lcmaps: lcmaps_voms_localgroup.c Source File

00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*
00009  * Copyright (c) 2001 EU DataGrid.
00010  * For license conditions see http://www.eu-datagrid.org/license.html
00011  *
00012  * Copyright (c) 2001, 2002 by
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00116 /*****************************************************************************
00117                             Include header files
00118 ******************************************************************************/
00119 #include <stdio.h>
00120 #include <stdlib.h>
00121 #include <string.h>
00122 #include <pwd.h>
00123 #include <ctype.h>
00124 
00125 #include "lcmaps_config.h"
00126 #include "lcmaps_modules.h"
00127 #include "lcmaps_arguments.h"
00128 #include "lcmaps_cred_data.h"
00129 #include "lcmaps_gridlist.h"
00130 
00131 /******************************************************************************
00132                                 Definitions
00133 ******************************************************************************/
00134 
00135 /******************************************************************************
00136                           Module specific prototypes
00137 ******************************************************************************/
00138 
00139 /******************************************************************************
00140                        Define module specific variables
00141 ******************************************************************************/
00142 
00143 static char *groupmapfile = NULL;
00144 static int   mapall       = 0;
00145 static int   mapmin       = 0;
00146 
00147 /******************************************************************************
00148 Function:   plugin_initialize
00149 Description:
00150     Initialize plugin
00151 Parameters:
00152     argc, argv
00153     argv[0]: the name of the plugin
00154 Returns:
00155     LCMAPS_MOD_SUCCESS : succes
00156     LCMAPS_MOD_FAIL    : failure
00157     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00158 ******************************************************************************/
00159 int plugin_initialize(
00160         int argc,
00161         char ** argv
00162 )
00163 {
00164     char * logstr = "\tlcmaps_plugin_voms_localgroup-plugin_initialize()";
00165     int i, j;
00166 
00167     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00168     for (i=0; i < argc; i++)
00169     {
00170        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00171     }
00172 
00173     /*
00174      * the first will be the thing to edit/select (groupmap(file))
00175      */
00176 
00177     /*
00178      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00179      */
00180     for (i = 1; i < argc; i++)
00181     {
00182         if ( ((strcmp(argv[i], "-groupmap") == 0) ||
00183               (strcmp(argv[i], "-GROUPMAP") == 0) ||
00184               (strcmp(argv[i], "-groupmapfile") == 0) ||
00185               (strcmp(argv[i], "-GROUPMAPFILE") == 0))
00186              && (i + 1 < argc))
00187         {
00188             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00189             {
00190                  groupmapfile = strdup(argv[i + 1]);
00191             }
00192             i++;
00193         }
00194         else if (strcmp(argv[i], "-mapall") == 0)
00195         {
00196              mapall = 1;
00197         }
00198         else if ((strcmp(argv[i], "-mapmin") == 0)
00199                  && (i + 1 < argc))
00200         {
00201             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00202             {
00203                  /* check parameter integrety */
00204                  for (j = 0; j < (strlen(argv[i + 1])); j++)
00205                  {
00206                      if (isdigit((argv[i + 1])[j]) == 0)
00207                      {
00208                          lcmaps_log(0,"%s: Error in initialization parameter: %s (%s is not a number)\n", logstr, argv[i], argv[i + 1]);
00209                          return LCMAPS_MOD_FAIL;
00210                      }
00211                  }
00212  
00213                  mapmin = atoi(argv[i + 1]);
00214             }
00215             i++;
00216         }
00217         else
00218         {
00219             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
00220                        argv[i]);
00221             return LCMAPS_MOD_FAIL;
00222         }
00223     }
00224 
00225     return LCMAPS_MOD_SUCCESS;
00226 } 
00227 
00228 /******************************************************************************
00229 Function:   plugin_introspect
00230 Description:
00231     return list of required arguments
00232 Parameters:
00233 
00234 Returns:
00235     LCMAPS_MOD_SUCCESS : succes
00236     LCMAPS_MOD_FAIL    : failure
00237 ******************************************************************************/
00238 int plugin_introspect(
00239         int * argc,
00240         lcmaps_argument_t ** argv
00241 )
00242 {
00243     char *                   logstr = "\tlcmaps_plugin_voms_localgroup-plugin_introspect()";
00244     static lcmaps_argument_t argList[] = {
