示例#1
0
char *
gfarm_gsi_server_initialize(void)
{
	OM_uint32 e_major;
	OM_uint32 e_minor;
	int rv;

	if (gsi_initialized) {
		if (gsi_server_initialized)
			return (NULL);
		gfarmSecSessionFinalizeInitiator();
		gsi_initialized = 0;
	}

	rv = gfarmSecSessionInitializeBoth(NULL, NULL, GRID_MAPFILE,
	    &e_major, &e_minor);
	if (rv <= 0) {
		if (gflog_auth_get_verbose()) {
			gflog_error(
			    "can't initialize GSI as both because of:");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
		gfarmSecSessionFinalizeBoth();
		return ("GSI initialization failed"); /* XXX */
	}
	gsi_initialized = 1;
	gsi_server_initialized = 1;
	return (NULL);
}
示例#2
0
char *
gfarm_gsi_client_cred_name(void)
{
	gss_cred_id_t cred;
	gss_name_t name;
	OM_uint32 e_major, e_minor;
	static int initialized = 0;
	static char *dn;

	if (initialized)
		return (dn);
	
	if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0) {
		dn = NULL;
		gflog_auth_error("gfarm_gsi_client_cred_name(): "
		    "not initialized as an initiator");
	} else if (gfarmGssNewCredentialName(&name, cred, &e_major, &e_minor)
	    < 0) {
		dn = NULL;
		if (gflog_auth_get_verbose()) {
			gflog_error("cannot convert initiator credential "
			    "to name");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
	} else {
		dn = gfarmGssNewDisplayName(name, &e_major, &e_minor, NULL);
		if (dn == NULL && gflog_auth_get_verbose()) {
			gflog_error("cannot convert initiator credential "
			    "to string");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
		gfarmGssDeleteName(&name, NULL, NULL);
	}
	initialized = 1;
	return (dn);
}
示例#3
0
文件: scarg.c 项目: ddk50/gfarm_v2
char *
newStringOfName(const gss_name_t inputName)
{
    OM_uint32 majStat, minStat;
    char *s = gfarmGssNewDisplayName(inputName, &majStat, &minStat, NULL);

    if (s != NULL) {
	return s;
    }
    fprintf(stderr, "cannot convert gss_name_t to display string:\n");
    gfarmGssPrintMajorStatus(majStat);
    gfarmGssPrintMinorStatus(minStat);
    return strdup("(invalid gss_name_t)");
}
示例#4
0
文件: scarg.c 项目: ddk50/gfarm_v2
char *
newStringOfCredential(gss_cred_id_t cred)
{
    OM_uint32 majStat, minStat;
    gss_name_t name;
    char *s;

    if (gfarmGssNewCredentialName(&name, cred, &majStat, &minStat) > 0) {
	s = newStringOfName(name);
	gfarmGssDeleteName(&name, NULL, NULL);
	return s;
    }
    fprintf(stderr, "cannot convert credential to gss_name_t:\n");
    gfarmGssPrintMajorStatus(majStat);
    gfarmGssPrintMinorStatus(minStat);
    return strdup("(invalid credential)");
}
示例#5
0
static void
free_secsession(struct io_gfsl *io)
{
	OM_uint32 e_major, e_minor;

	gfarmSecSessionTerminate(io->session);

	if (io->cred_to_be_freed != GSS_C_NO_CREDENTIAL &&
	    gfarmGssDeleteCredential(&io->cred_to_be_freed,
	    &e_major, &e_minor) < 0 &&
	    gflog_auth_get_verbose()) {
		gflog_error("Can't free my credential because of:");
		gfarmGssPrintMajorStatus(e_major);
		gfarmGssPrintMinorStatus(e_minor);
	}
		
	if (io->buffer != NULL)
		free(io->buffer);
	free(io);
}
示例#6
0
文件: scarg.c 项目: ddk50/gfarm_v2
int
HandleCommonOptions(int option, char *arg)
{
    int tmp;
    OM_uint32 majStat;
    OM_uint32 minStat;

