Removed dependecies on (obsolete) third-party library sslutils. Use routines offered...

author Daniel Kouřil <kouril@ics.muni.cz>

Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)

committer Daniel Kouřil <kouril@ics.muni.cz>

Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)
author Daniel Kouřil <kouril@ics.muni.cz>
Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)
committer Daniel Kouřil <kouril@ics.muni.cz>
Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)
diff --git a/org.glite.security.proxyrenewal/Makefile b/org.glite.security.proxyrenewal/Makefile

index f57916e..8d30d90 100644 (file)
--- a/org.glite.security.proxyrenewal/Makefile
+++ b/org.glite.security.proxyrenewal/Makefile
@@ -67,7 +67,6 @@ GLOBUS_LIBS:=-L${globus_prefix}/lib \
         -lglobus_common_${nothrflavour} \
         -lssl_${nothrflavour}
  
-SSL_UTILS_LIB:=-L${glite_location}/lib -lglobus_ssl_utils
  MYPROXY_LIB:=-L${myproxy_prefix}/lib -lmyproxy_${nothrflavour}
  
  JOBIDLIB:=-L${glite_location}/lib -lglite_wmsutils_cjobid
@@ -94,14 +93,14 @@ default: all
  compile all: ${LIB} ${THRLIB} ${DAEMON} ${CLIENT}
  
  ${LIB}: ${LIBOBJ}
-       ${LINK} -o $@ ${LIBLOBJ} -rpath ${glite_location}/lib ${JOBIDLIB} ${SSL_UTILS_LIB}
+       ${LINK} -o $@ ${LIBLOBJ} -rpath ${glite_location}/lib ${JOBIDLIB}
  
  
  ${THRLIB}: ${THRLIBOBJ}
-       ${LINK} -o $@ ${THRLIBLOBJ} -rpath ${glite_location}/lib ${SSL_UTILS_LIB}
+       ${LINK} -o $@ ${THRLIBLOBJ} -rpath ${glite_location}/lib
  
  ${DAEMON}: ${DAEMONOBJ}
-       ${LINK} -o $@ ${DAEMONOBJ} ${JOBIDLIB} ${SSL_UTILS_LIB} ${MYPROXY_LIB} -lglobus_gss_assist_${nothrflavour} ${GLOBUS_LIBS} 
+       ${LINK} -o $@ ${DAEMONOBJ} ${JOBIDLIB} ${MYPROXY_LIB} -lglobus_gss_assist_${nothrflavour} ${GLOBUS_LIBS} 
  
  ${CLIENT}: ${CLIENTOBJ} ${LIB}
         ${LINK} -o $@ ${CLIENTOBJ} ${LIB} ${GLOBUS_LIBS}
diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c

index ba566d0..fc6235e 100644 (file)
--- a/org.glite.security.proxyrenewal/src/commands.c
+++ b/org.glite.security.proxyrenewal/src/commands.c
@@ -97,39 +97,15 @@ strmd5(const char *s, unsigned char *digest)
  static int
  get_base_filename(char *proxy_file, char **basefilename)
  {
-   FILE *cert_file = NULL;
-   X509 *cert = NULL;
-   X509_NAME *s = NULL;
     char *subject = NULL;
     char file[FILENAME_MAX];
     int ret;
  
     assert(basefilename != NULL);
  
-   cert_file = fopen(proxy_file, "r");
-   if (cert_file == NULL) {
-      edg_wlpr_Log(LOG_ERR, "Cannot open file %s (%s)", 
-                   proxy_file, strerror(errno));
-      return errno;
-   }
-
-   cert = PEM_read_X509(cert_file, NULL, NULL, NULL);
-   if (cert == NULL) {
-      edg_wlpr_Log(LOG_ERR, "Cannot read certificate from %s", proxy_file);
-      ret = EDG_WLPR_ERROR_SSL; /* XXX */
-      goto end;
-   }
-
-   s = X509_NAME_dup(X509_get_subject_name(cert));
-   proxy_get_base_name(s);
-   subject = X509_NAME_oneline(s, NULL, 0);
-   X509_NAME_free(s);
-   X509_free(cert);
-   if (subject == NULL) {
-      edg_wlpr_Log(LOG_ERR, "Cannot read subject name from %s", proxy_file);
-      ret = EDG_WLPR_ERROR_SSL; /* XXX */
+   ret = get_proxy_base_name(proxy_file, &subject);
+   if (ret)
        goto end;
-   }
  
     snprintf(file, sizeof(file), "%s/%s", repository, strmd5(subject, NULL));
     *basefilename = strdup(file); /* XXX test ENOMEM */
@@ -138,7 +114,6 @@ get_base_filename(char *proxy_file, char **basefilename)
  end:
     if (subject)
        free(subject);
-   fclose(cert_file);
     return ret;
  }
  
