lcmaps.c

Go to the documentation of this file.

/*                                                                                                            
 * Copyright (c) Members of the EGEE Collaboration. 2004.
 * See http://eu-egee.org/partners/ for details on the copyright holders.
 * For license conditions see the license file or
 * http://eu-egee.org/license.html
 */

/*                                                                                                            
 * Copyright (c) 2001 EU DataGrid.                                                                             
 * For license conditions see http://www.eu-datagrid.org/license.html                                          
 *
 * Copyright (c) 2001, 2002 by 
 *     Martijn Steenbakkers <martijn@nikhef.nl>,
 *     David Groep <davidg@nikhef.nl>,
 *     NIKHEF Amsterdam, the Netherlands
 */

#ifndef LCMAPS_C
#define LCMAPS_C

#include "lcmaps_config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef LCMAPS_GSI_MODE
#   include <gssapi.h>
#endif

/* LCMAPS includes */
#include "lcmaps_types.h"
#include "lcmaps_utils.h"
#include "lcmaps_cred_data.h"
#include "_lcmaps_utils.h"
#include "_lcmaps_pluginmanager.h"
#include "_lcmaps_log.h"
#include "_lcmaps_credential.h"

/******************************************************************************
                       Define module specific variables
******************************************************************************/
static lcmaps_cred_id_t    lcmaps_cred; 
static int                 lcmaps_initialized = 0; 
/******************************************************************************
Function:   lcmaps_init_and_logfile
Description:
    Select logging type
    Setup logging by providing a file handle or file name, error handling (not yet).
    Start PluginManager:
    read from LCMAPS config file, the plugins to be loaded

Parameters:
    logfile: name of logfile 
    fp: file handle for logging (from gatekeeper or other previously opened file handle)
        If the file handle is zero, assume that only syslogging is requested
    logtype: type of logging (usrlog and/or syslog)

Returns:
    0: initialization succeeded
    1: initialization failed
******************************************************************************/
int lcmaps_init_and_logfile(
        char * logfile,
        FILE* fp,
        unsigned short logtype
)
{
    if (lcmaps_initialized)
    {
        if (lcmaps_log(0,"LCMAPS already initialized\n") != 0)
        {
            fprintf(stderr,"LCMAPS already initialized, but wrongly\n");
            goto fail_lcmaps_init_and_logfile;
        }
        return 0;
    }

    /* start logging */
    if (lcmaps_log_open(logfile,fp,logtype))
        goto fail_lcmaps_init_and_logfile;
    lcmaps_log_debug(0,"\n");
    lcmaps_log_time(LOG_DEBUG,"Initialization LCMAPS version %s\n",VERSION);

    /* Start PluginManager */
    if (startPluginManager()) {
        lcmaps_log(0,"lcmaps.mod-lcmaps_init() error: could not start plugin manager\n");
        goto fail_lcmaps_init_and_logfile;
    }

    /* success */
    lcmaps_initialized++;
    return 0;

 fail_lcmaps_init_and_logfile:
    return 1;

}
/******************************************************************************
Function:   lcmaps_init_and_log
Description:
    Select logging type
    Start PluginManager:
    read from LCMAPS config file, the plugins to be loaded

Parameters:
    fp: file handle for logging (from gatekeeper or other previously opened file handle)
        If the file handle is zero, assume that only syslogging is requested
    logtype: type of logging (usrlog and/or syslog)

Returns:
    0: initialization succeeded
    1: initialization failed
******************************************************************************/
int lcmaps_init_and_log(
        FILE* fp,
        unsigned short logtype
)
{
    return lcmaps_init_and_logfile(NULL, fp, logtype);
}

/******************************************************************************
Function:   lcmaps_init
Description:
    Start PluginManager:
    read from LCMAPS config file, the plugins to be loaded

