lcmaps: lcmaps_voms_poolaccount.c Source File

00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*
00009  * Copyright (c) 2001 EU DataGrid.
00010  * For license conditions see http://www.eu-datagrid.org/license.html
00011  *
00012  * Copyright (c) 2001, 2002 by
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00151 /*****************************************************************************
00152                             Include header files
00153 ******************************************************************************/
00154 #include <stdio.h>
00155 #include <stdlib.h>
00156 #include <string.h>
00157 #include <pwd.h>
00158 
00159 #include "lcmaps_config.h"
00160 #include "lcmaps_modules.h"
00161 #include "lcmaps_arguments.h"
00162 #include "lcmaps_cred_data.h"
00163 #include "lcmaps_gridlist.h"
00164 
00165 /******************************************************************************
00166                                 Definitions
00167 ******************************************************************************/
00168 #define LCMAPS_MAXGIDBUFFER 256
00169 
00170 /******************************************************************************
00171                           Module specific prototypes
00172 ******************************************************************************/
00173 
00174 /******************************************************************************
00175                        Define module specific variables
00176 ******************************************************************************/
00177 
00178 static char *gridmapfile         = NULL;
00179 static char *gridmapdir          = NULL;
00180 static int   require_primary_gid = 1;
00181 static int   use_secondary_gids  = 1;
00182 static int   override_inconsistency = 0; 
00183 
00184 /******************************************************************************
00185 Function:   plugin_initialize
00186 Description:
00187     Initialize plugin
00188 Parameters:
00189     argc, argv
00190     argv[0]: the name of the plugin
00191 Returns:
00192     LCMAPS_MOD_SUCCESS : succes
00193     LCMAPS_MOD_FAIL    : failure
00194     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00195 ******************************************************************************/
00196 int plugin_initialize(
00197         int argc,
00198         char ** argv
00199 )
00200 {
00201     char *  logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_initialize()";
00202     int i;
00203 
00204     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00205     for (i=0; i < argc; i++)
00206     {
00207        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00208     }
00209 
00210     /*
00211      * the first will be the thing to edit/select (gridmap(file))
00212      * the second will be the path && filename of the gridmapfile
00213      */
00214 
00215     /*
00216      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00217      */
00218     for (i = 1; i < argc; i++)
00219     {
00220         if ( ((strcmp(argv[i], "-gridmap") == 0) ||
00221               (strcmp(argv[i], "-GRIDMAP") == 0) ||
00222               (strcmp(argv[i], "-gridmapfile") == 0) ||
00223               (strcmp(argv[i], "-GRIDMAPFILE") == 0))
00224              && (i + 1 < argc))
00225         {
00226             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00227             {
00228                  gridmapfile = strdup(argv[i + 1]);
00229             }
00230             i++;
00231         }
00232         else if ( ((strcmp(argv[i], "-gridmapdir") == 0) ||
00233               (strcmp(argv[i], "-GRIDMAPDIR") == 0))
00234              && (i + 1 < argc))
00235         {
00236             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00237             {
00238                  gridmapdir = strdup(argv[i + 1]);
00239             }
00240             i++;
00241         }
00242         else if (strcmp(argv[i], "-do_not_use_secondary_gids") == 0)
00243         {
00244             use_secondary_gids = 0;
00245         }
00246         else if (strcmp(argv[i], "-do_not_require_primary_gid") == 0)
00247         {
00248             require_primary_gid = 0;
00249         }
00250         else if ( (strcmp(argv[i], "-override_inconsistency") == 0) ||
00251                   (strcmp(argv[i], "-OVERRIDE_INCONSISTENCY") == 0))
00252         {
00253             override_inconsistency = 1;
00254         }
00255         else
00256         {
00257             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
00258                        argv[i]);
00259             return LCMAPS_MOD_FAIL;
00260         }
00261     }
00262 
00263     if ( (use_secondary_gids == 0) && (require_primary_gid == 0) )
00264     {
00265         lcmaps_log(0,"%s: Conflicting voms_poolaccount options: \"-do_not_use_secondary_gids\" and \"-do_not_require_primary_gid\" (failure)\n", logstr);
00266         return LCMAPS_MOD_FAIL;
00267     }
00268 
00269     return LCMAPS_MOD_SUCCESS;
00270 } 
00271 
00272 /******************************************************************************
