int userok_bad_params_test(void) { char * globusid = "globusid"; char * userid = "userid"; int rc; rc = setenv("GRIDMAP", "grid-mapfile", 1); if (rc != 0) { fprintf(stderr, "Error setting GRIDMAP location\n"); goto out; } rc = globus_gss_assist_userok(NULL, userid); if (rc == GLOBUS_SUCCESS) { fprintf(stderr, "Unexpected success: globus_gss_assist_userok with null globusid\n"); rc = 1; goto out; } rc = globus_gss_assist_userok(globusid, NULL); if (rc == GLOBUS_SUCCESS) { fprintf(stderr, "Unexpected success: globus_gss_assist_userok with null userid\n"); rc = 1; goto out; } rc = 0; out: return rc; }
int blank_line_test(void) { char * gridmap = "gridmap.blank_line"; int i; int failed = 0; int rc; rc = setenv("GRIDMAP", gridmap, 1); if (rc != 0) { fprintf(stderr, "Error setting GRIDMAP location\n"); failed++; goto setenv_failed; } rc = globus_gss_assist_userok(test_dn, "jdoe"); if (rc != 0) { fprintf(stderr, "globus_gss_assist_userok unexpectedly failed [userok %s for %s in %s]\n", "jdoe", test_dn, gridmap); failed++; } setenv_failed: return failed; }
int long_line_test(void) { char * gridmap = "gridmap.long_line"; int i; int failed; int rc; char localname[7]; rc = setenv("GRIDMAP", gridmap, 1); if (rc != 0) { fprintf(stderr, "Error setting GRIDMAP location\n"); failed++; goto setenv_failed; } for (i = 1, failed = 0; i <= 1000; i++) { sprintf(localname, "jd%d", i); rc = globus_gss_assist_userok(test_dn, localname); if (rc != 0) { fprintf(stderr, "globus_gss_assist_userok unexpectedly failed [userok %s for %s in %s]\n", localname, test_dn, gridmap); failed++; continue; } } for (i = 1001; i <= 2000; i++) { sprintf(localname, "jd%d", i); rc = globus_gss_assist_userok(test_dn, localname); if (rc == 0) { fprintf(stderr, "globus_gss_assist_userok unexpectedly succeeded [userok %s for %s in %s]\n", localname, test_dn, gridmap); failed++; continue; } } setenv_failed: return failed; }
int userok_test(void) { struct gridmap_lookup_result tests[] = { { "gridmap.empty", test_dn, primary_username, GLOBUS_FALSE }, { "gridmap.no-local-uid", test_dn, primary_username, GLOBUS_FALSE }, { "gridmap.no-local-uid2", test_dn, primary_username, GLOBUS_FALSE }, { "grid-mapfile", test_dn, primary_username, GLOBUS_TRUE }, { "grid-mapfile", test_dn, secondary_username[0], GLOBUS_TRUE }, { "grid-mapfile", test_dn, secondary_username[1], GLOBUS_TRUE }, { "grid-mapfile", test_dn, wrong_username, GLOBUS_FALSE }, /* next few are unfortunate */ { "gridmap.multiple_lines", test_dn, primary_username, GLOBUS_TRUE }, { "gridmap.multiple_lines", test_dn, secondary_username[0], GLOBUS_FALSE }, { "gridmap.multiple_lines", test_dn, secondary_username[1], GLOBUS_FALSE }, { "gridmap.multiple_lines", test_dn, wrong_username, GLOBUS_FALSE }, { "grid-mapfile", wrong_test_dn, primary_username, GLOBUS_FALSE }, { "grid-mapfile", wrong_test_dn, secondary_username[0], GLOBUS_FALSE }, { "grid-mapfile", wrong_test_dn, secondary_username[1], GLOBUS_FALSE } }; int i; int failed; int rc; for (i = 0, failed = 0; i < SIZEOF_ARRAY(tests); i++) { rc = setenv("GRIDMAP", tests[i].gridmap, 1); if (rc != 0) { fprintf(stderr, "Error setting GRIDMAP location\n"); failed++; continue; } rc = globus_gss_assist_userok(tests[i].dn, tests[i].username); if (rc != 0 && tests[i].success) { fprintf(stderr, "globus_gss_assist_userok unexpectedly failed [userok %s for %s in %s]\n", tests[i].username, tests[i].dn, tests[i].gridmap); failed++; continue; } else if (rc == 0 && !tests[i].success) { fprintf(stderr, "globus_gss_assist_userok unexpectedly succeeded [userok %s for %s in %s]\n", tests[i].username, tests[i].dn, tests[i].gridmap); failed++; continue; } } return failed; }
/* * Check if this user is OK to login under GSI. User has been authenticated * as identity in global 'client_name.value' and is trying to log in as passed * username in 'name'. * * Returns non-zero if user is authorized, 0 otherwise. */ static int ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name) { int authorized = 0; globus_result_t res; #ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE char lname[256] = ""; #endif #ifdef GLOBUS_GSI_GSS_ASSIST_MODULE if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) { return 0; } #endif /* use new globus_gss_assist_map_and_authorize() interface if available */ #ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE debug("calling globus_gss_assist_map_and_authorize()"); if (GLOBUS_SUCCESS != (res = globus_gss_assist_map_and_authorize(client->context, "ssh", name, lname, 256))) { debug("%s", globus_error_print_chain(globus_error_get(res))); } else if (lname[0] && strcmp(name, lname) != 0) { debug("GSI user maps to %s, not %s", lname, name); } else { authorized = 1; } #else debug("calling globus_gss_assist_userok()"); if (GLOBUS_SUCCESS != (res = (globus_gss_assist_userok(client->displayname.value, name)))) { debug("%s", globus_error_print_chain(globus_error_get(res))); } else { authorized = 1; } #endif logit("GSI user %s is%s authorized as target user %s", (char *) client->displayname.value, (authorized ? "" : " not"), name); return authorized; }