PluginInit(): \"plugin_initialize()\" failed\n");
00703         goto fail_PluginInit;
00704     }
00705     else
00706     {
00707         lcas_log_debug(2,"lcas.mod-PluginInit(): \"plugin_initialize()\" succeeded\n");
00708     }
00709 
00710 
00711     /* free stuff */
00712     if (pname) { free(pname); pname=NULL; }
00713 #if 0
00714     for (i=0; i < 5; ++i)
00715     {
00716         if (names[i]) free(names[i]);
00717         if (dbs[i]) free(dbs[i]);
00718     }
00719 #endif
00720 
00721     return pplugin;
00722 
00723  fail_PluginInit:
00724     if (pname) { free(pname); pname=NULL; }
00725 #if 0
00726     for (i=0; i < 5; ++i)
00727     {
00728         if (names[i]) free(names[i]);
00729         if (dbs[i]) free(dbs[i]);
00730     }
00731 #endif
00732     return NULL;
00733 }
00734 
00735 /******************************************************************************
00736 Function:   parse_args_plugin()
00737 Description:
00738     Parse the argument string of the plugin and create xargv and xargc
00739 
00740 Parameters:
00741     name: name of the plugin (goes into argv[0])
00742     argstring: string containing the arguments
00743     xargv: array of argument strings (has to be freed later)
00744     xargc: number of arguments
00745 Returns:
00746     0 on succes
00747     1 on failure
00748 ******************************************************************************/
00767 static int parse_args_plugin(
00768         const char * name,
00769         const char * argstring,
00770         char ** xargv,
00771         int * xargc
00772 )
00773 {
00774     int len=0;
00775     int i;
00776     int rc;
00777 
00778     /* set modulename */
00779     len=strlen(name);
00780     if ( (len > 0) && (len < LCAS_MAXPATHLEN) )
00781     {
00782         xargv[0]=(char *)malloc(len+1);
00783         if (xargv[0] != NULL)
00784             strncpy(xargv[0],name,len+1);
00785         else
00786             return 1;
00787     }
00788 
00789     *xargc=LCAS_MAXARGS-1;
00790     if ( (rc=lcas_tokenize(argstring, &xargv[1], xargc, " \t\n")) )
00791     {
00792         lcas_log(0,"lcas.mod-parse_args_plugin(): something wrong parsing arguments of %s, rc=%d\n",
00793                  name, rc);
00794         (*xargc)++;
00795         return 1;
00796     }
00797     (*xargc)++; /* increase by one for xargv[0] */
00798     lcas_log_debug(3,"lcas.mod-parse_args_plugin(): Found %d arguments:\n", *xargc);
00799     for (i=0; i < *xargc; i++)
00800         lcas_log_debug(3,"lcas.mod-parse_args_plugin(): %d --> %s\n", i, xargv[i]);
00801 
00802     return 0;
00803 }
00804 
00805 /******************************************************************************
00806 Function:   get_procsymbol
00807 Description:
00808     get procedure symbol from dlopen-ed library
00809 
00810 Parameters:
00811     handle:  handle of dynamic library
00812     symname: name of procedure symbol
00813 Returns:
00814     handle to procedure symbol
00815     NULL: Could not get symbol
00816 ******************************************************************************/
00828 static lcas_proc_t get_procsymbol(
00829         void * handle,
00830         char * symname
00831 )
00832 {
00833     lcas_proc_t symhandle;
00834     char *error;
00835 
00836     symhandle=dlsym(handle,symname);
00837     if ((error = dlerror()) != NULL)
00838     {
00839         lcas_log(0,"lcas.mod-get_procsymbol(): dlsym error: %s",error);
00840         return NULL;
00841     }
00842     return symhandle;
00843 }
00844 
00845 /******************************************************************************
00846 Function:   clean_plugin_list
00847 Description:
00848     clean (free) the list of plugins and call the plugin termination functions
00849 
00850 Parameters:
00851     list:      pointer to list of plugins which has to be freeed.