Parameters:
    fp: file handle for logging (from gatekeeper or other previously opened file handle)
        If the file handle is zero, assume that only syslogging is requested
Returns:
    0: initialization succeeded
    1: initialization failed
******************************************************************************/
int lcmaps_init(
        FILE* fp
)
{
    /* set logging file descriptor, for the moment the gatekeeper logfile */
    /* if fp == NULL --> syslogging, otherwise only DO_USRLOG */
    if (fp)
    {
        return lcmaps_init_and_log(fp,DO_USRLOG);
    }
    else
    {
        return lcmaps_init_and_log(NULL,DO_SYSLOG);
    }
}

/******************************************************************************
Function:   lcmaps_term
Description:
    Terminate LCMAPS module: 

Parameters:
Returns:
    0: termination succeeded
    1: termination failed
******************************************************************************/
int lcmaps_term()
{
    lcmaps_log_time(LOG_DEBUG,"Termination LCMAPS\n");
    lcmaps_log_time(0,"lcmaps.mod-lcmaps_term(): terminating\n");
    if (stopPluginManager() != 0)
        return 1;
    if (lcmaps_log_close() != 0)
        return 1;
    if (lcmaps_initialized > 0)
        lcmaps_initialized--;
    return 0;
}

/******************************************************************************
Function:   lcmaps_run_without_credentials_and_return_username
Description:
    Based on the only the user DN do the following:
    Do the user mapping based on the provided list of policies (first successful
    policy found in the lcmaps policy file (lcmaps.db) will result in the user
    mapping) and return user name.
    This interface can be used to provide the legacy
        GLOBUS_GSS_ASSIST_GRIDMAP()
    interface.

Parameters:
    user_dn_tmp : user DN
    request     : RSL string
    usernamep   : pointer to user name (to be freed by calling application)
    npols       : number of policies to be considered for evaluation
    policynames : the names of the policies to be considered for evaluation

Returns:
    0: mapping succeeded
    1: mapping failed
******************************************************************************/
int lcmaps_run_without_credentials_and_return_username(
        char * user_dn_tmp,
        lcmaps_request_t request,
        char ** usernamep,
        int npols,
        char ** policynames
)
{
    char *            user_dn     = NULL;
    uid_t *           uid;
    int               cntUid;
    struct passwd *   user_info   = NULL;
    char *            logstr = "lcmaps.mod-lcmaps_run_without_credentials_and_return_username()";
    int               rc          = 0;


    if (lcmaps_initialized == 0)
    {
        fprintf(stderr,"LCMAPS has to be initialized first !\n");
        goto fail_lcmaps_run_without_credentials_and_return_username;
    }
    lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");
    
    lcmaps_log_debug(1, "Using \"lcmaps_run_without_credentials_and_return_username\" interface of LCMAPS\n");
    if (usernamep == NULL)
        goto fail_lcmaps_run_without_credentials_and_return_username;
    *usernamep = NULL;

    /*
     * Create lcmaps credential:
     *     fill it with the dn and extract it again
     */
    if ((rc = lcmaps_credential_init(&lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_without_credentials_and_return_username;
        }
        else
        {
            lcmaps_log(0, "%s error: in initializing lcmaps_cred\n", logstr);
            goto fail_lcmaps_run_without_credentials_and_return_username;
        }
    }
    if (lcmaps_credential_store_dn(user_dn_tmp, &lcmaps_cred) != 0)
    {
        lcmaps_log(0, "%s error: storing dn in lcmaps_cred\n");
        goto fail_lcmaps_run_without_credentials_and_return_username;
    }
    user_dn = lcmaps_credential_get_dn(lcmaps_cred);
    if (user_dn == NULL)
    {
        lcmaps_log(0, "lcmaps.mod-lcmaps_run_without_credentials_and_return_username() error: user DN empty\n");
        goto fail_lcmaps_run_without_credentials_and_return_username;
    }

    /* Run PluginManager */
    if (runPluginManager(request, lcmaps_cred, npols, policynames)) {
        lcmaps_log(0, "%s error: could not run plugin manager\n");
        goto fail_lcmaps_run_without_credentials_and_return_username;
    }

