static int auth_globus_assert(struct link *link, time_t stoptime)
{
int rc;
gss_cred_id_t credential = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
OM_uint32 major, minor, flags = 0;
int token;
char *reason = NULL;
globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE);
if(use_delegated_credential && delegated_credential != GSS_C_NO_CREDENTIAL) {
debug(D_AUTH, "globus: using delegated credential");
credential = delegated_credential;
major = GSS_S_COMPLETE;
} else {
debug(D_AUTH, "globus: loading my credentials");
major = globus_gss_assist_acquire_cred(&minor, GSS_C_INITIATE, &credential);
}
if(major == GSS_S_COMPLETE) {
debug(D_AUTH, "globus: waiting for server to get ready");
if(auth_barrier(link, "yes\n", stoptime) == 0) {
debug(D_AUTH, "globus: authenticating with server");
major = globus_gss_assist_init_sec_context(&minor, credential, &context, "GSI-NO-TARGET", 0, &flags, &token, read_token, link, write_token, link);
if(major == GSS_S_COMPLETE) {
debug(D_AUTH, "globus: credentials accepted!");
gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
} else {
globus_gss_assist_display_status_str(&reason, "", major, minor, token);
debug(D_AUTH, "globus: credentials rejected: %s", reason ? reason : "unknown reason");
THROW_QUIET(EACCES);
}
} else {
debug(D_AUTH, "globus: server couldn't load credentials");
THROW_QUIET(EACCES);
}
} else {
debug(D_AUTH, "globus: couldn't load my credentials; did you grid-proxy-init?");
auth_barrier(link, "no\n", stoptime);
THROW_QUIET(EACCES);
}
rc = 0;
goto out;
out:
if(!use_delegated_credential) {
gss_release_cred(&major, &credential);
}
globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE);
free(reason);
return RCUNIX(rc);
}
static int auth_globus_accept(struct link *link, char **subject, time_t stoptime)
{
gss_cred_id_t credential = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
OM_uint32 major, minor, flags = 0;
int token;
int success = 0;
globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE);
*subject = 0;
debug(D_AUTH, "globus: loading my credentials");
major = globus_gss_assist_acquire_cred(&minor, GSS_C_ACCEPT, &credential);
if(major == GSS_S_COMPLETE) {
debug(D_AUTH, "globus: waiting for client to get ready");
if(auth_barrier(link, "yes\n", stoptime) == 0) {
delegated_credential = GSS_C_NO_CREDENTIAL;
debug(D_AUTH, "globus: authenticating client");
major = globus_gss_assist_accept_sec_context(&minor, &context, credential, subject, &flags, 0, &token, &delegated_credential, read_token, link, write_token, link);
if(major == GSS_S_COMPLETE) {
debug(D_AUTH, "globus: accepted client %s", *subject);
if(delegated_credential != GSS_C_NO_CREDENTIAL) {
debug(D_AUTH, "globus: client delegated its credentials");
}
success = 1;
gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
} else {
char *reason;
globus_gss_assist_display_status_str(&reason, "", major, minor, token);
if(!reason)
reason = xxstrdup("unknown reason");
debug(D_AUTH, "globus: couldn't authenticate client: %s", reason);
if(reason)
free(reason);
}
} else {
debug(D_AUTH, "globus: client couldn't load credentials");
}
gss_release_cred(&major, &credential);
} else {
debug(D_AUTH, "globus: couldn't load my credentials: did you run grid-proxy-init?");
auth_barrier(link, "no\n", stoptime);
}
globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE);
return success;
}
static int auth_unix_assert(struct link *link, time_t stoptime)
{
int success = 0;
FILE *file;
char line[AUTH_LINE_MAX];
debug(D_AUTH, "unix: waiting for challenge");
if(link_readline(link, line, sizeof(line), stoptime)) {
debug(D_AUTH, "unix: challenge is %s", line);
file = fopen(line, "w");
if(file) {
fsync(fileno(file));
fclose(file);
debug(D_AUTH, "unix: issued response");
if(auth_barrier(link, "yes\n", stoptime)) {
debug(D_AUTH, "unix: response accepted");
success = 1;
} else {
debug(D_AUTH, "unix: response rejected");
}
} else {
debug(D_AUTH, "unix: could not meet challenge: %s", strerror(errno));
link_putliteral(link, "no\n", stoptime);
}
unlink(line);
} else {
debug(D_AUTH, "unix: couldn't read challenge");
}
return success;
}
