Main Page | Modules | Data Structures | File List | Data Fields | Globals | Related Pages

lcas_voms.c

Go to the documentation of this file.
00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*
00009  * Copyright (c) 2001 EU DataGrid.                                                                             
00010  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00011  *
00012  * Copyright (c) 2001, 2002 by 
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00098 /*****************************************************************************
00099                             Include header files
00100 ******************************************************************************/
00101 #include "lcas_config.h"
00102 #include <stdio.h>
00103 #include <stdlib.h>
00104 #include <string.h>
00105 #include <pwd.h>
00106 #include <sys/types.h>
00107 #include <sys/stat.h>
00108 #include <unistd.h>
00109 #include <libgen.h>
00110 #include <openssl/x509.h>
00111 #include <errno.h>
00112 #include "gssapi.h"
00113 
00114 #include "lcas_modules.h"
00115 #include "lcas_voms_utils.h"
00116 #include "lcas_vo_data.h"
00117 #include "lcas_gridlist.h"
00118 
00119 #include <libxml/tree.h>
00120 #include "gridsite.h"
00121 #include "gridsite-gacl.h"
00122 
00123 #include "voms_apic.h"
00124 #include "globus_gss_assist.h"
00125 
00126 #undef TESTBIO
00127 #ifdef TESTBIO
00128 #    include <openssl/pem.h>
00129 #    include <openssl/bio.h>
00130 #endif
00131 
00132 
00133 /******************************************************************************
00134                                 Definitions
00135 ******************************************************************************/
00136 
00137 #define VOMS_BUFFER_SIZE 1024
00138 
00139 /******************************************************************************
00140                                Type definitions
00141 ******************************************************************************/
00147 typedef enum authformat_e
00148 {
00149     NO_FORMAT,     
00150     SIMPLE_FORMAT, 
00151     GACL_FORMAT,   
00152     XACML_FORMAT,  
00153 }
00154 authformat_t;
00155 
00156 typedef enum gacl_use_voms_dn_e
00157 {
00158     ALWAYS_USE_VOMS_DN,  
00159     USE_VOMS_DN,         
00160     DONT_USE_VOMS_DN,    
00161 }
00162 gacl_use_voms_dn_t;
00163 
00164 /******************************************************************************
00165                           Module specific prototypes
00166 ******************************************************************************/
00167 static void print_vomsdata(struct vomsdata *);
00168 static void print_vomsdata(struct vomsdata *);
00169 static int  lcas_check_gacl(GACLuser *, char *);
00170 static int  lcas_gacl_add_dn(GACLuser **, char *);
00171 static int  lcas_gacl_add_vomsdata(GACLuser **, lcas_vo_data_t *, char *);
00172 
00173 #ifdef TESTBIO
00174 static STACK_OF(X509) *load_chain(char *certfile);
00175 static char *retmsg[] = { "VERR_NONE", "VERR_NOSOCKET", "VERR_NOIDENT", "VERR_COMM", 
00176                           "VERR_PARAM", "VERR_NOEXT", "VERR_NOINIT",
00177                           "VERR_TIME", "VERR_IDCHECK", "VERR_EXTRAINFO",
00178                           "VERR_FORMAT", "VERR_NODATA", "VERR_PARSE",
00179                           "VERR_DIR", "VERR_SIGN", "VERR_SERVER", 
00180                           "VERR_MEM", "VERR_VERIFY", "VERR_IDENT",
00181                           "VERR_TYPE", "VERR_ORDER" };
00182 #endif
00183 
00184 /******************************************************************************
00185                        Define module specific variables
00186 ******************************************************************************/
00187 
00188 
00189 static authformat_t authformat       = NO_FORMAT;
00190 static char *       authfile         = NULL;
00191 static char *       certdir          = NULL;
00192 static char *       vomsdir          = NULL;
00193 static char         voms_buffer[VOMS_BUFFER_SIZE];
00194 static authformat_t gacl_use_voms_dn = USE_VOMS_DN;
00195 static int          use_user_dn = 0;
00196 
00197 #ifdef TESTBIO
00198 static STACK_OF(X509) *load_chain(char *certfile)
00199 {
00200     STACK_OF(X509_INFO) *sk=NULL;
00201     STACK_OF(X509) *stack=NULL, *ret=NULL;
00202     BIO *in=NULL;
00203     X509_INFO *xi;
00204     int first = 1;
00205 
00206     if(!(stack = sk_X509_new_null()))
00207     {
00208         printf("%s: memory allocation failure\n", logstr);
00209         goto end;
00210     }
00211 
00212     if(!(in=BIO_new_file(certfile, "r")))
00213     {
00214         printf("%s: error opening the file, %s\n", logstr,certfile);
00215         goto end;
00216     }
00217 
00218     /* This loads from a file, a stack of x509/crl/pkey sets */
00219     if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL)))
00220     {
00221         printf("%s: error reading the file, %s\n", logstr,certfile);
00222         goto end;
00223     }
00224 
00225     /* scan over it and pull out the certs */
00226     while (sk_X509_INFO_num(sk))
00227     {
00228         /* skip first cert */
00229         if (first)
00230         {
00231             first = 0;
00232             continue;
00233         }
00234         xi=sk_X509_INFO_shift(sk);
00235         if (xi->x509 != NULL)
00236         {
00237             sk_X509_push(stack,xi->x509);
00238             xi->x509=NULL;
00239         }
00240         X509_INFO_free(xi);
00241     }
00242     if(!sk_X509_num(stack))
00243     {
00244         printf("%s: no certificates in file, %s\n", logstr,certfile);
00245         sk_X509_free(stack);
00246         goto end;
00247     }
00248     ret=stack;
00249 end:
00250     BIO_free(in);
00251     sk_X509_INFO_free(sk);
00252     return(ret);
00253 }
00254 #endif
00255 
00256 /******************************************************************************
00257 Function:   plugin_initialize
00258 Description:
00259     Initialize plugin
00260 Parameters:
00261     argc, argv
00262     argv[0]: the name of the plugin
00263 Returns:
00264     LCAS_MOD_SUCCESS : succes
00265     LCAS_MOD_FAIL    : failure
00266     LCAS_MOD_NOFILE  : db file not found (will halt LCAS initialization)
00267 ******************************************************************************/
00268 int plugin_initialize(
00269         int argc,
00270         char ** argv
00271 )
00272 {
00273     struct stat  buf;
00274     char *       logstr = "\tlcas_plugin_voms-plugin_initialize()";
00275     char *       authfilecopy = NULL;
00276     char *       authfilebase = NULL;
00277     int          i;
00278  
00279     lcas_log_debug(1,"%s: passed arguments:\n", logstr);
00280     for (i=0; i < argc; i++)
00281     {
00282        lcas_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00283     }
00284  
00285     /*
00286      * CERTDIR = The directory which contains the CA certificates
00287      * VOMSDIR = The directory which contains the certificates of the VOMS servers 
00288      */
00289  
00290     /*
00291      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00292      */
00293     for (i = 1; i < argc; i++)
00294     {
00295         if ( ((strcmp(argv[i], "-vomsdir") == 0) ||
