lcmaps.c File Reference

the LCMAPS module - the local credential mapping service. More...

#include "lcmaps_config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <gssapi.h>
#include "lcmaps_types.h"
#include "lcmaps_utils.h"
#include "lcmaps_cred_data.h"
#include "_lcmaps_utils.h"
#include "_lcmaps_pluginmanager.h"
#include "_lcmaps_log.h"
#include "_lcmaps_credential.h"

Go to the source code of this file.

Functions

int lcmaps_init_and_logfile (char *logfile, FILE *fp, unsigned short logtype)

Initialize the LCMAPS module, select logging type and set logfile.

int lcmaps_init_and_log (FILE *fp, unsigned short logtype)

Initialize the LCMAPS module and select logging type.

int lcmaps_init (FILE *fp)

Initialize the LCMAPS module.

int lcmaps_term ()

Terminate the LCMAPS module.

int lcmaps_run_without_credentials_and_return_username (char *user_dn_tmp, lcmaps_request_t request, char **usernamep, int npols, char **policynames)

do the user mapping using only the user DN and return the username

int lcmaps_run_with_fqans_and_return_account (char *user_dn, char **fqan_list, int nfqan, lcmaps_request_t request, int npols, char **policynames, uid_t *puid, gid_t **ppgid_list, int *pnpgid, gid_t **psgid_list, int *pnsgid, char **poolindexp)

let LCMAPS handle the user mapping based on fqans and return the account information

int lcmaps_run (char *user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request)

let LCMAPS handle the user mapping

int lcmaps_run_and_return_username (char *user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request, char **usernamep, int npols, char **policynames)

let LCMAPS handle the user mapping and return user name

int lcmaps_run_and_return_poolindex (char *user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request, char **poolindexp, int npols, char **policynames)

let LCMAPS handle the user mapping and return a poolindex

Detailed Description

the LCMAPS module - the local credential mapping service.

Author:: Martijn Steenbakkers for the EU DataGrid.

The interface to the LCMAPS module is composed of:

lcmaps_init(): start the PluginManager --> load plugins, start evaluation manager
lcmaps_run(): run the PluginManager --> run evaluation manager --> run plugins
lcmaps_term(): stop the PluginManager

Definition in file lcmaps.c.

Function Documentation

lcmaps_init ( FILE * fp )

Initialize the LCMAPS module.
The function does the following:

initialize LCMAPS module.
setup logging, error handling (not yet).
start PluginManager

Parameters:

fp file handle for logging (from gatekeeper or other previously opened file handle) If the file handle is zero, assume that only syslogging is requested

Return values:

0 initialization succeeded.

1 initialization failed.

Definition at line 183 of file lcmaps.c.
References DO_SYSLOG, DO_USRLOG, and lcmaps_init_and_log().

lcmaps_init_and_log ( FILE * fp,

unsigned short logtype

)

Initialize the LCMAPS module and select logging type.
The function does the following:

initialize LCMAPS module.
setup logging, error handling (not yet).
start PluginManager

Parameters:

fp file handle for logging (from gatekeeper or other previously opened file handle) If the file handle is zero, assume that only syslogging is requested

logtype type of logging (usrlog and/or syslog)

Return values:

0 initialization succeeded.

1 initialization failed.

Definition at line 162 of file lcmaps.c.
References lcmaps_init_and_logfile().
Referenced by lcmaps_init().

lcmaps_init_and_logfile ( char * logfile,

FILE * fp,

unsigned short logtype

)

Initialize the LCMAPS module, select logging type and set logfile.
The function does the following:

initialize LCMAPS module.
Setup logging by providing a file handle or file name, error handling (not yet).
start PluginManager

Parameters:

logfile name of logfile

fp file handle for logging (from gatekeeper or other previously opened file handle) If the file handle is zero, assume that only syslogging is requested

logtype type of logging (usrlog and/or syslog)

Return values:

0 initialization succeeded.

