Main Page | Modules | Data Structures | File List | Data Fields | Globals | Related Pages

lcmaps_voms_attributes.c

Go to the documentation of this file.
00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*
00009  * Copyright (c) 2001 EU DataGrid.                                                                             
00010  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00011  *
00012  * Copyright (c) 2001, 2002 by 
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00025 /*****************************************************************************
00026                             Include header files
00027 ******************************************************************************/
00028 #include "lcmaps_config.h"
00029 #include <stdio.h>
00030 #include <stdlib.h>
00031 #include <string.h>
00032 #include <pwd.h>
00033 #include <openssl/x509.h>
00034 #include "gssapi.h"
00035 
00036 #include "lcmaps_log.h"
00037 #include "_lcmaps_gsi_utils.h"
00038 #include "_lcmaps_voms_attributes.h"
00039 
00040 #include "voms_apic.h"
00041 
00042 /******************************************************************************
00043                                 Definitions
00044 ******************************************************************************/
00045 
00046 #define VOMS_BUFFER_SIZE 1024
00047 #define DEFAULT_CERT_DIR "/etc/grid-security/certificates"
00048 #define DEFAULT_VOMS_DIR "/etc/grid-security/vomsdir"
00049 
00050 /******************************************************************************
00051                           Module specific prototypes
00052 ******************************************************************************/
00053 static void print_vomsdata(struct vomsdata *);
00054 
00055 /******************************************************************************
00056                        Define module specific variables
00057 ******************************************************************************/
00058 
00059 
00060 static char * certdir = NULL;
00061 static char * vomsdir = NULL;
00062 
00063 /******************************************************************************
00064 Function:    lcmaps_gss_cred_to_voms_fqans
00065 Description:
00066     Extract from a gsi credential (of type gss_cred_id_t) a list of VOMS
00067     fully qualified attribute names (FQANs)
00068 Parameters:
00069     gss_credential: gsi credential (of type gss_cred_id_t)
00070     pnfqan:         the number of fqans found. If the proxy is empty (VERR_NOEXT),
00071                     this will be set to zero. Not an immediate error !
00072 Returns:
00073     A list of fqans or NULL
00074 ******************************************************************************/
00075 char ** lcmaps_gss_cred_to_voms_fqans(
00076         gss_cred_id_t gss_credential,
00077         int * pnfqan
00078 )
00079 {
00080     char * logstr = "\tlcmaps_gss_cred_to_voms_fqans()";
00081     struct vomsdata *   vd          = NULL;
00082     int                 errNo       = 0;
00083     X509 *              px509_cred  = NULL;
00084     STACK_OF(X509) *    px509_chain = NULL;
00085     char **             fqans       = NULL;
00086     int                 nfqan       = -1;
00087 
00088 
00089     if (gss_credential == GSS_C_NO_CREDENTIAL)
00090     {
00091         lcmaps_log(0,"%s: user gss credential is empty ! (exit voms)\n", logstr);
00092         return NULL;
00093     }
00094 
00095 #undef EXPORT_CREDENTIAL
00096 #if EXPORT_CREDENTIAL
00097     if (gss_credential)
00098     {
00099         gss_buffer_desc                 deleg_proxy_filename;
00100         OM_uint32         major_status = 0;
00101         OM_uint32         minor_status = 0;
00102         
00103         major_status = gss_export_cred(&minor_status,
00104                                        gss_credential,
00105                                        NULL,
00106                                        1,
00107                                        &deleg_proxy_filename);
00108 
00109         if (major_status == GSS_S_COMPLETE)
00110         {
00111             char *                      cp;
