lcmaps: lcmaps_voms_poolgroup.c Source File

00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*
00009  * Copyright (c) 2001 EU DataGrid.
00010  * For license conditions see http://www.eu-datagrid.org/license.html
00011  *
00012  * Copyright (c) 2001, 2002 by
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00160 /*****************************************************************************
00161                             Include header files
00162 ******************************************************************************/
00163 #include <stdio.h>
00164 #include <stdlib.h>
00165 #include <string.h>
00166 #include <pwd.h>
00167 #include <ctype.h>
00168 
00169 #include "lcmaps_config.h"
00170 #include "lcmaps_modules.h"
00171 #include "lcmaps_arguments.h"
00172 #include "lcmaps_cred_data.h"
00173 #include "lcmaps_gridlist.h"
00174 
00175 /******************************************************************************
00176                                 Definitions
00177 ******************************************************************************/
00178 
00179 /******************************************************************************
00180                           Module specific prototypes
00181 ******************************************************************************/
00182 
00183 /******************************************************************************
00184                        Define module specific variables
00185 ******************************************************************************/
00186 
00187 static char *groupmapfile = NULL;
00188 static char *groupmapdir  = NULL;
00189 static int   mapall       = 0;
00190 static int   override_inconsistency = 0; 
00191 static int   mapmin       = 0;
00192 /******************************************************************************
00193 Function:   plugin_initialize
00194 Description:
00195     Initialize plugin
00196 Parameters:
00197     argc, argv
00198     argv[0]: the name of the plugin
00199 Returns:
00200     LCMAPS_MOD_SUCCESS : succes
00201     LCMAPS_MOD_FAIL    : failure
00202     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00203 ******************************************************************************/
00204 int plugin_initialize(
00205         int argc,
00206         char ** argv
00207 )
00208 {
00209     char *  logstr = "\tlcmaps_plugin_voms_poolgroup-plugin_initialize()";
00210     int i, j;
00211 
00212     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00213     for (i=0; i < argc; i++)
00214     {
00215        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00216     }
00217 
00218     /*
00219      * the first will be the thing to edit/select (groupmap(file))
00220      */
00221 
00222     /*
00223      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00224      */
00225     for (i = 1; i < argc; i++)
00226     {
00227         if ( ((strcmp(argv[i], "-groupmap") == 0) ||
00228               (strcmp(argv[i], "-GROUPMAP") == 0) ||
00229               (strcmp(argv[i], "-groupmapfile") == 0) ||
00230               (strcmp(argv[i], "-GROUPMAPFILE") == 0))
00231              && (i + 1 < argc))
00232         {
00233             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00234             {
00235                  groupmapfile = strdup(argv[i + 1]);
00236             }
00237             i++;
00238         }
00239         else if ( ((strcmp(argv[i], "-groupmapdir") == 0) ||
00240               (strcmp(argv[i], "-GROUPMAPDIR") == 0))
00241              && (i + 1 < argc))
00242         {
00243             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00244             {
00245                  groupmapdir = strdup(argv[i + 1]);
00246             }
00247             i++;
00248         }
00249         else if (strcmp(argv[i], "-mapall") == 0)
00250         {
00251              mapall = 1;
00252         }
00253         else if ( (strcmp(argv[i], "-override_inconsistency") == 0) ||
00254                   (strcmp(argv[i], "-OVERRIDE_INCONSISTENCY") == 0))
00255         {
00256             override_inconsistency = 1;
00257         }
00258 
00259         else if ((strcmp(argv[i], "-mapmin") == 0) 
00260                  && (i + 1 < argc))
00261         {
00262             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00263             {
00264                  /* check parameter integrety */