1 initialization failed.

Definition at line 110 of file lcmaps.c.
References lcmaps_log(), lcmaps_log_debug(), lcmaps_log_open(), lcmaps_log_time(), and startPluginManager().
Referenced by lcmaps_init_and_log().

lcmaps_run ( char * user_dn_tmp,

gss_cred_id_t user_cred,

lcmaps_request_t request

)

let LCMAPS handle the user mapping
Do the user mapping based on the user's gss (gsi) credential and the job request. As a back-up for empty credentials the user DN may be specified as well. For this ALLOW_EMPTY_CREDENTIALS should be defined. This is the legacy lcmaps interface and is used by the gatekeeper.

Parameters:

user_dn_tmp user DN

user_cred GSS/GSI user credential

request authorization request as RSL string

Return values:

0 mapping succeeded.

1 mapping failed.

Definition at line 545 of file lcmaps.c.
References lcmaps_log(), lcmaps_log_time(), lcmaps_request_t, and runPluginManager().

lcmaps_run_and_return_poolindex ( char * user_dn_tmp,

gss_cred_id_t user_cred,

lcmaps_request_t request,

char ** poolindexp,

int npols,

char ** policynames

)

let LCMAPS handle the user mapping and return a poolindex
do the user mapping based on the provided list of policies (first successful policy found in the lcmaps policy file (lcmaps.db) will result in the user mapping) and return the poolindex As a back-up for empty credentials the user DN may be specified as well. For this ALLOW_EMPTY_CREDENTIALS should be defined. This interface was intended to be used by a wrapper function for the WorkSpace Service (WSS, f.q.a. Dynamic Account Service - DAS).

Parameters:

user_dn_tmp user DN

user_cred GSS/GSI user credential

request authorization request as RSL string

poolindexp pointer to poolindex (to be freed by calling application). Note: poolindex should be non-NULL at the start !

npols number of policies to be considered for evaluation

policynames the names of the policies to be considered for evaluation

Return values:

0 mapping succeeded.

1 mapping failed.

Definition at line 823 of file lcmaps.c.
References getCredentialData(), lcmaps_log(), lcmaps_log_a_string_debug(), lcmaps_log_debug(), lcmaps_log_time(), lcmaps_request_t, and runPluginManager().

lcmaps_run_and_return_username ( char * user_dn_tmp,

gss_cred_id_t user_cred,

lcmaps_request_t request,

char ** usernamep,

int npols,

char ** policynames

)

let LCMAPS handle the user mapping and return user name
do the user mapping based on the provided list of policies (first successful policy found in the lcmaps policy file (lcmaps.db) will result in the user mapping) and return user name. As a back-up for empty credentials the user DN may be specified as well. For this ALLOW_EMPTY_CREDENTIALS should be defined. This interface is used by the GridFTP server.

Parameters:

user_dn_tmp user DN

user_cred GSS/GSI user credential

request authorization request as RSL string

usernamep pointer to user name (to be freed by calling application). Note: usernamep should be non-NULL at the start !

npols number of policies to be considered for evaluation

policynames the names of the policies to be considered for evaluation

Return values:

0 mapping succeeded.

1 mapping failed.

Definition at line 664 of file lcmaps.c.
References getCredentialData(), lcmaps_log(), lcmaps_log_debug(), lcmaps_log_time(), lcmaps_request_t, and runPluginManager().

lcmaps_run_with_fqans_and_return_account ( char * user_dn,

char ** fqan_list,

int nfqan,

lcmaps_request_t request,

int npols,

char ** policynames,

uid_t * puid,

gid_t ** ppgid_list,

int * pnpgid,

gid_t ** psgid_list,

int * pnsgid,

char ** poolindexp

)

let LCMAPS handle the user mapping based on fqans and return the account information
LCMAPS will run with a list of FQANs and the DN as an input. In addition a list of policies may be provided. The allocated uid, gids and the poolindex will be returned to the calling application. This interface is intended to be used by a wrapper function for the WorkSpace Service (WSS, f.q.a. Dynamic Account Service - DAS).