00112 
00113             lcmaps_log_debug(1,"%s: deleg_proxy_filename.value: %s\n", logstr,
00114                                deleg_proxy_filename.value);
00115             cp = strchr((char *)deleg_proxy_filename.value, '=');
00116             *cp = '\0';
00117             cp++;
00118             setenv((char *)deleg_proxy_filename.value, cp, 1);
00119             free(deleg_proxy_filename.value);
00120         }
00121         else
00122         {
00123             char *                      error_str = NULL;
00124             globus_object_t *           error_obj;
00125 
00126             error_obj = globus_error_get((globus_result_t) minor_status);
00127             
00128             error_str = globus_error_print_chain(error_obj);
00129             lcmaps_log(0,"%s: Error, gss_export_cred(): %s\n", logstr,error_str);
00130             goto fail_lcmaps_gss_cred_to_voms_fqans;
00131         }
00132     }
00133 #endif /* EXPORT_CREDENTIAL */
00134 
00135     /*
00136      * Retrieve a newly created X509 struct and X509 chain from gss credential (should be freed)
00137      */
00138     if ( ( px509_cred = lcmaps_cred_to_x509(gss_credential) ) )
00139     {
00140         lcmaps_log_debug(1,"%s: found X509 struct inside gss credential\n", logstr);
00141         lcmaps_log_debug(5,"%s: just for kicks: X509->name %s\n", logstr,px509_cred->name);
00142     }
00143     else
00144     {
00145         lcmaps_log(0,"%s: could not get X509 cred (exit voms)!\n", logstr);
00146         goto fail_lcmaps_gss_cred_to_voms_fqans;
00147     }
00148     if ( ( px509_chain = lcmaps_cred_to_x509_chain(gss_credential) ) )
00149     {
00150         lcmaps_log_debug(1,"%s: found X509 chain inside gss credential\n", logstr);
00151     }
00152     else
00153     {
00154         lcmaps_log(0,"%s: could not get X509 chain (exit voms)!\n", logstr);
00155         goto fail_lcmaps_gss_cred_to_voms_fqans;
00156     }
00157 
00158     /* Retrieve the vomsdir and certdir */
00159     vomsdir = getenv("LCMAPS_X509_VOMS_DIR");
00160     vomsdir = (vomsdir ? vomsdir : getenv("X509_VOMS_DIR"));
00161     vomsdir = (vomsdir ? vomsdir : DEFAULT_VOMS_DIR);
00162     lcmaps_log_debug(1,"%s: vomsdir = %s\n", logstr, vomsdir);
00163 
00164     certdir = getenv("LCMAPS_X509_CERT_DIR");
00165     certdir = (certdir ? certdir : getenv("X509_CERT_DIR"));
00166     certdir = (certdir ? certdir : DEFAULT_CERT_DIR);
00167     lcmaps_log_debug(1,"%s: certdir = %s\n", logstr, certdir);
00168     
00169     /*
00170      * Initialize a VOMS structure (struct vomsdata *)
00171      */
00172     if ((vd = VOMS_Init(vomsdir, certdir)) == NULL)
00173     {
00174         lcmaps_log(0,"%s: failed to initialize voms data structure\n", logstr);
00175         lcmaps_log(0,"%s:  This may be because either the specified voms directory (%s)\n",logstr,vomsdir);
00176         lcmaps_log(0,"%s:  or the specified CA certificates directory (%s) does not exist\n", logstr, certdir);
00177         goto fail_lcmaps_gss_cred_to_voms_fqans;
00178     }
00179     lcmaps_log_debug(1,"%s: voms data structure initialized\n", logstr);
00180 
00181     /*
00182      * Find all VOMS attributes in this X509 proxy
00183      */ 
00184     if (VOMS_Retrieve(px509_cred, px509_chain, RECURSE_CHAIN, 
00185                          vd, &errNo))
00186     {
00187         struct voms **     volist         = vd->data;
00188         struct voms *      vo             = NULL;
00189         int                k              = 0;
00190         int                j              = 0;
00191 
00192         lcmaps_log_debug(1,"%s: We got something, errNo = %d\n", logstr, errNo);
00193         print_vomsdata(vd);
00194   
00195         while(volist[k]) {
00196             vo = volist[k++];
00197             lcmaps_log_debug(1,"%s: setting voms data for VO == %s\n", logstr,
00198                              vo->voname);
00199 
00200             switch (vo->type) {
00201                 case TYPE_NODATA:
00202                     lcmaps_log_debug(1,"%s: NO DATA\n", logstr);
00203                     break;
00204                 case TYPE_CUSTOM:
