gss_ctx_id_t accept_context(gss_cred_id_t credential_handle, char **client_name, int sck)
{
OM_uint32 major_status = 0;
OM_uint32 minor_status = 0;
int token_status = 0;
OM_uint32 ret_flags = 0;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL;
major_status = globus_gss_assist_accept_sec_context(
&minor_status, /* minor_status */
&context_handle, /* context_handle */
credential_handle, /* acceptor_cred_handle */
client_name, /* src_name as char ** */
&ret_flags, /* ret_flags */
NULL, /* don't need user_to_user */
&token_status, /* token_status */
&delegated_cred, /* no delegated cred */
get_token,
(void *) &sck,
send_token,
(void *) &sck);
if (major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stderr,
"GSS authentication failure ",
major_status,
minor_status,
token_status);
return (GSS_C_NO_CONTEXT);
}
return (context_handle);
}
gss_cred_id_t
acquire_cred(const gss_cred_usage_t cred_usage)
{
OM_uint32 major_status = 0;
OM_uint32 minor_status = 0;
gss_cred_id_t credential_handle = GSS_C_NO_CREDENTIAL;
/* Acquire GSS credential */
major_status = globus_gss_assist_acquire_cred(
&minor_status,
cred_usage,
&credential_handle);
if (major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stderr,
"Error acquiring credentials",
major_status,
minor_status,
0);
return(GSS_C_NO_CREDENTIAL);
}
return(credential_handle);
}
gss_ctx_id_t initiate_context(gss_cred_id_t credential_handle, const char *server_name, int sck)
{
OM_uint32 major_status = 0;
OM_uint32 minor_status = 0;
int token_status = 0;
OM_uint32 ret_flags = 0;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
major_status = globus_gss_assist_init_sec_context(
&minor_status,
credential_handle,
&context_handle,
(char *) server_name,
GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG |
GSS_C_GLOBUS_ACCEPT_PROXY_SIGNED_BY_LIMITED_PROXY_FLAG,
&ret_flags,
&token_status,
get_token,
(void *) &sck,
send_token,
(void *) &sck);
if (major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(stderr,
"GSS Authentication failure: client\n ",
major_status,
minor_status,
token_status);
return(GSS_C_NO_CONTEXT); /* fail somehow */
}
return(context_handle);
}
OM_uint32
get_cred_lifetime(const gss_cred_id_t credential_handle)
{
OM_uint32 major_status = 0;
OM_uint32 minor_status = 0;
gss_name_t name = NULL;
OM_uint32 lifetime;
gss_OID_set mechanisms;
gss_cred_usage_t cred_usage;
major_status = gss_inquire_cred(
&minor_status,
credential_handle,
&name,
&lifetime,
&cred_usage,
&mechanisms);
if (major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stderr,
"Error acquiring credentials",
major_status,
minor_status,
0);
return(-1);
}
return(lifetime);
}
gss_cred_id_t make_cred(char *proxyname) {
static gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL;
OM_uint32 major_status;
OM_uint32 minor_status;
setenv("X509_USER_PROXY",proxyname,1);
major_status = globus_gss_assist_acquire_cred(&minor_status,
GSS_C_INITIATE, /* or GSS_C_ACCEPT */
&delegated_cred_handle);
if (major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(stderr,
"Some failure message here",
major_status,
minor_status,
0);
exit(1);
}
return delegated_cred_handle;
}
int main(int argc, char * argv[])
{
gss_cred_id_t init_cred = GSS_C_NO_CREDENTIAL;
OM_uint32 major_status;
OM_uint32 minor_status;
int token_status;
gss_ctx_id_t init_context = GSS_C_NO_CONTEXT;
OM_uint32 ret_flags;
int sock;
FILE * infd;
FILE * outfd;
char * print_buffer = NULL;
char * recv_buffer = NULL;
size_t buffer_length;
struct sockaddr_in sockaddr;
struct hostent * hostname;
char * verbose_env = NULL;
globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE);
verbose_env = getenv("GSS_ASSIST_VERBOSE_TEST");
sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock < 0)
{
perror("opening stream socket");
exit(1);
}
sockaddr.sin_family = AF_INET;
hostname = gethostbyname(argv[1]);
if(hostname == 0)
{
fprintf(stdout, "%s: uknown host", argv[1]);
exit(2);
}
bcopy(hostname->h_addr, &sockaddr.sin_addr, hostname->h_length);
sockaddr.sin_port = htons(atoi(argv[2]));
if(connect(sock, (struct sockaddr *) &sockaddr, sizeof(sockaddr)) < 0)
{
perror("connecting stream socket");
exit(1);
}
infd = fdopen(dup(sock), "r");
setbuf(infd, NULL);
outfd = fdopen(dup(sock), "w");