    /* Now try to get the userid drom the credential data */
    uid    = getCredentialData(UID,     &cntUid);
    if (uid)
    {
        if ( (user_info = getpwuid(uid[0])) == NULL )
        {
            fprintf(stderr,"LCMAPS could not find the username related to uid: %d\n",uid[0]);
            return 1;
        }
        (*usernamep) = strdup(user_info->pw_name);
    }
    else
    {
        fprintf(stderr,"LCMAPS could not find any uid\n");
        return 1;
    }

    /* succes */
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_debug(0,"lcmaps.mod-lcmaps_run_without_credentials_and_return_username(): succeeded\n");
    return 0;

 fail_lcmaps_run_without_credentials_and_return_username:
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_debug(0, "%s: failed\n", logstr);
    return 1;
}


/******************************************************************************
Function:   lcmaps_run_with_fqans_and_return_account
Description:
    LCMAPS will run with a list of FQANs and the DN as an input. In addition a
    list of policies may be provided.
    The allocated uid, gids and the poolindex will be returned to the calling
    application.
    This interface is intended to be used by a wrapper function for the 
        DYNAMIC ACCOUNTS SERVICE (DAS).

Parameters:
    user_dn     : the DN of the user
    fqan_list   : the list of (VOMS) FQANs that have been asserted to the user
    nfqan       : the number of FQANs in fqan_list
    request     : RSL string
    npols       : number of policies to be considered for evaluation
    policynames : the names of the policies to be considered for evaluation
    puid        : pointer to the uid found (output parameter)
    ppgid_list  : pointer to the list of primary gids found (output parameter)
    pnpgid      : pointer to the number of primary gids found (output parameter)
    psgid_list  : pointer to the list of secondary gids found (output parameter)
    pnsgid      : pointer to the number of secondary gids found (output parameter)
    poolindexp  : pointer to poolindex string (output parameter)

Returns:
    0: mapping succeeded
    1: mapping failed
******************************************************************************/
int lcmaps_run_with_fqans_and_return_account(
        char *            user_dn,
        char **           fqan_list,
        int               nfqan,
        lcmaps_request_t  request,
        int               npols,
        char **           policynames,
        uid_t *           puid,
        gid_t **          ppgid_list,
        int *             pnpgid,
        gid_t **          psgid_list,
        int *             pnsgid,
        char **           poolindexp
)
{
    char *   logstr         = "lcmaps.mod-lcmaps_run_with_fqans_and_return_account()";
    int      rc             = 0;
    uid_t *  uid            = NULL;
    int      cntUid         = -1;
    gid_t *  priGid         = NULL;
    int      cntPriGid      = -1;
    gid_t *  secGid         = NULL;
    int      cntSecGid      = -1;
    char **  poolindex_list = NULL;
    char *   poolindex      = NULL;
    int      cntpoolindex   = 0;

    if (lcmaps_initialized == 0)
    {
        fprintf(stderr,"LCMAPS has to be initialized first !\n");
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }
    lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");

    lcmaps_log_debug(1, "Using \"lcmaps_run_with_fqans_and_return_account\" interface of LCMAPS\n");
    /*
     * Create lcmaps credential:
     *     fill it with the dn and extract it again
     */
    if ((rc = lcmaps_credential_init(&lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
        else
        {
            lcmaps_log(0, "%s error: in initializing lcmaps_cred\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
    }
    if (lcmaps_credential_store_dn(user_dn, &lcmaps_cred) != 0)
    {
        lcmaps_log(0, "%s error: storing dn in lcmaps_cred\n");
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }
    if ((rc = lcmaps_credential_store_fqan_list(nfqan, fqan_list, &lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
        else if (rc == 1)
        {
            lcmaps_log(0, "%s error: while storing a malformed fqan list\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
        else if (rc == 2)
        {
            lcmaps_log(0, "%s error: Malloc error while storing fqan list!\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
        else
        {
            lcmaps_log(0, "%s error: storing fqan list\n", logstr);
            goto fail_lcmaps_run_with_fqans_and_return_account;
        }
    }

