'unlabeled-1.140.2.4.1'.
Sprout from gridsite-core_branch_1_1_0_ETICS 2008-09-18 10:24:22 UTC ekenny 'Changed version to match the ETICS configuration'
Delete:
org.gridsite.core/.cvsignore
org.gridsite.core/CHANGES
org.gridsite.core/INSTALL
org.gridsite.core/LICENSE
org.gridsite.core/README
org.gridsite.core/VERSION
org.gridsite.core/build.xml
org.gridsite.core/doc/README.htcp-bin
org.gridsite.core/doc/build-apache2.sh
org.gridsite.core/doc/delegation-1.wsdl
org.gridsite.core/doc/findproxyfile.1
org.gridsite.core/doc/gsexec.8
org.gridsite.core/doc/htcp.1
org.gridsite.core/doc/htfind.1
org.gridsite.core/doc/htll.1
org.gridsite.core/doc/htls.1
org.gridsite.core/doc/htmkdir.1
org.gridsite.core/doc/htmv.1
org.gridsite.core/doc/htping.1
org.gridsite.core/doc/htrm.1
org.gridsite.core/doc/httpd-fileserver.conf
org.gridsite.core/doc/httpd-webserver.conf
org.gridsite.core/doc/index.html
org.gridsite.core/doc/mod_gridsite.8
org.gridsite.core/doc/urlencode.1
org.gridsite.core/interface/gridsite-gacl.h
org.gridsite.core/interface/gridsite.h
org.gridsite.core/project/build.number
org.gridsite.core/project/build.properties
org.gridsite.core/project/configure.properties.xml
org.gridsite.core/project/dependencies.properties
org.gridsite.core/project/gridsite.core.csf.xml
org.gridsite.core/project/properties.xml
org.gridsite.core/project/taskdefs.xml
org.gridsite.core/src/Doxyfile
org.gridsite.core/src/Makefile
org.gridsite.core/src/delegation.h
org.gridsite.core/src/doxygen.css
org.gridsite.core/src/doxyheader.html
org.gridsite.core/src/findproxyfile.c
org.gridsite.core/src/gaclexample.c
org.gridsite.core/src/gridsite-copy.c
org.gridsite.core/src/gridsite.spec
org.gridsite.core/src/grst-delegation.c
org.gridsite.core/src/grst_admin.h
org.gridsite.core/src/grst_admin_file.c
org.gridsite.core/src/grst_admin_gacl.c
org.gridsite.core/src/grst_admin_main.c
org.gridsite.core/src/grst_asn1.c
org.gridsite.core/src/grst_gacl.c
org.gridsite.core/src/grst_htcp.c
org.gridsite.core/src/grst_http.c
org.gridsite.core/src/grst_x509.c
org.gridsite.core/src/grst_xacml.c
org.gridsite.core/src/gsexec.c
org.gridsite.core/src/gsexec.h
org.gridsite.core/src/htcp.c
org.gridsite.core/src/htproxyput.c
org.gridsite.core/src/mod_gridsite.c
org.gridsite.core/src/mod_ssl-private.h
org.gridsite.core/src/roffit
org.gridsite.core/src/showx509exts.c
org.gridsite.core/src/urlencode.c
org.gridsite.core/src/xacmlexample.c
+++ /dev/null
-.project
\ No newline at end of file
+++ /dev/null
-* Thu Sep 18 2008 <Eamonn.Kenny@cs.tcd.ie>
-- Changed makefile and spec file to include platform
- independent use of lib/lib64.
-* Mon Apr 24 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Merge delegation functions from before 1.1.18 with
- fixes and mod_gridsite improvements from 1.1.18
-- Reworked SSL session caching: passcodes directory now
- because /var/www/sessions by default, and also used
- to cache credentials according to SSL Session ID.
-- Patch from Alberto di Meglio <alberto.di.meglio@cern.ch>
- to allow use of relocated httpd include files.
-- Use dist for building tar balls
-* Mon Apr 24 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.18.1 ====
-* Fri Mar 31 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Final tidy up for gLite 3.1
-* Fri Mar 31 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.18 ====
-* Wed Mar 29 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- New proxy destroy and time functions.
-* Tue Mar 28 2006 Shiv Kaushal <shiv@hep.man.ac.uk>
-- Fixed bug in GACL admin interface that would cause
- internal server erorr sometimes when adding new
- entries to and ACL.
-* Sat Mar 25 2006 Shiv Kaushal <shiv@hep.man.ac.uk>
-- Change delegation header to Proxy-Delegation-Service
- instead of Grst-
-* Wed Mar 22 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add GRSTx509MakeDelegationID() to grst_x509.c
-- Include code for new style delegation proxy storage
-* Fri Mar 17 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Associate ldconfig %post in spec with -shared RPM
-* Thu Mar 16 2006 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fixes for 200/201 error pages produced by Apache
-- Fixes for onetime passcode non-removal if HTTPS
-- Include new multi-RPM spec file: gridsite-shared,
- gridsite-devel, gridsite-apache, gridsite-commands
- (replacing htcp) and gridsite-gsexec
-* Fri Mar 03 2006 Shiv Kaushal <shiv@hep.man.ac.uk>
-- Modify GridSiteDelegationURI directive to insert HTTP
- headers instead of modifying HTML
-* Mon Feb 6 2006 Shiv Kaushal <shiv@hep.man.ac.uk>
-- Add GridSiteDelegationURI directive to mod_gridsite
- to allow Firefox extension to locate delegation service
-* ==== GridSite version 1.1.17 ====
-* Thu Jan 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add 5 minute window for VOMS attributes valid slightly
- in the future.
-- Include Content-Range PUT support in mod_gridsite,
- adapted from mod_dav by David O Callaghan
-- Return 201 Created when PUT creates a file
-* Mon Dec 5 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Change GRIDHTTP_ONETIME to GRIDHTTP_PASSCODE
-- Remove onetime=yes default from mod_gridsite
-- Update gridsite.spec and Makefile for gridsite-copy.cgi
-* Wed Nov 16 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.16 ====
-* Wed Nov 16 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add -fPIC option to Makefile for IA64, as suggested
- by Andreas Unterkircher.
-* Wed Oct 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.15 ====
-* Wed Oct 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix for older OpenSSL to grst_x509.c from
- Zoltan.Farkas <Zoltan.Farkas@cern.ch>
-* Wed Oct 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.14 ====
-* Tue Oct 11 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Modify VOMS AC parsing to handle multiple ACs inside
- the same X.509 AC extension.
-* Mon Oct 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.13 ====
-* Mon Oct 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add target_gname patch to gsexec from
- Gerben Venekamp <venekamp@nikhef.nl>
-* Thu Oct 6 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix session reuse with Shared-Memory SSL Session
- Cache bug #8856 in mod_gridsite.
-- Add SiteCast support to file copying in htcp.
-* Tue Oct 4 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Move User, Config, Admin and Install guides from
- doc directory into GridSite Wiki.
-- Create/update man pages for htcp, mod_gridsite and
- gsexec to be distributed with source/binaries.
-* Mon Oct 3 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix to gsexec GRST_CRED_0/SSL_CLIENT_S_DN bug found
- by Ian Stokes-Rees <i.stokes-rees1@PHYSICS.OX.AC.UK>
-* Fri Sep 30 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add SiteCast ping (NOP) support to htcp
-* Thu Sep 29 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add SiteCast support to mod_gridsite (file location
- discovery via UDP multicast of HTCP messages.)
-* Wed Sep 21 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add ports 777 and 488 to example httpd.conf files in
- docs. See http://www.gridsite.org/wiki/IP_Ports
-* Tue Sep 13 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.12 ====
-* Tue Sep 13 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix bug #10031 submitted by Fabrizio Pacini
- <fabrizio.pacini@cern.ch> (invalid free in
- GRSTgaclAclLoadFile if ACL format not valid.)
-* Mon Sep 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Accept GRIDHTTP_ONETIME when passed in HTTP query
- (still overridden by a GRIDHTTP_ONETIME in a cookie.)
-* Sat Sep 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix problem with attempted upgrades to GridHTTP when
- already on the HTTP virtual server.
-* Fri Sep 9 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- GRST_DESTINATION_TRANSLATED and GRST_DESTINATION_PERM
- environment variables, for use with CGI-based COPY.
-- Rework GridHTTP (ex-Downgrade) code to store method
- and URI with permission, rather than credentials.
-- Restrict use of GridSiteOnetimesDir to main server.
-* Fri Aug 26 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix for HTTP PUT lack-of-truncation bug found by
- Mike Jones, and support for HTTP/WebDAV MOVE.
-- Add MOVE support to htcp and update htcp manpage.
-- Unset CURLOPT_SSL_VERIFYPEER in htcp etc when using
- --noverify option.
-* Fri Jun 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.11 ====
-* Fri Jun 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Tidy up gsexec vs GridSiteDiskMode
-* Fri Jun 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.10 ====
-* Wed Jun 8 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add GridSiteDiskMode Apache directive to set file
- permissions.
-- Add GridSiteExecMethod and GridSiteUserGroup to
- configure suexec or extended gsexec functionality.
-* Thu Jun 2 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- HTML improvements for Bug #4083
-- Note that GridSite currently doesn't work with SHM
- SSL session cache, in httpd-*.conf and config guide.
-- Add GridSiteExecMethod for use with gsexec
-* Thu May 26 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Include gsexec, a drop-in replacement for suexec,
- which can do suexec execution of CGI programs or
- pool-account mapping based on client DN.
-* Tue May 24 2005 Shiv Kaushal <shiv@hep.man.ac.uk>
-- Add XACML support to GACL code in libgridsite.
-* Tue May 24 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.9 ====
-* Mon Apr 25 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Avoid build problems when using pre-0.9.7 OpenSSL
- (ie with Globus compatibility.)
-* Mon Apr 25 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.8 ====
-* Mon Feb 28 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix to GRSTgaclUndenyPerm in gridsite.h (bug #7135)
- from Marco Sottilaro <marco.sottilaro@datamat.it>
-* Mon Feb 28 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.7 ====
-* Thu Feb 24 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add more sanity checking (signatures, dates, issuer,)
- holder) to VOMS attribute parser.
-* Mon Feb 21 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add bugfix for Bug #6357 from Fabrizio Pacini
- <fabrizio.pacini@cern.ch> to fix delegation proxy
- cache names in OpenSSL 0.9.7.
-* Sun Feb 20 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Add basic VOMS support (signature checking not yet
- in) for X.509 Attribute Certificates.