00205                     lcmaps_log_debug(1,"%s: %*s\n", logstr, vo->datalen - 10, vo->custom);
00206                     break;
00207                 case TYPE_STD:
00208                     /* retrieve the list of FQANs contained in the user's proxy for this VO */
00209                     lcmaps_log_debug(1, "%s Trying to fetch the fqan list\n", logstr);
00210                     if (vo->fqan)
00211                     {
00212                         j = 0;
00213                         while ((vo->fqan)[j] != NULL)
00214                         {
00215                             if (fqans == NULL) /* Create the list pointer */
00216                             {
00217                                 fqans = (char **)malloc(sizeof(char *));
00218                                 *fqans = NULL;
00219                                 nfqan = 0;
00220                             }
00221                             lcmaps_log_debug(2, "%s fqan nr %d of voms fqan list = %s\n", logstr, j, (vo->fqan)[j]);
00222                             if (*fqans == NULL) /* Create the first element */
00223                             {
00224                                 *fqans = strdup((vo->fqan)[j]);
00225                                 nfqan++;
00226                             }
00227                             else /* do a realloc and add it to the end */
00228                             {
00229                                 fqans = (char **) realloc(fqans, (nfqan+1)*sizeof(char *));
00230                                 fqans[nfqan] = strdup((vo->fqan)[j]);
00231                                 nfqan++;
00232                             }
00233                             j++;
00234                         }
00235                     }
00236 //                    j = 0;
00237 //                    while (vo->std[j]) {
00238 //                        lcmaps_vo_data=lcmaps_createVoData(vo->voname,vo->std[j]->group,
00239 //                                                           NULL, vo->std[j]->role, vo->std[j]->cap
00240 //                        );
00241 //                        if (! lcmaps_vo_data)
00242 //                        {
00243 //                            lcmaps_log(0,"%s: could not create VoData structure (failure)\n", logstr);
00244 //                            goto fail_lcmaps_gss_cred_to_voms_fqans;
00245 //                        }
00247 //                        if ( lcmaps_stringVoData(lcmaps_vo_data, voms_buffer, VOMS_BUFFER_SIZE) )
00248 //                        {
00249 //                            lcmaps_log(0,"%s: error in casting VoData structure into string (failure)\n", logstr);
00250 //                            goto fail_lcmaps_gss_cred_to_voms_fqans;
00251 //                        }
00253 //                        /* Add credential */
00254 //                        /* copy address of voms_buffer[0] in bufptr, because you cannot take the address of the array voms_buffer */
00255 //                        bufptr = voms_buffer;
00256 //                        addCredentialData(LCMAPS_VO_CRED_STRING, (void *) &bufptr);
00257 //                        addCredentialData(LCMAPS_VO_CRED, (void *) lcmaps_vo_data);
00258 //                        if ( lcmaps_deleteVoData(&lcmaps_vo_data) )
00259 //                        {
00260 //                            lcmaps_log(0,"%s: error while deleting VoData structure (failure)\n", logstr);
00261 //                            goto fail_lcmaps_gss_cred_to_voms_fqans;
00262 //                        }
00263 //                        j++;
00264 //                    }
00265                     break;
00266             }
00267         }
00268         lcmaps_log_debug(1,"%s: doing VOMS_Destroy\n", logstr);
00269         VOMS_Destroy(vd);
00270         lcmaps_log_debug(1,"%s: done\n", logstr);
00271     }
00272     else if (errNo == VERR_NOEXT) /* Non voms proxies will fall into this error */
00273     {
00274         /* Non voms proxies go here: set the number of fqans to zero. Not an error */
00275         lcmaps_log_debug(1,"%s: VOMS extensions missing from certificate\n", logstr);