    /* Run PluginManager */
    if (runPluginManager(request, lcmaps_cred, npols, policynames)) {
        lcmaps_log(0, "%s error: could not run plugin manager\n", logstr);
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }

    /* Hier even de uid, gids and poolindex uitpeuteren */
    /* First the uid */
    uid              = (uid_t *) getCredentialData(UID,     &cntUid);
    if (uid == NULL)
    {
        lcmaps_log(0, "%s error: LCMAPS could not find any uid\n", logstr);
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }
    else if (cntUid != 1)
    {
        lcmaps_log(0, "%s error: LCMAPS found %d uids, only 1 allowed\n", logstr, cntUid);
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }
    else
    {
        *puid = uid[0];
    }
    /* Then the primary gids */
    priGid           = (gid_t *) getCredentialData(PRI_GID, &cntPriGid);
    if (priGid == NULL)
    {
        lcmaps_log(0, "%s error: LCMAPS could not find any gid, at least one required!\n", logstr);
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }
    else
    {
        *pnpgid = cntPriGid;
        *ppgid_list = priGid;
    }
    /* Then the secondary gids */
    secGid           = (gid_t *) getCredentialData(SEC_GID, &cntSecGid);
    if (secGid == NULL)
    {
        lcmaps_log_debug(1, "%s: LCMAPS found no secondary groups\n", logstr);
    }
    else
    {
        *pnsgid = cntSecGid;
        *psgid_list = secGid;
    }
    /* And finally the poolindex */
    poolindex_list = (char **) getCredentialData(POOL_INDEX, &cntpoolindex);
    if (poolindex_list && (cntpoolindex > 0))
    {
        poolindex = (char *)(*(poolindex_list));
        lcmaps_log_debug(3, "%s: found %d poolindeces starting at address = %p\n",
            logstr, cntpoolindex, poolindex);
        /*
         * use lcmaps_log_a_string_debug() to get rid of the vsnprintf problems with
         * strings containing strange characters, such as %
         */
        lcmaps_log_a_string_debug(3,
            "lcmaps.mod-lcmaps_run_with_fqans_and_return_account(): found this poolindex %s\n",
            poolindex);
        *poolindexp = poolindex;
    }
    else
    {
        lcmaps_log(0, "%s: LCMAPS could not find the poolindex\n", logstr);
        goto fail_lcmaps_run_with_fqans_and_return_account;
    }

    /* succes */
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0, "%s: succeeded\n", logstr);
    return 0;

 fail_lcmaps_run_with_fqans_and_return_account:
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0, "%s: failed\n", logstr);
    return 1;
}

/*
 * HERE FOLLOW THE GSI DEPENDENT INTERFACES
 */

#ifdef LCMAPS_GSI_MODE
/******************************************************************************
Function:   lcmaps_run
Description:
    Do the user mapping based on the user's gss (gsi) credential and the job
    request.
    This is the legacy lcmaps interface and is used by
        the GATEKEEPER.

Parameters:
    request: RSL string
    user_cred : user globus credential handle
Returns:
    0: mapping succeeded
    1: mapping failed
******************************************************************************/
#if ALLOW_EMPTY_CREDENTIALS
int lcmaps_run(
        char * user_dn_tmp,
        gss_cred_id_t user_cred,
        lcmaps_request_t request
)
#else
int lcmaps_run(
        gss_cred_id_t user_cred,
        lcmaps_request_t request
)
#endif
{
    char *  user_dn = NULL;
    char *  logstr = "lcmaps.mod-lcmaps_run()";
    int     rc = 0;

    if (lcmaps_initialized == 0)
    {
        fprintf(stderr,"LCMAPS has to be initialized first !\n");
        goto fail_lcmaps_run;
    }
    lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");