-* Tue Feb 8 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.6 ====
-* Tue Feb 8 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Include GRSTx509MakeProxyFileName() and
- GRSTx509StringToChain() (code to used hashes in cached
- proxy file names.) Bug #6357
-- Change ordering of output proxy file produced by
- GRSTx509CacheProxy so proxy private key is the 2nd PEM
- encoded block (rather than at the end.) Bug #6365
-- Add libgridsite_globus[.so|.a] in preparation for
- separate Globus OpenSSL and system OpenSSL versions
-* Tue Feb 8 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.5 ====
-* Tue Dec 14 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Patch from Daniel Kouril <kouril@ics.muni.cz> to allow
- switching Globus vs system OpenSSL libraries/headers.
-* Tue Dec 14 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.4 ====
-* Mon Nov 15 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Back out of (most of) redone VOMS support for committing
- to JRA1 CVS.
-* Thu Oct 19 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.3 ====
-* Thu Oct 19 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Fix Bug #5203 from Martijn Steenbakkers <msteenba>
- by fixing GACLparseEntry in gridsite-gacl.h
-- Change to C style comments (mostly) in gridsite.h and
- gridsite-gacl.h (fixes part of Bug #4222 from
- <aleks@fys.uio.no>)
-- Fix Bug #4225 from <aleks@fys.uio.no> in
- GRSTgaclCredsFree()
-- Add GRSTx509CachedProxyFind() and findproxyfile
- command to allow proxies to be found in proxy cache
-- Change GRSTx509StoreProxy() to GRSTx509CacheProxy() for
- consistency with this and GRSTx509CachedProxyKeyFind()
-* Wed Oct 18 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.2 ====
-* Tue Oct 19 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Copy code from delegation prototype into grst_x509.c
- and include htproxyput.c and grst-delegation.c
- optional targets (which depend on gSOAP.)
-* Wed Oct 13 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- Include per-file patch to GRSTgaclFileFindAclname:
- .gacl:FILENAME controls FILENAME if it exists.
-* Tue Jul 27 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
-- ==== GridSite version 1.1.1 ====
-* Tue Jul 27 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include HTTP Downgrade support in htcp
-* Sat Jul 24 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include HTTP Downgrade support in mod_gridsite.
-* Thu Jul 22 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Begin development version 1.1.x
-* Thu Jul 22 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 1.1.0 ====
-* Mon Jul 19 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Changes in line with EGEE SCM - most importantly
- the top level directory becomes org.gridsite.core
-* Mon Jul 19 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 1.0.3 ====
-* Mon Jun 28 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- In GRSTx509CheckChain() and GRSTx509CompactCreds()
- we now accept the first cert in a chain as a CA
- even if it is X509v3 but without the CA bits set.
- (On the basis that the first chain is from the
- administrator-installed CA files store.)
-* Sun Jun 27 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 1.0.2 ====
-* Sun Jun 27 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Fix for Bug #2860 (so can now read DN Lists over
- HTTPS when have no user certificate if relevant
- .gacl gives <read> permission but not <list>)
-- Include gridsite-gacl.h mods from Daniel Kouril
- <kouril@ics.muni.cz> to fix faulty definitions
- of GACLnewEntry() and GACLnewAcl() and to make
- a legacy non-static GACLparseEntry() wrapper.
-* Thu Jun 17 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Changes to mod_gridsite.h for Fedora Core 2 /
- Apache 2.0.49+ mod_ssl changes (mod_ssl-private.h)
-* Wed Jun 9 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- Incorporate EGEE CVS layout changes in production
- branch.
-* Wed Jun 9 2004 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 1.0.1 ====
-* Sun Dec 14 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- 1.0.0 is first full production release
- (development now in 1.1.x branch)
-* Sun Dec 14 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 1.0.0 ====
-* Sat Dec 13 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Remove need for modified mod_ssl-gridsite: now
- mod_gridsite intercepts callbacks with wrappers.
-- Add GRSTx509NameCmp() which compares string reps of
- DNs across OpenSSL version changes (ie Email=)
-* Fri Dec 12 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.11 ====
-* Thu Dec 11 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Simplify checking of cert/proxy chain in
- mod_ssl-gridsite: rely on mod_ssl/OpenSSL more.
-* Wed Dec 2 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.10 ====
-* Tue Dec 1 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- GACL ignores leading/trailing spaces in values.
-* Sat Nov 29 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Better directory listing in htcp.
-- htcp now built as separate binary RPM.
-- gridsite-admin.cgi upload now redirects to same
- directory after upload (Bug #1939); allows
- optional new name for file (Request / Bug #1940);
- and has better checking of ../dir/file attacks.
-* Sat Nov 29 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.8 ====
-* Thu Nov 27 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Shiv's updated GACL editor, with redirects.
-* Wed Nov 26 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include Daniel Stenberg's roffit script to make
- HTML man pages for htcp and urlencode.
-- Various fixes found when installing GridPP WWW.
-* Wed Nov 26 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.7 ====
-* Thu Nov 20 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Major updates to htcp (htrm/htls/htll)
-- GACL now recurses subdirectories when examining
- the DN List directories path.
-* Sat Nov 15 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.6 ====
-* Fri Nov 14 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Function call fixes in grst-admin.cgi
-* Thu Nov 13 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Add htcp (curl-url-get reborn)
-* Thu Nov 13 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.5 ====
-* Thu Nov 13 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- More grst-admin.cgi GACL updates from Shiv.
-- .gacl security improvements to grst-admin.cgi from
- Shiv Kaushal and Peter Moore.
-* Tue Nov 11 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- One RPM instead of three, with version from VERSION
-- Textarea for HTML/Text editing now 80 columns
-* Mon Nov 10 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Add delegation level and GridSiteGSIProxyLimit
- support.
-- Add GridSiteAdminList handling to mod_gridsite
- and real-gridsite-admin.cgi
-* Sun Nov 9 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Add directory create/delete, and file/dir rename.
-- Add ZIP listing/unzipping via external unzip
- utility from http://www.info-zip.org/pub/infozip/
-* Mon Nov 3 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include next version of Shiv's GACL editor.
-- Add rpm-usr target to Makefile, to make RPMs
- out-of-the-box compatible with RH9 and its Apache2
-- Use REMOTE_DOUBLE_REV for GACL hostname creds in
- mod_gridsite.c/mod_gridsite_perm_handler()
-* Sun Oct 26 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include GACL editor in real-gridsite-admin.cgi
- from Shiv Kaushal <shiv@hep.man.ac.uk>
-* Sun Oct 26 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Reorganise into a single build tree, including
- Apache 2.0 .h files to remove circular dependency.
-* Sun Oct 26 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.4 ====
-* Sun Oct 19 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- Include many pieces of GridSite code from 0.3.x (CGI)
- fileGridSite and mod_gridsite 0.9.0
-* Sun Oct 19 2003 Andrew McNab <mcnab@hep.man.ac.uk>
-- ==== GridSite version 0.9.3 ====
+++ /dev/null
-BUILDING/INSTALLING GRIDSITE
-============================
-
-For more detailed instructions, see the Installation and Build
-pages in the GridSite Wiki http://www.gridsite.org/wiki/
-
-GridSite is currently only supported on Linux, but should be
-trivially portable to other Unix platforms where the GNU build
-tools are available.
-
-When building from source, two routes are available: building
-with Make or with RPM.
-
-BUILDING WITH MAKE
-==================
-
-make
-make install
-
-will build all components and install them all under the default
-locations of /usr/local/[lib|bin|include|sbin] The default prefix
-/usr/local is set by the prefix variable in the top level Makefile
-
-BUILDING WITH RPM
-=================
-
-For RedHat Linux and derivatives, building with RPM is recommended.
-The command
-
-make rpm
-
-will build the gridsite and htcp binary RPMs in the directory
-../RPMTMP/RPMS/i386 relative to the working directory. A SRPM is
-put into ../RPMTMP/SRPMS
-
-Building with RPM uses the default prefix /usr, although the
-resulting RPMs are relocatable to other hierarchies.
+++ /dev/null
-Copyright (c) 2002-5, Andrew McNab and Shiv Kaushal,
-University of Manchester. All rights reserved.
-
-Redistribution and use in source and binary forms, with or
-without modification, are permitted provided that the following
-conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-
-Clearly marked portions of the published GridSite source code
-are derived from Apache httpd or its modules, and are covered
-by the Apache Software License:
-
-Copyright 2001-2005 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+++ /dev/null
-See INSTALL for build and installation instructions, and the
-man pages for reference information.