setbuf(outfd, NULL);
close(sock);
/* INITIATOR PROCESS */
major_status = globus_gss_assist_acquire_cred(&minor_status,
GSS_C_INITIATE,
&init_cred);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't acquire initiator's credentials",
major_status,
minor_status,
0);
exit(1);
}
major_status = globus_gss_assist_init_sec_context(
&minor_status,
init_cred,
&init_context,
NULL,
GSS_C_MUTUAL_FLAG|GSS_C_DELEG_FLAG,
&ret_flags,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
globus_gss_assist_token_send_fd,
(void *) (outfd));
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't authenticate as initiator\n",
major_status,
minor_status,
token_status);
exit(1);
}
if(verbose_env)
{
fprintf(stdout,
"INITIATOR: "__FILE__":%d"
": Initiator successfully created context\n", __LINE__);
}
major_status = globus_gss_assist_wrap_send(
&minor_status,
init_context,
init_message,
sizeof(init_message),
&token_status,
globus_gss_assist_token_send_fd,
(void *) (outfd),
stdout);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"INITATOR: Couldn't wrap and send message\n",
major_status,
minor_status,
token_status);
exit(1);
}
major_status = globus_gss_assist_get_unwrap(
&minor_status,
init_context,
&recv_buffer,
&buffer_length,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
stdout);
if(GSS_ERROR(major_status))
{
fprintf(stdout, "INITIATOR ERROR\n");
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't get encrypted message from initiator\n",
major_status,
minor_status,
token_status);
fprintf(stdout, "INITIATOR ERROR FINISHED\n");
exit(1);
}
print_buffer = malloc(buffer_length + 1);
globus_libc_snprintf(print_buffer, buffer_length + 1, "%s", recv_buffer);
if(verbose_env)
{
fprintf(stdout,
"INITIATOR: "__FILE__":%d"
": received: %s\n", __LINE__, print_buffer);
}
free(print_buffer);
free(recv_buffer);
major_status = globus_gss_assist_wrap_send(
&minor_status,
init_context,
init_message,
sizeof(init_message),
&token_status,
globus_gss_assist_token_send_fd,
(void *) (outfd),
stdout);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"INITATOR: Couldn't wrap and send message\n",
major_status,
minor_status,
token_status);
exit(1);
}
major_status = globus_gss_assist_get_unwrap(
&minor_status,
init_context,
&recv_buffer,
&buffer_length,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
stdout);
if(GSS_ERROR(major_status))
{
fprintf(stdout, "INITIATOR ERROR\n");
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't get encrypted message from initiator\n",
major_status,
minor_status,
token_status);
fprintf(stdout, "INITIATOR ERROR FINISHED\n");
exit(1);
}
print_buffer = malloc(buffer_length + 1);
globus_libc_snprintf(print_buffer, buffer_length + 1, "%s", recv_buffer);
if(verbose_env)
{
fprintf(stdout,
"INITIATOR: "__FILE__":%d"
": received: %s\n", __LINE__, print_buffer);
}
free(print_buffer);
free(recv_buffer);
major_status = gss_delete_sec_context(&minor_status,
&init_context,
GSS_C_NO_BUFFER);
if(major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't delete security context\n",
major_status,
minor_status,
0);
exit(1);
}
gss_release_cred(&minor_status,
&init_cred);
if(major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't delete security context\n",
major_status,
minor_status,
0);
exit(1);
}
if(fclose(infd) == EOF)
{
perror("closing stream socket");
exit(1);
}
if(fclose(outfd) == EOF)
{
perror("closing stream socket");
exit(1);
}
globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE);
exit(0);
}
int
main(
int argc,
char ** argv)
{
int rc;
globus_gram_job_manager_config_t config;
globus_gram_job_manager_t manager;
char * sleeptime_str;
long sleeptime = 0;
globus_bool_t debug_mode_service = GLOBUS_FALSE;
globus_bool_t located_active_jm = GLOBUS_FALSE;
int http_body_fd = -1;
int context_fd = -1;
gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
OM_uint32 major_status, minor_status;
pid_t forked_starter = 0;
globus_bool_t cgi_invoked = GLOBUS_FALSE;
int lock_tries_left = 10;
if ((sleeptime_str = getenv("GLOBUS_JOB_MANAGER_SLEEP")))
{
sleeptime = atoi(sleeptime_str);
sleep(sleeptime);
}
if (getenv("GATEWAY_INTERFACE"))
{
cgi_invoked = GLOBUS_TRUE;
}
/*
* Stdin and stdout point at socket to client
* Make sure no buffering.