00273 Function:   plugin_introspect
00274 Description:
00275     return list of required arguments
00276 Parameters:
00277 
00278 Returns:
00279     LCMAPS_MOD_SUCCESS : succes
00280     LCMAPS_MOD_FAIL    : failure
00281 ******************************************************************************/
00282 int plugin_introspect(
00283         int * argc,
00284         lcmaps_argument_t ** argv
00285 )
00286 {
00287     char *                   logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_introspect()";
00288     static lcmaps_argument_t argList[] = {
00289         {"user_dn"      ,       "char *"        , 0,   NULL},
00290         {"fqan_list"    ,       "char **"       , 0,   NULL},
00291         {"nfqan"        ,       "int"           , 0,   NULL},
00292         {NULL           ,       NULL            , -1,   NULL}
00293     };
00294 
00295     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00296 
00297     *argv = argList;
00298     *argc = lcmaps_cntArgs(argList);
00299     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr, argList);
00300 
00301     return LCMAPS_MOD_SUCCESS;
00302 }
00303 
00304 
00305 /******************************************************************************
00306 Function:   plugin_run
00307 Description:
00308     Gather credentials for LCMAPS
00309 Parameters:
00310     argc: number of arguments
00311     argv: list of arguments
00312 Returns:
00313     LCMAPS_MOD_SUCCESS: authorization succeeded
00314     LCMAPS_MOD_FAIL   : authorization failed
00315 ******************************************************************************/
00316 int plugin_run(
00317         int argc,
00318         lcmaps_argument_t * argv
00319 )
00320 {
00321     char *              logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_run()";
00322     char *              dn                  = NULL; 
00323     char *              groupname           = NULL;
00324     struct group        *group_info         = NULL;
00325     char *              username            = NULL;
00326     struct passwd       *user_info          = NULL;
00327     int                 i                   = 0;
00328     int                 cnt_pri_gid         = 0;
00329     gid_t *             pri_gid             = NULL;
00330     int                 cnt_sec_gid         = 0;
00331     gid_t *             sec_gid             = NULL;
00332     char *              gidstring           = NULL;
00333     char                gidbuffer[LCMAPS_MAXGIDBUFFER];
00334     int                 index               = 0;
00335     char **             vo_cred_string_list = NULL;
00336     int                 cnt_vo_cred_string  = 0;
00337     int                 found               = 0;
00338     char *              leasename           = NULL;
00339     int                 leasenamelen        = 0;
00340     unsigned short      matching_type       = ((unsigned short)0x0000);
00341     int                 rc                  = 0;
00342     char **             fqan_list           = NULL;
00343     int                 nfqan               = -1;
00344     
00345     /*
00346      * The beginning
00347      */
00348     lcmaps_log_debug(1,"%s:\n", logstr);
00349 
00350     /*
00351      * Try to get the ordered values:
00352      */
00353     if ( ( dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv) ) )
00354         lcmaps_log_debug(1,"%s: found dn: %s\n", logstr, dn);
00355     else
00356         lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);
00357 
00358 
00359     /*
00360      * Check the gridmapfile
00361      */
00362 
00363     if ((gridmapfile != NULL) && (strlen(gridmapfile) > 0))
00364         lcmaps_log_debug(1,"%s: gridmapfile is: %s\n", logstr, gridmapfile);
00365     else
00366     {
00367         if (gridmapfile) free(gridmapfile);
00368         gridmapfile = NULL;
00369         lcmaps_log_debug(1,"%s: No gridmapfile assigned, so function must find out for it self\n", logstr);
00370     }
00371 
00372     /*
00373      * Check gridmapdir
00374      */
00375     if (gridmapdir == NULL) /* try if GRIDMAPDIR is already set */
00376     {
00377         char * tmpptr=NULL;
00378         if ((tmpptr = getenv("GRIDMAPDIR")) == NULL)
00379         {
00380             lcmaps_log(0,"%s: GRIDMAPDIR unknown !\n", logstr);
00381             lcmaps_log(0,"%s:  specify as option or set GRIDMAPDIR\n", logstr);
00382             goto fail_voms_poolaccount;
00383         }
00384         else
00385         {
00386             gridmapdir = strdup(tmpptr);
00387         }
00388     }
00389     if (strlen(gridmapdir) == 0)
00390     {
00391         lcmaps_log(0,"%s: cannot set MAPDIR (strlen(gridmapdir) == 0)\n", logstr);
00392         goto fail_voms_poolaccount;
00393     }
00394     lcmaps_log_debug(1,"%s: setting MAPDIR to %s\n", logstr, gridmapdir);
00395     if (setenv("MAPDIR", gridmapdir, 1))
00396     {
00397         lcmaps_log(0,"%s: cannot set MAPDIR\n", logstr);
00398         goto fail_voms_poolaccount;
00399     }
00400 
00401     /*
00402      * Get the (VOMS) gids found so far and build a string out of it.