00245         {"user_dn"      ,       "char *"        , 0,   NULL},
00246         {"fqan_list"    ,       "char **"       , 0,   NULL},
00247         {"nfqan"        ,       "int"           , 0,   NULL},
00248         {NULL           ,       NULL            , -1,   NULL}
00249     };
00250 
00251     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00252 
00253     *argv = argList;
00254     *argc = lcmaps_cntArgs(argList);
00255     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr,argList);
00256 
00257     return LCMAPS_MOD_SUCCESS;
00258 }
00259 
00260 
00261 /******************************************************************************
00262 Function:   plugin_run
00263 Description:
00264     Gather credentials for LCMAPS
00265 Parameters:
00266     argc: number of arguments
00267     argv: list of arguments
00268 Returns:
00269     LCMAPS_MOD_SUCCESS: authorization succeeded
00270     LCMAPS_MOD_FAIL   : authorization failed
00271 ******************************************************************************/
00272 int plugin_run(
00273         int argc,
00274         lcmaps_argument_t * argv
00275 )
00276 {
00277     char *                logstr = "\tlcmaps_plugin_voms_localgroup-plugin_run()";
00278     char *                dn                  = NULL; 
00279     char *                groupname           = NULL;
00280     struct group *        group_info          = NULL;
00281     int                   i                   = 0;
00282     char **               vo_cred_string_list = NULL;
00283     int                   cnt_vo_cred_string  = 0;
00284     int                   group_counter       = 0;
00285     int                   rc                  = 0;
00286     lcmaps_vo_mapping_t * lcmaps_vo_mapping   = NULL;
00287     char **               fqan_list           = NULL;
00288     int                   nfqan               = -1;
00289     
00290     /*
00291      * The beginning
00292      */
00293     lcmaps_log_debug(1,"%s:\n", logstr);
00294 
00295     /*
00296      * Try to get the ordered values:
00297      */
00298     if ( (dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv) ) )
00299         lcmaps_log_debug(1,"%s: found dn: %s\n", logstr,dn);
00300     else
00301         lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);
00302 
00303     /*
00304      * Get the VO user information.
00305      * We can either order it by lcmaps_argument_t or use the getCredentialData() function.
00306      * The latter case requires the voms parsing plugin (lcmaps_voms.mod) to have run beforehand.
00307      * Unfortunately the formats of the VOMS strings (from getCredentialData()) and
00308      * FQANs (from lcmaps_argument_t) are not the same. We may have to introduce
00309      * two-way conversion functions.
00310      * The VOMS info has to matched against the info in the gridmapfile
00311      */
00312     lcmaps_log_debug(1,"%s: First try to get the FQAN list from input credential repository ...\n", logstr);
00313     if ( ( nfqan = *(int *) lcmaps_getArgValue("nfqan", "int", argc, argv) ) )
00314     {
00315         lcmaps_log_debug(1,"%s: the list of FQANs should contain %d elements\n", logstr, nfqan);
00316         if ( ( fqan_list = *(char ***) lcmaps_getArgValue("fqan_list", "char **", argc, argv) ) )
00317             lcmaps_log_debug(1, "%s: found list of FQANs\n", logstr);
00318         else
00319         {
00320             lcmaps_log_debug(1, "%s: could not retrieve list of FQANs (failure)!\n", logstr);
00321             goto fail_voms_localgroup;
00322         }
00323         for (i = 0; i < nfqan; i++)
00324         {
00325             lcmaps_log_debug(3, "%s: FQAN %d: %s\n", logstr, i, fqan_list[i]);
00326         }
00327         vo_cred_string_list = fqan_list;
00328         cnt_vo_cred_string = nfqan;
00329     }
00330     else
00331     {
00332         lcmaps_log_debug(1,"%s: ... did not find input credentials in input credential repository...\n", logstr);
00333         lcmaps_log_debug(1,"%s: ... trying the internal credential repository ...\n", logstr);
00334 
00335         vo_cred_string_list = getCredentialData(LCMAPS_VO_CRED_STRING, &cnt_vo_cred_string);
00336     }
00337 
00338     if (cnt_vo_cred_string == 0)
00339     {
00340         lcmaps_log(0,"%s: no VOMS group info --> no mapping\n", logstr);
00341         goto fail_voms_localgroup;
00342     }
00343     else if (cnt_vo_cred_string < 0)
00344     {
00345         lcmaps_log(0,"%s: negative number of VOMS groups found ! (failure)\n", logstr);
00346         goto fail_voms_localgroup;
00347     }
00348 
00349     /*
00350      * Check the groupmapfile
00351      */
00352 
00353     if ((groupmapfile != NULL) && (strlen(groupmapfile) > 0))
00354         lcmaps_log_debug(1,"%s: groupmapfile is: %s\n", logstr, groupmapfile);
00355     else
00356     {
00357         lcmaps_log(0,"%s: error finding the groupmapfile: %s\n", logstr, groupmapfile);
00358         lcmaps_log(0,"%s: (use the option \"-groupmapfile <groupmapfile>\")\n", logstr);
00359         goto fail_voms_localgroup;
00360     }
00361 
00362     /*
00363      * Try to find the unix groups from the VO info in the groupmapfile