* stderr may also, depending on the option in the grid-services
*/
setbuf(stdout,NULL);
/* Don't export these to the perl scripts */
fcntl(STDIN_FILENO, F_SETFD, (int) 1);
fcntl(STDOUT_FILENO, F_SETFD, (int) 1);
fcntl(STDERR_FILENO, F_SETFD, (int) 1);
/*
* At least have minimal POSIX path for job environment via extra
* environment values
*/
if(getenv("PATH") == NULL)
{
char * path;
char default_path[] = "/usr/bin:/bin";
size_t pathlen;
pathlen = confstr(_CS_PATH, NULL, (size_t) 0);
if (pathlen < sizeof(default_path))
{
pathlen = sizeof(default_path);
}
path = malloc(pathlen);
path[0] = 0;
(void) confstr(_CS_PATH, path, pathlen);
if (path[0] == 0)
{
strncpy(path, default_path, pathlen);
}
setenv("PATH", path, 1);
}
/* Force non-threaded execution for now */
globus_thread_set_model(GLOBUS_THREAD_MODEL_NONE);
/* Activate a common before parsing command-line so that
* things work. Note that we can't activate everything yet because we might
* set the GLOBUS_TCP_PORT_RANGE after parsing command-line args and we
* need that set before activating XIO.
*/
rc = globus_module_activate(GLOBUS_COMMON_MODULE);
if (rc != GLOBUS_SUCCESS)
{
fprintf(stderr, "Error activating GLOBUS_COMMON_MODULE\n");
exit(1);
}
/* Parse command line options to get jobmanager configuration */
rc = globus_gram_job_manager_config_init(&config, argc, argv);
if (rc != GLOBUS_SUCCESS)
{
reply_and_exit(NULL, rc, NULL);
}
globus_thread_key_create(
&globus_i_gram_request_key,
NULL);
rc = globus_gram_job_manager_logging_init(&config);
if (rc != GLOBUS_SUCCESS)
{
exit(1);
}
if (getenv("GRID_SECURITY_HTTP_BODY_FD") == NULL && !cgi_invoked)
{
debug_mode_service = GLOBUS_TRUE;
}
/* Set environment variables from configuration */
if(config.globus_location != NULL)
{
globus_libc_setenv("GLOBUS_LOCATION",
config.globus_location,
GLOBUS_TRUE);
}
if(config.tcp_port_range != NULL)
{
globus_libc_setenv("GLOBUS_TCP_PORT_RANGE",
config.tcp_port_range,
GLOBUS_TRUE);
}
if(config.tcp_source_range != NULL)
{
globus_libc_setenv("GLOBUS_TCP_SOURCE_RANGE",
config.tcp_source_range,
GLOBUS_TRUE);
}
/* Activate all of the modules we will be using */
rc = globus_l_gram_job_manager_activate();
if(rc != GLOBUS_SUCCESS)
{
exit(1);
}
/*
* Get the delegated credential (or the default credential if we are
* run without a client. Don't care about errors in the latter case.
*/
major_status = globus_gss_assist_acquire_cred(
&minor_status,
GSS_C_BOTH,
&cred);
if ((!debug_mode_service) && GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stderr,
"Error acquiring security credential\n",
major_status,
minor_status,
0);
exit(1);
}
if (cred != GSS_C_NO_CREDENTIAL)
{
unsigned long hash;
char * newtag;
rc = globus_gram_gsi_get_dn_hash(
cred,
&hash);
if (rc == GLOBUS_SUCCESS)
{
newtag = globus_common_create_string("%s%s%lx",
strcmp(config.service_tag, "untagged") == 0
? "" : config.service_tag,
strcmp(config.service_tag, "untagged") == 0
? "" : ".",
hash);
free(config.service_tag);
config.service_tag = newtag;
}
}
/*
* Remove delegated proxy from disk.
*/
if ((!debug_mode_service) && getenv("X509_USER_PROXY") != NULL)
{
remove(getenv("X509_USER_PROXY"));
unsetenv("X509_USER_PROXY");
}
/* Set up LRM-specific state based on our configuration. This will create
* the job contact listener, start the SEG if needed, and open the log
* file if needed.