00296               (strcmp(argv[i], "-VOMSDIR") == 0))
00297              && (i + 1 < argc))
00298         {
00299             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00300             {
00301                  vomsdir = strdup(argv[i + 1]);
00302             }
00303             i++;
00304         }
00305         else if ( ((strcmp(argv[i], "-certdir") == 0) ||
00306                    (strcmp(argv[i], "-CERTDIR") == 0))
00307                    && (i + 1 < argc))
00308         {
00309             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00310             {
00311                  certdir = strdup(argv[i + 1]);
00312             }
00313             i++;
00314         }
00315         else if ((strcmp(argv[i], "-authfile") == 0)
00316                    && (i + 1 < argc))
00317         {
00318             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00319             {
00320                  authfile = strdup(argv[i + 1]);
00321             }
00322             i++;
00323         }
00324         else if ((strcmp(argv[i], "-authformat") == 0)
00325                    && (i + 1 < argc))
00326         {
00327             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00328             {
00329                  if ( (strcmp(argv[i + 1], "gacl") == 0) || (strcmp(argv[i + 1], "GACL") == 0) )
00330                  {
00331                      authformat = GACL_FORMAT;
00332                  }
00333                  else if ( (strcmp(argv[i + 1], "xacml") == 0) || (strcmp(argv[i + 1], "XACML") == 0) )
00334                  {
00335                      authformat = XACML_FORMAT;
00336                  }
00337                  else if ( (strcmp(argv[i + 1], "simple") == 0) || (strcmp(argv[i + 1], "SIMPLE") == 0) )
00338                  {
00339                      authformat = SIMPLE_FORMAT;
00340                  }
00341                  else
00342                  {
00343                      lcas_log(0,"%s: use  \"simple/SIMPLE\", \"gacl/GACL\" or \"xacml/XACML\" for option %s\n",
00344                                 logstr, argv[i]);
00345                      goto fail_voms_init;
00346                  }
00347             }
00348             i++;
00349         }
00350         else if (strcmp(argv[i], "-use_user_dn") == 0)
00351         {
00352             use_user_dn = 1;
00353         }
00354         else if ((strcmp(argv[i], "-gacl_use_voms_dn") == 0)
00355                    && (i + 1 < argc))
00356         {
00357             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00358             {
00359                  if ( (strcmp(argv[i + 1], "yes") == 0) || (strcmp(argv[i + 1], "YES") == 0) )
00360                  {
00361                      gacl_use_voms_dn = USE_VOMS_DN;
00362                  }
00363                  else if ( (strcmp(argv[i + 1], "no") == 0) || (strcmp(argv[i + 1], "NO") == 0) )
00364                  {
00365                      gacl_use_voms_dn = DONT_USE_VOMS_DN;
00366                  }
00367                  else if ( (strcmp(argv[i + 1], "always") == 0) || (strcmp(argv[i + 1], "ALWAYS") == 0) )
00368                  {
00369                      gacl_use_voms_dn = ALWAYS_USE_VOMS_DN;
00370                  }
00371                  else
00372                  {
00373                      lcas_log(0,"%s: use  \"yes/YES\", \"no/NO\" or \"always/ALWAYS\" for option %s\n",
00374                                 logstr, argv[i]);
00375                      goto fail_voms_init;
00376                  }
00377             }
00378             i++;
00379         }
00380         else
00381         {
00382             lcas_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
00383                        argv[i]);
00384             return LCAS_MOD_FAIL;
00385         }
00386     }
00387 
00388     /* Check if authfile is filled */
00389     if (authfile == NULL)
00390     {
00391         lcas_log(0, "%s: authorization file is not specified (failure)\n", logstr);
00392         goto fail_voms_init;
00393     }
00394     if ((stat(authfile, &buf)) != 0)
00395     {
00396         lcas_log(0, "%s: unable to get stat of authorization file: %s\n", logstr, authfile);
00397         lcas_log(0, "%s: %s\n", logstr, strerror(errno));
00398         goto fail_voms_init;
00399     }
00400     if ( !(S_ISREG(buf.st_mode)))
00401     {
00402         lcas_log(0, "%s: specified authorization file (%s) is not a regular file (failure)\n",
00403                    logstr, authfile);
00404         goto fail_voms_init;
00405     }
00406 
00407     /* If necessary, try to establish the authorization file format from suffix */
00408     if (authformat == NO_FORMAT)
00409     {
00410         authfilecopy = strdup(authfile);
00411         authfilebase = basename(authfilecopy);
00412         if (strstr(authfilebase, ".gacl") != NULL)
00413         {
00414             authformat = GACL_FORMAT;
00415         }
00416         else if (strstr(authfilebase, ".xacml") != NULL)
00417         {
00418             authformat = XACML_FORMAT;
00419         }
00420         else
00421         {
00422             authformat = SIMPLE_FORMAT;
00423         }
00424         if (authfilecopy)
00425         {
00426             free(authfilecopy);
00427             authfilecopy = NULL;
00428         }
00429     }
00430     lcas_log_debug(1, "%s: authorization file: %s, format: %d\n", logstr, authfile, authformat);
00431 
00432     /* success */
00433 // success_voms_init:
00434     return LCAS_MOD_SUCCESS;
00435 
00436     /* failure */
00437  fail_voms_init:
00438     return LCAS_MOD_FAIL;
00439 } 
00440 
00441 
00442 
00443 
00444 /******************************************************************************
00445 Function:   plugin_confirm_authorization
00446 Description:
00447     Ask for authorization by passing RSL and user credential
00448 Parameters:
00449     request:   RSL request
00450     user_cred: user credential
00451 Returns:
00452     LCAS_MOD_SUCCESS : succes
00453     LCAS_MOD_FAIL    : failure
00454 ******************************************************************************/
00455 int
00456 plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred)
00457 {
00458     char * logstr = "\tlcas_plugin_voms-plugin_confirm_authorization()";
00459     char *              dn          = NULL; 
00460     struct vomsdata *   vd          = NULL;
00461     int                 errNo       = 0;
00462     gss_cred_id_t       cred        = GSS_C_NO_CREDENTIAL;
00463     X509 *              px509_cred  = NULL;
00464     STACK_OF(X509) *    px509_chain = NULL;
00465     GACLuser *          gacluser = NULL;
00466     int                 rc = 0;
00467     char *              dummy = NULL;
00468 
00469 #ifdef TESTBIO
00470     int err;
00471     int res;
00472     BIO *in = NULL;
00473     X509 *x = NULL;
00474     STACK_OF(X509) *chain;
00475 #endif
00476 
00477 
00478     /*
00479      * The beginning
00480      */
00481     lcas_log_debug(1,"%s:\n", logstr);
00482 
00483     /*
00484      * Get the gss_cred_t credential and get the globus name
00485      */
00486     if ( (dn = lcas_get_dn(lcas_cred)) == NULL)
00487     {
00488         lcas_log(0, "%s: Error, user DN empty\n", logstr);
00489         goto fail_voms;
00490     }
