lcas: lcas_userallow.c Source File

00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /*                                                                                                            
00009  * Copyright (c) 2001 EU DataGrid.                                                                             
00010  * For license conditions see http://www.eu-datagrid.org/license.html                                          
00011  *
00012  * Copyright (c) 2001, 2002 by 
00013  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00014  *     David Groep <davidg@nikhef.nl>,
00015  *     NIKHEF Amsterdam, the Netherlands
00016  */
00017 
00062 /******************************************************************************
00063 
00064 lcas_userallow.c
00065 
00066 Description:
00067     LCAS module that does static user checking
00068     Currently it uses the gridmapfile
00069 
00070 CVS Information:
00071     $Source: /cvs/jra1mw/org.glite.security.lcas-plugins-basic/src/userallow/lcas_userallow.c,v $
00072     $Date: 2005/02/28 11:45:52 $
00073     $Revision: 1.3 $
00074     $Author: msteenba $
00075 
00076 ******************************************************************************/
00077 
00078 /*****************************************************************************
00079                             Include header files
00080 ******************************************************************************/
00081 #include "lcas_config.h"
00082 #include <stdio.h>
00083 #include <stdlib.h>
00084 #include <string.h>
00085 
00086 #if HAVE_MALLOC_H
00087 #include <malloc.h>
00088 #endif
00089 
00090 #include "lcas_modules.h"
00091 #include "lcas_gridlist.h"
00092 
00093 /******************************************************************************
00094                                 Definitions
00095 ******************************************************************************/
00096 
00097 #define USE_GRIDMAP 1
00098 
00099 /******************************************************************************
00100                        Define module specific variables
00101 ******************************************************************************/
00102 static char *                 modname="lcas_userallow.mod";
00103 static char *                 userallow_db = NULL;
00104 
00105 /******************************************************************************
00106 Function:   plugin_initialize
00107 Description:
00108     Initialize plugin
00109 Parameters:
00110     argc, argv
00111     argv[1]: database to be used by plugin
00112 Returns:
00113     LCAS_MOD_SUCCESS : succes
00114     LCAS_MOD_FAIL    : failure
00115     LCAS_MOD_NOFILE  : db file not found
00116 ******************************************************************************/
00117 #if 0
00118 int plugin_initialize(char * plugin_db)
00119 #endif
00120 int plugin_initialize(int argc, char ** argv)
00121 {
00122     int                           rc;
00123     char *                        dummy = NULL;
00124 
00125 #if USE_GRIDMAP
00126     /* test with dummy values */
00127     rc = lcas_gridlist("\0", &dummy, NULL, MATCH_ONLY_DN, NULL, NULL);
00128     if ( rc == LCAS_MOD_NOFILE )
00129     {
00130         lcas_log(LOG_NOTICE,"\t%s-plugin_initialize() error: cannot find gridmap file\n",
00131                  modname);
00132         if (dummy != NULL) free(dummy);
00133         return LCAS_MOD_NOFILE;
00134     }
00135 #else
00136     int                           i;
00137 
00138     lcas_log_debug(1,"%s-plugin_initialize(): passed arguments:\n", modname);
00139     for (i=0; i < argc; i++)
00140     {
00141         lcas_log_debug(1,"%s-plugin_initialize(): arg %d is %s\n",
00142              modname,i,argv[i]);
00143     }
00144 
00145     /* set db file (has to be freed) */
00146     if (argc > 1)
00147         userallow_db = lcas_findfile(argv[1]);
00148 
00149     /* Test if userallow_db can be opened */
00150     if (userallow_db == NULL)
00151     {
00152         lcas_log(0,"\t%s-plugin_initialize() error: allowed user file required !\n",
00153                    modname);
00154         return LCAS_MOD_NOFILE;
00155     }
00156     if (lcas_getfexist(1,userallow_db) == NULL)
00157     {
00158         lcas_log(0,
00159                  "\t%s-plugin_initialize() error: Cannot find allowed user file: %s\n",
00160                  modname,userallow_db
00161         );
00162         return LCAS_MOD_NOFILE;
00163     }
00164 #endif
00165     if (dummy != NULL) free(dummy);
00166     return LCAS_MOD_SUCCESS;
00167 }
00168 
00169 /******************************************************************************
00170 Function:   plugin_confirm_authorization
00171 Description:
00172     Static user checking.
00173     In the future the information service will be contacted to check
00174     the permissions/roles of the user.