*/
rc = globus_gram_job_manager_init(&manager, cred, &config);
if(rc != GLOBUS_SUCCESS)
{
reply_and_exit(NULL, rc, manager.gt3_failure_message);
}
/*
* Pull out file descriptor numbers for security context and job request
* from the environment (set by the gatekeeper)
*/
if (cgi_invoked)
{
http_body_fd = 0;
context_fd = -1;
}
else if (!debug_mode_service)
{
char * fd_env = getenv("GRID_SECURITY_HTTP_BODY_FD");
rc = sscanf(fd_env ? fd_env : "-1", "%d", &http_body_fd);
if (rc != 1 || http_body_fd < 0)
{
fprintf(stderr, "Error locating http body fd\n");
exit(1);
}
fcntl(http_body_fd, F_SETFD, 1);
fd_env = getenv("GRID_SECURITY_CONTEXT_FD");
rc = sscanf(fd_env ? fd_env : "-1", "%d", &context_fd);
if (rc != 1 || context_fd < 0)
{
fprintf(stderr, "Error locating security context fd\n");
exit(1);
}
fcntl(context_fd, F_SETFD, 1);
}
/* Redirect stdin from /dev/null, we'll handle stdout after the reply is
* sent
*/
if (!cgi_invoked)
{
freopen("/dev/null", "r", stdin);
}
/* Here we'll either become the active job manager to process all
* jobs for this user/host/lrm combination, or we'll hand off the
* file descriptors containing the info to the active job manager
*/
while (!located_active_jm)
{
/* We'll try to get the lock file associated with being the
* active job manager here. If we get the OLD_JM_ALIVE error
* somebody else has it
*/
rc = globus_gram_job_manager_startup_lock(
&manager,
&manager.lock_fd);
if (rc == GLOBUS_SUCCESS)
{
/* We've acquired the lock. We will fork a new process to act like
* all other job managers which don't have the lock, and continue
* on in this process managing jobs for this LRM. Note that the
* child process does not inherit the lock
*/
if (!debug_mode_service)
{
int save_errno = 0;
/* We've acquired the manager lock */
forked_starter = fork();
save_errno = errno;
if (forked_starter < 0)
{
if (sleeptime != 0)
{
sleep(sleeptime);
}
fprintf(stderr, "fork failed: %s", strerror(save_errno));
exit(1);
}
else if (forked_starter == 0)
{
/* We are the child process. We'll close our reference to
* the lock and let the other process deal with jobs
*/
close(manager.lock_fd);
manager.lock_fd = -1;
}
globus_logging_update_pid();
if (sleeptime != 0)
{
sleep(sleeptime);
}
}
if (manager.lock_fd >= 0)
{
/* We hold the manager lock, so we'll store our credential, and
* then, try to accept socket connections. If the socket
* connections fail, we'll exit, and another process
* will be forked to handle them.
*/
rc = globus_gram_job_manager_gsi_write_credential(
NULL,
cred,
manager.cred_path);
if (rc != GLOBUS_SUCCESS)
{
fprintf(stderr, "write cred failed\n");
exit(1);
}
if (!debug_mode_service)
{
close(http_body_fd);
http_body_fd = -1;
}
rc = globus_gram_job_manager_startup_socket_init(
&manager,
&manager.active_job_manager_handle,
&manager.socket_fd);
if (rc != GLOBUS_SUCCESS)
{
/* This releases our lock. Either the child process will
* attempt to acquire the lock again or some another job
* manager will acquire the lock
*/
exit(0);
}
assert(manager.socket_fd != -1);
}
}
else if (rc != GLOBUS_GRAM_PROTOCOL_ERROR_OLD_JM_ALIVE)
{
/* Some system error. Try again */
if (--lock_tries_left == 0)
{
reply_and_exit(NULL, rc, "Unable to create lock file");
}
sleep(1);
continue;
}
/* If manager.socket_fd != -1 then we are the main job manager for this
* LRM.
* We will restart all existing jobs and then allow the startup
* socket to accept new jobs from other job managers.
*/
if (manager.socket_fd != -1)
{
/* Look up cputype/manufacturer if not known yet */
globus_l_gram_cputype_and_manufacturer(manager.config);
GlobusTimeAbstimeGetCurrent(manager.usagetracker->jm_start_time);
globus_i_gram_usage_stats_init(&manager);
globus_i_gram_usage_start_session_stats(&manager);
located_active_jm = GLOBUS_TRUE;
/* Load existing jobs. The show must go on if this fails, unless it
* fails with a misconfiguration error
*/
rc = globus_gram_job_manager_request_load_all(
&manager);
if (rc == GLOBUS_GRAM_PROTOCOL_ERROR_GATEKEEPER_MISCONFIGURED)
{
if (forked_starter > 0)
{
kill(forked_starter, SIGTERM);
forked_starter = 0;
}
reply_and_exit(NULL, rc, manager.gt3_failure_message);
}
if (context_fd != -1)
{
close(context_fd);
context_fd = -1;
}
freopen("/dev/null", "a", stdout);
/* At this point, seg_last_timestamp is the earliest last timestamp
* for any pre-existing jobs. If that is 0, then we don't have any
* existing jobs so we'll just ignore seg events prior to now.
*/
if (manager.seg_last_timestamp == 0)
{
manager.seg_last_timestamp = time(NULL);
}
/* Start off the SEG if we need it.