00852 
00853 Returns:
00854     1: succes
00855     0: failure
00856 ******************************************************************************/
00868 static int clean_plugin_list(
00869         lcas_plugindl_t ** list
00870 )
00871 {
00872     int                           rc;
00873     lcas_plugindl_t *             plugin_entry=NULL;
00874 
00875     plugin_entry=*list;
00876     while (plugin_entry)
00877     {
00878         lcas_plugindl_t * plugin_next;
00879         int               i;
00880 
00881         rc = plugin_entry->procs[TERMPROC]();
00882         if (rc != LCAS_MOD_SUCCESS)
00883         {
00884             lcas_log(0,"lcas.mod-clean_plugin_list(): failed to terminate plugin module %s\n",
00885                     plugin_entry->pluginname);
00886         }
00887         lcas_log_debug(1, "lcas.mod-clean_plugin_list(): plugin module %s terminated\n",
00888                 plugin_entry->pluginname);
00889         dlclose(plugin_entry->handle);
00890 
00891         plugin_next=plugin_entry->next;
00892         for (i=0; i < plugin_entry->argc; i++)
00893         {
00894             if ((plugin_entry->argv)[i] != NULL)
00895             {
00896                 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
00897                 free((plugin_entry->argv)[i]);
00898             }
00899         }
00900         free(plugin_entry);
00901         plugin_entry=plugin_next;
00902     }
00903     *list=plugin_entry=NULL;
00904     return 0;
00905 }
00906 
00907 /******************************************************************************
00908 Function:   print_lcas_plugin
00909 Description:
00910     print the lcas_plugindl_t structure
00911 
00912 Parameters:
00913     debug_lvl: debugging level
00914     plugin:    plugin structure
00915 Returns:
00916     1: succes
00917     0: failure
00918 ******************************************************************************/
00931 static int print_lcas_plugin(
00932         int debug_lvl,
00933         lcas_plugindl_t * plugin
00934 )
00935 {
00936     int i=0;
00937 
00938     lcas_log_debug(debug_lvl,"\tplugin name                   : %s\n",plugin->pluginname);
00939     lcas_log_debug(debug_lvl,"\tplugin arguments              : %s\n",plugin->pluginargs);
00940     lcas_log_debug(debug_lvl,"\tplugin address                : %x\n",plugin);
00941     lcas_log_debug(debug_lvl,"\tplugin size                   : %d\n",sizeof(lcas_plugindl_t));
00942     lcas_log_debug(debug_lvl,"\tplugin handle                 : %x\n",plugin->handle);
00943     lcas_log_debug(debug_lvl,"\tplugin_initialize()           : %x\n",plugin->procs[INITPROC]);
00944     lcas_log_debug(debug_lvl,"\tplugin_confirm_authorization(): %x\n",plugin->procs[AUTHPROC]);
00945     lcas_log_debug(debug_lvl,"\tplugin_terminate()            : %x\n",plugin->procs[TERMPROC]);
00946     lcas_log_debug(debug_lvl,"\tplugin argc                   : %d\n",plugin->argc);
00947     for (i=0; i < plugin->argc; i++)
00948         lcas_log_debug(debug_lvl,"\tplugin argv[%2d]               : %s\n",i,(plugin->argv)[i]);
00949     lcas_log_debug(debug_lvl,"\tplugin next                   : %x\n",plugin->next);
00950     if (plugin->next != NULL)
00951         lcas_log_debug(debug_lvl,"\tplugin_next                   : %s\n",(plugin->next)->pluginname);
00952     else
00953         lcas_log_debug(debug_lvl,"\tplugin_next                   : last plugin in list\n");
00954 
00955     return 1;
00956 }
00957 
00958 /******************************************************************************
00959 Function:   lcas_get_fabric_authorization
00960 Description:
00961     Call LCAS in order to get authorization on the local fabric
00962 
00963 Parameters:
00964     request: JDL
00965     user_cred : user globus credential handle
00966 Returns:
00967     0: authorization succeeded
00968     1: authorization failed