00276         nfqan = 0;
00277     }
00278     else if (errNo == VERR_IDCHECK)
00279     {
00280         lcmaps_log(0,"%s: VOMS User data in extension different from the real ones (failure)!\n", logstr);
00281         goto fail_lcmaps_gss_cred_to_voms_fqans;
00282     }
00283     else if (errNo == VERR_TIME)
00284     {
00285         lcmaps_log(0,"%s: VOMS extensions expired for at least one of the VOs (failure)!\n", logstr);
00286         goto fail_lcmaps_gss_cred_to_voms_fqans;
00287     }
00288     else if (errNo == VERR_ORDER)
00289     {
00290         lcmaps_log(0,"%s: The ordering of the VOMS groups, as required by the client, was not delivered by VOMS (failure)!\n", logstr);
00291         goto fail_lcmaps_gss_cred_to_voms_fqans;
00292     }
00293     else if (errNo == VERR_NOSOCKET)
00294     {
00295         lcmaps_log(0,"%s: VOMS Socket problem (failure)!\n", logstr);
00296         goto fail_lcmaps_gss_cred_to_voms_fqans;
00297     }
00298     else if (errNo == VERR_NOIDENT)
00299     {
00300         lcmaps_log(0,"%s: VOMS Cannot identify itself (certificate problem) (failure)!\n", logstr);
00301         goto fail_lcmaps_gss_cred_to_voms_fqans;
00302     }
00303     else if (errNo == VERR_COMM)
00304     {
00305         lcmaps_log(0,"%s: VOMS server problem (failure)!\n", logstr);
00306         goto fail_lcmaps_gss_cred_to_voms_fqans;
00307     }
00308     else if (errNo == VERR_PARAM)
00309     {
00310         lcmaps_log(0,"%s: Wrong parameters for VOMS (failure)!\n", logstr);
00311         goto fail_lcmaps_gss_cred_to_voms_fqans;
00312     }
00313     else if (errNo == VERR_NOINIT)
00314     {
00315         lcmaps_log(0,"%s: VOMS initialization error (failure)!\n", logstr);
00316         goto fail_lcmaps_gss_cred_to_voms_fqans;
00317     }
00318     else if (errNo == VERR_EXTRAINFO)
00319     {
00320         lcmaps_log(0,"%s: VO name and URI missing (in proxy ?) (failure)!\n", logstr);
00321         goto fail_lcmaps_gss_cred_to_voms_fqans;
00322     }
00323     else if (errNo == VERR_FORMAT)
00324     {
00325         lcmaps_log(0,"%s: Wrong VOMS data format (in proxy ?) (failure)!\n", logstr);
00326         goto fail_lcmaps_gss_cred_to_voms_fqans;
00327     }
00328     else if (errNo == VERR_NODATA)
00329     {
00330         lcmaps_log(0,"%s: Empty VOMS extension (failure)!\n", logstr);
00331         goto fail_lcmaps_gss_cred_to_voms_fqans;
00332     }
00333     else if (errNo == VERR_PARSE)
00334     {
00335         lcmaps_log(0,"%s: VOMS parse error (failure)!\n", logstr);
00336         goto fail_lcmaps_gss_cred_to_voms_fqans;
00337     }
00338     else if (errNo == VERR_DIR)
00339     {
00340         lcmaps_log(0,"%s: VOMS directory error (failure)!\n", logstr);
00341         goto fail_lcmaps_gss_cred_to_voms_fqans;
00342     }
00343     else if (errNo == VERR_SIGN)
00344     {
00345         lcmaps_log(0,"%s: VOMS Signature error (failure)!\n", logstr);
00346         goto fail_lcmaps_gss_cred_to_voms_fqans;
00347     }
00348     else if (errNo == VERR_SERVER)
00349     {
00350         lcmaps_log(0,"%s: Unidentifiable VOMS server (failure)!\n", logstr);
00351         goto fail_lcmaps_gss_cred_to_voms_fqans;
00352     }
00353     else if (errNo == VERR_MEM)
00354     {
00355         lcmaps_log(0,"%s: Memory problems in VOMS_Retrieve() (failure)!\n", logstr);
00356         goto fail_lcmaps_gss_cred_to_voms_fqans;
00357     }
00358     else if (errNo == VERR_VERIFY)
00359     {
00360         lcmaps_log(0,"%s: Generic verification error for VOMS (failure)!\n", logstr);
00361         goto fail_lcmaps_gss_cred_to_voms_fqans;
00362     }
00363     else if (errNo == VERR_TYPE)
00364     {
00365         lcmaps_log(0,"%s: Returned VOMS data of unknown type (failure)!\n", logstr);
00366         goto fail_lcmaps_gss_cred_to_voms_fqans;
00367     }
00368     else
00369     {
00370         lcmaps_log(0,"%s: VOMS_Retrieve() error --> %d (failure)!\n", logstr, errNo);
00371         goto fail_lcmaps_gss_cred_to_voms_fqans;
00372     }
00373 
00374     /* succes */
00375     if (px509_cred) X509_free(px509_cred);
00376     if (px509_chain) sk_X509_free(px509_chain);