*/
if (config.seg_module != NULL ||
strcmp(config.jobmanager_type, "fork") == 0 ||
strcmp(config.jobmanager_type, "condor") == 0)
{
rc = globus_gram_job_manager_init_seg(&manager);
/* TODO: If SEG load fails and load_all added some to the
* job_id hash, they will need to be pushed into the state
* machine so that polling fallback can happen.
*/
if (rc != GLOBUS_SUCCESS)
{
config.seg_module = NULL;
}
}
/* GRAM-128:
* Register a periodic event to process the GRAM jobs that were
* reloaded from their job state files at job manager start time.
* This will acquire and then release a reference to each job,
* which, behind the scenes, will kick of the state machine
* for that job if needed.
*/
if (!globus_list_empty(manager.pending_restarts))
{
globus_reltime_t restart_period;
GlobusTimeReltimeSet(restart_period, 1, 0);
rc = globus_callback_register_periodic(
&manager.pending_restart_handle,
NULL,
&restart_period,
globus_l_gram_process_pending_restarts,
&manager);
}
{
globus_reltime_t expire_period;
GlobusTimeReltimeSet(expire_period, 1, 0);
rc = globus_callback_register_periodic(
&manager.expiration_handle,
NULL,
&expire_period,
globus_gram_job_manager_expire_old_jobs,
&manager);
}
{
globus_reltime_t lockcheck_period;
GlobusTimeReltimeSet(lockcheck_period, 60, 0);
rc = globus_callback_register_periodic(
&manager.lockcheck_handle,
NULL,
&lockcheck_period,
globus_l_gram_lockcheck,
&manager);
}
{
globus_reltime_t idlescript_period;
GlobusTimeReltimeSet(idlescript_period, 60, 0);
rc = globus_callback_register_periodic(
&manager.idle_script_handle,
NULL,
&idlescript_period,
globus_gram_script_close_idle,
&manager);
}
}
else if (http_body_fd >= 0)
{
/* If manager.socket_fd == -1 then we are either the child from the
* fork or another process started somehow (either command-line
* invocation or via a job submit). If we have a client, then we'll
* send our fds to the job manager with the lock and let it process
* the job.
*
* If this succeeds, we set located_active_jm and leave the loop.
* Otherwise, we try again.
*/
if (context_fd >= 0)
{
rc = globus_gram_job_manager_starter_send(
&manager,
http_body_fd,
context_fd,
fileno(stdout),
cred);
}
else
{
rc = globus_gram_job_manager_starter_send_v2(
&manager,
cred);
}
if (rc == GLOBUS_SUCCESS)
{
located_active_jm = GLOBUS_TRUE;
close(http_body_fd);
if (context_fd >= 0)
{
close(context_fd);
}
manager.done = GLOBUS_TRUE;
}
else
{
globus_libc_usleep(250000);
}
}
else
{
/* We were started by hand, but another process is currently the
* main job manager
*/
unsigned long realpid = 0;
FILE * pidin = fopen(manager.pid_path, "r");
fscanf(pidin, "%lu", &realpid);
fclose(pidin);
fprintf(stderr, "Other job manager process with pid %lu running and processing jobs\n",
realpid);
exit(0);
}
}
/* Ignore SIGCHILD, and automatically reap child processes. Because of the
* fork() above to delegate to another job manager process, and the use of
* sub-processes to invoke the perl modules, we create some other
* processes. We don't care too much how they exit, so we'll just make sure
* we don't create zombies out of them.
*/
{
struct sigaction act;
act.sa_handler = SIG_IGN;
sigemptyset(&act.sa_mask);
sigaddset(&act.sa_mask, SIGCHLD);
#ifdef SA_NOCLDWAIT
act.sa_flags = SA_NOCLDWAIT;
#else
/* This may leave zombies running on non-POSIX systems like Hurd */
act.sa_flags = 0;
#endif
sigaction(SIGCHLD, &act, NULL);
}
/* Enable log rotation via SIGUSR1 */
{
struct sigaction act;
act.sa_handler = globus_i_job_manager_log_rotate;
sigemptyset(&act.sa_mask);
sigaddset(&act.sa_mask, SIGUSR1);
act.sa_flags = 0;
sigaction(SIGUSR1, &act, NULL);
}
GlobusGramJobManagerLock(&manager);
if (manager.socket_fd != -1 &&
globus_hashtable_empty(&manager.request_hash) &&
manager.grace_period_timer == GLOBUS_NULL_HANDLE)
{
globus_gram_job_manager_set_grace_period_timer(&manager);
}
/* For the active job manager, this will block until all jobs have
* terminated. For any other job manager, the monitor.done is set to
* GLOBUS_TRUE and this falls right through.