00403      * First primary Gid(s), behind it the secondary Gids.
00404      * For the moment, the same order is taken as found in the VOMS credential.
00405      * We might consider to sort the gids.
00406      * We cannot order them by lcmaps_argument_t, but have to use the getCredentialData() function
00407      * since it was stored there by a plugin (lcmaps_voms.mod)
00408      */
00409     pri_gid = (gid_t *)getCredentialData(PRI_GID, &cnt_pri_gid);
00410     if (cnt_pri_gid == 0)
00411     {
00412         lcmaps_log(0,"%s: warning: no primary group found ! \n", logstr);
00413     }
00414     else if (cnt_pri_gid < 0)
00415     {
00416         lcmaps_log(0,"%s: negative number of primary groups found ! (failure)\n", logstr);
00417         goto fail_voms_poolaccount;
00418     }
00419     else if (cnt_pri_gid > 1)
00420     {
00421         lcmaps_log(0,"%s: warning more than 1 primary group found\n", logstr);
00422     }
00423     if ( (require_primary_gid == 1) && (cnt_pri_gid < 1) )
00424     {
00425         lcmaps_log(0,"%s: no primary group found (failure)\n", logstr);
00426         goto fail_voms_poolaccount;
00427     }
00428 
00429     sec_gid = (gid_t *)getCredentialData(SEC_GID, &cnt_sec_gid);
00430     if (cnt_sec_gid < 0)
00431     {
00432         lcmaps_log(0,"%s: negative number of secondary groups found ! (failure)\n", logstr);
00433         goto fail_voms_poolaccount;
00434     }
00435     /*
00436      * Cat the gids into a string
00437      */
00438     gidbuffer[0] = '\0';
00439     index = 0;
00440     /* First the primary gids */
00441     for (i = 0; i < cnt_pri_gid; i++)
00442     {
00443         if ( ( group_info = getgrgid(pri_gid[i]) ) )
00444         {
00445             groupname = group_info->gr_name;
00446             if ( (strlen(groupname) + 1) < (LCMAPS_MAXGIDBUFFER - index) )
00447             {
00448                 strncat(gidbuffer, ":", 1);
00449                 strncat(gidbuffer, groupname, (LCMAPS_MAXGIDBUFFER - index - 2));
00450                 index += strlen(groupname) + 1;
00451                 lcmaps_log_debug(1,"%s: primary groups, i=%d(%d), group_info->gr_name: %s\n", logstr,
00452                                  i,cnt_pri_gid,group_info->gr_name);
00453                 lcmaps_log_debug(1,"%s: gidbuffer: %s\n", logstr,gidbuffer);
00454             }
00455             else
00456             {
00457                 lcmaps_log(0,"%s: gidbuffer is full (%d bytes) (failure)\n", logstr,
00458                            LCMAPS_MAXGIDBUFFER);
00459                 goto fail_voms_poolaccount;
00460             }
00461         }
00462         else
00463         {
00464             lcmaps_log(0,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00465             goto fail_voms_poolaccount;
00466         }
00467     }
00468     /* Then the secondary gids, but only if use_secondary_gids == 1 */
00469     if (use_secondary_gids)
00470     {
00471         for (i = 0; i < cnt_sec_gid; i++)
00472         {
00473             if ( ( group_info = getgrgid(sec_gid[i]) ) )
00474             {
00475                 groupname = group_info->gr_name;
00476                 if ( (strlen(groupname) + 1) < (LCMAPS_MAXGIDBUFFER - index) )
00477                 {
00478                     strncat(gidbuffer, ":", 1);
00479                     strncat(gidbuffer, groupname, (LCMAPS_MAXGIDBUFFER - index - 2));
00480                     index += strlen(groupname) + 1;
00481                     lcmaps_log_debug(1,"%s: secondary groups, i=%d(%d), group_info->gr_name: %s\n", logstr,
00482                                      i,cnt_sec_gid,group_info->gr_name);
00483                     lcmaps_log_debug(1,"%s: gidbuffer: %s\n", logstr,gidbuffer);
00484                 }
00485                 else
00486                 {
00487                     lcmaps_log(0,"%s: gidbuffer is full (%d bytes) (failure)\n", logstr,
00488                                LCMAPS_MAXGIDBUFFER);
00489                     goto fail_voms_poolaccount;
00490                 }
00491             }
00492             else
00493             {
00494                 lcmaps_log_debug(1,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00495                 goto fail_voms_poolaccount;
00496             }
00497         }
00498     }
00499     if (gidbuffer[0] == '\0')
00500     {
00501         gidstring = NULL;
00502         leasenamelen = strlen(dn) + 1;
00503         leasename = strdup(dn);
00504     }
00505     else
00506     {
00507         gidstring = gidbuffer;
00508         leasenamelen = strlen(dn) + strlen(gidstring) + 1;
00509         leasename = malloc(leasenamelen*sizeof(char));
00510         snprintf(leasename, leasenamelen, "%s%s", dn, gidstring);
00511     }
00512 
00513     /*
00514      * Get the VO user information.
