Condor_Auth_X509 :: Condor_Auth_X509(ReliSock * sock) : Condor_Auth_Base (sock, CAUTH_GSI), credential_handle(GSS_C_NO_CREDENTIAL), context_handle (GSS_C_NO_CONTEXT), m_gss_server_name(NULL), token_status (0), ret_flags (0) { #ifdef WIN32 ParseMapFile(); #endif if ( !m_globusActivated ) { // The Globus callout module is a system-wide setting. There are several // cases where a user may not want it to apply to Condor by default // (for example, if it causes crashes when mixed with Condor libs!). // Setting GSI_AUTHZ_CONF=/dev/null works for disabling the callouts. std::string gsi_authz_conf; if (param(gsi_authz_conf, "GSI_AUTHZ_CONF")) { if (setenv("GSI_AUTHZ_CONF", gsi_authz_conf.c_str(), 1)) { dprintf(D_ALWAYS, "Failed to set the GSI_AUTHZ_CONF environment variable.\n"); EXCEPT("Failed to set the GSI_AUTHZ_CONF environment variable.\n"); } } if ( activate_globus_gsi() < 0 ) { dprintf( D_ALWAYS, "Can't intialize GSI, authentication will fail: %s\n", x509_error_string() ); } else { m_globusActivated = true; } } }
void main(int argc, char **argv) { if(argc<2){ printf("\nInput MAP file?\n"); fgets(InputFile,80,stdin); } else{ strcpy(InputFile,argv[1]); } if(argc<3){ printf("\nOutput MAP file?\n"); fgets(OutputFile,80,stdin); } else{ strcpy(OutputFile,argv[2]); } if(!strcmp(InputFile,OutputFile)){ printf("\nInput file name and output file name must be different!\007"); exit(1); } ParseMapFile(); }
Condor_Auth_X509 :: Condor_Auth_X509(ReliSock * sock) : Condor_Auth_Base (sock, CAUTH_GSI), credential_handle(GSS_C_NO_CREDENTIAL), context_handle (GSS_C_NO_CONTEXT), m_gss_server_name(NULL), token_status (0), ret_flags (0) { #ifdef WIN32 ParseMapFile(); #endif if ( !m_globusActivated ) { // The Globus callout module is a system-wide setting. There are several // cases where a user may not want it to apply to Condor by default // (for example, if it causes crashes when mixed with Condor libs!). // Setting GSI_AUTHZ_CONF=/dev/null works for disabling the callouts. std::string gsi_authz_conf; if (param(gsi_authz_conf, "GSI_AUTHZ_CONF")) { if (globus_libc_setenv("GSI_AUTHZ_CONF", gsi_authz_conf.c_str(), 1)) { dprintf(D_ALWAYS, "Failed to set the GSI_AUTHZ_CONF environment variable.\n"); EXCEPT("Failed to set the GSI_AUTHZ_CONF environment variable.\n"); } } // In 99% of cases, this is a no-op because the Globus threading model defaults // to "none". However, this can be overridden by a user's environment variable // and I'd prefer to take no chances. This call can fail if a globus module // has already been activated (i.e., in the GAHP). As the defaults are OK, // the logging is done at FULLDEBUG, not ALWAYS. if (globus_thread_set_model( GLOBUS_THREAD_MODEL_NONE ) != GLOBUS_SUCCESS) { dprintf(D_FULLDEBUG, "Unable to explicitly turn-off Globus threading." " Will proceed with the default.\n"); } globus_module_activate( GLOBUS_GSI_GSSAPI_MODULE ); globus_module_activate( GLOBUS_GSI_GSS_ASSIST_MODULE ); m_globusActivated = true; } }
/* this function must return the same values as globus!!!! also, it must allocate memory the same: create a new string and write address into '*to'. */ int Condor_Auth_X509::condor_gss_assist_gridmap(const char * from, char ** to) { if (GridMap == 0) { ParseMapFile(); } if (GridMap) { MyString f(from), t; if (GridMap->lookup(f, t) != -1) { if (IsDebugVerbose(D_SECURITY)) { dprintf (D_SECURITY, "GSI: subject %s is mapped to user %s.\n", f.Value(), t.Value()); } *to = strdup(t.Value()); return GSS_S_COMPLETE; } else { // if the map exists, they must be listed. and they're NOT! return !GSS_S_COMPLETE; } } return !GSS_S_COMPLETE; }