00491     if ( (cred = lcas_get_gss_cred(lcas_cred)) == GSS_C_NO_CREDENTIAL)
00492     {
00493         lcas_log(0, "%s: Error, user gss credential is empty !\n", logstr);
00494         goto fail_voms;
00495     }
00496 
00497 #undef EXPORT_CREDENTIAL
00498 #if EXPORT_CREDENTIAL
00499     if (cred)
00500     {
00501         gss_buffer_desc                 deleg_proxy_filename;
00502         OM_uint32         major_status = 0;
00503         OM_uint32         minor_status = 0;
00504         
00505         major_status = gss_export_cred(&minor_status,
00506                                        cred,
00507                                        NULL,
00508                                        1,
00509                                        &deleg_proxy_filename);
00510 
00511         if (major_status == GSS_S_COMPLETE)
00512         {
00513             char *                      cp;
00514 
00515             lcas_log_debug(1,"%s: deleg_proxy_filename.value: %s\n", logstr,
00516                                deleg_proxy_filename.value);
00517             cp = strchr((char *)deleg_proxy_filename.value, '=');
00518             *cp = '\0';
00519             cp++;
00520             setenv((char *)deleg_proxy_filename.value, cp, 1);
00521             free(deleg_proxy_filename.value);
00522         }
00523         else
00524         {
00525             char *                      error_str = NULL;
00526             globus_object_t *           error_obj;
00527 
00528             error_obj = globus_error_get((globus_result_t) minor_status);
00529             
00530             error_str = globus_error_print_chain(error_obj);
00531             lcas_log(0,"%s: Error, gss_export_cred(): %s\n", logstr,error_str);
00532             goto fail_voms;
00533         }
00534     }
00535 #endif /* EXPORT_CREDENTIAL */
00536 
00537     /*
00538      * Retrieve a newly created X509 struct and X509 chain from gss credential (should be freed)
00539      */
00540     if ( ( px509_cred = lcas_cred_to_x509(cred) ) )
00541     {
00542         lcas_log_debug(1,"%s: found X509 struct inside gss credential\n", logstr);
00543         lcas_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name);
00544     }
00545     else
00546     {
00547         lcas_log(0,"%s: could not get X509 cred (exit voms)!\n", logstr);
00548         goto fail_voms;
00549     }
00550     if ( ( px509_chain = lcas_cred_to_x509_chain(cred) ) )
00551     {
00552         lcas_log_debug(1,"%s: found X509 chain inside gss credential\n", logstr);
00553     }
00554     else
00555     {
00556         lcas_log(0,"%s: could not get X509 chain (exit voms)!\n", logstr);
00557         goto fail_voms;
00558     }
00559 
00560     lcas_log_debug(1,"%s: vomsdir = %s\n", logstr, vomsdir);
00561     lcas_log_debug(1,"%s: certdir = %s\n", logstr, certdir);
00562     if ((vd = VOMS_Init(vomsdir, certdir)) == NULL)
00563     {
00564         lcas_log(0,"%s: Failed to initialize voms data structure\n", logstr);
00565         lcas_log(0,"%s:  This may be because either the specified voms directory (%s)\n",logstr,vomsdir);
00566         lcas_log(0,"%s:  or the specified CA certificates directory (%s) does not exist\n", logstr, certdir);
00567         goto fail_voms;
00568     }
00569     lcas_log_debug(1,"%s: voms data structure initialized\n", logstr);
00570 
00571 #ifdef TESTBIO
00572     in = BIO_new(BIO_s_file());
00573     chain = load_chain("/home/gridtest/cvs/fabric_mgt/gridification/lcas/modules/voms/x509up_u500");
00574     if (in)
00575     {
00576         if (BIO_read_filename(in, "/home/gridtest/cvs/fabric_mgt/gridification/lcas/modules/voms/x509up_u500") > 0)
00577         {
00578             x = PEM_read_bio_X509(in, NULL, 0, NULL);
00579 
00580             res = VOMS_Retrieve(x, chain, RECURSE_CHAIN, vd, &err);
00581 
00582             if (res)
00583                 print_vomsdata(vd);
00584             else
00585                 printf("%s: ERROR!\n", logstr);
00586         }
00587     }
00588 
00589     if (!res)
00590     {
00591         printf("%s: err: %s\n", logstr, retmsg[err]);
00592     }
00593 #else
00594     if (VOMS_Retrieve(px509_cred, px509_chain, RECURSE_CHAIN, 
00595                          vd, &errNo))
00596 #endif
00597     {
00598         lcas_vo_data_t *   lcas_vo_data = NULL;
00599         struct voms **     volist = vd->data;
00600         struct voms *      vo;
00601         char *             bufptr = NULL;
00602         int                k = 0;
00603         int                j = 0;
00604         int                foundmatch = 0;
00605 
00606         lcas_log_debug(1,"%s: We got something, errNo = %d\n", logstr, errNo);
00607         print_vomsdata(vd);
00608 
00609         if (authformat == GACL_FORMAT)
00610         {
00611             /* initialize gacl */
00612             GACLinit();
00613             if (lcas_gacl_add_dn(&gacluser, dn) != 0)
00614             {
00615                 lcas_log(0,"%s: error adding dn %s to gacluser\n", logstr, dn);
00616                 goto fail_voms;
00617             }
00618             else
00619             {
00620                 lcas_log_debug(2,"%s: added dn %s to gacluser\n", logstr, dn);
00621             }
00622         }
00623 
00624         while(volist[k])
00625         {
00626             vo = volist[k++];
00627             lcas_log_debug(1,"%s: setting voms data for VO == %s\n", logstr,
00628                              vo->voname);
00629             lcas_log_debug(2,"%s: setting voms data for VO server == %s\n", logstr,
00630                              vo->server);
00631 
00632             switch (vo->type) {
00633                 case TYPE_NODATA:
00634                     lcas_log_debug(1,"%s: NO DATA\n", logstr);
00635                     break;
00636                 case TYPE_CUSTOM:
00637                     lcas_log_debug(1,"%s: %*s\n", logstr, vo->datalen - 10, vo->custom);
00638                     break;
00639                 case TYPE_STD:
00640                     j = 0;
00641                     while (vo->std[j]) {
00642                         char *  fqan = NULL;
00643                         int     ifqan = 0;
00644                         int     found_fqan = 0;
00645 
00646                         lcas_vo_data=lcas_createVoData(vo->voname,vo->std[j]->group,
00647                                                            NULL, vo->std[j]->role, vo->std[j]->cap
00648                         );
00649                         if (! lcas_vo_data)
00650                         {
00651                             lcas_log(0,"%s: could not create VoData structure (failure)\n", logstr);
00652                             goto fail_voms;
00653                         }
00654                         if ( lcas_stringVoData(lcas_vo_data, voms_buffer, VOMS_BUFFER_SIZE) )
00655                         {
00656                             lcas_log(0,"%s: error in casting VoData structure into string (failure)\n", logstr);
00657                             goto fail_voms;
00658                         }
00659                         /*
00660                          * Now that we have the VO-GROUP-ROLE combination as a string it has to be matched in the
00661                          * authorization file. Check the format.