00969 ******************************************************************************/
00970 #if ALLOW_EMPTY_CREDENTIALS
00971 int lcas_get_fabric_authorization(
00972         char * user_dn_tmp,
00973         gss_cred_id_t user_cred,
00974         lcas_request_t request
00975 )
00976 #else
00977 int lcas_get_fabric_authorization(
00978         gss_cred_id_t user_cred,
00979         lcas_request_t request
00980 )
00981 #endif
00982 {
00983     char *                        user_dn = NULL;
00984     int                           rc;
00985     int                           retval;
00986     int                           lcas_authorized=0;
00987 
00988     lcas_plugindl_t *             plugin_entry;
00989     lcas_plugindl_t *             authmod_entry;
00990 
00991 
00992     /* Default authorization = no authorization */
00993     lcas_authorized=0;
00994 
00995     if (lcas_initialized == 0)
00996     {
00997         fprintf(stderr,"LCAS has to be initialized first !\n");
00998         retval = FAILED_LCAS_OTHER;
00999         goto fail_lcas_get_fabric_authorization;
01000     }
01001     lcas_log_debug(0,"\n");
01002     lcas_log_time(LOG_NOTICE,"LCAS authorization request\n");
01003 
01004     /*
01005      * Create lcas credential (checks if dn can be extracted)
01006      */
01007     if ( lcas_fill_cred(user_dn_tmp, user_cred, &lcas_cred) != 0)
01008     {
01009         lcas_log(0,"lcas.mod-lcas_get_fabric_authorization() error: could not create lcas credential, something wrong\n");
01010         lcas_log(0,"                                              : with user DN and user credential\n");
01011         retval = FAILED_LCAS_OTHER;
01012         goto fail_lcas_get_fabric_authorization;
01013     }
01014     user_dn = lcas_get_dn(lcas_cred);
01015     if (user_dn == NULL)
01016     {
01017         lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
01018         retval = FAILED_LCAS_OTHER;
01019         goto fail_lcas_get_fabric_authorization;
01020     }
01021 
01022     lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): user is %s\n", user_dn);
01023 
01024     /*
01025      *             - Call the STANDARD authorization modules
01026      */
01027     authmod_entry=authmod_list;
01028     while (authmod_entry)
01029     {
01030         rc = authmod_entry->procs[AUTHPROC](request, lcas_cred);
01031         if (rc != LCAS_MOD_SUCCESS)
01032         {
01033             lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for standard module %s\n",
01034                     authmod_entry->pluginname);
01035             retval = FAILED_LCAS_PLUGIN;
01036             goto fail_lcas_get_fabric_authorization;
01037         }
01038         lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by standard module %s\n",
01039                 authmod_entry->pluginname);
01040         lcas_authorized++;
01041 
01042         authmod_entry=authmod_entry->next;
01043     }
01044 
01045     /*
01046      *             - Call the PLUGIN authorization modules
01047      */
01048     plugin_entry=plugin_list;
01049     while (plugin_entry)
01050     {
01051         rc = plugin_entry->procs[AUTHPROC](request, lcas_cred);
01052         if (rc != LCAS_MOD_SUCCESS)
01053         {
01054             lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): authorization failed for plugin %s\n",
01055                     plugin_entry->pluginname);
01056             retval = FAILED_LCAS_PLUGIN;
01057             goto fail_lcas_get_fabric_authorization;
01058         }
01059         lcas_log_debug(0, "lcas.mod-lcas_get_fabric_authorization(): authorization granted by plugin %s\n",
01060                 plugin_entry->pluginname);
01061         lcas_authorized++;
01062 
01063         plugin_entry=plugin_entry->next;
01064     }
01065 
01066     /*
01067      * To be done: 
01068      *             if the user is authorized call FLIDS component and return
01069      *             the (temporary) certificate.
