char *
gfarm_gsi_server_initialize(void)
{
OM_uint32 e_major;
OM_uint32 e_minor;
int rv;
if (gsi_initialized) {
if (gsi_server_initialized)
return (NULL);
gfarmSecSessionFinalizeInitiator();
gsi_initialized = 0;
}
rv = gfarmSecSessionInitializeBoth(NULL, NULL, GRID_MAPFILE,
&e_major, &e_minor);
if (rv <= 0) {
if (gflog_auth_get_verbose()) {
gflog_error(
"can't initialize GSI as both because of:");
gfarmGssPrintMajorStatus(e_major);
gfarmGssPrintMinorStatus(e_minor);
}
gfarmSecSessionFinalizeBoth();
return ("GSI initialization failed"); /* XXX */
}
gsi_initialized = 1;
gsi_server_initialized = 1;
return (NULL);
}
char *
gfarm_gsi_client_cred_name(void)
{
gss_cred_id_t cred;
gss_name_t name;
OM_uint32 e_major, e_minor;
static int initialized = 0;
static char *dn;
if (initialized)
return (dn);
if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0) {
dn = NULL;
gflog_auth_error("gfarm_gsi_client_cred_name(): "
"not initialized as an initiator");
} else if (gfarmGssNewCredentialName(&name, cred, &e_major, &e_minor)
< 0) {
dn = NULL;
if (gflog_auth_get_verbose()) {
gflog_error("cannot convert initiator credential "
"to name");
gfarmGssPrintMajorStatus(e_major);
gfarmGssPrintMinorStatus(e_minor);
}
} else {
dn = gfarmGssNewDisplayName(name, &e_major, &e_minor, NULL);
if (dn == NULL && gflog_auth_get_verbose()) {
gflog_error("cannot convert initiator credential "
"to string");
gfarmGssPrintMajorStatus(e_major);
gfarmGssPrintMinorStatus(e_minor);
}
gfarmGssDeleteName(&name, NULL, NULL);
}
initialized = 1;
return (dn);
}
char *
newStringOfName(const gss_name_t inputName)
{
OM_uint32 majStat, minStat;
char *s = gfarmGssNewDisplayName(inputName, &majStat, &minStat, NULL);
if (s != NULL) {
return s;
}
fprintf(stderr, "cannot convert gss_name_t to display string:\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return strdup("(invalid gss_name_t)");
}
char *
newStringOfCredential(gss_cred_id_t cred)
{
OM_uint32 majStat, minStat;
gss_name_t name;
char *s;
if (gfarmGssNewCredentialName(&name, cred, &majStat, &minStat) > 0) {
s = newStringOfName(name);
gfarmGssDeleteName(&name, NULL, NULL);
return s;
}
fprintf(stderr, "cannot convert credential to gss_name_t:\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return strdup("(invalid credential)");
}
static void
free_secsession(struct io_gfsl *io)
{
OM_uint32 e_major, e_minor;
gfarmSecSessionTerminate(io->session);
if (io->cred_to_be_freed != GSS_C_NO_CREDENTIAL &&
gfarmGssDeleteCredential(&io->cred_to_be_freed,
&e_major, &e_minor) < 0 &&
gflog_auth_get_verbose()) {
gflog_error("Can't free my credential because of:");
gfarmGssPrintMajorStatus(e_major);
gfarmGssPrintMinorStatus(e_minor);
}
if (io->buffer != NULL)
free(io->buffer);
free(io);
}
int
HandleCommonOptions(int option, char *arg)
{
int tmp;
OM_uint32 majStat;
OM_uint32 minStat;
switch (option) {
case 'p':
if (gfarmGetInt(arg, &tmp) < 0) {
fprintf(stderr, "illegal port number.\n");
return -1;
}
if (tmp <= 0) {
fprintf(stderr, "port number must be > 0.\n");
return -1;
} else if (tmp > 65535) {
fprintf(stderr, "port number must be < 65536.\n");
return -1;
}
port = tmp;
break;
case 'H':
if (arg != NULL && *arg != '\0') {
hostName = strdup(arg);
}
break;
case 'S':
if (arg != NULL && *arg != '\0') {
serviceName = arg;
}
break;
case 'M': /* mechanism specific name */
if (gfarmGssImportName(&acceptorName,
arg, strlen(arg), GSS_C_NO_OID,
&majStat, &minStat) < 0) {
fprintf(stderr, "gfarmGssImportName(GSS_C_NO_OID) failed.\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
acceptorSpecified = 1;
break;
case 'N':
acceptorName = GSS_C_NO_NAME;
acceptorSpecified = 1;
break;
case 'n':
if (gfarmGssImportName(&acceptorName,
arg, strlen(arg), GSS_C_NT_USER_NAME,
&majStat, &minStat) < 0) {
fprintf(stderr, "gfarmGssImportName(GSS_C_NT_USER_NAME)"
" failed.\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
acceptorSpecified = 1;
break;
case 'U':
if (gfarmGssImportName(&acceptorName,
arg, strlen(arg), GSS_C_NT_STRING_UID_NAME,
&majStat, &minStat) < 0) {
fprintf(stderr, "gfarmGssImportName(GSS_C_NT_STRING_UID_NAME)"
" failed.\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