-
-The GridSite Wiki at http://www.gridsite.org/wiki/ has guides
-( http://www.gridsite.org/wiki/Category:Guides ) and cookbook
-examples ( http://www.gridsite.org/wiki/Category:Cookbooks )
+++ /dev/null
-MAJOR_VERSION=1
-MINOR_VERSION=1.1
-PATCH_VERSION=1.1.18.1
-VERSION=$(PATCH_VERSION)
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Copyright (c) 2004 on behalf of the EU EGEE Project:
- The European Organization for Nuclear Research (CERN),
- Istituto Nazionale di Fisica Nucleare (INFN), Italy
- Datamat Spa, Italy
- Centre National de la Recherche Scientifique (CNRS), France
- CS Systeme d'Information (CSSI), France
- Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
- Universiteit van Amsterdam (UvA), Netherlands
- University of Helsinki (UH.HIP), Finland
- University of Bergen (UiB), Norway
- Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
-
- Build file for the Gridsite Core Subsystem
-
- Authors: Alberto Di Meglio <alberto.di.meglio@cern.ch>
- Version info: $Id$
- Release: $Name$
-
- Revision history:
- $Log$
- Revision 1.11 2005/02/16 14:14:39 dimeglio
- Added patch to use globus compilation flags also in the RPMS
-
- Revision 1.10 2004/12/17 09:11:43 dimeglio
- Added local tag targets (because of special naming rules here)
-
- Revision 1.9 2004/12/17 09:02:49 dimeglio
- Removed redefinition of global.prefix
-
- Revision 1.8 2004/12/17 00:32:50 dimeglio
- Fixed global.prefix
-
- Revision 1.7 2004/12/03 14:49:59 dimeglio
- Added OPENSSL_FLAGS and _LIBS options
-
- Revision 1.6 2004/11/13 10:55:44 glbuild
- Added artifacts RPMS directory
-
- Revision 1.5 2004/10/29 22:55:07 dimeglio
- Use envset target
-
- Revision 1.4 2004/10/28 23:00:14 dimeglio
- Removed post-subsystem entry
-
- Revision 1.3 2004/10/27 11:19:17 dimeglio
- Fixed i386 instead of 1386
-
- Revision 1.2 2004/10/27 11:18:38 dimeglio
- Use os.platform instead of hard-coded rhel30
-
- Revision 1.1 2004/10/26 17:54:24 dimeglio
- First version of this file
-
--->
-
-<project name="gridsite-core" default="dist">
-
- <description>
- Ant build file to build the Gridsite Core Component
- </description>
-
- <!-- =========================================
- Import properties (order is important)
- ========================================= -->
-
- <!-- Import baseline & user properties -->
- <import file="../org.glite/project/baseline.properties.xml" />
-
- <!-- Import subsystem build properties,
- subsystem properties &
- subsystem common properties -->
- <import file="./project/properties.xml" />
-
- <!-- Import global build properties and global properties -->
- <import file="${global.properties.file}" />
-
- <!-- =========================================
- Load dependencies properties files (order is important)
- ========================================= -->
- <property file="${user.dependencies.file}"/>
- <property file="${subsystem.dependencies.file}"/>
- <property file="${global.dependencies.file}"/>
-
- <!-- =========================================
- Load configure options
- ========================================= -->
- <import file="${global.configure.options.file}"/>
- <import file="${component.configure.options.file}"/>
-
- <!-- =========================================
- Import global task definitions
- ========================================= -->
- <import file="${global.taskdefs.file}" />
-
- <!-- =========================================
- Import global compiler definitions
- ========================================= -->
- <import file="${global.compilerdefs.file}" />
-
- <!-- =========================================
- Import targets
- ========================================= -->
- <import file="${global.targets-common.file}" />
-
- <!-- =========================================
- Load version file
- ========================================= -->
- <property file="${module.version.file}"/>
- <property file="${module.build.file}"/>
-
- <!-- ===============================================
- Public common targets
- =============================================== -->
-
- <target name="localinit" depends="envcheck">
- <mkdir dir="${stage.dir}" />
- <mkdir dir="${dist.dir}" />
- </target>
-
- <target name="init" depends="localinit">
- <echo>${global.prefix}</echo>
- </target>
-
- <target name="checkstyle" depends="init">
- </target>
-
- <target name="compile" depends="checkstyle">
- <if>
- <isset property="build.make.arguments"/>
- <then>
- <!-- Call make default compile target -->
- <make target="build" dir="${module.src.dir}" failonerror="${failonerror}" args="${build.make.arguments}"/>
- </then>
- <else>
- <!-- Call make default compile target -->
- <make target="build" dir="${module.src.dir}" failonerror="${failonerror}"/>
- </else>
- </if>
- </target>
-
- <target name="compiletest" depends="compile">
- </target>
-
- <target name="unittest" depends="compiletest">
- </target>
-
- <target name="unitcoverage" depends="unittest">
- </target>
-
- <target name="doc" depends="unitcoverage">
- </target>
-
- <target name="stage" depends="doc">
- <if>
- <isset property="build.make.arguments"/>
- <then>
- <!-- Call make default compile target -->
- <make target="install" dir="${module.src.dir}" failonerror="${failonerror}" args="${build.make.arguments}"/>
- </then>
- <else>
- <!-- Call make default compile target -->
- <make target="install" dir="${module.src.dir}" failonerror="${failonerror}"/>
- </else>
- </if>
- </target>
-
- <target name="dist" depends="stage">
- <make target="rpm" dir="${module.src.dir}" failonerror="${failonerror}" args="${build.make.arguments}"/>
- <exec dir="${module.dir}/RPMTMP/BUILDROOT/usr" executable="tar">
- <arg line="-czf ${module.dir}/gridsite-${module.version}_bin.tar.gz ." />
- </exec>
- <copy file="gridsite-${module.version}_bin.tar.gz" todir="${dist.dir}"/>
- <copy file="gridsite-${module.version}.src.tar.gz" tofile="${dist.dir}/gridsite-${module.version}_src.tar.gz"/>
- <copy todir="${dist.dir}/${os.platform}/i386/RPMS">
- <fileset dir="${module.dir}/RPMTMP/RPMS/i386">
- <include name="*.rpm"/>
- </fileset>
- </copy>
- <delete dir="${module.dir}/RPMS"/>
- <mkdir dir="${module.dir}/RPMS"/>
- <copy todir="${module.dir}/RPMS">
- <fileset dir="${module.dir}/RPMTMP/RPMS/i386">
- <include name="*.rpm"/>
- </fileset>
- </copy>
- <delete>
- <fileset dir="${module.dir}">
- <include name="*.tar.gz"/>
- </fileset>
- </delete>
- <delete dir="RPMTMP"/>
- </target>
-
- <target name="install" depends="localinit">
- <make target="install" dir="${module.src.dir}" failonerror="${failonerror}"/>
- </target>
-
- <target name="all" depends="dist">
- </target>
-
- <target name="clean" depends="envcheck">
- <property name="offline.repository" value="true" />
- <make target="clean" dir="${module.src.dir}" failonerror="false"/>
- <delete dir="${module.dir}/src/doxygen"/>
- <delete>
- <fileset dir="${module.dir}/src">
- <include name="*.o"/>
- <include name="*.so"/>
- <include name="*.so.*"/>
- <include name="*.a"/>
- <include name="rm -rf urlencode"/>
- </fileset>
- </delete>
- <delete dir="${module.dir}/RPMS"/>
- </target>
-
- <target name="cleanAll" depends="clean"/>
-
- <!-- ===============================================
- Private targets
- =============================================== -->
-
- <!-- ========================================================
- tag: Tag module
- ======================================================== -->
- <target name="tag" description="Apply tag.">
-
- <property name="tag.type" value="B"/>
- <!-- Set module CVS Label -->
- <exec executable="tr" inputstring="${module.version}" outputproperty="cvs.module.version">
- <arg line=". _"/>
- </exec>
- <property name="cvs.label" value="gridsite-core_${tag.type}_${cvs.module.version}_${module.build}" />
- <echo>New tag is ${cvs.label}</echo>
-
- <!-- Apply tag -->
- <property name="failonerror" value="true"/>
- <property name="tag.switch" value="-FR"/>
- <exec dir="${workspace.abs.dir}" executable="cvs" failonerror="${failonerror}">
- <arg line="tag ${tag.switch} ${cvs.label} ${module.name}" />
- </exec>
-
- </target>
-
- <target name="component_release_tag">
-
- <!-- Set module CVS Label -->
- <exec executable="tr" inputstring="${module.version}" outputproperty="cvs.module.version">
- <arg line=". _"/>
- </exec>
- <property name="cvs.label" value="gridsite-core_R_${cvs.module.version}" />
- <echo>New tag is ${cvs.label}</echo>
-
- <!-- Apply tag -->
- <exec dir="${workspace.abs.dir}" executable="cvs" failonerror="true">
- <arg line="tag -R ${cvs.label} ${module.name}" />
- </exec>
-
- </target>
-
- <!-- ===============================================
- Modules proxy targets
- =============================================== -->
-
- <!-- component targets definitions tag = do not remove = -->
-
-
- <!-- Main proxy -->
- <target name="buildmodules" depends="envset"/>
-
-</project>
-
+++ /dev/null
-Binaries (and links) are in ./bin; man pages are in ./man/man1
-
-Install by copying binaries/links onto your path, or by copying htcp
-and making symbolic links to htcp from htls, htll, htrm and htmkdir.
-
-All the .1 man pages should be copied to a suitable ./man/man1
-directory on your man path.
-
-If you just want to install htcp in /usr/local, then unpacking this
-tgz file in /usr/local should do the trick. (Delete this README when
-you're finished!)
-
-For more about htcp see http://www.gridsite.org/
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (c) 2002-3, Andrew McNab, University of Manchester
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# o Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-# o Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-#---------------------------------------------------------------
-# For more information about GridSite: http://www.gridsite.org/
-#---------------------------------------------------------------
-#
-# This script takes an Apache .tar.gz as the single command line argument,
-# unpacks the file, modifies the httpd.spec it contains to work without
-# the "-C" option to configure (which RedHat 7.3 doesnt like) and
-# outputs source and binary RPMs in SRPMS and RPMS/i386
-
-if [ "$1" = "" ] ; then
- echo Must give a tar.gz file name
- exit
-fi
-
-export MYTOPDIR=`pwd`
-
-if [ -x /usr/bin/rpmbuild ] ; then
- export RPMCMD=rpmbuild
-else
- export RPMCMD=rpm
-fi
-
-echo "$1" | grep '\.tar\.gz$' >/dev/null 2>&1
-if [ $? = 0 ] ; then # a gzipped source tar ball
-
- rm -Rf $MYTOPDIR/BUILD $MYTOPDIR/BUILDROOT $MYTOPDIR/SOURCES
- mkdir -p $MYTOPDIR/SOURCES $MYTOPDIR/SPECS $MYTOPDIR/BUILD \
- $MYTOPDIR/SRPMS $MYTOPDIR/RPMS/i386 $MYTOPDIR/BUILDROOT
-
- shortname=`echo $1 | sed 's:^.*/::' | sed 's:\.tar\.gz$::'`
-
- cp -f $1 SOURCES
-
- tar zxvf SOURCES/$shortname.tar.gz $shortname/httpd.spec
- cp -f $shortname/httpd.spec SPECS
-
- sed -e 's/configure -C /configure /' \
- SPECS/httpd.spec >SPECS/httpd-2.spec
-
- $RPMCMD --define "_topdir $MYTOPDIR" \
- -ba --buildroot $MYTOPDIR/BUILDROOT SPECS/httpd-2.spec
-
- exit
-fi
-
-echo I dont recognise the file type (must be .tar.gz)
-
-exit
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<definitions
- targetNamespace="http://www.gridsite.org/namespaces/delegation-1"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:tns="http://www.gridsite.org/namespaces/delegation-1"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <types>
- <schema
- targetNamespace="http://www.gridsite.org/namespaces/delegation-1"
- xmlns="http://www.w3.org/2001/XMLSchema">
- <complexType name="DelegationException">
- <sequence>
- <element name="message" nillable="true" type="xsd:string"/>
- </sequence>
- </complexType>
- </schema>
- </types>
-
- <message name="getProxyReqResponse">
- <part name="getProxyReqReturn" type="xsd:string"/>
- </message>
- <message name="getProxyReqRequest">
- <part name="delegationID" type="xsd:string"/>
- </message>
-
- <message name="DelegationException">
- <part name="fault" type="tns:DelegationException"/>
- </message>
-
- <message name="putProxyResponse"/>
- <message name="putProxyRequest">
- <part name="delegationID" type="xsd:string"/>
- <part name="proxy" type="xsd:string"/>
- </message>
-
- <portType name="Delegation">
- <operation name="getProxyReq" parameterOrder="delegationID">
- <documentation>
- Starts the delegation procedure by asking for a certificate
- signing request from the server. The server answers with a
- certificate signing request which includes the public key
- for the new delegated credentials. Uses PEM encoding.
