Esempio n. 1
0
char *
newStringOfCredential(gss_cred_id_t cred)
{
    OM_uint32 majStat, minStat;
    gss_name_t name;
    char *s;

    if (gfarmGssNewCredentialName(&name, cred, &majStat, &minStat) > 0) {
	s = newStringOfName(name);
	gfarmGssDeleteName(&name, NULL, NULL);
	return s;
    }
    fprintf(stderr, "cannot convert credential to gss_name_t:\n");
    gfarmGssPrintMajorStatus(majStat);
    gfarmGssPrintMinorStatus(minStat);
    return strdup("(invalid credential)");
}
Esempio n. 2
0
char *
gfarm_gsi_client_cred_name(void)
{
	gss_cred_id_t cred;
	gss_name_t name;
	OM_uint32 e_major, e_minor;
	static int initialized = 0;
	static char *dn;

	if (initialized)
		return (dn);
	
	if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0) {
		dn = NULL;
		gflog_auth_error("gfarm_gsi_client_cred_name(): "
		    "not initialized as an initiator");
	} else if (gfarmGssNewCredentialName(&name, cred, &e_major, &e_minor)
	    < 0) {
		dn = NULL;
		if (gflog_auth_get_verbose()) {
			gflog_error("cannot convert initiator credential "
			    "to name");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
	} else {
		dn = gfarmGssNewDisplayName(name, &e_major, &e_minor, NULL);
		if (dn == NULL && gflog_auth_get_verbose()) {
			gflog_error("cannot convert initiator credential "
			    "to string");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
		gfarmGssDeleteName(&name, NULL, NULL);
	}
	initialized = 1;
	return (dn);
}
Esempio n. 3
0
File: gsi.c Progetto: ddk50/gfarm_v2
int
gfarmGssAcquireCredential(gss_cred_id_t *credPtr,
    const gss_name_t desiredName, gss_cred_usage_t credUsage,
    OM_uint32 *majStatPtr, OM_uint32 *minStatPtr, gss_name_t *credNamePtr)
{
    OM_uint32 majStat = 0;
    OM_uint32 minStat = 0;
    int ret = -1;
    gss_cred_id_t cred;
    
    *credPtr = GSS_C_NO_CREDENTIAL;

    majStat = gss_acquire_cred(&minStat,
			       desiredName,
			       GSS_C_INDEFINITE,
			       GSS_C_NO_OID_SET,
			       credUsage,
			       &cred,
			       NULL,
			       NULL);
#if GFARM_FAKE_GSS_C_NT_USER_NAME_FOR_GLOBUS
    if (majStat != GSS_S_COMPLETE) {
	OM_uint32 majStat2, majStat3;
	OM_uint32 minStat2, minStat3;

	/*
	 * to workaround a problem that any proxy credential cannot be
	 * acquired by using "/C=.../O=.../CN=John Smith" as its name.
	 * Globus requires "/C=.../O=.../CN=John Smith/CN=proxy".
	 */
	majStat2 = gss_acquire_cred(&minStat2,
				    GSS_C_NO_NAME,
				    GSS_C_INDEFINITE,
				    GSS_C_NO_OID_SET,
				    credUsage,
				    &cred,
				    NULL,
				    NULL);
	if (majStat2 == GSS_S_COMPLETE) {
	    gss_name_t credName;

	    if (gfarmGssNewCredentialName(&credName, cred, NULL, NULL) > 0) {
		int equal;

		majStat3 = gss_compare_name(&minStat3, desiredName, credName,
					    &equal);
		if (majStat3 == GSS_S_COMPLETE && equal) {
		    majStat = majStat2;
		    minStat = minStat2;
		}
		gfarmGssDeleteName(&credName, NULL, NULL);
	    }
	    if (majStat != GSS_S_COMPLETE) {
		gfarmGssDeleteCredential(&cred, NULL, NULL);
	    }
	}
    }
#endif /* GFARM_FAKE_GSS_C_NT_USER_NAME_FOR_GLOBUS */