acceptorSpecified = 1;
break;
case 'X': /* This isn't guaranteed to work */
if (gfarmGssImportName(&acceptorName,
arg, strlen(arg), GSS_C_NT_EXPORT_NAME,
&majStat, &minStat) < 0) {
fprintf(stderr, "gfarmGssImportName(GSS_C_NT_EXPORT_NAME)"
" failed.\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
acceptorSpecified = 1;
break;
case 'u':
arg = getenv("USER");
if (arg == NULL)
arg = getenv("LOGNAME");
if (arg == NULL) {
fprintf(stderr, "neither $USER nor $LOGNAME isn't set");
return -1;
}
if (gfarmGssImportName(&acceptorName,
arg, strlen(arg), GSS_C_NT_USER_NAME,
&majStat, &minStat) < 0) {
fprintf(stderr, "gfarmGssImportName(GSS_C_NT_USER_NAME)"
" failed.\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
acceptorSpecified = 1;
break;
default:
fprintf(stderr, "error happens at an option\n");
return -1;
}
if (hostName != NULL || serviceName != NULL) {
if (hostName == NULL) {
char buf[2048];
if (gethostname(buf, sizeof(buf)) != 0) {
perror("gethostname");
return -1;
}
hostName = strdup(buf);
}
if (serviceName == NULL) {
if (gfarmGssImportNameOfHost(&acceptorName,
hostName, &majStat, &minStat) < 0) {
fprintf(stderr,
"gfarmGssImportNameOfHost() failed with:\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
} else {
if (gfarmGssImportNameOfHostBasedService(&acceptorName,
serviceName, hostName,
&majStat, &minStat) < 0) {
fprintf(stderr,
"gfarmGssImportNameOfHostBasedService() "
"failed with:\n");
gfarmGssPrintMajorStatus(majStat);
gfarmGssPrintMinorStatus(minStat);
return -1;
}
}
acceptorSpecified = 1;
}
return 0;
}
char *
gfarm_gsi_cred_config_convert_to_name(
enum gfarm_auth_cred_type type, char *service, char *name,
char *hostname,
gss_name_t *namep)
{
int rv;
OM_uint32 e_major;
OM_uint32 e_minor;
gss_cred_id_t cred;
switch (type) {
case GFARM_AUTH_CRED_TYPE_DEFAULT:
/* special. equivalent to GSS_C_NO_CREDENTIAL */
if (name != NULL)
return ("cred_type is not set, but cred_name is set");
if (service != NULL)
return ("cred_type is not set, but cred_service is set"
);
return ("internal error: missing GSS_C_NO_CREDENTIAL check");
case GFARM_AUTH_CRED_TYPE_NO_NAME:
if (name != NULL)
return ("cred_type is \"no-name\", "
"but cred_name is set");
if (service != NULL)
return ("cred_type is \"no-name\", "
"but cred_service is set");
*namep = GSS_C_NO_NAME;
return (NULL);
case GFARM_AUTH_CRED_TYPE_MECHANISM_SPECIFIC:
if (name == NULL)
return ("cred_type is \"mechanism-specific\", "
"but cred_name is not set");
if (service != NULL)
return ("cred_type is \"mechanism-specific\", "
"but cred_service is set");
rv = gfarmGssImportName(namep, name, strlen(name),
GSS_C_NO_OID, &e_major, &e_minor);
break;
case GFARM_AUTH_CRED_TYPE_HOST:
if (name == NULL)
name = hostname;
if (service == NULL) {
rv = gfarmGssImportNameOfHost(namep, name,
&e_major, &e_minor);
} else {
rv = gfarmGssImportNameOfHostBasedService(namep,
service, name, &e_major, &e_minor);
}
break;
case GFARM_AUTH_CRED_TYPE_USER:
if (service != NULL)
return ("cred_type is \"user\", "
"but cred_service is set");
/*
* XXX FIXME: `name' must be converted from global_username
* to local_username, but there is no such function for now.
*/
if (name == NULL)
name = gfarm_get_local_username();
rv = gfarmGssImportName(namep, name, strlen(name),
GSS_C_NT_USER_NAME, &e_major, &e_minor);
break;
case GFARM_AUTH_CRED_TYPE_SELF:
/* special. there is no corresponding name_type in GSSAPI */
if (name != NULL)
return ("cred_type is \"self\", but cred_name is set");
if (service != NULL)
return ("cred_type is \"self\", "
"but cred_service is set");
if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0 ||
cred == GSS_C_NO_CREDENTIAL)
return ("cred_type is \"self\", "
"but not initialized as an initiator");
rv = gfarmGssNewCredentialName(namep, cred, &e_major,&e_minor);
break;
default:
return ("internal error - invalid cred_type");
}
if (rv < 0) {
if (gflog_auth_get_verbose()) {
gflog_error("gfarmGssImportName(): "
"invalid credential configuration:");
gfarmGssPrintMajorStatus(e_major);
gfarmGssPrintMinorStatus(e_minor);
}
return ("invalid credential configuration");
}
return (NULL);
}