- </documentation>
- <input message="tns:getProxyReqRequest" name="getProxyReqRequest"/>
- <output message="tns:getProxyReqResponse" name="getProxyReqResponse"/>
- <fault message="tns:DelegationException" name="DelegationException"/>
- </operation>
-
- <operation name="putProxy" parameterOrder="delegationID proxy">
- <documentation>
- Finishes the delegation procedure by sending the signed
- proxy certificate to the server. Uses PEM encoding.
- </documentation>
- <input message="tns:putProxyRequest" name="putProxyRequest"/>
- <output message="tns:putProxyResponse" name="putProxyResponse"/>
- <fault message="tns:DelegationException" name="DelegationException"/>
- </operation>
- </portType>
-
- <binding name="DelegationSoapBinding" type="tns:Delegation">
- <wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
-
- <operation name="getProxyReq">
- <wsdlsoap:operation soapAction=""/>
- <input name="getProxyReqRequest">
- <wsdlsoap:body namespace="http://www.gridsite.org/namespaces/delegation-1" use="literal"/>
- </input>
- <output name="getProxyReqResponse">
- <wsdlsoap:body namespace="http://www.gridsite.org/namespaces/delegation-1" use="literal"/>
- </output>
- <fault name="DelegationException">
- <wsdlsoap:fault name="DelegationException" use="literal"/>
- </fault>
- </operation>
-
- <operation name="putProxy">
- <wsdlsoap:operation soapAction=""/>
- <input name="putProxyRequest">
- <wsdlsoap:body namespace="http://www.gridsite.org/namespaces/delegation-1" use="literal"/>
- </input>
- <output name="putProxyResponse">
- <wsdlsoap:body namespace="http://www.gridsite.org/namespaces/delegation-1" use="literal"/>
- </output>
- <fault name="DelegationException">
- <wsdlsoap:fault name="DelegationException" use="literal"/>
- </fault>
- </operation>
- </binding>
-
-</definitions>
+++ /dev/null
-.TH findproxyfile 1 "October 2004" "findproxyfile" "GridSite Manual"
-.SH NAME
-.B findproxyfile
-\- returns full path to GSI Proxy file
-.SH SYNOPSIS
-.B findproxyfile
-[--proxycache=PATH] [--delegation-id=ID] [--user-dn=DN] [--outsidecache]
-.SH DESCRIPTION
-.B findproxyfile
-returns full path to a GSI Proxy file, either in the proxy cache maintained
-by the GridSite G-HTTPS and delegation portType functions, or in other
-standard places.
-
-If a User DN is given
-.B findproxyfile
-uses the value of the
-.B --proxycache
-argument, the GRST_PROXY_PATH or the
-compile time default to detemine the location of the proxy cache directory.
-The directory is searched for a proxy having the given User DN and
-Delegation ID. (If no Delegation ID is specificed, then the default value is
-used.)
-
-If
-.B findproxyfile
-does not find a proxy or if a User DN is not given, but
-.B --outsidecache
-was given, then the environment variable X509_USER_PROXY and the standard
-location /tmp/x509up_uUID are searched as well.
-
-.SH OPTIONS
-
-.IP "--proxycache=PATH"
-Give the path of the proxy cache directory explicitly, overriding the
-default and the GRST_PROXY_PATH environment variable if present.
-
-.IP "--delegation-id=ID"
-The optional delegation ID is search for in the proxy cache in addition to
-the User DN. If absent, the default Delegation ID value is searched for.
-
-.IP "--user-dn=DN"
-The DN of the full user certificate associated with the proxy to be searched
-for in the proxy cache. (This is not the DN of any proxy earlier in the
-chain: it is a the DN of a certificate issued by a recognised CA.)
-
-.IP "--outsidecache"
-If a User DN is not given, or a proxy not found in the cache, then search
-for a proxy using X509_USER_PROXY environment variable and file name of
-form /tmp/x509up_uUID as well.
-
-.SH RETURN VALUE
-If a proxy is found, its full path is output on standard out.
-
-.SH EXIT CODES
-0 is returned on succcess. Non-zero otherwise.
-
-.SH BUGS
-In this version, no attempt is made to verify or validate the proxies.
-
-.SH AUTHOR
-Andrew McNab <Andrew.McNab@man.ac.uk>
-
-findproxyfile is part of GridSite: http://www.gridsite.org/
+++ /dev/null
-.TH GSEXEC 8 "October 2005" "gsexec" "GridSite Manual"
-.SH NAME
-.B gsexec
-\- Switch user before executing external programs
-
-.SH "SYNOPSIS"
-
-.BR gsexec
-[-V]
-
-.SH "SUMMARY"
-
-gsexec is used by the Apache HTTP Server to switch to another user before
-executing CGI programs\&. In order to achieve this, it must run as root\&.
-Since the HTTP daemon normally doesn't run as root, the gsexec executable
-needs the setuid bit set and must be owned by root\&. It should never be
-writable for any other person than root\&.
-
-gsexec is based on Apache's suexec, and its behaviour is controlled with
-the Apache configuration file directives
-.BR GridSiteExecMethod
-and
-.BR GridSiteUserGroup
-added to Apache by
-.BR mod_gridsite(8)
-Four execution methods are supported: nosetuid, suexec, X509DN and directory,
-and these may be set on a per-directory basis within the Apache configuration
-file.
-
-.SH "NOSETUID METHOD"
-
-This is the default behaviour, but can also be produced by giving
-.BR "GridSiteExecMethod nosetuid"
-
-CGI programs will then be executed without using gsexec, and will
-run as the Unix user given by the User and Group Apache directives (normally
-apache.apache on Red Hat derived systems.)
-
-.SH "SUEXEC METHOD"
-
-If
-.BR "GridSiteExecMethod suexec"
-is given for this virtual host or directory, then CGI programs will be
-executed using the user and group given by the
-.BR "GridSiteUserGroup user group"
-directive, which may also be set on a per-directory basis (unlike suexec's
-.BR SuexecUserGroup
-which is per-server only.) The CGI program must either be owned by root,
-the Apache user
-and group specified at gsexec build-time (normally apache.apache) or by
-the user and group given with the
-.BR GridSiteUserGroup
-directive.
-
-.SH "X509DN METHOD"
-
-If
-.BR "GridSiteExecMethod X509DN"
-is given, then the CGI program runs as a pool user, detemined using lock
-files in the exec mapping directory chosen as build time of gsexec.
-The pool user is chosen according
-to the client's full certificate X.509 DN (ie with any trailing GSI proxy
-name components stripped off.) Subsequent requests by the same X.509
-identity will be mapped to the same pool user. The CGI program must either be
-owned by root, the Apache user
-and group specified at gsexec build-time (normally apache.apache) or by
-the pool user selected.
-
-.SH "DIRECTORY METHOD"
-
-If
-.BR "GridSiteExecMethod directory"
-is given, then the CGI program runs as a pool user chosen according
-to the directory in which the CGI is located: all CGIs in that directory
-run as the same pool user. The CGI program must either be
-owned by root, the Apache user
-and group specified at gsexec build-time (normally apache.apache) or by
-the pool user selected.
-
-
-.SH "EXECMAPDIR"
-
-The default exec mapping directory is /var/www/execmapdir and this is fixed
-when the gsexec executable is built. The exec mapping directory and all
-of its lock files must be owned and only writable by root. To initialise the
-lock files, create an empty lock file for each pool user, with the pool
-username as the filename (eg user0001, user0002, ...) As the pool users are
-leased to X.509 identities or directories, they will become hard linked to
-lock files with the URL-encoded X.509 DN or full directory path.
-
-You can recycle pool users by removing the corresponding URL-encoded
-hard link.
-.BR stat(1)
-and
-.BR "ls(1)"
-with option
-.BR "-i"
-can be used to print the inodes of lock files to match up the hard links.
-
-.BR "However, you must ensure that all files and processes owned by the pool"
-.BR "user are deleted before recycling!"
-
-.SH "OPTIONS"
-
-.TP
--V
-If you are root, this option displays the compile options of gsexec\&.
-For security reasons all configuration options are changeable only at
-compile time\&.
-
-.SH "MORE INFORMATION"
-For further information about the concepts and the security model of
-the original Apache suexec
-please refer to the suexec documentation:
-
-http://httpd\&.apache\&.org/docs-2\&.0/suexec\&.html
-
-For examples using the gsexec extensions, please see the GridSite gsexec
-page:
-
-http://www.gridsite.org/wiki/Gsexec
-
-.SH AUTHORS
-
-Apache project, for original suexec
-
-Andrew McNab <Andrew.McNab@manchester.ac.uk> for gsexec modifications.
-
-gsexec is part of GridSite: http://www.gridsite.org/
-
-.SH "SEE ALSO"
-.BR httpd(8),
-.BR suexec(8),
-.BR mod_gridsite(8)
+++ /dev/null
-.TH HTCP 1 "October 2005" "htcp" "GridSite Manual"
-.SH NAME
-.B htcp, htmv, htrm, htls, htll, htmkdir, htfind, htping
-\- file transfers and queries via HTTP/HTTPS/SiteCast
-.SH SYNOPSIS
-.B htcp, htmv
-[options] Source-URL[s] Destination-URL
-
-.B htrm, htls, htll, htmkir, htfind
-[options] Target-URL[s]
-
-.B htping
-[options]
-.SH DESCRIPTION
-.B htcp
-is a client to fetch files or directory listings from remote servers using
-HTTP or HTTPS, or to put or delete files or directories onto remote servers
-using HTTPS. htcp is similar to scp(1), but uses HTTP/HTTPS rather than ssh
-as its transfer protocol. htcp can also use the HTCP protocol to query
-HTTP(S) fileservers via SiteCast.
-
-When talking to a fileserver with HTTPS, htcp can run "anonymously", with a
-standard X.509 user certificate and key, or with a GSI Proxy. This makes
-htcp very useful in Grid environments where many users have certificates
-and where jobs and users have access to GSI proxies.
-
-.SH URLs
-htcp supports the file:, http: and https: URL schemes as sources and
-destinations. If no scheme is given, the URL scheme is assumed to be file:
-and relative to the current directory if not an absolute path.