    /*
     * Create lcmaps credential:
     *     fill it with the dn and extract it again
     */
    if ((rc = lcmaps_credential_init(&lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run;
        }
        else
        {
            lcmaps_log(0, "%s error: in initializing lcmaps_cred\n", logstr);
            goto fail_lcmaps_run;
        }
    }
#if ALLOW_EMPTY_CREDENTIALS
    if (lcmaps_credential_store_dn(user_dn_tmp, &lcmaps_cred) != 0)
    {
        lcmaps_log(0, "%s error: storing dn in lcmaps_cred\n");
        goto fail_lcmaps_run;
    }
#endif
    if ((rc = lcmaps_credential_store_gss_cred_id_t(user_cred, &lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run;
        }
        else if (rc == 1)
        {
            lcmaps_log(0, "%s error: cannot retrieve dn while storing gss_credential\n", logstr);
            goto fail_lcmaps_run;
        }
        else if (rc == 2)
        {
            lcmaps_log(0, "%s: No FQANs found while storing gss_credential (non fatal)\n", logstr);
        }
        else if (rc == 3)
        {
            lcmaps_log(0, "%s error: Retrieving VOMS FQANs while storing gss_credential\n", logstr);
            goto fail_lcmaps_run;
        }
        else
        {
            lcmaps_log(0, "%s error: storing gss_credential\n", logstr);
            goto fail_lcmaps_run;
        }
    }
    user_dn = lcmaps_credential_get_dn(lcmaps_cred);
    if (user_dn == NULL)
    {
        lcmaps_log(0, "%s error: user DN empty\n", logstr);
        goto fail_lcmaps_run;
    }

    /* Run PluginManager */
    if (runPluginManager(request, lcmaps_cred, 0, NULL)) {
        lcmaps_log(0, "%s error: could not run plugin manager\n", logstr);
        goto fail_lcmaps_run;
    }

    /* succes */
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0, "%s: succeeded\n", logstr);
    return 0;

 fail_lcmaps_run:
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0, "%s: failed\n", logstr);
    return 1;
}

/******************************************************************************
Function:   lcmaps_run_and_return_username
Description:
    do the user mapping based on the provided list of policies (first successful
    policy found in the lcmaps policy file (lcmaps.db) will result in the user
    mapping) and return user name.
    This interface is used by the
        GRIDFTP SERVER.

Parameters:
    request     : RSL string
    user_cred   : user globus credential handle
    usernamep   : pointer to user name (to be freed by calling application)
    npols       : number of policies to be considered for evaluation
    policynames : the names of the policies to be considered for evaluation

Returns:
    0: mapping succeeded
    1: mapping failed
******************************************************************************/
#if ALLOW_EMPTY_CREDENTIALS
int lcmaps_run_and_return_username(
        char * user_dn_tmp,
        gss_cred_id_t user_cred,
        lcmaps_request_t request,
        char ** usernamep,
        int npols,
        char ** policynames
)
#else
int lcmaps_run_and_return_username(
        gss_cred_id_t user_cred,
        lcmaps_request_t request,
        char ** usernamep,
        int npols,
        char ** policynames
)
#endif
{
    char *  logstr  = "lcmaps.mod-lcmaps_run_and_return_username()";
    char *  user_dn = NULL;
    int     rc      = 0;

    uid_t *          uid;
    int              cntUid;
    struct passwd *  user_info   = NULL;

    if (lcmaps_initialized == 0)
    {
        fprintf(stderr,"LCMAPS has to be initialized first !\n");
        goto fail_lcmaps_run_and_return_username;
    }
    lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");

    lcmaps_log_debug(1, "Using lcmaps_run_and_return_username interface of LCMAPS\n");
    if (usernamep == NULL)
        goto fail_lcmaps_run_and_return_username;

    *usernamep = NULL;