    switch (option) {
    case 'p':
	if (gfarmGetInt(arg, &tmp) < 0) {
	    fprintf(stderr, "illegal port number.\n");
	    return -1;
	}
	if (tmp <= 0) {
	    fprintf(stderr, "port number must be > 0.\n");
	    return -1;
	} else if (tmp > 65535) {
	    fprintf(stderr, "port number must be < 65536.\n");
	    return -1;
	}
	port = tmp;
	break;
    case 'H':
        if (arg != NULL && *arg != '\0') {
            hostName = strdup(arg);
        }
	break;
    case 'S':
        if (arg != NULL && *arg != '\0') {
            serviceName = arg;
        }
        break;
    case 'M': /* mechanism specific name */
	if (gfarmGssImportName(&acceptorName,
			       arg, strlen(arg), GSS_C_NO_OID,
			       &majStat, &minStat) < 0) {
	    fprintf(stderr, "gfarmGssImportName(GSS_C_NO_OID) failed.\n");
	    gfarmGssPrintMajorStatus(majStat);
	    gfarmGssPrintMinorStatus(minStat);
	    return -1;
	}
	acceptorSpecified = 1;
	break;
    case 'N':
	acceptorName = GSS_C_NO_NAME;
	acceptorSpecified = 1;
	break;
    case 'n':
	if (gfarmGssImportName(&acceptorName,
			       arg, strlen(arg), GSS_C_NT_USER_NAME,
			       &majStat, &minStat) < 0) {
	    fprintf(stderr, "gfarmGssImportName(GSS_C_NT_USER_NAME)"
			" failed.\n");
	    gfarmGssPrintMajorStatus(majStat);
	    gfarmGssPrintMinorStatus(minStat);
	    return -1;
	}
	acceptorSpecified = 1;
	break;
    case 'U':
	if (gfarmGssImportName(&acceptorName,
			       arg, strlen(arg), GSS_C_NT_STRING_UID_NAME,
			       &majStat, &minStat) < 0) {
	    fprintf(stderr, "gfarmGssImportName(GSS_C_NT_STRING_UID_NAME)"
			" failed.\n");
	    gfarmGssPrintMajorStatus(majStat);
	    gfarmGssPrintMinorStatus(minStat);
	    return -1;
	}
	acceptorSpecified = 1;
	break;
    case 'X': /* This isn't guaranteed to work */
	if (gfarmGssImportName(&acceptorName,
			       arg, strlen(arg), GSS_C_NT_EXPORT_NAME,
			       &majStat, &minStat) < 0) {
	    fprintf(stderr, "gfarmGssImportName(GSS_C_NT_EXPORT_NAME)"
			" failed.\n");
	    gfarmGssPrintMajorStatus(majStat);
	    gfarmGssPrintMinorStatus(minStat);
	    return -1;
	}
	acceptorSpecified = 1;
	break;
    case 'u':
	arg = getenv("USER");
	if (arg == NULL)
	    arg = getenv("LOGNAME");
	if (arg == NULL) {
	    fprintf(stderr, "neither $USER nor $LOGNAME isn't set");
	    return -1;
	}
	if (gfarmGssImportName(&acceptorName,
			       arg, strlen(arg), GSS_C_NT_USER_NAME,
			       &majStat, &minStat) < 0) {
	    fprintf(stderr, "gfarmGssImportName(GSS_C_NT_USER_NAME)"
			" failed.\n");
	    gfarmGssPrintMajorStatus(majStat);
	    gfarmGssPrintMinorStatus(minStat);
	    return -1;
	}
	acceptorSpecified = 1;
	break;
    default:
	fprintf(stderr, "error happens at an option\n");
        return -1;
    }


    if (hostName != NULL || serviceName != NULL) {
        if (hostName == NULL) {
            char buf[2048];
            if (gethostname(buf, sizeof(buf)) != 0) {
                perror("gethostname");
                return -1;
            }
            hostName = strdup(buf);
        }