-
-If multiple sources are given during a copy, they will be used in turn and
-the destination must be a directory (directories are indicated by a trailing
-/) However, source and destination cannot both refer to remote servers.
-
-.SH OPTIONS
-.IP "-v/--verbose"
-Turn on debugging information. Used once, this option will enable htcp's
-messages to stderr. Used twice, will also enable the underlying libcurl
-messages.
-
-.IP "--delete"
-Instead of copying files, delete all the URLs given on the command line.
-Calling the program as htrm has the same effect.
-
-.IP "--list"
-Instead of copying files, output lists of files located in the URL-directories
-given on the command line. Calling the program as htls has the same effect.
-
-.IP "--long-list"
-Instead of copying files, output long listings of files located in the
-URL-directories given on the command line. If available, the size in bytes
-and modification time of each file is given. Calling the program as
-htll has the same effect.
-
-.IP "--mkdir"
-Instead of copying files, attempt to create a directory on a remote server
-with HTTP PUT. The server must support the convention that PUT to a URL with
-a trailing slash means create a directory. No file body is sent. Calling the
-program as htmkdir has the same effect.
-
-.IP "--move"
-Move/rename files on a single remote server, given the two, absolute URLs
-of the remote file names. Server must support HTTP/WebDAV MOVE. Calling the
-program as htmv has the same effect.
-
-.IP "--ping"
-Query specified multicast groups with the HTCP NOP ("No Operation") code.
-SiteCast enabled servers will respond immediately with a NOP reply, and all
-of the responses will be listed, with the round trip time in milliseconds.
-Any waiting times specified in the --groups option will be ignored. Calling
-the program as htping has the same effect.
-(--groups must be used for this option to work.)
-
-.IP "--find"
-Query specified multicast groups with the HTCP TST code. SiteCast enabled
-servers will respond with TST replies if they have the files corresponding
-to the given SiteCast target URL(s). All of the transfer URLs returned
-will be listed. Waiting times specified in the --groups option will be used
-to space out the multicast queries, but the program listens for responses
-continuously. Calling the program as htfind has the same effect.
-(--groups must be used for this option to work.)
-
-.IP "--groups <IP Groups>"
-IP multicast groups to use for SiteCast queries. IP Groups is a comma
-separated list of groups, in the format: nnn.nnn.nnn.nnn:port[:ttl[:seconds]]
-The IP number and port must be specified. The IP time-to-live, ttl, controls
-how many networks the multicast packets may pass through - the default, 1,
-limits packets to the local network. Multiple groups may be specified,
-separated by commas. If multiple groups are specified, then seconds is the
-time to wait before making the next multicast - 1 second is the default.
-
-.IP "--timeout <seconds>"
-A request timeout used for multicast ping.
-
-.IP "--anon"
-Do not attempt to use X.509 user certificates or GSI proxies to authenticate
-to the remote HTTPS server. This means you are "anonymous", but the server's
-identity may still be verified and the connection is still encrypted.
-
-.IP "--cert <X.509 cert path> and --key <X.509 key path>"
-Path to the PEM-encoded
-X.509 or GSI Proxy user certificate and key to use for HTTPS
-connections, intead of "anonymous mode." If only one of --key or --cert
-is given, then that will be tried for both. If neither is given, then the
-following order of precedence is used:
-the file name held by the variable X509_USER_PROXY; the file
-/tmp/x509up_uID (with Unix UID equal to ID); the file names held by
-X509_USER_CERT / X509_USER_KEY; the files ~/.globus/usercert.pem and
-~/.globus/userkey.pem (where ~/ is the home directory of the user.)
-
-.IP "--capath <X.509 CA root certs directory or file>"
-Path to the PEM-encoded CA root certificates to use when
-verifying remote servers' host certificates in HTTPS connections. Ideally
-this should be a directory of hash.0 files as described in the OpenSSL
-verify(1) man page, but a file may be used instead. If --capath is not
-given, the value of the environment variable X509_CERT_DIR will be tried.
-If this is not valid, then /etc/grid-security/certificates will be used.
-
-.IP "--no-verify"
-Do not use CA root certificates to verify remote servers' host certificates.
-This is useful for testing sites before their certificate is set up properly,
-but leaves you vulnerable to "man in the middle" attacks by hostile servers
-masquerading as your target.
-
-.IP "--grid-http"
-Try to use GridHTTP redirection for HTTPS URLs. Compatible servers will perform
-authentication and authorization on the HTTPS connection and then redirect
-to HTTP for the GET or PUT file transfer. htcp makes the HTTP request using
-the GRID_AUTH_ONETIME single-use passcode obtained via HTTPS. The --grid-http
-option will be ignored for directory operations or HTTP URLs. If a redirected
-transfer isn't possible, a normal HTTPS data transfer will be attempted.
-
-.IP "--sitecast"
-Try to use SiteCast to locate remote files which are to be copied (currently
-only for the
-.BR fetching
-of remote files.) If no location is found via SiteCast, then a direct request
-for the given URL is tried. (--groups must be used for this option to work.)
-
-.IP "--domain <SiteCast domain>"
-Try to use SiteCast to locate remote files which are to be copied (currently
-only for the
-.BR fetching
-of remote files)
-.BR "if the domain component of the URL matches"
-the SiteCast domain given.
-If no location is found via SiteCast, then a direct request
-for the given URL is tried. (--groups must be used for this option to work.)
-
-.SH FILES
-.IP /tmp/x509up_uID
-Default GSI Proxy file for Unix UID equal to ID.
-
-.IP /etc/grid-security/certificates
-Default location for trusted Certification Authority root certificates to use
-when checking server certificates.
-
-.IP /tmp/.ca-roots-XXXXXX
-Prior to 7.9.8, the underlying curl library did not support the CA root
-certificates directory.
-If built with an old version of libcurl, htcp will concatenate the
-certificates in the CA roots directory into a unique temporary file and use
-that.
-
-.SH ENVIRONMENT
-
-.IP X509_CERT_DIR
-Holds directory to search for Certification Authority root certificates when
-verifying server certificates. (Tried if --capath is not given on the
-command line.)
-
-.IP X509_USER_PROXY
-Holds file name of a GSI Proxy to use as user certificate. (Tried if --cert or
---key are not given on the command line.)
-
-.IP "X509_USER_CERT and X509_USER_KEY"
-Holds file name of X.509 user certificate and key. (Tried if X509_USER_PROXY
-is not valid.)
-
-.SH EXIT CODES
-0 is returned on complete success. Curl error codes are returned when
-reported by the underlying curl library, and CURLE_HTTP_RETURNED_ERROR (22)
-is returned when the HTTP(S) server returns a code outside the range 200-299.
-The manpage libcurl-errors(3) lists all the curl error codes.
-
-.SH TO DO
-Recursive copying. Server-side wildcards. Parallel streams. Better error
-recovery.
-
-.SH AUTHOR
-Andrew McNab <Andrew.McNab@manchester.ac.uk>
-
-htcp is part of GridSite: http://www.gridsite.org/
-.SH "SEE ALSO"
-.BR scp(1),
-.BR curl(1),
-.BR wget(1),
-.BR verify(1),
-.BR libcurl-errors(3)
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-.so man1/htcp.1
+++ /dev/null
-##############################################################################
-## GridSite httpd-fileserver.conf - Andrew McNab <Andrew.McNab@man.ac.uk>
-##
-## For GridSite documentation, see http://www.gridsite.org/
-##
-## Example configuration file for GridSite as an HTTP(S) fileserver,
-## listening on ports 80/777 (HTTP) and 443/488 (HTTPS)
-##
-## (777/488 is to allow firewalls to distinguish between Grid and
-## Web HTTP(S) traffic. See http://www.gridsite.org/wiki/IP_Ports )
-##
-## This file should be renamed /etc/httpd/conf/httpd.conf and Apache
-## restarted to use Apache2/GridSite as a simple HTTP(S) fileserver.
-##
-## You do not need to install the GridSite mod_ssl.so module if you
-## do not wish to use Globus Proxies or VOMS attributes, but you must
-## have the mod_gridsite.so in /usr/lib/httpd/modules
-##
-## We're assuming you have (a) the host's hostcert.pem and hostkey.pem
-## in /etc/grid-security/ and (b) the Certification Authorities' you
-## trust have their root certs in /etc/grid-security/certificates
-##
-## (You can get RPMs for many European and North American Grid CAs
-## from https://datagrid.in2p3.fr/distribution/datagrid/security/ )
-##
-## If you want to use DN Lists in ACLs, they should be placed/downloaded
-## in /etc/grid-security/dn-lists/
-##
-## To start serving files, make a directory /var/www/htdocs owned by
-## apache.apache, including the file .gacl containing:
-##
-## <gacl>
-## <entry>
-## <any-user/>
-## <allow><read/><list/></allow>
-## </entry>
-## </gacl>
-##
-## To enable writing, add DN List, Person or VOMS entries to the GACL
-## (see the GridSite GACL document for the syntax.) For example:
-##
-## <gacl>
-## <entry>
-## <any-user/>
-## <allow><read/><list/></allow>
-## </entry>
-## <entry>
-## <person>
-## <dn>/C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab</dn>
-## </person>
-## <allow><write/></allow>
-## </entry>
-## </gacl>
-##
-## and add the following directive to the HTTPS <Directory> section:
-##
-## GridSiteMethods GET PUT DELETE MOVE
-##
-## If you wish to accept Globus GSI Proxies as well as full X.509 user
-## certificates, set GridSiteGSIProxyLimit to the depth of proxy you
-## wish to accept.
-##
-## (As a _rough_ guide: 0=No Proxies; 1=Proxy on user's machine; 2=Proxy
-## owned by running Globus job; 3=Proxy delegated by a Globus job.)
-##
-## With this done and Apache restarted, you can upload a file with:
-##
-## curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem \
-## --capath /etc/grid-security/certificates --upload-file /tmp/tmp.txt \
-## https://INSERT.HOSTNAME.HERE/tmp.txt
-##
-## (or with --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` to use
-## a Globus GSI Proxy created with grid-proxy-init.)