00265                  for (j = 0; j < (strlen(argv[i + 1])); j++)
00266                  {
00267                      if (isdigit((argv[i + 1])[j]) == 0)
00268                      {
00269                          lcmaps_log(0,"%s: Error in initialization parameter: %s (%s is not a number)\n", logstr, argv[i], argv[i + 1]);
00270                          return LCMAPS_MOD_FAIL;
00271                      }
00272                  }
00273 
00274                  mapmin = atoi(argv[i + 1]);
00275             }
00276             i++;
00277         }
00278 
00279         else
00280         {
00281             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr,
00282                        argv[i]);
00283             return LCMAPS_MOD_FAIL;
00284         }
00285     }
00286 
00287     return LCMAPS_MOD_SUCCESS;
00288 } 
00289 
00290 /******************************************************************************
00291 Function:   plugin_introspect
00292 Description:
00293     return list of required arguments
00294 Parameters:
00295 
00296 Returns:
00297     LCMAPS_MOD_SUCCESS : succes
00298     LCMAPS_MOD_FAIL    : failure
00299 ******************************************************************************/
00300 int plugin_introspect(
00301         int * argc,
00302         lcmaps_argument_t ** argv
00303 )
00304 {
00305     char *                   logstr = "\tlcmaps_plugin_voms_poolgroup-plugin_introspect()";
00306     static lcmaps_argument_t argList[] = {
00307         {"user_dn"      ,       "char *"        , 0,   NULL},
00308         {"fqan_list"    ,       "char **"       , 0,   NULL},
00309         {"nfqan"        ,       "int"           , 0,   NULL},
00310         {NULL           ,       NULL            , -1,   NULL}
00311     };
00312 
00313     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00314 
00315     *argv = argList;
00316     *argc = lcmaps_cntArgs(argList);
00317     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr, argList);
00318 
00319     return LCMAPS_MOD_SUCCESS;
00320 }
00321 
00322 
00323 /******************************************************************************
00324 Function:   plugin_run
00325 Description:
00326     Gather credentials for LCMAPS
00327 Parameters:
00328     argc: number of arguments
00329     argv: list of arguments
00330 Returns:
00331     LCMAPS_MOD_SUCCESS: authorization succeeded
00332     LCMAPS_MOD_FAIL   : authorization failed
00333 ******************************************************************************/
00334 int plugin_run(
00335         int argc,
00336         lcmaps_argument_t * argv
00337 )
00338 {
00339     char *                logstr = "\tlcmaps_plugin_voms_poolgroup-plugin_run()";
00340     char *                dn                  = NULL; 
00341     char *                groupname           = NULL;
00342     struct group *        group_info          = NULL;
00343     int                   i                   = 0;
00344     char **               vo_cred_string_list = NULL;
00345     int                   cnt_vo_cred_string  = 0;
00346     unsigned short        matching_type       = ((unsigned short)0x0000);
00347     int                   group_counter       = 0;
00348     int                   rc                  = 0;
00349     lcmaps_vo_mapping_t * lcmaps_vo_mapping   = NULL;
00350     char **               fqan_list           = NULL;
00351     int                   nfqan               = -1;
00352     
00353     /*
00354      * The beginning
00355      */
00356     lcmaps_log_debug(1,"%s:\n", logstr);
00357 
00358     /*
00359      * Try to get the ordered values:
00360      */
00361     if ( ( dn = *(char **) lcmaps_getArgValue("user_dn", "char *", argc, argv) ) )
00362         lcmaps_log_debug(1,"%s: found dn: %s\n", logstr, dn);
00363     else
00364         lcmaps_log_debug(1,"%s: could not get value of dn !\n", logstr);
00365 
00366     /*
00367      * Get the VO user information.
00368      * We can either order it by lcmaps_argument_t or use the getCredentialData() function.
00369      * The latter case requires the voms parsing plugin (lcmaps_voms.mod) to have run beforehand.
00370      * Unfortunately the formats of the VOMS strings (from getCredentialData()) and
00371      * FQANs (from lcmaps_argument_t) are not the same. We may have to introduce
00372      * two-way conversion functions.
