Condor_Auth_X509 :: Condor_Auth_X509(ReliSock * sock)
: Condor_Auth_Base (sock, CAUTH_GSI),
credential_handle(GSS_C_NO_CREDENTIAL),
context_handle (GSS_C_NO_CONTEXT),
m_gss_server_name(NULL),
token_status (0),
ret_flags (0)
{
#ifdef WIN32
ParseMapFile();
#endif
if ( !m_globusActivated ) {
// The Globus callout module is a system-wide setting. There are several
// cases where a user may not want it to apply to Condor by default
// (for example, if it causes crashes when mixed with Condor libs!).
// Setting GSI_AUTHZ_CONF=/dev/null works for disabling the callouts.
std::string gsi_authz_conf;
if (param(gsi_authz_conf, "GSI_AUTHZ_CONF")) {
if (setenv("GSI_AUTHZ_CONF", gsi_authz_conf.c_str(), 1)) {
dprintf(D_ALWAYS, "Failed to set the GSI_AUTHZ_CONF environment variable.\n");
EXCEPT("Failed to set the GSI_AUTHZ_CONF environment variable.\n");
}
}
if ( activate_globus_gsi() < 0 ) {
dprintf( D_ALWAYS, "Can't intialize GSI, authentication will fail: %s\n", x509_error_string() );
} else {
m_globusActivated = true;
}
}
}
void main(int argc, char **argv)
{
if(argc<2){
printf("\nInput MAP file?\n");
fgets(InputFile,80,stdin);
}
else{
strcpy(InputFile,argv[1]);
}
if(argc<3){
printf("\nOutput MAP file?\n");
fgets(OutputFile,80,stdin);
}
else{
strcpy(OutputFile,argv[2]);
}
if(!strcmp(InputFile,OutputFile)){
printf("\nInput file name and output file name must be different!\007");
exit(1);
}
ParseMapFile();
}
Condor_Auth_X509 :: Condor_Auth_X509(ReliSock * sock)
: Condor_Auth_Base (sock, CAUTH_GSI),
credential_handle(GSS_C_NO_CREDENTIAL),
context_handle (GSS_C_NO_CONTEXT),
m_gss_server_name(NULL),
token_status (0),
ret_flags (0)
{
#ifdef WIN32
ParseMapFile();
#endif
if ( !m_globusActivated ) {
// The Globus callout module is a system-wide setting. There are several
// cases where a user may not want it to apply to Condor by default
// (for example, if it causes crashes when mixed with Condor libs!).
// Setting GSI_AUTHZ_CONF=/dev/null works for disabling the callouts.
std::string gsi_authz_conf;
if (param(gsi_authz_conf, "GSI_AUTHZ_CONF")) {
if (globus_libc_setenv("GSI_AUTHZ_CONF", gsi_authz_conf.c_str(), 1)) {
dprintf(D_ALWAYS, "Failed to set the GSI_AUTHZ_CONF environment variable.\n");
EXCEPT("Failed to set the GSI_AUTHZ_CONF environment variable.\n");
}
}
// In 99% of cases, this is a no-op because the Globus threading model defaults
// to "none". However, this can be overridden by a user's environment variable
// and I'd prefer to take no chances. This call can fail if a globus module
// has already been activated (i.e., in the GAHP). As the defaults are OK,
// the logging is done at FULLDEBUG, not ALWAYS.
if (globus_thread_set_model( GLOBUS_THREAD_MODEL_NONE ) != GLOBUS_SUCCESS) {
dprintf(D_FULLDEBUG, "Unable to explicitly turn-off Globus threading."
" Will proceed with the default.\n");
}
globus_module_activate( GLOBUS_GSI_GSSAPI_MODULE );
globus_module_activate( GLOBUS_GSI_GSS_ASSIST_MODULE );
m_globusActivated = true;
}
}
/*
this function must return the same values as globus!!!!
also, it must allocate memory the same: create a new string and
write address into '*to'.
*/
int Condor_Auth_X509::condor_gss_assist_gridmap(const char * from, char ** to) {
if (GridMap == 0) {
ParseMapFile();
}
if (GridMap) {
MyString f(from), t;
if (GridMap->lookup(f, t) != -1) {
if (IsDebugVerbose(D_SECURITY)) {
dprintf (D_SECURITY, "GSI: subject %s is mapped to user %s.\n",
f.Value(), t.Value());
}
*to = strdup(t.Value());
return GSS_S_COMPLETE;
} else {
// if the map exists, they must be listed. and they're NOT!
return !GSS_S_COMPLETE;
}
}
return !GSS_S_COMPLETE;
}