00515      * We can either order it by lcmaps_argument_t or use the getCredentialData() function.
00516      * The latter case requires the voms parsing plugin (lcmaps_voms.mod) to have run beforehand.
00517      * Unfortunately the formats of the VOMS strings (from getCredentialData()) and
00518      * FQANs (from lcmaps_argument_t) are not the same. We may have to introduce
00519      * two-way conversion functions.
00520      * The VOMS info has to matched against the info in the gridmapfile
00521      */
00522     lcmaps_log_debug(1,"%s: First try to get the FQAN list from input credential repository ...\n", logstr);
00523     if ( ( nfqan = *(int *) lcmaps_getArgValue("nfqan", "int", argc, argv) ) )
00524     {
00525         lcmaps_log_debug(1,"%s: the list of FQANs should contain %d elements\n", logstr, nfqan);
00526         if ( ( fqan_list = *(char ***) lcmaps_getArgValue("fqan_list", "char **", argc, argv) ) )
00527             lcmaps_log_debug(1, "%s: found list of FQANs\n", logstr);
00528         else
00529         {
00530             lcmaps_log_debug(1, "%s: could not retrieve list of FQANs (failure)!\n", logstr);
00531             goto fail_voms_poolaccount;
00532         }
00533         for (i = 0; i < nfqan; i++)
00534         {
00535             lcmaps_log_debug(3, "%s: FQAN %d: %s\n", logstr, i, fqan_list[i]);
00536         }
00537         vo_cred_string_list = fqan_list;
00538         cnt_vo_cred_string = nfqan;
00539     }
00540     else
00541     {
00542         lcmaps_log_debug(1,"%s: ... did not find input credentials in input credential repository...\n", logstr);
00543         lcmaps_log_debug(1,"%s: ... trying the internal credential repository ...\n", logstr);
00544 
00545         vo_cred_string_list = getCredentialData(LCMAPS_VO_CRED_STRING, &cnt_vo_cred_string);
00546     }
00547 
00548     if (cnt_vo_cred_string == 0)
00549     {
00550         lcmaps_log(0,"%s: no VOMS group info --> no mapping (failure)\n", logstr);
00551         goto fail_voms_poolaccount;
00552     }
00553     else if (cnt_vo_cred_string < 0)
00554     {
00555         lcmaps_log(0,"%s: negative number of VOMS groups found ! (failure)\n", logstr);
00556         goto fail_voms_poolaccount;
00557     }
00558 
00559 
00560     /*
00561      * Try to match the VO strings with the gridmapfile info
00562      * normally the first available VO string should match
00563      */
00564     found = 0;
00565     lcmaps_log_debug(2,"%s: using leasename: %s\n", logstr,leasename);
00566 
00567     matching_type = MATCH_INCLUDE|MATCH_WILD_CHARS;
00568  
00569     /* if override_consistency is set add this to the matchin_type so it will take effect */
00570     if (override_inconsistency)
00571         matching_type = matching_type|OVERRIDE_INCONSISTANCY;
00572 
00573     for (i = 0; i < cnt_vo_cred_string; i++)
00574     {
00575         if ( (i > 0) && (require_primary_gid == 1) )
00576         {
00577             lcmaps_log(0,"%s: no match (or no poolaccount available) for primary group (%s) in %s (failure)\n", logstr,
00578                        vo_cred_string_list[0], gridmapfile);
00579             goto fail_voms_poolaccount;
00580         }
00581 
00582 
00583         if ( (rc = lcmaps_gridlist(vo_cred_string_list[i], &username, gridmapfile, matching_type, ".", leasename)) == 0)
00584         {
00585             found = 1;
00586             lcmaps_log_debug(1,"%s: found username: %s\n", logstr, username);
00587             break;
00588         }
00589         else if (rc == LCMAPS_MOD_NOFILE)
00590         {
00591             lcmaps_log(0, "%s: Could not find the gridmapfile %s\n", logstr, gridmapfile);
00592             goto fail_voms_poolaccount;
00593         }
00594         else
00595         {
