int
event_queue_close(struct event_queue *eq, struct queue_thread *me)
{
assert(eq != NULL);
assert(me != NULL);
#ifdef LB_PERF
if(!nosend) {
#endif
if(me->gss.context != NULL) {
edg_wll_gss_close(&me->gss, NULL);
me->gss.context = NULL;
}
me->first_event_sent = 0;
#ifdef LB_PERF
}
#endif
return(0);
}
/*
*----------------------------------------------------------------------
*
* doit - do all the dirty work
*
*----------------------------------------------------------------------
*/
static int
doit(int socket, edg_wll_GssCred cred_handle, char *file_name_prefix, int noipc, int noparse)
{
char *subject;
int ret,fd,count;
struct timeval timeout;
edg_wll_GssConnection con;
edg_wll_GssStatus gss_stat;
edg_wll_GssPrincipal client = NULL;
fd_set fdset;
struct sockaddr_storage peer;
socklen_t alen = sizeof peer;
char peerhost[64], peerserv[16];
ret = count = 0;
FD_ZERO(&fdset);
/* accept */
timeout.tv_sec = ACCEPT_TIMEOUT;
timeout.tv_usec = 0;
getpeername(socket,(struct sockaddr *) &peer,&alen);
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"Accepting connection (remaining timeout %d.%06d sec)\n",
(int)timeout.tv_sec, (int) timeout.tv_usec);
ret = getnameinfo ((struct sockaddr *) &peer, alen,
peerhost, sizeof(peerhost), peerserv, sizeof(peerserv), NI_NUMERICHOST | NI_NUMERICSERV);
if (ret) {
glite_common_log(LOG_CATEGORY_ACCESS, LOG_PRIORITY_WARN, "getnameinfo: %s", gai_strerror (ret));
strcpy(peerhost, "unknown"); strcpy(peerserv, "unknown");
}
/* XXX: ugly workaround, we may detect false expired certificated
* probably due to bug in Globus GSS/SSL. */
#define _EXPIRED_CERTIFICATE_MESSAGE "certificate has expired"
if ((ret = edg_wll_gss_accept(cred_handle,socket,&timeout,&con, &gss_stat)) < 0) {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_DEBUG,"timeout after gss_accept is %d.%06d sec\n",
(int)timeout.tv_sec, (int) timeout.tv_usec);
if ( ret == EDG_WLL_GSS_ERROR_TIMEOUT ) {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN,"%s: Client authentication failed - timeout reached, closing.\n",peerhost);
} else if (ret == EDG_WLL_GSS_ERROR_GSS) {
char *gss_err;
edg_wll_gss_get_error(&gss_stat, "Client authentication failed", &gss_err);
if (strstr(gss_err,_EXPIRED_CERTIFICATE_MESSAGE)) {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN,"%s: false expired certificate: %s\n",peerhost,gss_err);
free(gss_err);
return -1;
}
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN,"%s: GSS error: %s, closing.\n",peerhost,gss_err);
free(gss_err);
} else {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN,"%s: Client authentication failed, closing.\n",peerhost);
}
return 1;
}
/* authenticate */
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_DEBUG,"Processing authentication:\n");
ret = edg_wll_gss_get_client_conn(&con, &client, &gss_stat);
if (ret) {
char *gss_err;
edg_wll_gss_get_error(&gss_stat, "Cannot read client identification", &gss_err);
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN, "%s: %s\n", peerhost,gss_err);
free(gss_err);
}
if (ret || client->flags & EDG_WLL_GSS_FLAG_ANON) {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_WARN," User not authenticated, setting as \"%s\". \n",EDG_WLL_LOG_USER_DEFAULT);
subject=strdup(EDG_WLL_LOG_USER_DEFAULT);
} else {
glite_common_log(LOG_CATEGORY_SECURITY,LOG_PRIORITY_INFO," User successfully authenticated as: %s\n",client->name);
subject=strdup(client->name);
}
if (client)
edg_wll_gss_free_princ(client);
/* get and process the data */
timeout.tv_sec = CONNECTION_TIMEOUT;
timeout.tv_usec = 0;
while (timeout.tv_sec > 0) {
count++;
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"Waiting for data delivery no. %d (remaining timeout %d.%06d sec)\n",
count, (int)timeout.tv_sec, (int) timeout.tv_usec);
FD_SET(con.sock,&fdset);
fd = select(con.sock+1,&fdset,NULL,NULL,&timeout);
switch (fd) {
case 0: /* timeout */
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"Connection timeout expired\n");
timeout.tv_sec = 0;
break;
case -1: /* error */
switch(errno) {
case EINTR:
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"XXX: Waking up (remaining timeout %d.%06d sec)\n",
(int)timeout.tv_sec, (int) timeout.tv_usec);
continue;
default:
glite_common_log_SYS_ERROR("select");
timeout.tv_sec = 0;
break;
}
break;
default:
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"Waking up (remaining timeout %d.%06d sec)\n",
(int)timeout.tv_sec, (int) timeout.tv_usec);
break;
}
if (FD_ISSET(con.sock,&fdset)) {
ret = edg_wll_log_proto_server(&con,&timeout,subject,file_name_prefix,noipc,noparse);
// TODO: put into edg_wll_log_proto_server?