*/
while (! manager.done)
{
GlobusGramJobManagerWait(&manager);
}
if (manager.expiration_handle != GLOBUS_NULL_HANDLE)
{
globus_callback_unregister(manager.expiration_handle, NULL, NULL, NULL);
}
if (manager.lockcheck_handle != GLOBUS_NULL_HANDLE)
{
globus_callback_unregister(manager.lockcheck_handle, NULL, NULL, NULL);
}
if (manager.idle_script_handle != GLOBUS_NULL_HANDLE)
{
globus_callback_unregister(manager.idle_script_handle, NULL, NULL, NULL);
}
GlobusGramJobManagerUnlock(&manager);
globus_gram_job_manager_log(
&manager,
GLOBUS_GRAM_JOB_MANAGER_LOG_DEBUG,
"event=gram.end "
"level=DEBUG "
"\n");
/* Clean-up to do if we are the active job manager only */
if (manager.socket_fd != -1)
{
globus_gram_job_manager_script_close_all(&manager);
globus_i_gram_usage_end_session_stats(&manager);
globus_i_gram_usage_stats_destroy(&manager);
remove(manager.pid_path);
remove(manager.cred_path);
remove(manager.socket_path);
remove(manager.lock_path);
}
globus_gram_job_manager_logging_destroy();
globus_gram_job_manager_destroy(&manager);
globus_gram_job_manager_config_destroy(&config);
rc = globus_l_gram_deactivate();
if (rc != GLOBUS_SUCCESS)
{
fprintf(stderr, "deactivation failed with rc=%d\n",
rc);
exit(1);
}
/*
{
const char * gk_jm_id_var = "GATEKEEPER_JM_ID";
const char * gk_jm_id = globus_libc_getenv(gk_jm_id_var);
globus_gram_job_manager_request_acct(
request,
"%s %s JM exiting\n",
gk_jm_id_var, gk_jm_id ? gk_jm_id : "none");
}
*/
return(0);
}
/**
* @brief Wrap
* @ingroup globus_gsi_gss_assist
*
* @param minor_status
* GSSAPI return code. If the call was successful, the minor
* status is equal to GLOBUS_SUCCESS. Otherwise, it is an
* error object ID for which
* globus_error_get() and globus_object_free()
* can be used to get and destroy it.
* @param context_handle
* the context.
* @param data
* pointer to application data to wrap and send
* @param length
* length of the @a data array
* @param token_status
* assist routine get/send token status
* @param gss_assist_send_token
* a send_token routine
* @param gss_assist_send_context
* first arg for the send_token
* @param fperr
* file handle to write error message to.
*
* @return
* GSS_S_COMPLETE on success
* Other GSSAPI errors on failure.
*
* @see gss_wrap()
*/
OM_uint32
globus_gss_assist_wrap_send(
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
char * data,
size_t length,
int * token_status,
int (*gss_assist_send_token)(void *, void *, size_t),
void * gss_assist_send_context,
FILE * fperr)
{
OM_uint32 major_status = GSS_S_COMPLETE;
OM_uint32 local_minor_status;
globus_result_t local_result = GLOBUS_SUCCESS;
gss_buffer_desc input_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t input_token = &input_token_desc;
gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t output_token = &output_token_desc;
static char * _function_name_ =
"globus_gss_assist_wrap_send";
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_ENTER;
*token_status = 0;
input_token->value = data;
input_token->length = length;
major_status = gss_wrap(&local_minor_status,
context_handle,
0,
GSS_C_QOP_DEFAULT,
input_token,
NULL,
output_token);
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("Wrap_send:maj:%8.8x min:%8.8x inlen:%u outlen:%u\n"),
(unsigned int) major_status,
(unsigned int) *minor_status,
input_token->length = length,
output_token->length));
if (major_status != GSS_S_COMPLETE)
{
globus_object_t * error_obj;
globus_object_t * error_copy;
error_obj = globus_error_get((globus_result_t) local_minor_status);
error_copy = globus_object_copy(error_obj);
local_minor_status = (OM_uint32) globus_error_put(error_obj);
if(fperr)
{
globus_gss_assist_display_status(
stderr,
_GASL("gss_assist_wrap_send failure:"),
major_status,
local_minor_status,
*token_status);
}
local_result = globus_error_put(error_copy);
GLOBUS_GSI_GSS_ASSIST_ERROR_CHAIN_RESULT(
local_result,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_WRAP);
*minor_status = (OM_uint32) local_result;
goto release_output_token;
}
*token_status = (*gss_assist_send_token)(gss_assist_send_context,
output_token->value,
output_token->length);
if(*token_status != 0)
{
GLOBUS_GSI_GSS_ASSIST_ERROR_RESULT(
local_result,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_WRAP,
(_GASL("Error sending output token. token status: %d\n"),
*token_status));