    /*
     * Create lcmaps credential:
     *     fill it with the dn and extract it again
     */
    if ((rc = lcmaps_credential_init(&lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
        else
        {
            lcmaps_log(0, "%s error: in initializing lcmaps_cred\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
    }
#if ALLOW_EMPTY_CREDENTIALS
    if (lcmaps_credential_store_dn(user_dn_tmp, &lcmaps_cred) != 0)
    {
        lcmaps_log(0, "%s error: storing dn in lcmaps_cred\n");
        goto fail_lcmaps_run_and_return_username;
    }
#endif
    if ((rc = lcmaps_credential_store_gss_cred_id_t(user_cred, &lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
        else if (rc == 1)
        {
            lcmaps_log(0, "%s error: cannot retrieve dn while storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
        else if (rc == 2)
        {
            lcmaps_log(0, "%s: No FQANs found while storing gss_credential (non fatal)\n", logstr);
        }
        else if (rc == 3)
        {
            lcmaps_log(0, "%s error: Retrieving VOMS FQANs while storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
        else
        {
            lcmaps_log(0, "%s error: storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_username;
        }
    }
    user_dn = lcmaps_credential_get_dn(lcmaps_cred);
    if (user_dn == NULL)
    {
        lcmaps_log(0, "%s error: user DN empty\n", logstr);
        goto fail_lcmaps_run_and_return_username;
    }

    /* Run PluginManager */
    if (runPluginManager(request, lcmaps_cred, npols, policynames)) {
        lcmaps_log(0,"%s error: could not run plugin manager\n", logstr);
        goto fail_lcmaps_run_and_return_username;
    }

    /*
     * Apparently lcmaps succeeded, so let's get the username from the credential repository
     * and return happily
     */

    /* Now try to get the userid drom the credential data */
    uid    = getCredentialData(UID,     &cntUid);
    if (uid)
    {
        if ( (user_info = getpwuid(uid[0])) == NULL )
        {
            fprintf(stderr,"LCMAPS could not find the username related to uid: %d\n",uid[0]);
            return 1;
        }
        (*usernamep) = strdup(user_info->pw_name);
    }
    else
    {
        fprintf(stderr,"LCMAPS could not find any uid\n");
        return 1;
    }

    /* succes */
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0,"%s: succeeded\n", logstr);
    return 0;

 fail_lcmaps_run_and_return_username:
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0,"%s: failed\n", logstr);
    return 1;
}


/******************************************************************************
Function:   lcmaps_run_and_return_poolindex
Description:
    do the user mapping based on the provided list of policies (first successful
    policy found in the lcmaps policy file (lcmaps.db) will result in the user
    mapping) and return the poolindex
    This interface was intended to be used by a wrapper function for the 
        DYNAMIC ACCOUNTS SERVICE (DAS).

Parameters:
    request     : RSL string
    user_cred   : user globus credential handle
    poolindexp  : pointer to poolindex (to be freed by calling application).
                  Note: poolindexp should be non-NULL at the start !
    npols       : number of policies to be considered for evaluation
    policynames : the names of the policies to be considered for evaluation

Returns:
    0: mapping succeeded
    1: mapping failed
******************************************************************************/
#if ALLOW_EMPTY_CREDENTIALS
int lcmaps_run_and_return_poolindex(
        char * user_dn_tmp,
        gss_cred_id_t user_cred,
        lcmaps_request_t request,
        char ** poolindexp,
        int npols,
        char ** policynames
)
#else
int lcmaps_run_and_return_poolindex(
        gss_cred_id_t user_cred,
        lcmaps_request_t request,
        char ** poolindexp,
        int npols,
        char ** policynames
)
#endif
{
    char *           user_dn      = NULL;
    char *           poolindex    = NULL;
    char **          tmpptr       = NULL;
    int              cntpoolindex = -1;
    char *           logstr       = "lcmaps.mod-lcmaps_run_and_return_poolindex()";
    int              rc           = 0;

    if (lcmaps_initialized == 0)
    {
        fprintf(stderr,"LCMAPS has to be initialized first !\n");
        goto fail_lcmaps_run_and_return_poolindex;
    }
    lcmaps_log_time(LOG_NOTICE,"LCMAPS credential mapping request\n");

    lcmaps_log_debug(1, "Using lcmaps_run_and_return_poolindex interface of LCMAPS\n");
    if (poolindexp == NULL)
        goto fail_lcmaps_run_and_return_poolindex;