-##
-##############################################################################
-
-ServerRoot "/etc/httpd"
-
-PidFile logs/httpd.pid
-
-Timeout 300
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-
-LoadModule log_config_module /usr/lib/httpd/modules/mod_log_config.so
-LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so
-LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so
-LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so
-LoadModule dir_module /usr/lib/httpd/modules/mod_dir.so
-
-TypesConfig /etc/mime.types
-
-# User and group who will own files created by Apache
-User apache
-Group apache
-
-DocumentRoot "/var/www/htdocs"
-
-<Directory />
- AllowOverride None
-</Directory>
-
-LogLevel debug
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-
-CustomLog logs/httpd-gridsite-access combined
-ErrorLog logs/httpd-gridsite-errors
-
-HostnameLookups On
-
-######################################################################
-# Plain unauthenticated HTTP on ports 80 and 777
-######################################################################
-
-Listen 80
-Listen 777
-<VirtualHost *:80 *:777>
-
-<Directory "/var/www/htdocs">
- GridSiteIndexes on
- GridSiteAuth on
- GridSiteDNlists /etc/grid-security/dn-lists/
-</Directory>
-
-</VirtualHost>
-
-######################################################################
-# Secured and possibly authenticated HTTPS on ports 443 and 488
-######################################################################
-Listen 443
-Listen 488
-SSLSessionCacheTimeout 300
-SSLSessionCache shm:/var/cache/mod_ssl/shm_cache
-
-<VirtualHost *:443 *:488>
-
-SSLEngine on
-SSLCertificateFile /etc/grid-security/hostcert.pem
-SSLCertificateKeyFile /etc/grid-security/hostkey.pem
-SSLCACertificatePath /etc/grid-security/certificates
-#SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE
-SSLVerifyClient optional
-SSLVerifyDepth 10
-SSLOptions +ExportCertData +StdEnvVars
-
-<Directory "/var/www/htdocs">
- GridSiteIndexes on
- GridSiteAuth on
- GridSiteDNlists /etc/grid-security/dn-lists/
- GridSiteGSIProxyLimit 0
-# GridSiteMethods GET PUT DELETE MOVE
-</Directory>
-
-</VirtualHost>
+++ /dev/null
-##############################################################################
-## GridSite httpd-webserver.conf - Andrew McNab <Andrew.McNab@man.ac.uk>
-##
-## For GridSite documentation, see http://www.gridsite.org/
-##
-## Example configuration file for GridSite as a Web Server
-## (that is, primarily for interactive use with a browser.)
-## Listening is on ports 80/777 (HTTP) and 443/488 (HTTPS).
-##
-## (777/488 is to allow firewalls to distinguish between Grid and
-## Web HTTP(S) traffic. See http://www.gridsite.org/wiki/IP_Ports )
-##
-## This file should be renamed /etc/httpd/conf/httpd.conf and Apache
-## restarted to use Apache2/GridSite as a webserver.
-##
-## You do not need to install the GridSite mod_ssl.so module if you
-## do not wish to use Globus Proxies or VOMS attributes, but you must
-## have the mod_gridsite.so in /usr/lib/httpd/modules
-##
-## We're assuming you have (a) the host's hostcert.pem and hostkey.pem
-## in /etc/grid-security/ and (b) the Certification Authorities' you
-## trust have their root certs in /etc/grid-security/certificates
-##
-## (You can get RPMs for many European and North American Grid CAs
-## from https://datagrid.in2p3.fr/distribution/datagrid/security/ )
-##
-## If you want to use DN Lists in ACLs, they should be placed/downloaded
-## in /etc/grid-security/dn-lists/ or /var/www/htdocs/dn-lists/
-## (Lists in /etc/grid-security/dn-lists/ override lists elsewhere.)
-##
-## To start serving files, make a directory /var/www/htdocs owned by
-## apache.apache, including the file .gacl containing:
-##
-## <gacl>
-## <entry>
-## <any-user/>
-## <allow><read/><list/></allow>
-## </entry>
-## </gacl>
-##
-## To enable writing, add DN List, Person or VOMS entries to the GACL
-## (see the GridSite GACL document for the syntax.) For example:
-##
-## <gacl>
-## <entry>
-## <any-user/>
-## <allow><read/><list/></allow>
-## </entry>
-## <entry>
-## <person>
-## <dn>/C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab</dn>
-## </person>
-## <allow><write/></allow>
-## </entry>
-## </gacl>
-##
-## and add the following directive to the HTTPS <Directory> section:
-##
-## GridSiteMethods GET PUT DELETE MOVE
-##
-## If you wish to accept Globus GSI Proxies as well as full X.509 user
-## certificates, set GridSiteGSIProxyLimit to the depth of proxy you
-## wish to accept.
-##
-## (As a _rough_ guide: 0=No Proxies; 1=Proxy on user's machine; 2=Proxy
-## owned by running Globus job; 3=Proxy delegated by a Globus job.)
-##
-## With this done and Apache restarted, you can upload a file with:
-##
-## curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem \
-## --capath /etc/grid-security/certificates --upload-file /tmp/tmp.txt \
-## https://INSERT.HOSTNAME.HERE/tmp.txt
-##
-## (or with --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` to use
-## a Globus GSI Proxy created with grid-proxy-init.)
-##############################################################################
-
-ServerRoot "/etc/httpd"
-
-## You MUST put your server's fully qualified domain name here
-## This, the DOMAIN part of the https://DOMAIN/... URLs you want
-ServerName FULL.SERVER.NAME
-
-PidFile logs/httpd.pid
-
-Timeout 300
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-
-LoadModule log_config_module /usr/lib/httpd/modules/mod_log_config.so
-LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so
-LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so
-LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so
-LoadModule dir_module /usr/lib/httpd/modules/mod_dir.so
-LoadModule alias_module /usr/lib/httpd/modules/mod_alias.so
-LoadModule cgi_module /usr/lib/httpd/modules/mod_cgi.so
-
-TypesConfig /etc/mime.types
-
-# User and group who will own files created by Apache
-User apache
-Group apache
-
-DocumentRoot "/var/www/htdocs"
-
-<Directory />
- AllowOverride None
-</Directory>
-
-LogLevel debug
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-
-CustomLog logs/httpd-gridsite-access combined
-ErrorLog logs/httpd-gridsite-errors
-
-HostnameLookups On
-
-######################################################################
-# Plain unauthenticated HTTP on ports 80 and 777
-######################################################################
-
-Listen 80
-Listen 777
-<VirtualHost *:80 *:777>
-
-## This is used to serve the Manage Directory links in footers,
-## and to allow you to edit files and ACLs via your browser.
-ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi
-
-<Directory "/var/www/htdocs">
- ## This sets up GACL authorization for this server.
- GridSiteAuth on
-
- ## This exports various bits of info into the CGI environment
- ## variables (and is needed for gridsite-admin.cgi to work.)
- GridSiteEnvs on
-
- ## Nice GridSite directory listings (without truncating file names!)
- GridSiteIndexes on
-
- ## If this is on, GridSite will look for gridsitehead.txt and
- ## gridsitefoot.txt in the current directory or its parents, and
- ## use them to replace the <body> and </body> tags in .html files.
- GridSiteHtmlFormat on
-
- ## These directives (and the ScriptAlias above) allow authorized
- ## people to manage files, ACLs and DN Lists through their web
- ## browsers. Via HTTP, this just means extended directory listings
- ## and History pages.
- GridSiteAdminURI /real-gridsite-admin.cgi
- GridSiteAdminFile gridsite-admin.cgi
-</Directory>
-
-</VirtualHost>
-
-######################################################################
-# Secured and possibly authenticated HTTPS on ports 443 and 488
-######################################################################
-Listen 443
-Listen 488
-SSLSessionCacheTimeout 300
-SSLSessionCache shm:/var/cache/mod_ssl/shm_cache
-
-<VirtualHost *:443 *:488>
-
-SSLEngine on
-SSLCertificateFile /etc/grid-security/hostcert.pem
-SSLCertificateKeyFile /etc/grid-security/hostkey.pem
-SSLCACertificatePath /etc/grid-security/certificates
-#SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE
-SSLVerifyClient optional
-SSLVerifyDepth 10
-SSLOptions +ExportCertData +StdEnvVars
-
-## This is used to serve the Manage Directory links in footers,
-## and to allow you to edit files and ACLs via your browser.
-ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi
-
-<Directory "/var/www/htdocs">
- ## This sets up GACL authorization for this server.
- GridSiteAuth on
-
- ## This exports various bits of info into the CGI environment
- ## variables (and is needed for gridsite-admin.cgi to work.)
- GridSiteEnvs on
-
- ## Nice GridSite directory listings (without truncating file names!)
- GridSiteIndexes on
-
- ## If this is on, GridSite will look for gridsitehead.txt and
- ## gridsitefoot.txt in the current directory or its parents, and
- ## use them to replace the <body> and </body> tags in .html files.
- GridSiteHtmlFormat on
-
- ## This is the path of directories (and all their subdirectories) for
- ## GACL to search when it encounters a dn-list credential. The DN List
- ## files are plain text, one DN per line, and must have the full url
- ## as the file name, but URL Encoded - eg with urlencode(1)
- GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/
-
- ## This is used to form the URL at which DN Lists "owned" by this
- ## server are exported. https://FULL.SERVER.NAME/dn-lists/file
- ## ALL FILES WITH URLs ON THIS SERVER WILL BE EXPORTED IRRESPECTIVE
- ## OF WHERE THEY ARE FOUND ON THE DN-LISTS PATH!!
- GridSiteDNlistsURI /dn-lists/
-
- ## If this is greater than zero, we will accept GSI Proxies for clients
- ## (full client certificates - eg inside web browsers - are always ok)
- GridSiteGSIProxyLimit 0
-
- ## This directive allows authorized people to write/delete files
- ## from non-browser clients - eg with htcp(1)
- GridSiteMethods GET PUT DELETE MOVE
-
- ## These directives (and the ScriptAlias above) allow authorized
- ## people to manage files, ACLs and DN Lists through their web
- ## browsers via HTTPS. The value of GridSiteAdminFile appears to
- ## exist in every directory, but is internally redirected by
- ## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
- ## then maps that onto the real-gridsite-admin.cgi executable.)
- GridSiteAdminURI /real-gridsite-admin.cgi
- GridSiteAdminFile gridsite-admin.cgi
-</Directory>
-
-</VirtualHost>
+++ /dev/null
-<title>GridSite 1.1.x Documentation</title>
-<body>
-<h1 align=center>GridSite 1.1.x Documentation</h1>
-
-<p>
-<a href="http://www.gridsite.org/">GridSite</a>
-is a set of extensions to the Apache 2.0 webserver, which support
-Grid security based on X.509 certificates. Since GridSite applies access
-control within Apache itself, via mod_gridsite, Grid authorization and
-the associated verified credentials are available to all technologies
-supported by Apache, including static file serving, SSI, CGI, PHP, JSP and
-mod_perl.
-
-<p>
-The <a href="http://www.gridsite.org/wiki/">GridSite Wiki</a> includes
-guides and cookbook examples about using GridSite, along with up to date
-information about the APIs.