00596             lcmaps_log(0, "%s: no match (or no poolaccount available) for group (%s) in %s\n", logstr, vo_cred_string_list[i], gridmapfile);
00597         }
00598     }
00599 
00600 
00601     /*
00602      * Get userid to pwd_t structure
00603      */
00604     if (username && (strlen(username) > 0))
00605     {
00606 
00607         if ( ( user_info = getpwnam(username) ) )
00608         {
00609             char *  encoded_lease = NULL;
00610 
00611             lcmaps_log_debug(2,"%s: address user_info: %p\n", logstr, user_info);
00612             lcmaps_log_debug(2,"%s: username : %s, char ptr: %p, address char ptr: %p\n", logstr, user_info->pw_name, user_info->pw_name, &(user_info->pw_name));
00613             lcmaps_log_debug(2,"%s: password : %s\n", logstr, user_info->pw_passwd);
00614             lcmaps_log_debug(2,"%s: user_id  : %d, address uid: %p\n", logstr, user_info->pw_uid, &(user_info->pw_uid));
00615             lcmaps_log_debug(2,"%s: group_id : %d\n", logstr, user_info->pw_gid);
00616             lcmaps_log_debug(2,"%s: realname : %s\n", logstr, user_info->pw_gecos);
00617             lcmaps_log_debug(2,"%s: home dir : %s\n", logstr, user_info->pw_dir);
00618             lcmaps_log_debug(2,"%s: shellprg : %s\n", logstr, user_info->pw_shell);
00619 
00620             /* 
00621              * Add this credential data to the credential data repository in the plugin manager
00622              */
00623             addCredentialData(DN,  &dn);
00624             addCredentialData(UID, &(user_info->pw_uid));
00625 
00626             /* Added because of the POOL_INDEX request for the DAS */
00627             encoded_lease = gridmapdir_urlencode(leasename);
00628             addCredentialData(POOL_INDEX, &encoded_lease);
00629             if (encoded_lease)
00630             {
00631                 free(encoded_lease);
00632                 encoded_lease = NULL;
00633             }
00634         }
00635         else
00636         {
00637             lcmaps_log(0,"%s: no user account found name \"%s\"\n", logstr, username);
00638             goto fail_voms_poolaccount;
00639         }
00640     }
00641     else
00642     {   // error (msg is already given)
00643         goto fail_voms_poolaccount;
00644     }
00645 
00646     /* succes */
00647  success_voms_poolaccount:
00648     if (username) free(username);
00649     lcmaps_log_time(0,"%s: voms_poolaccount plugin succeeded\n", logstr);
00650     return LCMAPS_MOD_SUCCESS;
00651 
00652  fail_voms_poolaccount:
00653     if (username) free(username);
00654     lcmaps_log_time(0,"%s: voms_poolaccount plugin failed\n", logstr);
00655     return LCMAPS_MOD_FAIL;
00656 }
00657 
00658 /******************************************************************************
00659 Function:   plugin_terminate
00660 Description:
00661     Terminate plugin
00662 Parameters:
00663 
00664 Returns:
00665     LCMAPS_MOD_SUCCESS : succes
00666     LCMAPS_MOD_FAIL    : failure
00667 ******************************************************************************/
00668 int plugin_terminate()
00669 {
00670     char * logstr = "\tlcmaps_plugin_voms_poolaccount-plugin_terminate()";
00671 
00672     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00673 
00674     if (gridmapfile) free(gridmapfile);
00675     if (gridmapdir) free(gridmapdir);
00676 
00677     return LCMAPS_MOD_SUCCESS;
00678 }
00679 
00680 /******************************************************************************
00681 CVS Information:
00682     $Source: /cvs/jra1mw/org.glite.security.lcmaps-plugins-voms/src/voms/lcmaps_voms_poolaccount.c,v $
00683     $Date: 2005/02/27 01:30:42 $
00684     $Revision: 1.6 $
00685     $Author: msteenba $
00686 ******************************************************************************/