    *poolindexp = NULL;

    /*
     * Create lcmaps credential:
     *     fill it with the dn and extract it again
     */
    if ((rc = lcmaps_credential_init(&lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
        else
        {
            lcmaps_log(0, "%s error: in initializing lcmaps_cred\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
    }
#if ALLOW_EMPTY_CREDENTIALS
    if (lcmaps_credential_store_dn(user_dn_tmp, &lcmaps_cred) != 0)
    {
        lcmaps_log(0, "%s error: storing dn in lcmaps_cred\n");
        goto fail_lcmaps_run_and_return_poolindex;
    }
#endif
    if ((rc = lcmaps_credential_store_gss_cred_id_t(user_cred, &lcmaps_cred)) != 0)
    {
        if (rc == -1)
        {
            lcmaps_log(0, "%s error: lcmaps_cred does not exist\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
        else if (rc == 1)
        {
            lcmaps_log(0, "%s error: cannot retrieve dn while storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
        else if (rc == 2)
        {
            lcmaps_log(0, "%s: No FQANs found while storing gss_credential (non fatal)\n", logstr);
        }
        else if (rc == 3)
        {
            lcmaps_log(0, "%s error: Retrieving VOMS FQANs while storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
        else
        {
            lcmaps_log(0, "%s error: storing gss_credential\n", logstr);
            goto fail_lcmaps_run_and_return_poolindex;
        }
    }
    user_dn = lcmaps_credential_get_dn(lcmaps_cred);
    if (user_dn == NULL)
    {
        lcmaps_log(0, "%s error: user DN empty\n", logstr);
        goto fail_lcmaps_run_and_return_poolindex;
    }

    /* Run PluginManager */
    if (runPluginManager(request, lcmaps_cred, npols, policynames)) {
        lcmaps_log(0,"%s error: could not run plugin manager\n", logstr);
        goto fail_lcmaps_run_and_return_poolindex;
    }

    /*
     * Apparently lcmaps succeeded, so let's get the poolindex from the credential repository
     * and return happily
     */
    tmpptr = (char **) getCredentialData(POOL_INDEX, &cntpoolindex);
    if (tmpptr && (cntpoolindex > 0))
    {
        poolindex = (char *)(*(tmpptr));
        lcmaps_log_debug(3,
            "%s: found %d poolindeces at address = %p\n",
            logstr, cntpoolindex, poolindex);
        /*
         * use lcmaps_log_a_string_debug() to get rid of the vsnprintf problems with
         * strings containing strange characters, such as %
         */
        lcmaps_log_a_string_debug(3,
            "lcmaps.mod-lcmaps_run_and_return_poolindex(): found this poolindex %s\n",
            poolindex);
        *poolindexp = strdup(poolindex);
    }
    else
    {
        lcmaps_log(0, "%s: LCMAPS could not find the poolindex\n", logstr);
        goto fail_lcmaps_run_and_return_poolindex;
    }

    /* succes */
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0,"%s: succeeded\n", logstr);
    return 0;

 fail_lcmaps_run_and_return_poolindex:
    lcmaps_release_cred(&lcmaps_cred);
    lcmaps_log_time(0, "%s: failed\n", logstr);
    return 1;
}
#endif /* LCMAPS_GSI_MODE */
/*
 * END OF THE GSI DEPENDENT INTERFACES
 */

#endif /* LCMAPS_C */

/******************************************************************************
CVS Information:
    $Source: /cvs/jra1mw/org.glite.security.lcmaps/src/lcmaps.c,v $
    $Date: 2005/04/04 15:23:58 $
    $Revision: 1.18 $
    $Author: msteenba $
******************************************************************************/

---