+* Thu Jul 23 2009 Andrew McNab <Andrew.McNab@cern.ch>
+- Check multiple VOMS issuer certs if present, and
+ use most permissive time range they provide
+- Change (GRSTerrorLogFunc) to return int, to allow
+ if-less C macro using && instead.
* Fri Jul 03 2009 Andrew McNab <Andrew.McNab@cern.ch>
- ==== GridSite version 1.7.4 ====
* Thu Jul 02 2009 Andrew McNab <Andrew.McNab@cern.ch>
#include <stdio.h>
#endif
+#ifndef _STDINT_H
+#include <stdint.h>
+#endif
+
#ifndef FALSE
#define FALSE (0)
#endif
// No such file or directory
#define GRST_RET_NO_SUCH_FILE 1003
-// #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__)
-// void (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
-
-#define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)
+/* We use && now rather than if so this macro can be used inside if...else
+ but that means the function must return an int rather than be void */
+#define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__)))
-extern void (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
+extern int (*GRSTerrorLogFunc)(char *, int, int, char *, ...);
/* these levels are the same as Unix syslog() and Apache ap_log_error() */
#include "gridsite.h"
-void (*GRSTerrorLogFunc)(char *, int, int, char *, ...) = NULL;
+int (*GRSTerrorLogFunc)(char *, int, int, char *, ...) = NULL;
#include <pwd.h>
#include <errno.h>
#include <getopt.h>
-#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
FILE *fp;
EVP_MD_CTX ctx;
struct stat statbuf;
- time_t voms_service_time1 = INT32_MAX, voms_service_time2 = 0,
+ time_t voms_service_time1 = GRST_MAX_TIME_T, voms_service_time2 = 0,
tmp_time1, tmp_time2;
if ((vomsdir == NULL) || (vomsdir[0] == '\0')) return GRST_RET_FAILED;
if (cert == NULL) continue;
tmp_time1 = 0;
- tmp_time2 = INT32_MAX;
+ tmp_time2 = GRST_MAX_TIME_T;
if (GRSTx509VerifySig(&tmp_time1, &tmp_time2,
&asn1string[taglist[iinfo].start],
if (cert == NULL) continue;
tmp_time1 = 0;
- tmp_time2 = INT32_MAX;
+ tmp_time2 = GRST_MAX_TIME_T;
if (GRSTx509VerifySig(&tmp_time1, &tmp_time2,
&asn1string[taglist[iinfo].start],
closedir(vomsDIR);
- if ((voms_service_time1 == INT32_MAX) || (voms_service_time2 == 0))
+ if ((voms_service_time1 == GRST_MAX_TIME_T) || (voms_service_time2 == 0))
return GRST_RET_FAILED;
/* now we tighten up the VOMS AC time range using the most permissive
cacert = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (cacert != NULL)
- GRSTerrorLog(GRST_LOG_DEBUG, " Loaded CA root cert from file");
+ {
+ GRSTerrorLog(GRST_LOG_DEBUG, " Loaded CA root cert from file");
+ }
else
{
GRSTerrorLog(GRST_LOG_DEBUG, " Failed to load CA root cert file");
return GRST_RET_FAILED;
}
}
-
+
/* check times CA cert times, and reject if necessary */
tmp_time = GRSTasn1TimeToTimeT(
X509_free(cacert);
X509_free(vomscert);
- if (ret != X509_V_OK) return chain_errors | GRST_CERT_BAD_SIG;
+ if (ret != X509_V_OK) return (chain_errors | GRST_CERT_BAD_SIG);
asprintf(&vodir, "%s/%s", vomsdir, voname);
asprintf(&lscpath, "%s/%s", vodir, vodirent->d_name);
stat(lscpath, &statbuf);
- GRSTerrorLog(GRST_LOG_DEBUG, "Check LSC file %s for %s,%s",
+ GRSTerrorLog(GRST_LOG_DEBUG, "Check LSC file %s for %s,%s",
lscpath, acvomsdn, vomscert_cadn);
if ((fp = fopen(lscpath, "r")) != NULL)
free(lsc_vomsdn);
if (!lsc_found) chain_errors |= GRST_CERT_BAD_SIG;
-
- return chain_errors ? GRST_RET_FAILED : GRST_RET_OK;
+
+ return (chain_errors ? GRST_RET_FAILED : GRST_RET_OK);
}
/// Get the VOMS attributes in the given extension
"(Version: %s)\n", p, VERSION);
}
-void htproxy_logfunc(char *file, int line, int level, char *fmt, ...)
+int htproxy_logfunc(char *file, int line, int level, char *fmt, ...)
{
char *mesg;
va_list ap;
fprintf(stderr, "%s(%d) %s\n", file, line, mesg);
free(mesg);
+
+ return 0;
}
int main(int argc, char *argv[])
}
static server_rec *mod_gridsite_log_func_server;
-static void mod_gridsite_log_func(char *file, int line, int level,
+static int mod_gridsite_log_func(char *file, int line, int level,
char *fmt, ...)
{
char *mesg;
0, mod_gridsite_log_func_server, "%s", mesg);
free(mesg);
+ return 0;
}
static void mod_gridsite_child_init(apr_pool_t *pPool, server_rec *pServer)
.destroy = slashgrid_destroy
};
-void slashgrid_logfunc(char *file, int line, int level, char *fmt, ...)
+int slashgrid_logfunc(char *file, int line, int level, char *fmt, ...)
{
char *mesg;
va_list ap;
syslog(level, "%s(%d) %s", file, line, mesg);
free(mesg);
+ return 0;
}
int main(int argc, char *argv[])
git://scientific.zcu.cz / jra1mw.git / commitdiff