00364      * The first group (if found) should become the primary group
00365      */
00366     for (i = 0; i < cnt_vo_cred_string; i++)
00367     {
00368         if ( (rc = lcmaps_gridlist(vo_cred_string_list[i], &groupname, groupmapfile, MATCH_EXCLUDE|MATCH_WILD_CHARS, ".", NULL) ) == 0)
00369         {
00370             lcmaps_log_debug(1,"%s: found groupname: %s\n", logstr, groupname);
00371             group_counter++;   
00372 
00373             if (groupname && (strlen(groupname) > 0))
00374             {
00375                 if ( ( group_info = getgrnam(groupname) ) )
00376                 {
00377                     if (i == 0)
00378                     {
00379                         /* First VO group */
00380                         addCredentialData(PRI_GID, (void *) &(group_info->gr_gid));
00381                     }
00382                     else
00383                     {
00384                         /* Other VO groups */
00385                         addCredentialData(SEC_GID, (void *) &(group_info->gr_gid));
00386                     }
00387                     /*
00388                      * The coupling between VO information and the GID is maintained
00389                      * in the lcmaps_vo_mapping structure, which is added to the credential data
00390                      */
00391                     lcmaps_vo_mapping=lcmaps_createVoMapping(
00392                         vo_cred_string_list[i],
00393                         groupname,
00394                         group_info->gr_gid
00395                     );
00396                     if (! lcmaps_vo_mapping)
00397                     {
00398                         lcmaps_log(0,"%s: could not create VoMapping structure (failure)\n", logstr);
00399                         goto fail_voms_localgroup;
00400                     }
00401 //                        lcmaps_printVoMapping(2, lcmaps_vo_mapping);
00402                     /* Add credential */
00403                     addCredentialData(LCMAPS_VO_CRED_MAPPING, (void *) lcmaps_vo_mapping);
00404                     if ( lcmaps_deleteVoMapping(&lcmaps_vo_mapping) )
00405                     {
00406                         lcmaps_log(0,"%s: error while deleting VoMapping structure (failure)\n", logstr);
00407                         goto fail_voms_localgroup;
00408                     }
00409                 }
00410                 else
00411                 {
00412                     lcmaps_log(0,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00413                     goto fail_voms_localgroup;
00414                 }
00415             }
00416             else
00417             {
00418                 lcmaps_log(0,"%s: error getting value of groupname (failure)!\n", logstr);
00419                 goto fail_voms_localgroup;
00420             }
00421         }
00422         else if (rc == LCMAPS_MOD_NOFILE)
00423         {
00424             lcmaps_log(0, "%s: Could not find the groupmapfile %s\n", logstr, groupmapfile);
00425             goto fail_voms_localgroup;
00426         }
00427         else
00428         {
00429             lcmaps_log_debug(1,"%s: could not get value of groupname !\n", logstr);
00430             if (mapall)
00431             {
00432                 lcmaps_log(0,"%s: no mapping for VO group %s\n", logstr,
00433                            vo_cred_string_list[i]);
00434                 goto fail_voms_localgroup;
00435             }
00436         }
00437     }
00438 
00439     if (group_counter < mapmin)
00440     {
00441         lcmaps_log(0,"%s: Not enough groups found. The minimum is set to %d. The plugin found %d\n", logstr, mapmin, group_counter);
00442         goto fail_voms_localgroup;
00443     }
00444 
00445     /* success */
00446  success_voms_localgroup:
00447     if (groupname) free(groupname);
00448     lcmaps_log_time(0,"%s: voms_localgroup plugin succeeded\n", logstr);
00449     return LCMAPS_MOD_SUCCESS;
00450 
00451  fail_voms_localgroup:
00452     if (groupname) free(groupname);
00453     lcmaps_log_time(0,"%s: voms_localgroup plugin failed\n", logstr);
00454     return LCMAPS_MOD_FAIL;
00455 }
00456 
00457 /******************************************************************************
00458 Function:   plugin_terminate
00459 Description:
00460     Terminate plugin
00461 Parameters:
00462 
00463 Returns:
00464     LCMAPS_MOD_SUCCESS : succes
00465     LCMAPS_MOD_FAIL    : failure
00466 ******************************************************************************/
00467 int plugin_terminate()
00468 {
00469     char *           logstr = "\tlcmaps_plugin_voms_localgroup-plugin_terminate()";
00470 
00471     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00472 
00473     if (groupmapfile) free(groupmapfile);
00474 
00475     return LCMAPS_MOD_SUCCESS;
00476 }
00477 
00478 /******************************************************************************
00479 CVS Information:
00480     $Source: /cvs/jra1mw/org.glite.security.lcmaps-plugins-voms/src/voms/lcmaps_voms_localgroup.c,v $
00481     $Date: 2005/02/27 01:30:42 $
00482     $Revision: 1.4 $
00483     $Author: msteenba $
00484 ******************************************************************************/