-
-<h2>Reference</h2>
-
-<p>
-The following reference documents and man pages are put in
-/usr/share/doc/gridsite-VERSION when GridSite is installed.
-
-<p>
-<dl>
-
-<dt><b><a href="htcp.1.html">htcp(1)</a></b>
-<dd>A command line tool for copying files to or from HTTP(S) servers.
-<p>
-
-<dt><b><a href="mod_gridsite.8.html">mod_gridsite(8)</a></b>
-<dd>An Apache 2.0 module which enforces access control via Grid Access
- Control Lists, and X.509, GSI or VOMS credentials. mod_gridsite also
- gives Apache built-in support for the HTTP PUT and DELETE methods, and
- formatting of HTML pages with standard headers and footers.
-<p>
-
-<dt><b><a href="gsexec.8.html">gsexec(8)</a></b>
-<dd>A modified version of suexec(8), for use with mod_gridsite(8). gsexec
- allows CGI programs to be run as pool users, depending on the client's
- X.509 identity or the directory in which the CGI is located.
-<p>
-
-<dt><b><a href="httpd-fileserver.conf">httpd-fileserver.conf</a></b> and
- <b><a href="httpd-webserver.conf">httpd-webserver.conf</a></b>
-<dd>Example configuration files for simple HTTP(S) fileservers and
- webservers, with explanatory comments.
-<p>
-
-<dt><b><a href="urlencode.1.html">urlencode(1)</a></b>
-<dd>A command for URL-encoding strings.
-<p>
-
-<dt><b><a href="findproxyfile.1.html">findproxyfile(1)</a></b>
-<dd>The finxproxyfile command returns full path to a GSI Proxy file,
- either in the proxy cache maintained by the GridSite G-HTTPS and
- delegation portType functions, or in other standard places.
-<p>
-
-<dt><b><a href="delegation-1.wsdl">delegation-1.wsdl</a></b>
-<dd>A WSDL description of a delegation Web Service including the Delegation
- portType.
-<p>
-
-<!--
-<dt><b><a href="gridsite-admin.html">gridsite-admin.cgi</a></b>
-<dd>A CGI program providing site administration functions for users with
- standard web browsers, via HTTPS. gridsite-admin.cgi includes a file
- manager, support for file uploading, and editors for HTML, text and
- Grid Access Control List files.
-<p>
--->
-
-<dt><b><a href="doxygen/gridsite_8h.html">gridsite.h API reference</a></b>
-<dd>A detailed description of the C API provided by libgridsite, generated
- from the sources by doxygen.
-<p>
-
-</dl>
-
-</body>
+++ /dev/null
-.TH MOD_GRIDSITE 8 "October 2005" "mod_gridsite" "GridSite Manual"
-.SH NAME
-.B mod_gridsite
-\- Grid extensions to Apache httpd
-.SH SYNOPSIS
-.B LoadModule gridsite_module mod_gridsite.so
-.SH DESCRIPTION
-.B mod_gridsite
-is an Apache 2.0 module which enforces access control via Grid
-Access Control Lists, and X.509, GSI or VOMS credentials. mod_gridsite also
-gives Apache built-in support for the HTTP PUT and DELETE methods, and
-formatting of HTML pages with standard headers and footers.
-
-Since mod_gridsite access
-control within Apache itself, Grid authorization and
-the associated verified credentials are available to all technologies
-supported by Apache, including static file serving, SSI, CGI, PHP, mod_perl
-and Java servlets via a connector to Tomcat.
-
-Operation of mod_gridsite can be configured using runtime directives
-in Apache's standard httpd.conf configuration file. The module must first be
-loaded with a LoadModule directive:
-
-LoadModule gridsite_module /PATH/TO/MODULES/mod_gridsite.so
-
-The module's behaviour is then controlled by GridSite... directives within
-Apache <Directory ...> sections, allowing different directories to use
-GridSite features in different ways.
-
-.SH DIRECTIVES
-
-.IP "GridSiteIndexes on|off"
-Determines whether GridSite generates HTML directory listings. These
-have some advantages over standard Apache directory listings (eg the
-displayed filenames are never truncated) and will include standard
-headers and footers if GridSiteHtmlFormat is on.
-(Default: GridSiteIndexes off)
-
-.IP "GridSiteIndexHeader file"
-If the named file is found in the directory being listed, the file
-is included verbatim at the top of the listing and excluded from
-the file-by-file listing. The file can either be HTML or plain text (in
-which case browsers will be treat it as one HTML paragraph.)
-(Default: none)
-
-.IP "GridSiteHtmlFormat on|off"
-Determines where HTML pages receive additional formatting before being
-sent to the client. This includes the "Last modified",
-"View page history", "Switch to HTTP(S)",
-"Print View" and "Built with GridSite" footer
-elements. If header and footer files are found, they will be used too.
-(Default: GridSiteHtmlFormat off)
-
-.IP "GridSiteHeadFile file"
-.IP "GridSiteFootFile file"
-Set the filenames to be searched for as standard headers and footers
-for HTML pages. For each HTML page, the directory of that page is tried
-first, and then parent directories in ascending order until a header /
-footer file is found. Header files are inserted in place of HTML
-<body[ ...]> tags; footer files in place of </body>. (These
-standard files should each include the appropriate body tag as a
-replacement.)
-(Defaults: GridSiteHeadFile gridsitehead.txt,
-GridSiteFootFile gridsitefoot.txt)
-
-.IP "GridSiteAuth on|off"
-Enables GridSite access control features, using
-GACL files. The files are named .gacl and are
-per-directory. The current directory is tried and then parent
-directories in ascending order until a .gacl file is found.
-(Default: GridSiteAuth off)
-
-.IP "GridSiteAdminList uri"
-All members of the DN List with name "uri" receive the full set
-of permissions, irrespective of per-directory .gacl files. People in
-this group have full control over the whole site.
-(Default: none)
-
-.IP "GridSiteGSIProxyLimit limit"
-When using GSI Proxy credentials,
-proxies with delegation depth greater than "limit" will
-be ignored by mod_gridsite authorization decisions. A limit of zero
-implies only full X.509
-certificates (and no proxies) will be accepted. A limit of 1 implies
-that only the initial proxy, usually created on the user's own machine,
-is acceptable. Higher levels lead to proxies on remote machines, eg
-used by running jobs, being accepted.
-(Default: GridSiteGSIProxyLimit 1)
-
-.IP "GridSiteMethods [GET] [PUT] [DELETE] [MOVE]"
-Specifies which HTTP methods are supported by GridSite. GET (and HEAD)
-are always supported. PUT and DELETE support is turned on by this
-directive, subject to a positive statement that write permission is
-allowed for the directory in question, by a GACL file.
-(Default: GridSite GET)
-
-.IP "GridSiteDNlists directory1[:directory2[:directory3]...]"
-Sets up the DN List path used by GACL for
-evaluating <dn-list> credentials. If this directive is not used,
-then GACL will use the GRST_DN_LISTS variable from Apache's own
-environment. If that is not set either, then /etc/grid-security/dn-lists
-is searched.
-(Default: none)
-
-.IP "GridSiteDNlistsURI uri"
-If GridSiteDNlistsURI is used, then the URI given appears to be
-populated with all the DN lists on the current DN lists path which
-match the current server. That is, for server https://example.org/
-with DN lists URI /dn-lists/, all DN lists with URLs starting
-https://example.org/dn-lists/ will appear to be present in /dn-lists/,
-irrespective of where in the path they are stored.
-(Default: none)
-<p>
-
-.IP "GridSiteAdminURI uri"
-GridSiteAdminURI gives the absolute URI on the server of the GridSite
-Admin CGI program, which is used for file management, HTML and GACL
-editing. This should be used in conjunction with the standard Apache
-directive ScriptAlias to map that URI to the real-gridsite-admin.cgi
-executable. For example:
-
-ScriptAlias /real-gridsite-admin.cgi /PATH/TO/real-gridsite-admin.cgi
-
-This URI is always reached by an internal redirection from the value
-set by GridSiteAdminFile, and is never visible to users.
-(Default: none)
-
-.IP "GridSiteAdminFile cgifilename"
-If GridSiteAdminURI is set, then the cgifilename of GridSiteAdminFile
-appears to be present in all directories when explicitly
-requested (it does not appear in directory listings.) Requests for these
-ghost CGI URIs are internally redirected to the value set by
-GridSiteAdminURI. (Default: GridSiteAdminFile gridsite-admin.cgi)
-
-.IP "GridSiteEnvs on|off"
-This makes mod_gridsite export several variables into the environment
-of CGI programs and other dynamic content systems. The variable names
-are listed below. For gridsite-admin.cgi mechanism to work, this switch
-must be left in its default state of on.
-(Default: GridSiteEnvs on)
-
-.IP "GridSiteEditable [ext1 [ext2 [ext3] ...]]]"
-A space-separated list of file extensions which can safely be edited
-by the GridSite Text/HTML editor. The extensions are given without the
-initial dot.
-(Default: GridSiteEditable txt shtml html htm css js php jsp)
-
-.IP "GridSiteHelpURI uri"
-If set, gives the URI to use for "Website Help" links in HTML
-page footers. (Default: none)
-
-.IP "GridSiteLink on|off"
-Turns off the link in the HTML page footers which gives credit to GridSite.
-(Default: GridSiteLink on)
-
-.IP "GridSiteUnzip path"
-If "path" is set by this directive, then real-gridsite-admin.cgi
-will offer to list the contents of .zip archives on the server.
-Users with write access are able to unpack the contents into the same
-directory as the .zip file. The value of "path" must point
-to the location of the unzip binary. (Default: none)
-
-.IP "GridSiteGridHTTP on|off"
-Enable GridHTTP for this server, virtual server or directory:
-HTTPS requests made with the header
-.BR "Upgrade: GridHTTP/1.0"
-will be redirected to an HTTP version of the file. (Default: off)
-
-.IP "GridSiteGridHTTPport port"
-Sets the port to use for the unencrypted HTTP component of GridHTTP
-HTTPS->HTTP transfers. The same setting will be used for all virtual hosts
-which support GridHTTP. (Default: 777)
-
-.IP "GridSiteSessionsDir path"
-Location of authentication cookies and SSL session credentials directory,
-relative to ServerRoot. Used by GridHTTP to record the credentials obtained
-via HTTPS, and available to the corresponding HTTP request or subsequent
-HTTPS requests following a session restart.