Parameters:

user_dn the DN of the user

fqan_list the list of (VOMS) FQANs that have been asserted to the user

nfqan the number of FQANs in fqan_list

request RSL string

npols number of policies to be considered for evaluation

policynames the names of the policies to be considered for evaluation

puid pointer to the uid found (output parameter)

ppgid_list pointer to the list of primary gids found (output parameter)

pnpgid pointer to the number of primary gids found (output parameter)

psgid_list pointer to the list of secondary gids found (output parameter)

pnsgid pointer to the number of secondary gids found (output parameter)

poolindexp pointer to poolindex string (output parameter)

Return values:

0 mapping succeeded.

1 mapping failed.

Definition at line 364 of file lcmaps.c.
References getCredentialData(), lcmaps_log(), lcmaps_log_a_string_debug(), lcmaps_log_debug(), lcmaps_log_time(), lcmaps_request_t, and runPluginManager().

lcmaps_run_without_credentials_and_return_username ( char * user_dn_tmp,

lcmaps_request_t request,

char ** usernamep,

int npols,

char ** policynames

)

do the user mapping using only the user DN and return the username
Based on the only the user DN do the following: Do the user mapping based on the provided list of policies (first successful policy found in the lcmaps policy file (lcmaps.db) will result in the user mapping) and return user name. This interface can be used to provide the legacy globus_gss_assist_gridmap() interface.

Parameters:

user_dn_tmp user DN

request authorization request as an RSL string

usernamep pointer to user name (to be freed by calling application). Note: usernamep should be non-NULL at the start !

npols number of policies to be considered for evaluation

policynames the names of the policies to be considered for evaluation

Return values:

0 mapping succeeded.

1 mapping failed.

Definition at line 244 of file lcmaps.c.
References getCredentialData(), lcmaps_log(), lcmaps_log_debug(), lcmaps_log_time(), lcmaps_request_t, and runPluginManager().

lcmaps_term ( )

Terminate the LCMAPS module.
The function does the following:

terminate the LCMAPS module
terminate the plugins

Return values:

0 termination succeeded.

1 termination failed.

Definition at line 209 of file lcmaps.c.
References lcmaps_log_close(), lcmaps_log_time(), and stopPluginManager().

Generated on Sun May 29 21:22:12 2005 for lcmaps by

1.3.5


Functions
int	lcmaps_init_and_logfile (char logfile, FILE fp, unsigned short logtype)
	Initialize the LCMAPS module, select logging type and set logfile.
int	lcmaps_init_and_log (FILE *fp, unsigned short logtype)
	Initialize the LCMAPS module and select logging type.
int	lcmaps_init (FILE *fp)
	Initialize the LCMAPS module.
int	lcmaps_term ()
	Terminate the LCMAPS module.
int	lcmaps_run_without_credentials_and_return_username (char user_dn_tmp, lcmaps_request_t request, char usernamep, int npols, char *policynames)
	do the user mapping using only the user DN and return the username
int	lcmaps_run_with_fqans_and_return_account (char user_dn, char fqan_list, int nfqan, lcmaps_request_t request, int npols, char policynames, uid_t puid, gid_t *ppgid_list, int pnpgid, gid_t *psgid_list, int pnsgid, char **poolindexp)
	let LCMAPS handle the user mapping based on fqans and return the account information
int	lcmaps_run (char *user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request)
	let LCMAPS handle the user mapping
int	lcmaps_run_and_return_username (char user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request, char usernamep, int npols, char *policynames)
	let LCMAPS handle the user mapping and return user name
int	lcmaps_run_and_return_poolindex (char user_dn_tmp, gss_cred_id_t user_cred, lcmaps_request_t request, char poolindexp, int npols, char *policynames)
	let LCMAPS handle the user mapping and return a poolindex