00373      * The VOMS info has to matched against the info in the gridmapfile
00374      */
00375     lcmaps_log_debug(1,"%s: First try to get the FQAN list from input credential repository ...\n", logstr);
00376     if ( ( nfqan = *(int *) lcmaps_getArgValue("nfqan", "int", argc, argv) ) )
00377     {
00378         lcmaps_log_debug(1,"%s: the list of FQANs should contain %d elements\n", logstr, nfqan);
00379         if ( ( fqan_list = *(char ***) lcmaps_getArgValue("fqan_list", "char **", argc, argv) ) )
00380             lcmaps_log_debug(1, "%s: found list of FQANs\n", logstr);
00381         else
00382         {
00383             lcmaps_log_debug(1, "%s: could not retrieve list of FQANs (failure)!\n", logstr);
00384             goto fail_voms_poolgroup;
00385         }
00386         for (i = 0; i < nfqan; i++)
00387         {
00388             lcmaps_log_debug(3, "%s: FQAN %d: %s\n", logstr, i, fqan_list[i]);
00389         }
00390         vo_cred_string_list = fqan_list;
00391         cnt_vo_cred_string = nfqan;
00392     }
00393     else
00394     {
00395         lcmaps_log_debug(1,"%s: ... did not find input credentials in input credential repository...\n", logstr);
00396         lcmaps_log_debug(1,"%s: ... trying the internal credential repository ...\n", logstr);
00397 
00398         vo_cred_string_list = getCredentialData(LCMAPS_VO_CRED_STRING, &cnt_vo_cred_string);
00399     }
00400 
00401     if (cnt_vo_cred_string == 0)
00402     {
00403         lcmaps_log(0,"%s: no VOMS group info --> no mapping (failure)\n", logstr);
00404         goto fail_voms_poolgroup;
00405     }
00406     else if (cnt_vo_cred_string < 0)
00407     {
00408         lcmaps_log(0,"%s: negative number of VOMS groups found ! (failure)\n", logstr);
00409         goto fail_voms_poolgroup;
00410     }
00411 
00412     /*
00413      * Check the groupmapfile
00414      */
00415 
00416     if ((groupmapfile != NULL) && (strlen(groupmapfile) > 0))
00417         lcmaps_log_debug(1,"%s: groupmapfile is: %s\n", logstr, groupmapfile);
00418     else
00419     {
00420         lcmaps_log(0,"%s: error finding the groupmapfile: %s\n", logstr, groupmapfile);
00421         lcmaps_log(0,"%s: (use the option \"-groupmapfile <groupmapfile>\")\n", logstr);
00422         goto fail_voms_poolgroup;
00423     }
00424 
00425     /*
00426      * Check groupmapdir
00427      */
00428     if (groupmapdir == NULL) /* try if GROUPMAPDIR is already set */
00429     {
00430         char * tmpptr=NULL;
00431         if ((tmpptr = getenv("GROUPMAPDIR")) == NULL)
00432         {
00433             lcmaps_log(0,"%s: GROUPMAPDIR unknown !\n", logstr);
00434             lcmaps_log(0,"%s:  specify as option or set GROUPMAPDIR\n", logstr);
00435             goto fail_voms_poolgroup;
00436         }
00437         else
00438         {
00439             groupmapdir = strdup(tmpptr);
00440         }
00441     }
00442     if (strlen(groupmapdir) == 0)
00443     {
00444         lcmaps_log(0,"%s: cannot set MAPDIR (strlen(groupmapdir) == 0)\n", logstr);
00445         goto fail_voms_poolgroup;
00446     }
00447     lcmaps_log_debug(1,"%s: setting MAPDIR to %s\n", logstr, groupmapdir);
00448     if (setenv("MAPDIR", groupmapdir, 1))
00449     {
00450         lcmaps_log(0,"%s: cannot set MAPDIR\n", logstr);
00451         goto fail_voms_poolgroup;
00452     }
00453 
00454     /*
00455      * Try to find the unix groups from the VO info in the groupmapfile
00456      * The first group (if found) should become the primary group
00457      */
00458 
00459     matching_type = MATCH_INCLUDE|MATCH_WILD_CHARS;
00460 
00461     /* if override_consistency is set add this to the matchin_type so it will take effect */
00462     if (override_inconsistency)
00463         matching_type = matching_type|OVERRIDE_INCONSISTANCY;
00464 
00465     for (i = 0; i < cnt_vo_cred_string; i++)
00466     {
00467         if ( (rc = lcmaps_gridlist(vo_cred_string_list[i], &groupname, groupmapfile, matching_type, ".", NULL)) == 0)
00468         {
00469             lcmaps_log_debug(1,"%s: found groupname: %s\n", logstr, groupname);
00470             group_counter++;
00471 
00472             if (groupname && (strlen(groupname) > 0))
00473             {
00474                 if ( ( group_info = getgrnam(groupname) ) )
00475                 {
00476                     if (i == 0)
00477                     {
00478                         /* First VO group */
00479                         addCredentialData(PRI_GID, (void *) &(group_info->gr_gid));