00662                          */
00663                         /*
00664                          * From version 1.2.x we support also FQANs. These are available in the as a NULL terminated
00665                          * list of strings: vo->fqan
00666                          * We're going to increment the counter of this array along with the counter of the triplet
00667                          * and check if the fqan is found when using the SIMPLE_FORMAT
00668                          */
00669                         if (vo->fqan)
00670                         {
00671                             while ((vo->fqan)[ifqan] != NULL)
00672                             {
00673                                 if (ifqan == j) /* found the corresponding fqan */
00674                                 {
00675                                     fqan = (vo->fqan)[ifqan];
00676                                     lcas_log_debug(1, "%s: fqan:   %s\n", logstr, fqan);
00677                                     break;
00678                                 }
00679                                 ifqan++;
00680                             }
00681                         }
00682                         if (fqan == NULL)
00683                         {
00684                             lcas_log(0, "%s: WARNING could not find fqan inside VOMS structure, only VOMS triplet\n", logstr);
00685                         }
00686                         if (authformat == SIMPLE_FORMAT)
00687                         {
00688                             /* check with gridlist, first try it with the fqan */
00689                             rc = lcas_gridlist(fqan, &dummy, authfile, MATCH_ONLY_DN|MATCH_WILD_CHARS, NULL, NULL);
00690                             if ( rc == LCAS_MOD_ENTRY )
00691                             {
00692                                 /* Entry found for VO combi */
00693                                 lcas_log_debug(1,"%s: entry found for fqan %s\n", logstr, fqan);
00694                                 foundmatch++;
00695                             }
00696                             else if ( rc == LCAS_MOD_NOFILE )
00697                             {
00698                                 /* file not found */
00699                                 lcas_log(0, "%s: Error, Cannot find authorization file: %s\n", logstr, authfile);
00700                                 if (dummy)
00701                                 {
00702                                     free(dummy);
00703                                     dummy = NULL;
00704                                 }
00705                                 goto fail_voms;;
00706                             }
00707                             else
00708                             {
00709                                 /* no entry found, not fatal */
00710                                 lcas_log_debug(1, "%s: no entry for fqan %s in %s\n", logstr, fqan, authfile);
00711                             }
00712                             if (dummy)
00713                             {
00714                                 free(dummy);
00715                                 dummy = NULL;
00716                             }
00717 
00718                             /* If no entry found for the FQAN try it with the VO string (in voms_buffer) */
00719                             if (foundmatch == 0)
00720                             {
00721                                 lcas_log_debug(1, "%s: Trying old format: %s instead of %s\n", logstr, voms_buffer, fqan);
00722                                 rc = lcas_gridlist(voms_buffer, &dummy, authfile, MATCH_ONLY_DN|MATCH_WILD_CHARS, NULL, NULL);
00723                                 if ( rc == LCAS_MOD_ENTRY )
00724                                 {
00725                                     /* Entry found for VO combi */
00726                                     lcas_log_debug(1,"%s: entry found for VOMS triplet %s\n", logstr, voms_buffer);
00727                                     foundmatch++;
00728                                 }
00729                                 else if ( rc == LCAS_MOD_NOFILE )
00730                                 {
00731                                     /* file not found */
00732                                     lcas_log(0, "%s: Error, Cannot find authorization file: %s\n", logstr, authfile);
00733                                     if (dummy)
00734                                     {
00735                                         free(dummy);
00736                                         dummy = NULL;
00737                                     }
00738                                     goto fail_voms;;
00739                                 }
00740                                 else
00741                                 {
00742                                     /* no entry found, not fatal */
00743                                     lcas_log_debug(1, "%s: no entry for VOMS triplet %s in %s\n", logstr, voms_buffer, authfile);
00744                                 }
00745                                 if (dummy)
00746                                 {
00747                                     free(dummy);
00748                                     dummy = NULL;
00749                                 }
00750                             }
00751                         }
00752                         else if (authformat == GACL_FORMAT)
00753                         {
00754                             /* Fill the gacluser with another VOMS credential, do the ACL checking afterwards */
00755                             if ( (gacl_use_voms_dn == USE_VOMS_DN) || (gacl_use_voms_dn == ALWAYS_USE_VOMS_DN) )
00756                             {
00757                                 if (!lcas_parseVostring(vo->server))
00758                                 {
00759                                     lcas_log(0,"%s: No VOMS server DN found in user cert. (failure)\n", logstr);
00760                                     goto fail_voms;
00761                                 }
00762                                 /* First create a credential with the VOMS DN */
00763                                 if (lcas_gacl_add_vomsdata(&gacluser, lcas_vo_data, vo->server) != 0)
00764                                 {
00765                                     lcas_log(0,"%s: error adding voms data for %s to gacluser\n", logstr, voms_buffer);
00766                                     goto fail_voms;
00767                                 }
00768                                 else
00769                                 {
00770                                     lcas_log_debug(2,"%s: added voms data for %s to gacluser\n", logstr, voms_buffer);
00771                                 }
00772                                 /* Then create a credential without the VOMS DN if (gacl_use_voms_dn == USE_VOMS_DN) */
00773                                 if (gacl_use_voms_dn == USE_VOMS_DN)
00774                                 {