*minor_status = (OM_uint32) local_result;
major_status = GSS_S_FAILURE;
goto release_output_token;
}
major_status = gss_release_buffer(& local_minor_status,
output_token);
if(GSS_ERROR(major_status))
{
GLOBUS_GSI_GSS_ASSIST_ERROR_CHAIN_RESULT(
local_result,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_WRAP);
*minor_status = (OM_uint32) local_result;
}
goto exit;
release_output_token:
gss_release_buffer(&local_minor_status,
output_token);
exit:
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_EXIT;
return major_status;
}
int main(int argc, char * argv[])
{
gss_cred_id_t accept_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t delegated_init_cred
= GSS_C_NO_CREDENTIAL;
OM_uint32 major_status;
OM_uint32 minor_status;
int token_status;
gss_ctx_id_t accept_context = GSS_C_NO_CONTEXT;
OM_uint32 ret_flags = 0;
int sock, connect_sock;
FILE * infd;
FILE * outfd;
char * print_buffer = NULL;
char * recv_buffer = NULL;
size_t buffer_length;
struct sockaddr_in sockaddr;
socklen_t length;
char * init_name;
char * verbose_env = NULL;
globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE);
verbose_env = getenv("GSS_ASSIST_VERBOSE_TEST");
setbuf(stdout, NULL);
sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock < 0)
{
perror("opening stream socket");
exit(1);
}
sockaddr.sin_family = AF_INET;
sockaddr.sin_addr.s_addr = INADDR_ANY;
sockaddr.sin_port = 0;
if(bind(sock, (struct sockaddr *) &sockaddr, sizeof(sockaddr)))
{
perror("binding stream socket");
exit(1);
}
length = sizeof(sockaddr);
if(getsockname(sock, (struct sockaddr *) &sockaddr, &length))
{
perror("getting socket name");
exit(1);
}
/* Start accepting connection */
listen(sock, 1);
fprintf(stdout, "Socket has port #%d\n", ntohs(sockaddr.sin_port));
connect_sock = accept(sock, 0, 0);
if(connect_sock == -1)
{
perror("accept");
exit(1);
}
if(close(sock) < 0)
{
perror("Couldn't close listening socket");
exit(1);
}
infd = fdopen(dup(connect_sock), "r");
setbuf(infd, NULL);
outfd = fdopen(dup(connect_sock), "w");
setbuf(outfd, NULL);
close(connect_sock);
/* ACCEPTOR PROCESS */
major_status = globus_gss_assist_acquire_cred(&minor_status,
GSS_C_ACCEPT,
&accept_cred);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't acquire acceptor's credentials",
major_status,
minor_status,
0);
exit(1);
}
major_status = globus_gss_assist_accept_sec_context(
&minor_status,
&accept_context,
accept_cred,
&init_name,
&ret_flags,
NULL,
&token_status,
&delegated_init_cred,
globus_gss_assist_token_get_fd,
(void *) (infd),
globus_gss_assist_token_send_fd,
(void *) (outfd));
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't authenticate as acceptor\n",
major_status,
minor_status,
token_status);
exit(1);
}
if(verbose_env)
{
fprintf(stdout,
"ACCEPTOR: "__FILE__":%d"
": Acceptor successfully created context"
" for initiator: %s\n", __LINE__, init_name);
}
/*
major_status = globus_gss_assist_get_unwrap(
&minor_status,
accept_context,
&recv_buffer,
&buffer_length,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
stdout);
if(GSS_ERROR(major_status))
{
fprintf(stdout, "ACCEPTOR ERROR\n");
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't get encrypted message from initiator\n",
major_status,
minor_status,
token_status);
fprintf(stdout, "ACCEPTOR ERROR FINISHED\n");
exit(1);
}
print_buffer = malloc(buffer_length + 1);
globus_libc_snprintf(print_buffer, buffer_length + 1, "%s", recv_buffer);
if(verbose_env)
{
fprintf(stdout,
"ACCEPTOR: "__FILE__":%d"
": received: %s\n", __LINE__, print_buffer);
}
free(print_buffer);
free(recv_buffer);
*/
major_status = globus_gss_assist_get_unwrap(
&minor_status,
accept_context,
&recv_buffer,
&buffer_length,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
stdout);
if(GSS_ERROR(major_status))
{
fprintf(stdout, "ACCEPTOR ERROR\n");
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't get encrypted message from initiator\n",
major_status,
minor_status,
token_status);
fprintf(stdout, "ACCEPTOR ERROR FINISHED\n");
exit(1);
}
print_buffer = malloc(buffer_length + 1);
globus_libc_snprintf(print_buffer, buffer_length + 1, "%s", recv_buffer);
if(verbose_env)
{
fprintf(stdout,
"ACCEPTOR: "__FILE__":%d"
": received: %s\n", __LINE__, print_buffer);
}
free(print_buffer);
free(recv_buffer);
major_status = globus_gss_assist_wrap_send(
&minor_status,