00377     *pnfqan = nfqan;
00378     return fqans;
00379 
00380  fail_lcmaps_gss_cred_to_voms_fqans:
00381     if (px509_cred) X509_free(px509_cred);
00382     if (px509_chain) sk_X509_free(px509_chain);
00383     return NULL;
00384 }
00385 
00386 static void print_vomsdata(struct vomsdata *d)
00387 {
00388     char * logstr = "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata()";
00389     struct voms **vo = d->data;
00390     struct voms *v;
00391     int k = 0;
00392     int j =0;
00393   
00394     while(vo[k])
00395     {
00396         v = vo[k++];
00397         lcmaps_log_debug(1,"%s: %d *******************************************\n", logstr,k);
00398         lcmaps_log_debug(1,"%s: SIGLEN: %d\n", logstr, v->siglen);
00399         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): USER:   %s\n", v->user);
00400         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): UCA:    %s\n", v->userca);
00401         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): SERVER: %s\n", v->server);
00402         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): SCA:    %s\n", v->serverca);
00403         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): VO:     %s\n", v->voname);
00404         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): URI:    %s\n", v->uri);
00405         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): DATE1:  %s\n", v->date1);
00406         lcmaps_log_a_string_debug(1, "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): DATE2:  %s\n", v->date2);
00407 
00408         switch (v->type)
00409         {
00410         case TYPE_NODATA:
00411             lcmaps_log_debug(1,"%s: NO DATA\n", logstr);
00412             break;
00413         case TYPE_CUSTOM:
00414             lcmaps_log_debug(1,"%s: VOMS custom type. Wont print.\n", logstr);
00415             break;
00416         case TYPE_STD:
00417             j = 0;
00418             if (v->fqan)
00419             {
00420                 while ((v->fqan)[j] != NULL)
00421                 {
00422                     lcmaps_log_a_string_debug(1,
00423                         "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): fqan:   %s\n",
00424                         (v->fqan)[j]);
00425                     j++;
00426                 }
00427             }
00428             j = 0;
00429             if (v->std)
00430             {
00431                 while (v->std[j])
00432                 {
00433                     lcmaps_log_a_string_debug(1,
00434                         "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): GROUP:  %s\n", v->std[j]->group);
00435                     lcmaps_log_a_string_debug(1,
00436                         "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): ROLE:   %s\n", v->std[j]->role);
00437                     lcmaps_log_a_string_debug(1,
00438                         "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): CAP:    %s\n", v->std[j]->cap);
00439                     j++;
00440                 }
00441             }
00442             break;
00443         }
00444         lcmaps_log_debug(1,"%s: %d *******************************************\n", logstr,k);
00445     }
00446 
00447     if (d->workvo)
00448     {
00449         lcmaps_log_a_string_debug(1,
00450             "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): WORKVO: %s\n", d->workvo);
00451     }
00452 
00453     if (d->extra_data)
00454     {
00455         lcmaps_log_a_string_debug(1,
00456             "\tlcmaps_gss_cred_to_voms_fqans-print_vomsdata(): EXTRA: %s\n", d->extra_data);
00457     }
00458 }
00459 
00460 /******************************************************************************
00461 CVS Information:
00462     $Source: /cvs/jra1mw/org.glite.security.lcmaps/src/grid_credential_handling/gsi_handling/lcmaps_voms_attributes.c,v $
00463     $Date: 2004/12/09 16:25:57 $
00464     $Revision: 1.4 $
00465     $Author: msteenba $
00466 ******************************************************************************/
Generated on Sun May 29 21:22:11 2005 for lcmaps by doxygen 1.3.5