00775                                     if (lcas_gacl_add_vomsdata(&gacluser, lcas_vo_data, NULL) != 0)
00776                                     {
00777                                         lcas_log(0,"%s: error adding voms data for %s to gacluser\n", logstr, voms_buffer);
00778                                         goto fail_voms;
00779                                     }
00780                                     else
00781                                     {
00782                                         lcas_log_debug(2,"%s: added voms data for %s to gacluser\n", logstr, voms_buffer);
00783                                     }
00784                                 }
00785                             }
00786                             else if (gacl_use_voms_dn == DONT_USE_VOMS_DN)
00787                             {
00788                                 /* Create a credential without the VOMS DN */
00789                                 if (lcas_gacl_add_vomsdata(&gacluser, lcas_vo_data, NULL) != 0)
00790                                 {
00791                                     lcas_log(0,"%s: error adding voms data for %s to gacluser\n", logstr, voms_buffer);
00792                                     goto fail_voms;
00793                                 }
00794                                 else
00795                                 {
00796                                     lcas_log_debug(2,"%s: added voms data for %s to gacluser\n", logstr, voms_buffer);
00797                                 }
00798                             }
00799                         }
00800                         else if (authformat == XACML_FORMAT)
00801                         {
00802                             /* check with xacml */
00803                             lcas_log(0,"%s: This (%d) format is not supported yet\n", logstr, authformat);
00804                         }
00805                         else
00806                         {
00807                             lcas_log(0,"%s: This (%d) format is not supported\n", logstr, authformat);
00808                         }
00809                         /* Add credential */
00810                         /* copy address of voms_buffer[0] in bufptr, because you cannot take the address of the array voms_buffer */
00811                         bufptr = voms_buffer;
00812 //                        addCredentialData(LCAS_VO_CRED_STRING, (void *) &bufptr);
00813 //                        addCredentialData(LCAS_VO_CRED, (void *) lcas_vo_data);
00814                         if ( lcas_deleteVoData(&lcas_vo_data) )
00815                         {
00816                             lcas_log(0,"%s: error while deleting VoData structure (failure)\n", logstr);
00817                             goto fail_voms;
00818                         }
00819                         j++;
00820                     }
00821                     break;
00822             }
00823         }
00824         lcas_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
00825         VOMS_Destroy(vd);
00826         lcas_log_debug(1,"%s: done\n", logstr);
00827 
00828         /* evaluate the matching, may become more elaborate */
00829         
00830         if (authformat == GACL_FORMAT)
00831         {
00832             /* check with gacl */
00833             /* Perhaps do something with fatalness, if deny found always quit */
00834             rc = lcas_check_gacl(gacluser, authfile);
00835             if (rc == 0)
00836             {
00837                 lcas_log_debug(1, "%s: authorization granted based on VOMS info for user %s in %s\n", logstr, dn, authfile);
00838             }
00839             else
00840             {
00841                 /* no authorization --> failure */
00842                 lcas_log(0, "%s: authorization denied based on VOMS info for user %s in %s\n", logstr, dn, authfile);
00843                 goto fail_voms;
00844             }
00845         }
00846         else
00847         {
00848             if (foundmatch)
00849             {
00850                 lcas_log_debug(1,"%s: found a matching VO entry in the authorization file\n", logstr);
00851             }
00852             else
00853             {
00854                 lcas_log(0,"%s: Did not find a matching VO entry in the authorization file\n", logstr);
00855                 goto fail_voms;
00856             }
00857         }
00858         
00859     }
00860 #ifdef TESTBIO
00861 #else
00862     else if (errNo == VERR_NOEXT)
00863     {
00864         /*
00865          * If no voms info is found in user proxy: try with the user dn if
00866          * use_user_dn flag is specified
00867          */
00868         if (use_user_dn != 0)
00869         {
00870             lcas_log_debug(1,"%s: VOMS extensions missing from certificate, trying\n", logstr);
00871             lcas_log_debug(1,"%s: to find user dn (%s) in authorization file %s\n", logstr, dn, authfile);
00872 
00873             if (authformat == SIMPLE_FORMAT)
00874             {
00875                 /* check with gridlist */
00876                 rc = lcas_gridlist(dn, &dummy, authfile, MATCH_ONLY_DN, NULL, NULL);
00877                 if ( rc == LCAS_MOD_ENTRY )
00878                 {
00879                     /* Entry found for user DN */
00880                     lcas_log_debug(1,"%s: entry found for %s\n", logstr, dn);
00881                 }
00882                 else if ( rc == LCAS_MOD_NOFILE )
00883                 {
00884                     /* file not found */
00885                     lcas_log(0, "%s: Error, Cannot find authorization file: %s\n", logstr, authfile);
00886                     if (dummy)
00887                     {
00888                         free(dummy);
00889                         dummy = NULL;
00890                     }
00891                     goto fail_voms;;
00892                 }
00893                 else
00894                 {
00895                     /* no entry found --> failure */
00896                     lcas_log(0, "%s: authorization denied based on DN info for user\n", logstr);
00897                     lcas_log(0, "%s: %s in %s\n", logstr, dn, authfile);
00898                     lcas_log(0, "%s: (in addition no VOMS info was found in user proxy)\n", logstr);
00899                     if (dummy)
00900                     {
00901                         free(dummy);
00902                         dummy = NULL;
00903                     }
00904                     goto fail_voms;
00905                 }
00906             }
00907             else if (authformat == GACL_FORMAT)
00908             {
00909                 /* initialize gacl */
00910                 GACLinit();
00911                 if (lcas_gacl_add_dn(&gacluser, dn) != 0)
00912                 {
00913                     lcas_log(0,"%s: error adding dn %s to gacluser\n", logstr, dn);
00914                     goto fail_voms;
00915                 }
00916                 else
00917                 {
00918                     lcas_log_debug(2,"%s: added dn %s to gacluser\n", logstr, dn);
00919                 }