@@ -236,8 +211,8 @@ get_times(char *proxy_file, proxy_record *record)
  
     asn1_time = ASN1_UTCTIME_new();
     X509_gmtime_adj(asn1_time,0);
-   end_time = ASN1_UTCTIME_mktime(X509_get_notAfter(cert));
-   start_time = ASN1_UTCTIME_mktime(X509_get_notBefore(cert));
+   globus_gsi_cert_utils_make_time(X509_get_notAfter(cert), &end_time);
+   globus_gsi_cert_utils_make_time(X509_get_notBefore(cert), &start_time);
     current_time = time(NULL);
     ASN1_UTCTIME_free(asn1_time);
     /* if (end_time - RENEWAL_CLOCK_SKEW < current_time) { Too short proxy } */
@@ -266,7 +241,7 @@ get_times(char *proxy_file, proxy_record *record)
          ret = -1; /* XXX SSL_ERROR */
          goto end;
        }
-      tmp_end = ASN1_UTCTIME_mktime(X509_get_notAfter(cert));
+      globus_gsi_cert_utils_make_time(X509_get_notAfter(cert), &tmp_end);
        if (tmp_end + RENEWAL_CLOCK_SKEW < current_time) {
          edg_wlpr_Log(LOG_ERR, "Expired proxy in %s", proxy_file);
          ret = EDG_WLPR_PROXY_EXPIRED;
diff --git a/org.glite.security.proxyrenewal/src/renew.c b/org.glite.security.proxyrenewal/src/renew.c

index d74c517..6c6e577 100644 (file)
--- a/org.glite.security.proxyrenewal/src/renew.c
+++ b/org.glite.security.proxyrenewal/src/renew.c
@@ -843,11 +843,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy)
     char tmp_proxy[FILENAME_MAX];
     int tmp_fd;
     char repository_file[FILENAME_MAX];
-   FILE *fd = NULL;
     int ret = -1;
     char *p;
-   X509 *cert = NULL;
-   X509_NAME *subject = NULL;
     char *server = NULL;
     myproxy_socket_attrs_t *socket_attrs;
     myproxy_request_t      *client_request;
@@ -863,6 +860,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy)
     server_response = malloc(sizeof(*server_response));
     memset(server_response, 0, sizeof(*server_response));
  
+   myproxy_set_delegation_defaults(socket_attrs, client_request);
+
     edg_wlpr_Log(LOG_DEBUG, "Trying to renew proxy in %s.%d",
                 basename, record->suffix);
  
@@ -875,39 +874,13 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy)
        return errno;
     }
  
-   myproxy_set_delegation_defaults(socket_attrs, client_request);
-
     snprintf(repository_file, sizeof(repository_file),"%s.%d",
             basename, record->suffix);
-   fd = fopen(repository_file, "r");
-   if (fd == NULL) {
-      edg_wlpr_Log(LOG_ERR, "Cannot open proxy %s for renewal (%s)",
-                  repository_file, strerror(errno));
-      ret = errno;
-      goto end; /* XXX */
-   }
-
-   cert = PEM_read_X509(fd, NULL, NULL, NULL);
-   fclose(fd);
-   if (cert == NULL) {
-      edg_wlpr_Log(LOG_ERR, "SSL routines failed to read proxy %s for renewal",
-                  repository_file);
-      ret = EDG_WLPR_ERROR_SSL;
-      goto end;
-   }
  
