lcas: lcas_userban.c Source File

00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*                                                                                                            
00009  * Copyright (c) 2001 EU DataGrid.                                                                             
00010  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00011  *
00012  * Copyright (c) 2001, 2002 by 
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00063 /******************************************************************************
00064 
00065 lcas_userban.c
00066 
00067 Description:
00068     LCAS module that makes authorization decisions based
00069     on a ban list
00070     Currently it reads a plain file that contains the
00071     DN's of the banned users
00072 
00073 CVS Information:
00074     $Source: /cvs/jra1mw/org.glite.security.lcas-plugins-basic/src/userban/lcas_userban.c,v $
00075     $Date: 2005/02/28 11:45:52 $
00076     $Revision: 1.3 $
00077     $Author: msteenba $
00078 
00079 ******************************************************************************/
00080 
00081 /*****************************************************************************
00082                             Include header files
00083 ******************************************************************************/
00084 #include "lcas_config.h"
00085 #include <stdio.h>
00086 #include <stdlib.h>
00087 #include <string.h>
00088 
00089 #if HAVE_MALLOC_H
00090 #include <malloc.h>
00091 #endif
00092 
00093 #include "lcas_modules.h"
00094 #include "lcas_gridlist.h"
00095 
00096 /******************************************************************************
00097                        Define module specific variables
00098 ******************************************************************************/
00099 static char *                 modname="lcas_userban.mod";
00100 static char *                 userban_db = NULL;
00101 
00102 
00103 /******************************************************************************
00104 Function:   plugin_initialize
00105 Description:
00106     Initialize plugin
00107 Parameters:
00108     argc, argv
00109     argv[1]: database to be used by plugin
00110 Returns:
00111     LCAS_MOD_SUCCESS : succes
00112     LCAS_MOD_FAIL    : failure
00113     LCAS_MOD_NOFILE  : db file not found
00114 ******************************************************************************/
00115 #if 0
00116 int plugin_initialize(char * plugin_db)
00117 #endif
00118 int plugin_initialize(int argc, char ** argv)
00119 {
00120     int i;
00121 
00122     lcas_log_debug(2,"%s-plugin_initialize(): passed arguments:\n",modname);
00123     for (i=0; i < argc; i++)
00124     {
00125         lcas_log_debug(2,"%s-plugin_initialize(): arg %d is %s\n",
00126              modname,i,argv[i]);
00127     }
00128 
00129     if (argc > 1)
00130         userban_db = lcas_findfile(argv[1]);
00131 
00132     /* Test if userban_db can be opened */
00133     if (userban_db == NULL)
00134     {
00135         lcas_log(0,"\t%s-plugin_initialize() error: banned user file required !\n",
00136                    modname);
00137         return LCAS_MOD_NOFILE;
00138     }
00139     if (lcas_getfexist(1,userban_db) == NULL)
00140     {
00141         lcas_log(0,
00142                  "\t%s-plugin_initialize() error: Cannot find banned user file: %s\n",
00143                  modname,userban_db
00144         );
00145         return LCAS_MOD_NOFILE;
00146     }
00147     return LCAS_MOD_SUCCESS;
00148 }
00149 
00150 /******************************************************************************
00151 Function:   plugin_confirm_authorization
00152 Description:
00153     Ask for authorization by passing RSL and user credential
00154 Parameters:
00155     request:   RSL request
00156     user_cred: user credential
00157 Returns:
00158     LCAS_MOD_SUCCESS: authorization succeeded
00159     LCAS_MOD_FAIL   : authorization failed
00160     LCAS_MOD_NOFILE : db file not found
00161 ******************************************************************************/
00162 int
00163 plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred)
00164 {
00165     int                           rc;
00166     char *                        dummy = NULL;
00167     char *                        user_dn = NULL;
00168 
00169     /*
00170      * check credential and get the globus name
00171      */
00172     if ( (user_dn = lcas_get_dn(lcas_cred)) == NULL)
00173     {
00174         lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00175         goto lcas_userban_noauth;
00176     }
00177 
00178     /* Do the check */
00179     lcas_log_debug(0,"\t%s-plugin_confirm_authorization(): checking banned users in %s\n",
00180              modname,userban_db);
00181 
00182     rc = lcas_gridlist(user_dn, &dummy, userban_db, MATCH_ONLY_DN, NULL, NULL);
00183 
00184     if ( rc == LCAS_MOD_ENTRY )
00185     {
00186         /* Entry found for user_dn, so the user is banned */
00187         lcas_log_debug(0,"\t%s-plugin_confirm_authorization(): entry found for %s\n",
00188                  modname,user_dn);
00189         goto lcas_userban_noauth;
00190     }
00191     else if ( rc == LCAS_MOD_NOFILE )
00192     {
00193         /* file not found */
00194         lcas_log(0,
00195             "\t%s-plugin_confirm_authorization() error: Cannot find banned user file: %s\n",
00196             modname,userban_db);
00197         goto lcas_userban_nofile;
00198     }
00199 
00200  lcas_userban_auth:
00201     /* authorization = no entry found for user_dn */
00202     if (dummy != NULL) free(dummy);
00203     return LCAS_MOD_SUCCESS;
00204 
00205  lcas_userban_noauth:
00206     /* no authorization = entry found for user_dn */
00207     if (dummy != NULL) free(dummy);
00208     return LCAS_MOD_FAIL;
00209 
00210  lcas_userban_nofile:
00211     /* file not found */
00212     if (dummy != NULL) free(dummy);
00213     return LCAS_MOD_NOFILE;
00214 }
00215 
00216 /******************************************************************************
00217 Function:   plugin_terminate
00218 Description:
00219     Terminate plugin
00220 Parameters:
00221 
00222 Returns:
00223     LCAS_MOD_SUCCESS : succes
00224     LCAS_MOD_FAIL    : failure
00225 ******************************************************************************/
00226 int plugin_terminate()
00227 {
00228     lcas_log_debug(1,"%s-plugin_terminate(): terminating\n",modname);
00229     if (userban_db) { free(userban_db); userban_db=NULL; }
00230 
00231     return LCAS_MOD_SUCCESS;
00232 }