00920                 /* check with gacl */
00921                 /* Perhaps do something with fatalness, if deny found always quit */
00922                 rc = lcas_check_gacl(gacluser, authfile);
00923                 if (rc == 0)
00924                 {
00925                     lcas_log_debug(1, "%s: authorization granted based on DN info for user %s in %s\n", logstr, dn, authfile);
00926                 }
00927                 else
00928                 {
00929                     /* no authorization --> failure */
00930                     lcas_log(0, "%s: authorization denied based on DN info for user\n", logstr);
00931                     lcas_log(0, "%s: %s in %s\n", logstr, dn, authfile);
00932                     lcas_log(0, "%s: (in addition no VOMS info was found in user proxy)\n", logstr);
00933                     goto fail_voms;
00934                 }
00935             }
00936             else
00937             {
00938                 lcas_log(0,"%s: This (%d) format is not supported yet, but this should have been checked earlier in the process! \n", logstr, authformat);
00939             }
00940         }
00941         else
00942         {
00943             lcas_log(0,"%s: VOMS extensions missing from certificate (failure)!\n", logstr);
00944             goto fail_voms;
00945         }
00946     }
00947     else if (errNo == VERR_IDCHECK)
00948     {
00949         lcas_log(0,"%s: VOMS User data in extension different from the real ones (failure)!\n", logstr);
00950         goto fail_voms;
00951     }
00952     else if (errNo == VERR_TIME)
00953     {
00954         lcas_log(0,"%s: VOMS extensions expired for at least one of the VOs (failure)!\n", logstr);
00955         goto fail_voms;
00956     }
00957     else if (errNo == VERR_ORDER)
00958     {
00959         lcas_log(0,"%s: The ordering of the VOMS groups, as required by the client, was not delivered by VOMS (failure)!\n", logstr);
00960         goto fail_voms;
00961     }
00962     else if (errNo == VERR_NOSOCKET)
00963     {
00964         lcas_log(0,"%s: VOMS Socket problem (failure)!\n", logstr);
00965         goto fail_voms;
00966     }
00967     else if (errNo == VERR_NOIDENT)
00968     {
00969         lcas_log(0,"%s: VOMS Cannot identify itself (certificate problem) (failure)!\n", logstr);
00970         goto fail_voms;
00971     }
00972     else if (errNo == VERR_COMM)
00973     {
00974         lcas_log(0,"%s: VOMS server problem (failure)!\n", logstr);
00975         goto fail_voms;
00976     }
00977     else if (errNo == VERR_PARAM)
00978     {
00979         lcas_log(0,"%s: Wrong parameters for VOMS (failure)!\n", logstr);
00980         goto fail_voms;
00981     }
00982     else if (errNo == VERR_NOINIT)
00983     {
00984         lcas_log(0,"%s: VOMS initialization error (failure)!\n", logstr);
00985         goto fail_voms;
00986     }
00987     else if (errNo == VERR_EXTRAINFO)
00988     {
00989         lcas_log(0,"%s: VO name and URI missing (in proxy ?) (failure)!\n", logstr);
00990         goto fail_voms;
00991     }
00992     else if (errNo == VERR_FORMAT)
00993     {
00994         lcas_log(0,"%s: Wrong VOMS data format (in proxy ?) (failure)!\n", logstr);
00995         goto fail_voms;
00996     }
00997     else if (errNo == VERR_NODATA)
00998     {
00999         lcas_log(0,"%s: Empty VOMS extension (failure)!\n", logstr);
01000         goto fail_voms;
01001     }
01002     else if (errNo == VERR_PARSE)
01003     {
01004         lcas_log(0,"%s: VOMS parse error (failure)!\n", logstr);
01005         goto fail_voms;
01006     }
01007     else if (errNo == VERR_DIR)
01008     {
01009         lcas_log(0,"%s: VOMS directory error (failure)!\n", logstr);
01010         goto fail_voms;
01011     }
01012     else if (errNo == VERR_SIGN)
01013     {
01014         lcas_log(0,"%s: VOMS Signature error (failure)!\n", logstr);
01015         goto fail_voms;
01016     }
01017     else if (errNo == VERR_SERVER)
01018     {
01019         lcas_log(0,"%s: Unidentifiable VOMS server (failure)!\n", logstr);
01020         goto fail_voms;
01021     }
01022     else if (errNo == VERR_MEM)
01023     {
01024         lcas_log(0,"%s: Memory problems in VOMS_Retrieve() (failure)!\n", logstr);
01025         goto fail_voms;
01026     }
01027     else if (errNo == VERR_VERIFY)
01028     {
01029         lcas_log(0,"%s: Generic verification error for VOMS (failure)!\n", logstr);
01030         goto fail_voms;
01031     }
01032     else if (errNo == VERR_TYPE)
01033     {
01034         lcas_log(0,"%s: Returned VOMS data of unknown type (failure)!\n", logstr);
01035         goto fail_voms;
01036     }
01037     else
01038     {
01039         lcas_log(0,"%s: VOMS_Retrieve() error --> %d (failure)!\n", logstr, errNo);
01040         goto fail_voms;
01041     }
01042 #endif
01043 
01044     /* succes */
01045 // success_voms:
01046     if (px509_cred) X509_free(px509_cred);
01047     if (px509_chain) sk_X509_free(px509_chain);
01048     if (authformat == GACL_FORMAT)
01049     {
01050         if (gacluser)
01051         {
01052             GACLfreeUser(gacluser);
01053             gacluser = NULL;
01054         }
01055     }
01056     lcas_log_time(0,"%s: voms plugin succeeded\n", logstr);
01057     return LCAS_MOD_SUCCESS;
01058 
01059  fail_voms:
01060     if (px509_cred) X509_free(px509_cred);
01061     if (px509_chain) sk_X509_free(px509_chain);
01062     if (authformat == GACL_FORMAT)
01063     {
01064         if (gacluser)
01065         {
01066             GACLfreeUser(gacluser);
01067             gacluser = NULL;
01068         }
01069     }
01070     lcas_log_time(0,"%s: voms plugin failed\n", logstr);
01071     return LCAS_MOD_FAIL;
01072 }
01073 
01074 /******************************************************************************
01075 Function:   plugin_terminate
01076 Description:
01077     Terminate plugin
01078 Parameters:
01079 
01080 Returns:
01081     LCAS_MOD_SUCCESS : succes
01082     LCAS_MOD_FAIL    : failure
01083 ******************************************************************************/
01084 int plugin_terminate()
01085 {
01086     char * logstr = "\tlcas_plugin_voms-plugin_terminate()";
01087     lcas_log_debug(1,"%s: terminating\n", logstr);
01088     if (vomsdir)
01089     {
01090         free(vomsdir);
01091         vomsdir = NULL;
01092     }
01093     if (certdir)
01094     {
01095         free(certdir);
01096         certdir = NULL;
01097     }
01098     if (authfile)
01099     {
01100         free(authfile);
01101         authfile = NULL;
01102     }
01103 
01104     return LCAS_MOD_SUCCESS;
01105 }
01106 
01107 
01108 /******************************************************************************
01109 Function:   lcas_gacl_add_dn
01110 Description:
01111     Add the user DN to the gacl user credential
01112 Parameters:
01113     pgacluser:      pointer to the gacl user
01114     user_dn:        the DN of the user
01115 
01116 Returns:
01117     0 : succes
01118     1 : failure
01119 ******************************************************************************/