-   subject = X509_NAME_dup(X509_get_subject_name(cert));
-   proxy_get_base_name(subject);
-   client_request->username = X509_NAME_oneline(subject, NULL, 0);
-   X509_NAME_free(subject);
-   X509_free(cert);
-   if (client_request->username == NULL) {
-      edg_wlpr_Log(LOG_ERR, "Cannot read subject name from %s", repository_file);
-      ret = EINVAL;
+   ret = get_proxy_base_name(repository_file, &client_request->username);
+   if (ret)
        goto end;
-   }
  
-   /* XXX support VERY_SHORT_LIFETIME ? */
     client_request->proxy_lifetime = 60 * 60 * DGPR_RETRIEVE_DEFAULT_HOURS;
     client_request->authzcreds = repository_file;
  
diff --git a/org.glite.security.proxyrenewal/src/renewd.c b/org.glite.security.proxyrenewal/src/renewd.c

index 94c39d1..adebb09 100644 (file)
--- a/org.glite.security.proxyrenewal/src/renewd.c
+++ b/org.glite.security.proxyrenewal/src/renewd.c
@@ -604,6 +604,8 @@ int main(int argc, char *argv[])
        exit(1);
     }
  
+   globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE);
+
     if (!debug)
        for (fd = 3; fd < OPEN_MAX; fd++) close(fd);
  
@@ -664,3 +666,44 @@ int main(int argc, char *argv[])
     close(sock);
     return ret;
  }
+
+int
+get_proxy_base_name(char *file, char **name)
+{
+   X509 *cert = NULL;
+   EVP_PKEY *key = NULL;
+   STACK_OF(X509) *chain = NULL;
+   X509_NAME *subject = NULL;
+   int ret;
+
+   ret = load_proxy(file, &cert, &key, &chain);
+   if (ret)
+      return ret;
+
+   subject = X509_NAME_dup(X509_get_subject_name(cert));
+
+   sk_X509_insert(chain, cert, 0);
+   cert = NULL;
+
+   ret = globus_gsi_cert_utils_get_base_name(subject, chain);
+   if (ret) {
+      edg_wlpr_Log(LOG_ERR, "Cannot get subject name from proxy %s", file);
+      ret = EDG_WLPR_ERROR_SSL; /* XXX ??? */
+      goto end;
+   }
+
+   *name = X509_NAME_oneline(subject, NULL, 0);
+   ret = 0;
+
+end:
+   if (cert)
+      X509_free(cert);
+   if (key)
+      EVP_PKEY_free(key);
+   if (chain)
+      sk_X509_pop_free(chain, X509_free);
+   if (subject)
+      X509_NAME_free(subject);
+
+   return ret;
+}
diff --git a/org.glite.security.proxyrenewal/src/renewd_locl.h b/org.glite.security.proxyrenewal/src/renewd_locl.h

index ec023c3..426c2ee 100644 (file)
--- a/org.glite.security.proxyrenewal/src/renewd_locl.h
+++ b/org.glite.security.proxyrenewal/src/renewd_locl.h
@@ -5,8 +5,8 @@
  
  #include <myproxy.h>
  #include <myproxy_delegation.h>
+#include <globus_gsi_cert_utils.h>
  
-#include "glite/wmsutils/thirdparty/globus_ssl_utils/sslutils.h"
  #include "renewal.h"
  
  #ifdef HAVE_DMALLOC_H
@@ -80,4 +80,7 @@ int
  load_proxy(const char *filename, X509 **cert, EVP_PKEY **privkey,
             STACK_OF(X509) **chain);
  
+int
+get_proxy_base_name(char *file, char **subject);
+
  #endif /* RENEWALD_LOCL_H */
author	Daniel Kouřil <kouril@ics.muni.cz>
	Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)
committer	Daniel Kouřil <kouril@ics.muni.cz>
	Tue, 5 Oct 2004 13:10:17 +0000 (13:10 +0000)
org.glite.security.proxyrenewal/Makefile		patch \| blob \| blame \| history
org.glite.security.proxyrenewal/src/commands.c		patch \| blob \| blame \| history
org.glite.security.proxyrenewal/src/renew.c		patch \| blob \| blame \| history
org.glite.security.proxyrenewal/src/renewd.c		patch \| blob \| blame \| history
org.glite.security.proxyrenewal/src/renewd_locl.h		patch \| blob \| blame \| history