00480                     }
00481                     else
00482                     {
00483                         /* Other VO groups */
00484                         addCredentialData(SEC_GID, (void *) &(group_info->gr_gid));
00485                     }
00486                     /*
00487                      * The coupling between VO information and the GID is maintained
00488                      * in the lcmaps_vo_mapping structure, which is added to the credential data
00489                      */
00490                     lcmaps_vo_mapping=lcmaps_createVoMapping(
00491                         vo_cred_string_list[i],
00492                         groupname,
00493                         group_info->gr_gid
00494                     );
00495                     if (! lcmaps_vo_mapping)
00496                     {
00497                         lcmaps_log(0,"%s: could not create VoMapping structure (failure)\n", logstr);
00498                         goto fail_voms_poolgroup;
00499                     }
00500 //                        lcmaps_printVoMapping(2, lcmaps_vo_mapping);
00501                     /* Add credential */
00502                     addCredentialData(LCMAPS_VO_CRED_MAPPING, (void *) lcmaps_vo_mapping);
00503                     if ( lcmaps_deleteVoMapping(&lcmaps_vo_mapping) )
00504                     {
00505                         lcmaps_log(0,"%s: error while deleting VoMapping structure (failure)\n", logstr);
00506                         goto fail_voms_poolgroup;
00507                     }
00508                 }
00509                 else
00510                 {
00511                     lcmaps_log(0,"%s: no group id found for groupname = \"%s\"\n", logstr, groupname);
00512                     goto fail_voms_poolgroup;
00513                 }
00514             }
00515             else
00516             {
00517                 lcmaps_log(0,"%s: error getting value of groupname (failure)!\n", logstr);
00518                 goto fail_voms_poolgroup;
00519             }
00520         }
00521         else if (rc == LCMAPS_MOD_NOFILE)
00522         {
00523             lcmaps_log(0, "%s: Could not find the groupmapfile %s\n", logstr, groupmapfile);
00524             goto fail_voms_poolgroup;
00525         }
00526         else
00527         {
00528             lcmaps_log_debug(1,"%s: could not get value of groupname !\n", logstr);
00529             if (mapall)
00530             {
00531                 lcmaps_log(0,"%s: no mapping for VO group %s\n", logstr,
00532                            vo_cred_string_list[i]);
00533                 goto fail_voms_poolgroup;
00534             }
00535         }
00536     }
00537 
00538     if (group_counter < mapmin)
00539     {
00540         lcmaps_log(0,"%s: Not enough groups found. The minimum is set to %d. The plugin found %d\n", logstr, mapmin, group_counter);
00541         goto fail_voms_poolgroup;
00542     }
00543 
00544     /* success */
00545  success_voms_poolgroup:
00546     if (groupname) free(groupname);
00547     lcmaps_log_time(0,"%s: voms_poolgroup plugin succeeded\n", logstr);
00548     return LCMAPS_MOD_SUCCESS;
00549 
00550  fail_voms_poolgroup:
00551     if (groupname) free(groupname);
00552     lcmaps_log_time(0,"%s: voms_poolgroup plugin failed\n", logstr);
00553     return LCMAPS_MOD_FAIL;
00554 }
00555 
00556 /******************************************************************************
00557 Function:   plugin_terminate
00558 Description:
00559     Terminate plugin
00560 Parameters:
00561 
00562 Returns:
00563     LCMAPS_MOD_SUCCESS : succes
00564     LCMAPS_MOD_FAIL    : failure
00565 ******************************************************************************/
00566 int plugin_terminate()
00567 {
00568     char * logstr = "\tlcmaps_plugin_voms_poolgroup-plugin_terminate()";
00569 
00570     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00571 
00572     if (groupmapfile) free(groupmapfile);
00573     if (groupmapdir) free(groupmapdir);
00574 
00575     return LCMAPS_MOD_SUCCESS;
00576 }
00577 
00578 /******************************************************************************
00579 CVS Information:
00580     $Source: /cvs/jra1mw/org.glite.security.lcmaps-plugins-voms/src/voms/lcmaps_voms_poolgroup.c,v $
00581     $Date: 2005/02/27 01:30:42 $
00582     $Revision: 1.4 $
00583     $Author: msteenba $
00584 ******************************************************************************/