if (ret != 0) {
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG,"timeout after edg_wll_log_proto_server is %d.%06d sec\n",
(int)timeout.tv_sec, (int) timeout.tv_usec);
if (ret != EDG_WLL_GSS_ERROR_EOF)
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_WARN,"edg_wll_log_proto_server(): Error\n");
else if (count == 1)
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_WARN,"edg_wll_log_proto_server(): Error. EOF occured.\n");
timeout.tv_sec = 0;
timeout.tv_usec = 0;
break;
} else {
timeout.tv_sec = CONNECTION_TIMEOUT;
timeout.tv_usec = 0;
}
}
}
glite_common_log(LOG_CATEGORY_ACCESS,LOG_PRIORITY_DEBUG, "Closing descriptor %d.",con.sock);
edg_wll_gss_close(&con, NULL);
if (subject) free(subject);
return ret;
}
void edg_wll_FreeContext(edg_wll_Context ctx)
{
struct timeval close_timeout = {0, 50000};
int i;
if (!ctx) return;
#ifdef CTXTRACE
{
int trc = open(CTXTRACE,O_WRONLY|O_CREAT,0644);
char buf[200];
sprintf(buf,"%p free\n",ctx);
lseek(trc,0,SEEK_END);
write(trc,buf,strlen(buf));
close(trc);
}
#endif
if (ctx->errDesc) free(ctx->errDesc);
if (ctx->connections->connPool) {
#ifdef GLITE_LB_THREADED
int i;
/* Since the introduction of a shared connection pool, the pool
cannot be freed here. We only need to unlock connections that
may have been locked using this context. */
#ifdef EDG_WLL_CONNPOOL_DEBUG
printf("Running edg_wll_FreeContext - checking for connections locked by the current context.\n");
#endif
edg_wll_poolLock();
for (i=0; i<ctx->connections->poolSize; i++) {
if (ctx->connections->locked_by[i]==ctx) {
#ifdef EDG_WLL_CONNPOOL_DEBUG
printf("Unlocking connection No. %d...",i);
#endif
edg_wll_connectionUnlock(ctx, i);
}
}
edg_wll_poolUnlock();
#endif
/*
for (i=0; i<ctx->connections->poolSize; i++) {
if (ctx->connections->connPool[i].peerName) free(ctx->connections->connPool[i].peerName);
edg_wll_gss_close(&ctx->connections->connPool[i].gss,&close_timeout);
if (ctx->connections->connPool[i].gsiCred)
edg_wll_gss_release_cred(&ctx->connections->connPool[i].gsiCred, NULL);
if (ctx->connections->connPool[i].buf) free(ctx->connections->connPool[i].buf);
}
free(ctx->connections->connPool);*/
}
if (ctx->connNotif) {
for (i=0; i<ctx->connNotif->poolSize; i++) {
if (ctx->connNotif->connPool[i].peerName) free(ctx->connNotif->connPool[i].peerName);
edg_wll_gss_close(&ctx->connNotif->connPool[i].gss,&close_timeout);
if (ctx->connNotif->connPool[i].gsiCred)
edg_wll_gss_release_cred(&ctx->connNotif->connPool[i].gsiCred, NULL);
if (ctx->connNotif->connPool[i].buf) free(ctx->connNotif->connPool[i].buf);
if (ctx->connNotif->connPool[i].bufOut) free(ctx->connNotif->connPool[i].bufOut);
}
free(ctx->connNotif->connPool);
free(ctx->connNotif);
}
if ( ctx->connProxy ) {
if ( ctx->connProxy->buf ) free(ctx->connProxy->buf);
edg_wll_plain_close(&ctx->connProxy->conn);
free(ctx->connProxy);
}
if (ctx->notifSock >=0) close(ctx->notifSock);
if (ctx->srvName) free(ctx->srvName);
if (ctx->peerName) free(ctx->peerName);
if (ctx->vomsGroups.len) free_voms_groups(&ctx->vomsGroups);
if (ctx->dumpStorage) free(ctx->dumpStorage);
if (ctx->purgeStorage) free(ctx->purgeStorage);
if (ctx->fqans) {
char **f;
for (f = ctx->fqans; f && *f; f++)
free(*f);
free(ctx->fqans);
ctx->fqans = NULL;
}
if (ctx->authz_policy.actions_num) {
for (i = 0; i < ctx->authz_policy.actions_num; i++) {
int j, k;
struct _edg_wll_authz_rule *r;
for (j = 0; j < ctx->authz_policy.actions[i].rules_num; j++) {
r = &ctx->authz_policy.actions[i].rules[j];
for (k = 0; r->attrs && k < r->attrs_num; k++) {
free(r->attrs[k].value);
}
free(r->attrs);
}
free(ctx->authz_policy.actions[i].rules);
}
free (ctx->authz_policy.actions);
}
if (ctx->id_mapping.num) {
for (i = 0; i < ctx->id_mapping.num; i++) {
free(ctx->id_mapping.rules[i].a);
free(ctx->id_mapping.rules[i].b);
}
free(ctx->id_mapping.rules);
ctx->id_mapping.num = 0;
}
if (ctx->jpreg_dir) free(ctx->jpreg_dir);
if (ctx->serverIdentity) free(ctx->serverIdentity);
if (ctx->msg_prefixes) {
char **fm;
for (fm = ctx->msg_prefixes; fm && *fm; fm++)
free(*fm);
free(ctx->msg_prefixes);
ctx->msg_prefixes = NULL;
}
if (ctx->msg_brokers) {
char **fm;
for (fm = ctx->msg_brokers; fm && *fm; fm++)
free(*fm);
free(ctx->msg_brokers);
ctx->msg_brokers = NULL;
}
if (ctx->authz_policy_file) free(ctx->authz_policy_file);
if (ctx->html_header_file) free(ctx->html_header_file);
edg_wll_FreeParams(ctx);
free(ctx);
}