        if (serviceName == NULL) {
            if (gfarmGssImportNameOfHost(&acceptorName,
                                         hostName, &majStat, &minStat) < 0) {
                fprintf(stderr,
                        "gfarmGssImportNameOfHost() failed with:\n");
                gfarmGssPrintMajorStatus(majStat);
                gfarmGssPrintMinorStatus(minStat);
                return -1;
            }
       } else {
            if (gfarmGssImportNameOfHostBasedService(&acceptorName,
                                                     serviceName, hostName,
                                                     &majStat, &minStat) < 0) {
                fprintf(stderr,
                        "gfarmGssImportNameOfHostBasedService() "
                        "failed with:\n");
                gfarmGssPrintMajorStatus(majStat);
                gfarmGssPrintMinorStatus(minStat);
                return -1;
            }
        }
        acceptorSpecified = 1;
    }

    return 0;
}
示例#7
0
char *
gfarm_gsi_cred_config_convert_to_name(
	enum gfarm_auth_cred_type type, char *service, char *name,
	char *hostname,
	gss_name_t *namep)
{
	int rv;
	OM_uint32 e_major;
	OM_uint32 e_minor;
	gss_cred_id_t cred;

	switch (type) {
	case GFARM_AUTH_CRED_TYPE_DEFAULT:
		/* special. equivalent to GSS_C_NO_CREDENTIAL */
		if (name != NULL)
			return ("cred_type is not set, but cred_name is set");
		if (service != NULL)
			return ("cred_type is not set, but cred_service is set"
			    );
		return ("internal error: missing GSS_C_NO_CREDENTIAL check");
	case GFARM_AUTH_CRED_TYPE_NO_NAME:
		if (name != NULL)
			return ("cred_type is \"no-name\", "
			    "but cred_name is set");
		if (service != NULL)
			return ("cred_type is \"no-name\", "
			    "but cred_service is set");
		*namep = GSS_C_NO_NAME;
		return (NULL);
	case GFARM_AUTH_CRED_TYPE_MECHANISM_SPECIFIC:
		if (name == NULL)
			return ("cred_type is \"mechanism-specific\", "
			    "but cred_name is not set");
		if (service != NULL)
			return ("cred_type is \"mechanism-specific\", "
			    "but cred_service is set");
		rv = gfarmGssImportName(namep, name, strlen(name),
		    GSS_C_NO_OID, &e_major, &e_minor);
		break;
	case GFARM_AUTH_CRED_TYPE_HOST:
		if (name == NULL)
			name = hostname;
		if (service == NULL) {
			rv = gfarmGssImportNameOfHost(namep, name,
			    &e_major, &e_minor);
		} else {
			rv = gfarmGssImportNameOfHostBasedService(namep,
			    service, name, &e_major, &e_minor);
		}
		break;
	case GFARM_AUTH_CRED_TYPE_USER:
		if (service != NULL)
			return ("cred_type is \"user\", "
			    "but cred_service is set");
		/*
		 * XXX FIXME: `name' must be converted from global_username
		 * to local_username, but there is no such function for now.
		 */
		if (name == NULL)
			name = gfarm_get_local_username();
		rv = gfarmGssImportName(namep, name, strlen(name),
		    GSS_C_NT_USER_NAME, &e_major, &e_minor);
		break;
	case GFARM_AUTH_CRED_TYPE_SELF:
		/* special. there is no corresponding name_type in GSSAPI */
		if (name != NULL)
			return ("cred_type is \"self\", but cred_name is set");
		if (service != NULL)
			return ("cred_type is \"self\", "
			    "but cred_service is set");
		if (gfarmSecSessionGetInitiatorInitialCredential(&cred) < 0 ||
		    cred == GSS_C_NO_CREDENTIAL)
			return ("cred_type is \"self\", "
			    "but not initialized as an initiator");
		rv = gfarmGssNewCredentialName(namep, cred, &e_major,&e_minor);
		break;
	default:
		return ("internal error - invalid cred_type");
	}
	if (rv < 0) {
		if (gflog_auth_get_verbose()) {
			gflog_error("gfarmGssImportName(): "
			    "invalid credential configuration:");
			gfarmGssPrintMajorStatus(e_major);
			gfarmGssPrintMinorStatus(e_minor);
		}
		return ("invalid credential configuration");
	}
	return (NULL);
}