01070      */
01071 
01072     /*
01073      * Check if lcas_authorized > 0
01074      */
01075     if ( !(lcas_authorized > 0) )
01076     {
01077         lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): No authorization modules were called (check lcas db file)\n");
01078         retval = FAILED_LCAS_OTHER;
01079         goto fail_lcas_get_fabric_authorization;
01080     }
01081     else
01082         lcas_log_debug(2,"lcas.mod-lcas_get_fabric_authorization(): %d modules authorized you\n",lcas_authorized);
01083 
01084     /* success */
01085     lcas_release_cred(&lcas_cred);
01086     lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): succeeded\n");
01087     return 0;
01088 
01089  fail_lcas_get_fabric_authorization:
01090     /* failure */
01091     lcas_release_cred(&lcas_cred);
01092     lcas_log_debug(0,"lcas.mod-lcas_get_fabric_authorization(): failed\n");
01093     return retval;
01094 }
01095 
01096 /******************************************************************************
01097 Function:   lcas_term
01098 Description:
01099     Terminate LCAS module: 
01100 
01101 Parameters:
01102 Returns:
01103     0: termination succeeded
01104     1: termination failed
01105 ******************************************************************************/
01106 int lcas_term()
01107 {
01108     int                           rc;
01109     lcas_plugindl_t *             plugin_entry;
01110     lcas_plugindl_t *             authmod_entry;
01111 
01112     lcas_log_debug(0,"\n");
01113     lcas_log_time(LOG_DEBUG,"Termination LCAS\n");
01114     /*
01115      *             - Terminate the STANDARD authorization modules
01116      *               and clean up the authmod structure
01117      */
01118     authmod_entry=authmod_list;
01119     while (authmod_entry)
01120     {
01121         lcas_plugindl_t * authmod_next;
01122         int               i;
01123 
01124         rc = authmod_entry->procs[TERMPROC]();
01125         if (rc != LCAS_MOD_SUCCESS)
01126         {
01127             lcas_log(0,"lcas.mod-lcas_term(): failed to terminate standard module %s\n",
01128                     authmod_entry->pluginname);
01129             return 1;
01130         }
01131         lcas_log_debug(1, "lcas.mod-lcas_term(): standard module %s terminated\n",
01132                 authmod_entry->pluginname);
01133 
01134         authmod_next=authmod_entry->next;
01135         for (i=0; i < authmod_entry->argc; i++)
01136         {
01137             if ((authmod_entry->argv)[i] != NULL)
01138             {
01139                 lcas_log_debug(3,"Freeing %d - %s\n",i,(authmod_entry->argv)[i]);
01140                 free((authmod_entry->argv)[i]);
01141             }
01142         }
01143         free(authmod_entry);
01144         authmod_entry=authmod_next;
01145     }
01146     authmod_list=authmod_entry=NULL;
01147 
01148     /*
01149      *             - Terminate the PLUGIN authorization modules
01150      *               and clean up the plugin structure
01151      */
01152     plugin_entry=plugin_list;
01153     while (plugin_entry)
01154     {
01155         lcas_plugindl_t * plugin_next;
01156         int               i;
01157 
01158         rc = plugin_entry->procs[TERMPROC]();
01159         if (rc != LCAS_MOD_SUCCESS)
01160         {
01161             lcas_log(0,"lcas.mod-lcas_term(): failed to terminate plugin module %s\n",
01162                     plugin_entry->pluginname);
01163             return 1;
01164         }
01165         lcas_log_debug(1, "lcas.mod-lcas_term(): plugin module %s terminated\n",
01166                 plugin_entry->pluginname);
01167 
01168         plugin_next=plugin_entry->next;
01169         for (i=0; i < plugin_entry->argc; i++)
01170         {
01171             if ((plugin_entry->argv)[i] != NULL)
01172             {
01173                 lcas_log_debug(3,"Freeing %d - %s\n",i,(plugin_entry->argv)[i]);
01174                 free((plugin_entry->argv)[i]);
01175             }
01176         }
01177         free(plugin_entry);
01178         plugin_entry=plugin_next;
01179     }
01180     plugin_list=plugin_entry=NULL;
01181 
01182     /* close logging (safe if logfile is not owned by LCAS) */
01183     if (lcas_log_close() != 0)
01184         return 1;
01185 
01186     lcas_initialized=0;
01187     return 0;
01188 }
01189 
01190 /******************************************************************************
01191 CVS Information:
01192     $Source: /cvs/jra1mw/org.glite.security.lcas/src/lcas.c,v $
01193     $Date: 2005/04/04 15:23:57 $
01194     $Revision: 2.18 $
01195     $Author: msteenba $
01196 ******************************************************************************/
Generated on Fri May 27 18:10:48 2005 for lcas by doxygen 1.3.5