Exemple #1
0
int main(int argc, char *argv[]) 
{
  struct vomsdata *vd = VOMS_Init(NULL, NULL);
  int error = 0;
  BIO *in = NULL;
  char *of = argv[1];
  X509 *x = NULL;
  int nid = -1;
  int index = -1;
  X509_EXTENSION *ext = NULL;

  if (vd) {
    in = BIO_new(BIO_s_file());
    if (in) {
      if (BIO_read_filename(in, of) > 0) {
        x = PEM_read_bio_X509(in, NULL, 0, NULL);
        if(!x) {
          printf("cannot read proxy:%s\n",of);
          exit(1);
        }

        nid = OBJ_txt2nid("acseq");
        index = X509_get_ext_by_NID(x, nid, -1);

        if (index >= 0) {
          ext = X509_get_ext(x, index);
    
          if (ext) {
            if (VOMS_RetrieveEXT(ext,  vd, &error)) {
              struct voms *voms = VOMS_DefaultData(vd, &error);
              
              if (voms) {
                char **fqans = voms->fqan;
                
                while (*fqans) {
                  printf("fqan: %s\n", *fqans++);
                }

                exit(0);
              }
              else {
                printf("no voms data found.");
                exit(1);
              }
            }
            else {
              printf("Error1 is: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0));
              exit(1);
            }
          }
        }
        else
          printf("No extension found");
      }
    }
  }
  exit(1);
}
Exemple #2
0
int main(int argc, char *argv[]) 
{
  struct vomsdata *vd = VOMS_Init(NULL, NULL);
  int error = 0;

  if (vd) {

    if (VOMS_RetrieveFromProxy(RECURSE_CHAIN, vd, &error)) {
      struct voms *or = VOMS_DefaultData(vd, &error);
      struct voms *cp = VOMS_Copy(vd->data[0], &error);

      VOMS_Delete(cp);
      exit(0);
    }
  }
  exit(1);
}
Exemple #3
0
int main(int argc, char *argv[]) {
  struct vomsdata *vd = VOMS_Init(NULL, NULL);
  int error = 0;

  char * command;

  if (argc == 1 || !strcmp(argv[1],"")) 
    command="G/voms1";
  else
    command = argv[1];

  if (vd) {

    struct contactdata **vomses = VOMS_FindByAlias(vd, "voms1", NULL, NULL, &error);

    if (vomses[0]) {
      if (VOMS_Contact(vomses[0]->host, vomses[0]->port, vomses[0]->contact,
                       command, vd, &error)) {
        struct voms **vomsarray = vd->data;
        if (vomsarray && vomsarray[0]) {
          int index = 0;

          printf("voname1: %s\n", vomsarray[0]->voname);
          printf("user1: %s\n", vomsarray[0]->user);
          printf("userca1: %s\n", vomsarray[0]->userca);
          printf("server1: %s\n", vomsarray[0]->server);
          printf("serverca1: %s\n", vomsarray[0]->serverca);
          printf("uri1: %s\n", vomsarray[0]->uri);
          printf("begdate1: %s\n", vomsarray[0]->date1);
          printf("enddate1: %s\n", vomsarray[0]->date2);

          while (vomsarray[0]->fqan[index]) 
            printf("fqan1: %s\n", vomsarray[0]->fqan[index++]);

          printf("version1: %d\n", vomsarray[0]->version);

          exit(0);
        }
      }
    }
  }

  fprintf(stderr, "Error Message1: %s\n", VOMS_ErrorMessage(vd, error, NULL, 0));
  exit (1);
}
Exemple #4
0
int
plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred)
{
    char *user_dn;
    int ret;
    edg_wll_Context ctx;
    struct _edg_wll_GssPrincipal_data princ;
    X509 *cert = NULL;
    STACK_OF(X509) * chain = NULL;
    void *cred = NULL;
    struct vomsdata *voms_info = NULL;
    int err;
    authz_action action;

    memset(&princ, 0, sizeof(princ));

    lcas_log_debug(1,"\t%s-plugin: checking LB access policy\n",
                   modname);

    if (edg_wll_InitContext(&ctx) != 0) {
        lcas_log(0, "Couldn't create L&B context\n");
        ret = LCAS_MOD_FAIL;
        goto end;
    }

    if ((action = find_authz_action(request)) == ACTION_UNDEF) {
        lcas_log(0, "lcas.mod-lb() error: unsupported action\n");
        ret = LCAS_MOD_FAIL;
        goto end;
    }

    user_dn = lcas_get_dn(lcas_cred);
    if (user_dn == NULL) {
        lcas_log(0, "lcas.mod-lb() error: user DN empty\n");
        ret = LCAS_MOD_FAIL;
        goto end;
    }
    princ.name = user_dn;

    cred = lcas_get_gss_cred(lcas_cred);
    if (cred == NULL) {
        lcas_log(0, "lcas.mod-lb() warning: user gss credential empty\n");
#if 0
        ret = LCAS_MOD_FAIL;
        goto end;
#endif
    }