01134 static int lcas_gacl_add_dn(
01135         GACLuser ** pgacluser,
01136         char *      user_dn
01137 )
01138 {
01139     char *      logstr = "\tlcas_plugin_voms-lcas_gacl_add_dn()";
01140     GACLcred *  dn_cred = NULL;
01141     GACLuser *  gacluser = NULL;
01142     
01143     if (user_dn)
01144     {
01145         if ( (dn_cred = GACLnewCred("person")) != NULL )
01146         {
01147             lcas_log_debug(3,"%s: adding dn = %s to dn_cred\n", logstr, user_dn);
01148             GACLaddToCred(dn_cred, "dn", user_dn);
01149         }
01150         else
01151         {
01152             lcas_log_debug(1,"%s: Cannot create new credential\n", logstr);
01153             return 1;
01154         }
01155     }
01156     else
01157     {
01158         lcas_log_debug(1,"%s: empty user DN !, cannot fill GACLuser\n", logstr);
01159         return 1;
01160     }
01161 
01162     /* if necessary create user and add credential to user */
01163     if (pgacluser == NULL)
01164     {
01165         /* This should not happen ! */
01166         lcas_log(0, "%s: ptr to gacluser is NULL !, wrong invocation of lcas_gacl_add_dn()\n", logstr);
01167         GACLfreeCred(dn_cred);
01168         return 1;
01169     }
01170     gacluser = *pgacluser;
01171     if (gacluser == NULL) /* create new user */
01172     {
01173         if ( (gacluser = GACLnewUser(dn_cred)) == NULL )
01174         {
01175             lcas_log(0, "%s: Could not create new user\n", logstr);
01176             GACLfreeCred(dn_cred);
01177             return 1;
01178         }
01179         *pgacluser = gacluser;
01180     }
01181     else
01182     {
01183         if (GACLuserAddCred(gacluser, dn_cred) != 1)
01184         {
01185             lcas_log(0, "%s: Could not add credential to user\n", logstr);
01186             return 1;
01187         }
01188     } 
01189 
01190     /* clean credential */
01191     if (dn_cred)
01192     {
01193         /* Cannot free credential, because it's used in the gacluser
01194            structure (only a copy of the credential pointer is made)
01195         GACLfreeCred(dn_cred);
01196         */
01197         dn_cred = NULL;
01198     }
01199     return 0;
01200 }
01201 
01202 
01203 /******************************************************************************
01204 Function:   lcas_gacl_add_vomsdata
01205 Description:
01206     Add the VOMS data to the gacl user
01207 Parameters:
01208     pgacluser:       pointer to the gacl user
01209     lcas_voms_data:  the gathered VOMS data structure
01210     voms_server_dn:  the DN of the VOMS server that signed the VOMS certificate
01211 
01212 Returns:
01213     0 : succes
01214     1 : failure
01215 ******************************************************************************/
01233 static int lcas_gacl_add_vomsdata(
01234         GACLuser **       pgacluser,
01235         lcas_vo_data_t *  lcas_voms_data,
01236         char *            voms_server_dn
01237 )
01238 {
01239     char *      logstr = "\tlcas_plugin_voms-lcas_gacl_add_vomsdata()";
01240     GACLcred *  voms_cred = NULL;
01241     GACLuser *  gacluser = NULL;
01242     
01243     if (lcas_voms_data)
01244     {
01245         if ( (voms_cred = GACLnewCred("voms-cred")) != NULL )
01246         {
01247             char * strptr = NULL;
01248 
01249             if ( (strptr = lcas_parseVostring(voms_server_dn)) )
01250             {
01251                 lcas_log_debug(3,"%s: adding voms       = %s to voms_cred\n", logstr, strptr);
01252                 GACLaddToCred(voms_cred, "voms", strptr);
01253             }
01254             if ( (strptr = lcas_parseVostring(lcas_voms_data->vo)) )
01255             {
01256                 lcas_log_debug(3,"%s: adding vo         = %s to voms_cred\n", logstr, strptr);
01257                 GACLaddToCred(voms_cred, "vo", strptr);
01258             }
01259             if ( (strptr = lcas_parseVostring(lcas_voms_data->group)) )
01260             {
01261                 lcas_log_debug(3,"%s: adding group      = %s to voms_cred\n", logstr, strptr);
01262                 GACLaddToCred(voms_cred, "group", strptr);
01263             }
01264             if ( (strptr = lcas_parseVostring(lcas_voms_data->subgroup)) )
01265             {
01266                 lcas_log_debug(3,"%s: adding subgroup   = %s to voms_cred\n", logstr, strptr);
01267                 GACLaddToCred(voms_cred, "group", strptr);
01268             }
01269             if ( (strptr = lcas_parseVostring(lcas_voms_data->role)) )
01270             {
01271                 lcas_log_debug(3,"%s: adding role       = %s to voms_cred\n", logstr, strptr);
01272                 GACLaddToCred(voms_cred, "role", strptr);
01273             }
01274             if ( (strptr = lcas_parseVostring(lcas_voms_data->capability)) )
01275             {
01276                 lcas_log_debug(3,"%s: adding capability = %s to voms_cred\n", logstr, strptr);
01277                 GACLaddToCred(voms_cred, "capability", strptr);
01278             }
01279         }
01280         else
01281         {
01282             lcas_log_debug(1,"%s: Cannot create new credential\n", logstr);
01283             return 1;
01284         }
01285     }
01286     else
01287     {
01288         lcas_log_debug(1,"%s: empty VO data !, cannot fill GACLuser\n", logstr);
01289         return 1;
01290     }
01291 
01292     /* if necessary create user and add credential to user */
01293     if (pgacluser == NULL)
01294     {
01295         /* This should not happen ! */
01296         lcas_log(0, "%s: ptr to gacluser is NULL !, wrong invocation of lcas_gacl_add_vomsdata()\n", logstr);
01297         GACLfreeCred(voms_cred);
01298         return 1;
01299     }
01300     gacluser = *pgacluser;
01301     if (gacluser == NULL) /* create new user */
01302     {
01303         if ( (gacluser = GACLnewUser(voms_cred)) == NULL )
01304         {
01305             lcas_log(0, "%s: Could not create new user\n", logstr);
01306             GACLfreeCred(voms_cred);
01307             return 1;
01308         }
01309         *pgacluser = gacluser;
01310     }
01311     else
01312     {
01313         if (GACLuserAddCred(gacluser, voms_cred) != 1)
01314         {
01315             lcas_log(0, "%s: Could not add credential to user\n", logstr);
01316             return 1;
01317         }
01318     } 
01319 
01320     /* clean credential */
01321     if (voms_cred)
01322     {
01323         /* Cannot free credential, because it's used in the gacluser
01324            structure (only a copy of the credential pointer is made)
01325         GACLfreeCred(voms_cred);
01326         */
01327         voms_cred = NULL;
01328     }
01329     return 0;
01330 }
01331 
01332 
01333 /******************************************************************************
01334 Function:   lcas_check_gacl
01335 Description:
01336     Apply the LCAS authorization GACL to the GACL user
01337 Parameters:
01338     gacluser:  the gacluser, which consists of his DN and VOMS entries
01339     gaclfile:  the file containing the LCAS GACL.