    /*
     * Check validness.
     */
    if (majStat == GSS_S_COMPLETE) {
	if (credNamePtr == NULL) {
	    ret = 1;
	} else if (gfarmGssNewCredentialName(credNamePtr, cred,
					     &majStat, &minStat) > 0) {
	    /* Only valid when the name is got. */
	    ret = 1;
	}
	if (ret > 0 && credPtr != NULL) {
	    *credPtr = cred;
	} else {
	    gfarmGssDeleteCredential(&cred, NULL, NULL);
	}
    }

    if (majStatPtr != NULL) {
	*majStatPtr = majStat;
    }
    if (minStatPtr != NULL) {
	*minStatPtr = minStat;
    }	

    if (ret == -1) {
	gflog_debug(GFARM_MSG_1000790,
		"failed to acquire credential (%u)(%u)",
		majStat, minStat);
    }

    return ret;
}
Esempio n. 4
0
char *
gfarm_gsi_cred_config_convert_to_name(
	enum gfarm_auth_cred_type type, char *service, char *name,
	char *hostname,
	gss_name_t *namep)
{
	int rv;
	OM_uint32 e_major;
	OM_uint32 e_minor;
	gss_cred_id_t cred;

	switch (type) {
	case GFARM_AUTH_CRED_TYPE_DEFAULT:
		/* special. equivalent to GSS_C_NO_CREDENTIAL */
		if (name != NULL)
			return ("cred_type is not set, but cred_name is set");
		if (service != NULL)
			return ("cred_type is not set, but cred_service is set"
			    );
		return ("internal error: missing GSS_C_NO_CREDENTIAL check");
	case GFARM_AUTH_CRED_TYPE_NO_NAME:
		if (name != NULL)
			return ("cred_type is \"no-name\", "
			    "but cred_name is set");
		if (service != NULL)
			return ("cred_type is \"no-name\", "
			    "but cred_service is set");
		*namep = GSS_C_NO_NAME;
		return (NULL);
	case GFARM_AUTH_CRED_TYPE_MECHANISM_SPECIFIC:
		if (name == NULL)
			return ("cred_type is \"mechanism-specific\", "
			    "but cred_name is not set");
		if (service != NULL)
			return ("cred_type is \"mechanism-specific\", "
			    "but cred_service is set");
		rv = gfarmGssImportName(namep, name, strlen(name),
		    GSS_C_NO_OID, &e_major, &e_minor);
		break;
	case GFARM_AUTH_CRED_TYPE_HOST:
		if (name == NULL)
			name = hostname;
		if (service == NULL) {
			rv = gfarmGssImportNameOfHost(namep, name,
			    &e_major, &e_minor);
		} else {
			rv = gfarmGssImportNameOfHostBasedService(namep,
			    service, name, &e_major, &e_minor);
		}
		break;
	case GFARM_AUTH_CRED_TYPE_USER:
		if (service != NULL)
			return ("cred_type is \"user\", "
			    "but cred_service is set");
		/*
		 * XXX FIXME: `name' must be converted from global_username
		 * to local_username, but there is no such function for now.
		 */
		if (name == NULL)
			name = gfarm_get_local_username();
		rv = gfarmGssImportName(namep, name, strlen(name),
		    GSS_C_NT_USER_NAME, &e_major, &e_minor);
		break;
	case GFARM_AUTH_CRED_TYPE_SELF:
		/* special. there is no corresponding name_type in GSSAPI */
		if (name != NULL)
			return ("cred_type is \"self\", but cred_name is set");
		if (service != NULL)
			return ("cred_type is \"self\", "
			    "but cred_service is set");
		if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0 ||
		    cred == GSS_C_NO_CREDENTIAL)
			return ("cred_type is \"self\", "
			    "but not initialized as an initiator");
		rv = gfarmGssNewCredentialName(namep, cred, &e_major,&e_minor);
		break;
	default:
		return ("internal error - invalid cred_type");
	}
	if (rv < 0) {
		if (gflog_auth_get_verbose()) {
			gflog_error("gfarmGssImportName(): "
			    "invalid credential configuration:");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
		return ("invalid credential configuration");
	}
	return (NULL);
}