int plugin_confirm_authorization(lcas_request_t request, lcas_cred_id_t lcas_cred) { char *user_dn; int ret; edg_wll_Context ctx; struct _edg_wll_GssPrincipal_data princ; X509 *cert = NULL; STACK_OF(X509) * chain = NULL; void *cred = NULL; struct vomsdata *voms_info = NULL; int err; authz_action action; memset(&princ, 0, sizeof(princ)); lcas_log_debug(1,"\t%s-plugin: checking LB access policy\n", modname); if (edg_wll_InitContext(&ctx) != 0) { lcas_log(0, "Couldn't create L&B context\n"); ret = LCAS_MOD_FAIL; goto end; } if ((action = find_authz_action(request)) == ACTION_UNDEF) { lcas_log(0, "lcas.mod-lb() error: unsupported action\n"); ret = LCAS_MOD_FAIL; goto end; } user_dn = lcas_get_dn(lcas_cred); if (user_dn == NULL) { lcas_log(0, "lcas.mod-lb() error: user DN empty\n"); ret = LCAS_MOD_FAIL; goto end; } princ.name = user_dn; cred = lcas_get_gss_cred(lcas_cred); if (cred == NULL) { lcas_log(0, "lcas.mod-lb() warning: user gss credential empty\n"); #if 0 ret = LCAS_MOD_FAIL; goto end; #endif } #ifndef NO_GLOBUS_GSSAPI if (cred) { voms_info = VOMS_Init(NULL, NULL); if (voms_info == NULL) { lcas_log(0, "lcas.mod-lb() failed to initialize VOMS\n"); ret = LCAS_MOD_FAIL; goto end; } ret = VOMS_RetrieveFromCred(cred, RECURSE_CHAIN, voms_info, &err); if (ret == 1) edg_wll_get_fqans(ctx, voms_info, &princ.fqans); } #endif ret = check_authz_policy(edg_wll_get_server_policy(), &princ, action); ret = (ret == 1) ? LCAS_MOD_SUCCESS : LCAS_MOD_FAIL; end: edg_wll_FreeContext(ctx); #ifndef NO_GLOBUS_GSSAPI if (voms_info) VOMS_Destroy(voms_info); #endif if (cert) X509_free(cert); if (chain) sk_X509_pop_free(chain, X509_free); return ret; }
static void osg_extensions_init(globus_gfs_operation_t op, globus_gfs_session_info_t * session) { GlobusGFSName(osg_extensions_init); globus_result_t result = globus_gridftp_server_add_command(op, "SITE USAGE", GLOBUS_GFS_OSG_CMD_SITE_USAGE, 3, 5, "SITE USAGE <sp> [TOKEN <sp> $name] <sp> $location: Get usage information for a location.", GLOBUS_FALSE, GFS_ACL_ACTION_LOOKUP); if (result != GLOBUS_SUCCESS) { result = GlobusGFSErrorWrapFailed("Failed to add custom 'SITE USAGE' command", result); globus_gridftp_server_finished_session_start(op, result, NULL, NULL, NULL); return; } #ifdef VOMS_FOUND struct vomsdata *vdata = VOMS_Init(NULL, NULL); if (vdata) { int error; if (!VOMS_RetrieveFromCred(session->del_cred, RECURSE_CHAIN, vdata, &error)) { globus_gfs_log_message(GLOBUS_GFS_LOG_TRANSFER, "No VOMS info in credential.\n"); } else { struct voms *vext; int idx; for (idx = 0; vdata->data[idx] != NULL; idx++) { char msg[1024]; char *pos = msg; int char_remaining = 1022; vext = vdata->data[idx]; int this_round; if ((char_remaining > 0) && vext->voname) { this_round = snprintf(pos, char_remaining, "VO %s ", vext->voname); pos += this_round; char_remaining -= this_round; } char *fqan; int count = 0; int idx2 = 0; for (idx2 = 0; vext->fqan[idx2] != NULL; idx2++) { fqan = vext->fqan[idx2]; if (char_remaining > 0) { count ++; this_round = snprintf(pos, char_remaining, "%s,", fqan); pos += this_round; char_remaining -= this_round; } } if (count && char_remaining >= 0) {pos--;} if (char_remaining >= 0) { *pos = '\n'; *(pos+1) = '\0'; } else { msg[1023] = '\0'; msg[1022] = '\n'; } globus_gfs_log_message(GLOBUS_GFS_LOG_TRANSFER, msg); } } VOMS_Destroy(vdata); } #endif // VOMS_FOUND original_init_function(op, session); }