accept_context,
accept_message,
sizeof(accept_message),
&token_status,
globus_gss_assist_token_send_fd,
(void *) (outfd),
stdout);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't encrypt and send message\n",
major_status,
minor_status,
token_status);
exit(1);
}
major_status = globus_gss_assist_get_unwrap(
&minor_status,
accept_context,
&recv_buffer,
&buffer_length,
&token_status,
globus_gss_assist_token_get_fd,
(void *) (infd),
stdout);
if(GSS_ERROR(major_status))
{
fprintf(stdout, "ACCEPTOR ERROR\n");
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't get encrypted message from initiator\n",
major_status,
minor_status,
token_status);
fprintf(stdout, "ACCEPTOR ERROR FINISHED\n");
exit(1);
}
print_buffer = malloc(buffer_length + 1);
globus_libc_snprintf(print_buffer, buffer_length + 1, "%s", recv_buffer);
if(verbose_env)
{
fprintf(stdout,
"ACCEPTOR: "__FILE__":%d"
": received: %s\n", __LINE__, print_buffer);
}
free(print_buffer);
free(recv_buffer);
major_status = globus_gss_assist_wrap_send(
&minor_status,
accept_context,
accept_message,
sizeof(accept_message),
&token_status,
globus_gss_assist_token_send_fd,
(void *) (outfd),
stdout);
if(GSS_ERROR(major_status))
{
globus_gss_assist_display_status(
stdout,
"ACCEPTOR: Couldn't encrypt and send message\n",
major_status,
minor_status,
token_status);
exit(1);
}
major_status = gss_delete_sec_context(&minor_status,
&accept_context,
GSS_C_NO_BUFFER);
if(major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't delete security context\n",
major_status,
minor_status,
0);
exit(1);
}
gss_release_cred(&minor_status,
&accept_cred);
if(major_status != GSS_S_COMPLETE)
{
globus_gss_assist_display_status(
stdout,
"INITIATOR: Couldn't delete security context\n",
major_status,
minor_status,
0);
exit(1);
}
if(fclose(infd) == EOF)
{
perror("closing stream socket");
exit(1);
}
if(fclose(outfd) == EOF)
{
perror("closing stream socket");
exit(1);
}
globus_module_deactivate(GLOBUS_GSI_GSS_ASSIST_MODULE);
exit(0);
}
/**
* @ingroup globus_gsi_gss_assist
* Gets a token using the specific tokenizing functions,
* and performs the GSS unwrap of that token
*
* @see gss_unwrap
*
* @param minor_status
* GSSAPI return code, @see gss_unwrap
* @param context_handle
* the context
* @param data
* pointer to be set to the unwrapped application data. This must be
* freed by the caller.
* @param length
* pointer to be set to the length of the @a data byte array.
* @param token_status
* assist routine get/send token status
* @param gss_assist_get_token
* a detokenizing routine
* @param gss_assist_get_context
* first arg for above routine
* @param fperr
* error stream to print to
*
* @return
* GSS_S_COMPLETE on sucess
* Other gss errors on failure.
*/
OM_uint32
globus_gss_assist_get_unwrap(
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
char ** data,
size_t * length,
int * token_status,
int (*gss_assist_get_token)(void *, void **, size_t *),
void * gss_assist_get_context,
FILE * fperr)
{
OM_uint32 major_status = GSS_S_COMPLETE;
OM_uint32 minor_status1 = 0;
gss_buffer_desc input_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t input_token = &input_token_desc;
gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t output_token = &output_token_desc;
static char * _function_name_ =
"globus_gss_assist_get_unwrap";
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_ENTER;
*token_status = (*gss_assist_get_token)(gss_assist_get_context,
&input_token->value,
&input_token->length);
if (*token_status == 0) {
major_status = gss_unwrap(minor_status,
context_handle,
input_token,
output_token,
NULL,
NULL);
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("unwrap: maj: %8.8x min: %8.8x inlen: %u outlen: %u\n"),
(unsigned int) major_status,
(unsigned int) *minor_status,
input_token->length,
output_token->length));
gss_release_buffer(&minor_status1,
input_token);
*data = output_token->value;
*length = output_token->length;
}
if (fperr && (major_status != GSS_S_COMPLETE || *token_status != 0)) {
globus_gss_assist_display_status(stderr,
_GASL("gss_assist_get_unwrap failure:"),
major_status,
*minor_status,
*token_status);
}
*data = output_token->value;
*length = output_token->length;
if (*token_status) {
major_status = GSS_S_FAILURE;
}
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_EXIT;
return major_status;
}