00175     For the moment only the gridmap file is checked.
00176 Parameters:
00177     request: JDL
00178     user_cred : user globus credential handle
00179 Returns:
00180     LCAS_MOD_SUCCESS: authorization succeeded
00181     LCAS_MOD_FAIL   : authorization failed
00182     LCAS_MOD_NOFILE : db file not found
00183 ******************************************************************************/
00184 int
00185 plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred)
00186 {
00187     int                           rc;
00188     char *                        dummy = NULL;
00189     char *                        user_dn = NULL;
00190 
00191     /*
00192      * check credential and get the globus name
00193      */
00194     if ( (user_dn = lcas_get_dn(lcas_cred)) == NULL)
00195     {
00196         lcas_log(0, "lcas.mod-lcas_get_fabric_authorization() error: user DN empty\n");
00197         goto lcas_userallow_noauth;
00198     }
00199 
00200     /* Do the check */
00201 #if USE_GRIDMAP
00202     lcas_log_debug(0,
00203     "\t%s-plugin_confirm_authorization(): checking allowed users in gridmapfile\n",
00204              modname);
00205     lcas_log_debug(0,
00206     "\t%s-plugin_confirm_authorization(): checking user %s\n",modname,user_dn);
00207 
00208     rc = lcas_gridlist(user_dn, &dummy, NULL, MATCH_ONLY_DN, NULL, NULL);
00209     lcas_log_debug(1,"got rc = %d from lcas_gridlist()\n",rc);
00210 #else
00211     lcas_log_debug(0,
00212     "\t%s-plugin_confirm_authorization(): checking allowed users in %s\n",
00213              modname,userallow_db);
00214 
00215     rc = lcas_gridlist(user_dn, &dummy, userallow_db, MATCH_ONLY_DN, NULL, NULL);
00216     lcas_log_debug(1,"got rc = %d from lcas_gridlist()\n",rc);
00217 #endif
00218     if ( rc == LCAS_MOD_NOENTRY )
00219     {
00220         /* No entry found for user_dn */
00221         lcas_log(0,"\t%s-plugin_confirm_authorization(): no entry found for %s\n",
00222                  modname,user_dn);
00223         goto lcas_userallow_noauth;
00224     }
00225     else if ( rc == LCAS_MOD_NOFILE )
00226     {
00227         /* File not found */
00228         lcas_log(0,
00229 #if USE_GRIDMAP
00230             "\t%s-plugin_confirm_authorization() error: Cannot find gridmapfile\n",
00231             modname);
00232 #else
00233             "\t%s-plugin_confirm_authorization() error: Cannot find allowed user file: %s\n",
00234             modname,userallow_db);
00235 #endif
00236         goto lcas_userallow_nofile;
00237     }
00238 
00239  lcas_userallow_auth:
00240     /* authorization = entry found for user_dn */
00241     if (dummy != NULL) free(dummy);
00242     return LCAS_MOD_SUCCESS;
00243 
00244  lcas_userallow_noauth:
00245     /* no authorization = no entry found for user_dn */
00246     if (dummy != NULL) free(dummy);
00247     return LCAS_MOD_FAIL;
00248 
00249  lcas_userallow_nofile:
00250     /* file not found */
00251     if (dummy != NULL) free(dummy);
00252     return LCAS_MOD_NOFILE;
00253 }
00254 
00255 /******************************************************************************
00256 Function:   plugin_terminate
00257 Description:
00258     Terminate plugin
00259 Parameters:
00260 
00261 Returns:
00262     LCAS_MOD_SUCCESS : succes
00263     LCAS_MOD_FAIL    : failure
00264 ******************************************************************************/
00265 int plugin_terminate()
00266 {
00267     lcas_log_debug(1,"%s-plugin_terminate(): terminating\n",modname);
00268     if (userallow_db) { free(userallow_db); userallow_db=NULL; }
00269 
00270     return LCAS_MOD_SUCCESS;
00271 }