#ifndef NO_GLOBUS_GSSAPI
    if (cred) {
        voms_info = VOMS_Init(NULL, NULL);
        if (voms_info == NULL) {
            lcas_log(0, "lcas.mod-lb() failed to initialize VOMS\n");
            ret = LCAS_MOD_FAIL;
            goto end;
        }

        ret = VOMS_RetrieveFromCred(cred, RECURSE_CHAIN, voms_info, &err);
        if (ret == 1)
            edg_wll_get_fqans(ctx, voms_info, &princ.fqans);
    }
#endif

    ret = check_authz_policy(edg_wll_get_server_policy(), &princ, action);
    ret = (ret == 1) ? LCAS_MOD_SUCCESS : LCAS_MOD_FAIL;

end:
    edg_wll_FreeContext(ctx);
#ifndef NO_GLOBUS_GSSAPI
    if (voms_info)
        VOMS_Destroy(voms_info);
#endif
    if (cert)
        X509_free(cert);
    if (chain)
        sk_X509_pop_free(chain, X509_free);

    return ret;
}
static void
osg_extensions_init(globus_gfs_operation_t op, globus_gfs_session_info_t * session)
{
    GlobusGFSName(osg_extensions_init);

    globus_result_t result = globus_gridftp_server_add_command(op, "SITE USAGE",
                                 GLOBUS_GFS_OSG_CMD_SITE_USAGE,
                                 3,
                                 5,
                                 "SITE USAGE <sp> [TOKEN <sp> $name] <sp> $location: Get usage information for a location.",
                                 GLOBUS_FALSE,
                                 GFS_ACL_ACTION_LOOKUP);

    if (result != GLOBUS_SUCCESS)
    {
        result = GlobusGFSErrorWrapFailed("Failed to add custom 'SITE USAGE' command", result);
        globus_gridftp_server_finished_session_start(op,
                                                 result,
                                                 NULL,
                                                 NULL,
                                                 NULL);
        return;
    }

#ifdef VOMS_FOUND

    struct vomsdata *vdata = VOMS_Init(NULL, NULL);
    if (vdata)
    {
        int error;
        if (!VOMS_RetrieveFromCred(session->del_cred, RECURSE_CHAIN, vdata, &error))
        {
            globus_gfs_log_message(GLOBUS_GFS_LOG_TRANSFER, "No VOMS info in credential.\n");
        }
        else
        {
            struct voms *vext;
            int idx;
            for (idx = 0; vdata->data[idx] != NULL; idx++)
            {
                char msg[1024];
                char *pos = msg;
                int char_remaining = 1022;
                vext = vdata->data[idx];
                int this_round;
                if ((char_remaining > 0) && vext->voname)
                {
                    this_round = snprintf(pos, char_remaining, "VO %s ", vext->voname);
                    pos += this_round;
                    char_remaining -= this_round;
                }
                char *fqan;
                int count = 0;
                int idx2 = 0;
                for (idx2 = 0; vext->fqan[idx2] != NULL; idx2++)
                {
                    fqan = vext->fqan[idx2];
                    if (char_remaining > 0)
                    {
                        count ++;
                        this_round = snprintf(pos, char_remaining, "%s,", fqan);
                        pos += this_round;
                        char_remaining -= this_round;
                    }
                }
                if (count && char_remaining >= 0) {pos--;}
                if (char_remaining >= 0)
                {
                    *pos = '\n';
                    *(pos+1) = '\0';
                }
                else
                {
                    msg[1023] = '\0';
                    msg[1022] = '\n';
                }
                globus_gfs_log_message(GLOBUS_GFS_LOG_TRANSFER, msg);
            }
        }
        VOMS_Destroy(vdata);
    }

#endif  // VOMS_FOUND

    original_init_function(op, session);
}