01340 
01341 Returns:
01342     0 : succes
01343     1 : failure
01344 ******************************************************************************/
01359 static int lcas_check_gacl(
01360         GACLuser *  gacluser,
01361         char *      gaclfile
01362 )
01363 {
01364     /*
01365      * Procedure:
01366      * 1. initialize gacl
01367      * 2. load the gacl file
01368      * 3. create an GACLuser (list of credentials)
01369      * 4. check the premissions for the user
01370      *    (for the moment if the result is none --> deny, otherwise allow)
01371      */
01372 
01373     char *      logstr = "\tlcas_plugin_voms-lcas_check_gacl()";
01374     GACLacl *   lcasacl = NULL;
01375     GACLperm    lcas_gacl_perm = GACL_PERM_NONE;
01376 
01377     /* load the gacl file */
01378     lcasacl = GACLloadAcl(gaclfile);
01379     lcas_log_debug(1,"%s: gacl authorization file %s loaded\n", logstr, gaclfile);
01380     if (lcasacl != NULL)
01381     {
01382 //        GACLprintAcl(lcasacl, stderr);
01383     }
01384     else
01385     {
01386         lcas_log(0,"%s: lcasacl is NULL\n", logstr);
01387         return 1;
01388     }
01389 
01390     /* check the premissions for the user */
01391     lcas_gacl_perm = GACLtestExclAcl(lcasacl, gacluser);
01392     lcas_log_debug(1,"%s: exclusive permission = %d\n", logstr, lcas_gacl_perm);
01393 
01394     lcas_gacl_perm = GACLtestUserAcl(lcasacl, gacluser);
01395     lcas_log_debug(1,"%s: permission = %d\n", logstr, lcas_gacl_perm);
01396     if (GACLhasNone(lcas_gacl_perm))
01397     {
01398         if (lcas_get_debug_level() >= 5)
01399             GACLprintAcl(lcasacl, stderr);
01400         GACLfreeAcl(lcasacl);
01401         return 1;
01402     }
01403     else
01404     {
01405         GACLfreeAcl(lcasacl);
01406         return 0;
01407     }
01408 }
01409 
01410 static void print_vomsdata(struct vomsdata *d)
01411 {
01412     char * logstr = "\tlcas_plugin_voms-print_vomsdata()";
01413     struct voms **vo = d->data;
01414     struct voms *v;
01415     int k = 0;
01416     int j =0;
01417   
01418     while(vo[k])
01419     {
01420         v = vo[k++];
01421         lcas_log_debug(1,"%s: %d *******************************************\n", logstr,k);
01422         lcas_log_debug(1,"%s: SIGLEN: %d\n", logstr, v->siglen);
01423         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): USER:   %s\n", v->user);
01424         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): UCA:    %s\n", v->userca);
01425         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): SERVER: %s\n", v->server);
01426         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): SCA:    %s\n", v->serverca);
01427         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): VO:     %s\n", v->voname);
01428         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): URI:    %s\n", v->uri);
01429         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): DATE1:  %s\n", v->date1);
01430         lcas_log_a_string_debug(1, "\tlcas_plugin_voms-print_vomsdata(): DATE2:  %s\n", v->date2);
01431 
01432         switch (v->type)
01433         {
01434         case TYPE_NODATA:
01435             lcas_log_debug(1,"%s: NO DATA\n", logstr);
01436             break;
01437         case TYPE_CUSTOM:
01438             lcas_log_debug(1,"%s: VOMS custom type. Wont print.\n", logstr);
01439             break;
01440         case TYPE_STD:
01441             j = 0;
01442             if (v->fqan)
01443             {
01444                 while ((v->fqan)[j] != NULL)
01445                 {
01446                     lcas_log_a_string_debug(1,
01447                         "\tlcas_plugin_voms-print_vomsdata(): fqan:   %s\n",
01448                         (v->fqan)[j]);
01449                     j++;
01450                 }
01451             }
01452             j = 0;
01453             if (v->std)
01454             {
01455                 while (v->std[j])
01456                 {
01457                     lcas_log_a_string_debug(1,
01458                         "\tlcas_plugin_voms-print_vomsdata(): GROUP:  %s\n", v->std[j]->group);
01459                     lcas_log_a_string_debug(1,
01460                         "\tlcas_plugin_voms-print_vomsdata(): ROLE:   %s\n", v->std[j]->role);
01461                     lcas_log_a_string_debug(1,
01462                         "\tlcas_plugin_voms-print_vomsdata(): CAP:    %s\n", v->std[j]->cap);
01463                     j++;
01464                 }
01465             }
01466             break;
01467         }
01468         lcas_log_debug(1,"%s: %d *******************************************\n", logstr,k);
01469     }
01470 
01471     if (d->workvo)
01472     {
01473         lcas_log_a_string_debug(1,
01474             "\tlcas_plugin_voms-print_vomsdata(): WORKVO: %s\n", d->workvo);
01475     }
01476 
01477     if (d->extra_data)
01478     {
01479         lcas_log_a_string_debug(1,
01480             "\tlcas_plugin_voms-print_vomsdata(): EXTRA: %s\n", d->extra_data);
01481     }
01482 }
01483 
01484 /******************************************************************************
01485 CVS Information:
01486     $Source: /cvs/jra1mw/org.glite.security.lcas-plugins-voms/src/voms/lcas_voms.c,v $
01487     $Date: 2005/02/28 11:45:52 $
01488     $Revision: 1.8 $
01489     $Author: msteenba $
01490 ******************************************************************************/
Generated on Fri May 27 18:10:48 2005 for lcas by doxygen 1.3.5