-(Default: /var/www/sessions)
-
-.IP "GridSiteACLFormat GACL|XACML"
-Format to use when writing .gacl files. (Both formats are automatically
-recognised when reading.) (Default: GACL)
-
-.IP "GridSiteExecMethod nosetuid|suexec|X509DN|directory"
-Execution strategy for CGI scripts and executables. For options other
-than nosetuid, suexec (or gsexec renamed suexec) must installed. For
-X509DN and directory, gsexec must be installed, as suexec. See
-.BR "gsexec(8)"
-for an explanation of the different execution strategies.
-(Default: nosetuid)
-
-.IP "GridSiteUserGroup user group"
-Unix user and group when using suexec (or gsexec as suexec.) This
-is equivalent to the suexec SuexecUserGroup directive, but can be
-specified on a per-directory basis. (Default: none)
-
-.IP "GridSiteDiskMode GroupNone|GroupRead|GroupWrite WorldNone|WorldRead"
-The file creation permissions mode, taking two arguments to specify
-the group and other permissions. The mode always includes read and write
-permission for the CGI user itself.
-(Default: GroupNone WorldNone)
-
-.IP "GridSiteCastUniPort port"
-The
-.BR UDP
-unicast port to listen on for HTCP queries, and from which to
-send replies to HTCP unicast and multicast queries. Ideally, this should be
-a privileged port below 1024. This directive may not appear within a virtual
-server. (Default: 777)
-
-.IP "GridSiteCastGroup group[:port]"
-A UDP multicast group on which to listen for HTCP queries, plus an optional
-port. If no port is given, then 777 is used. Multiple GridSiteCastGroup
-directives can be given to cause the UDP responder to listen to more than
-one multicast group. This directive may not appear within a virtual server.
-
-.IP "GridSiteCastAlias URL-prefix path-prefix"
-Maps SiteCast generic URLs to the local filesystem. When processing
-HTCP queries, matching SiteCast URLs will have URL-prefix stripped off
-and the remaining portion of the URL added to path-prefix to construct a
-local path and filename. If a file is found with that name, a SiteCast HTCP
-response will be returned to the querying host. Otherwise the queries are
-ignored.
-This directive may appear within virtual servers, and the virtual server's
-servername and first port will determine the host and port name used to
-construct the transfer URL.
-
-.SH ENVIRONMENT
-
-The following variables are present in the environment of CGI programs and
-other dynamic content systems if the
-.BR "GridSiteEnvs on"
-directive is in effect.
-
-.IP GRST_PERM
-Numerical value of the permission bit-map obtained by comparing the
-user with the GACL in force. (These should be tested using the
-GRSTgaclPermHasXXXX functions from GACL.)
-
-.IP GRST_ADMIN_LIST
-URI of the DN List, listing people with full admin and write access
-to the whole site.
-
-.IP GRST_GSIPROXY_LIMIT
-Maximum valid delegation level for GSI Proxies.
-
-.IP GRST_DIR_PATH
-Absolute path in the local filesystem to the directory holding the
-file being requested.
-
-.IP GRST_DESTINATION_TRANSLATED
-Present if a WebDAV
-.BR "Destination:"
-header was given in the request with a local URL. Contains the translation of
-the URL given into an absolute path in the local filesystem.
-
-.IP GRST_HELP_URI
-URI of website help pages set by GridSiteHelpURI directive.
-
-.IP GRST_ADMIN_FILE
-Filename of per-directory ghost gridsite-admin.cgi program. (This is
-used by real-gridsite-admin.cgi to construct links in its pages.)
-
-.IP GRST_EDITABLE
-Space-separated list of extensions which can safely be edited with a
-Text/HTML editor.
-
-.IP "GRST_HEAD_FILE and GRST_FOOT_FILE"
-Filenames of standard header and footer files.
-
-.IP GRST_DN_LISTS
-DN lists search path.
-
-.IP GRST_DN_LISTS_URI
-Directory of virtual URIs used to publish this site's DN Lists.
-
-.IP GRST_UNZIP
-Full path to the
-.BR "unzip(1)"
-binary, used to list and unpack .zip files.
-
-.IP GRST_NO_LINK
-If set, do not include credit links to GridSite in page footers.
-
-.IP GRST_ACL_FORMAT
-Format to use when writing .gacl files: either GACL or XACML.
-
-.IP GRST_EXEC_METHOD
-Specified by
-.BR GridSiteExecMethod
-either suexec, X509DN or directory.
-
-.IP GRST_EXEC_DIRECTORY
-The directory containing the CGI script or executable (used by gsexec
-to determine which pool account to use in directory mapping mode.)
-
-.IP GRST_DISK_MODE
-The
-.BR Apache
-disk permission modes bit pattern, in hexadecimal, starting with 0x.
-(Similar to the Unix bit pattern, except with hexadecimal rather than
-octal values: eg 0x600 [Apache] vs 0600 [Unix]
-are both read/write for user only.)
-
-.SH AUTHOR
-Andrew McNab <Andrew.McNab@manchester.ac.uk>
-
-mod_gridsite is part of GridSite: http://www.gridsite.org/
-.SH "SEE ALSO"
-.BR htcp(1),
-.BR httpd(8),
-.BR gsexec(8)
+++ /dev/null
-.TH URLENCODE 1 "November 2003" "urlencode" "GridSite Manual"
-.SH NAME
-.B urlencode
-\- convert strings to or from URL-encoded form
-.SH SYNOPSIS
-.B urlencode
-[-m|-d]
-.I string [string ...]
-.SH DESCRIPTION
-.B urlencode
-encodes strings according to RFC 1738.
-
-That is, characters A-Z a-z 0-9 . _
-and - are passed through unmodified, but all other characters are
-represented as %HH, where HH is their two-digit upper-case hexadecimal ASCII
-representation.
-For example, the URL http://www.gridpp.ac.uk/ becomes
-http%3A%2F%2Fwww.gridpp.ac.uk%2F
-
-.B urlencode
-converts each character in all the strings given on the command line. If
-multiple strings are given, they are concatenated with separating spaces
-before conversion.
-
-.SH OPTIONS
-.IP "-m"
-Instead of full conversion, do GridSite "mild URL encoding" in which A-Z a-z
-0-9 . = - _ @ and / are passed through unmodified. This results in slightly
-more human-readable strings but the application must be prepared to create
-or simulate the directories implied by any slashes.
-
-.IP "-d"
-Do URL-decoding rather than encoding, according to RFC 1738. %HH and %hh
-strings are converted and other characters are passed through unmodified,
-with the exception that + is converted to space.
-
-.SH EXIT CODES
-0 is always returned.
-
-.SH AUTHOR
-Andrew McNab <Andrew.McNab@manchester.ac.uk>
-
-urlencode is part of GridSite: http://www.gridsite.org/
+++ /dev/null
-/*
- Copyright (c) 2002-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-#ifndef HEADER_GACL_H
-#define HEADER_GACL_H
-#endif
-
-#ifndef GACL_LIB_VERSION
-#define GACL_LIB_VERSION "x.x.x"
-#endif
-
-typedef GRSTgaclCred GACLcred;
-
-typedef int GACLaction;
-typedef unsigned int GACLperm;
-
-typedef GRSTgaclEntry GACLentry;
-
-typedef GRSTgaclAcl GACLacl;
-
-typedef GRSTgaclUser GACLuser;
-
-extern char *gacl_perm_syms[];
-extern GACLperm gacl_perm_vals[];
-
-#define GACL_PERM_NONE GRST_PERM_NONE
-#define GACL_PERM_READ GRST_PERM_READ
-#define GACL_PERM_LIST GRST_PERM_LIST
-#define GACL_PERM_WRITE GRST_PERM_WRITE
-#define GACL_PERM_ADMIN GRST_PERM_ADMIN
-
-#define GACLhasNone(perm) (perm == 0)
-#define GACLhasRead(perm) ((perm & GRST_PERM_READ) != 0)
-#define GACLhasList(perm) ((perm & GRST_PERM_LIST) != 0)
-#define GACLhasWrite(perm) ((perm & GRST_PERM_WRITE) != 0)
-#define GACLhasAdmin(perm) ((perm & GRST_PERM_ADMIN) != 0)
-
-#define GACL_ACTION_ALLOW GRST_ACTION_ALLOW
-#define GACL_ACTION_DENY GRST_ACTION_DENY
-
-#define GACL_ACL_FILE GRST_ACL_FILE
-#define GACL_DN_LISTS GRST_DN_LISTS
-
-#define GACLinit() GRSTgaclInit()
-
-#define GACLnewCred(x) GRSTgaclCredNew((x))
-/* GACLcred *GACLnewCred(char *); */
-
-#define GACLaddToCred(x,y,z) GRSTgaclCredAddValue((x),(y),(z))
-/* int GACLaddToCred(GACLcred *, char *, char *); */
-
-#define GACLfreeCred(x) GRSTgaclCredFree((x))
-/* int GACLfreeCred(GACLcred *); */
-
-#define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y))
-/* int GACLaddCred(GACLentry *, GACLcred *); */
-
-#define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y))
-/* int GACLdelCred(GACLentry *, GACLcred *); */
-
-#define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y))
-/* int GACLprintCred(GACLcred *, FILE *); */
-
-
-#define GACLnewEntry() GRSTgaclEntryNew()
-/* GACLentry *GACLnewEntry(void); */
-
-#define GACLfreeEntry(x) GRSTgaclEntryFree((x))
-/* int GACLfreeEntry(GACLentry *); */
-
-#define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y))
-/* int GACLaddEntry(GACLacl *, GACLentry *); */
-
-#define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y))
-/* int GACLprintEntry(GACLentry *, FILE *); */
-
-
-#define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y))
-/* int GACLprintPerm(GACLperm, FILE *); */
-
-#define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y))
-/* int GACLallowPerm(GACLentry *, GACLperm); */
-
-#define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y))
-/* int GACLunallowPerm(GACLentry *, GACLperm); */
-
-#define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y))
-/* int GACLdenyPerm(GACLentry *, GACLperm); */
-
-#define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y))
-/* int GACLundenyPerm(GACLentry *, GACLperm); */
-
-#define GACLpermToChar(x) GRSTgaclPermToChar((x))
-/* char *GACLpermToChar(GACLperm); */
-
-#define GACLcharToPerm(x) GRSTgaclPermFromChar((x))
-/* GACLperm GACLcharToPerm(char *); */
-
-#define GACLnewAcl() GRSTgaclAclNew()
-/* GACLacl *GACLnewAcl(void); */
-
-#define GACLfreeAcl(x) GRSTgaclAclFree((x))
-/* int GACLfreeAcl(GACLacl *); */
-
-#define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y))
-/* int GACLprintAcl(GACLacl *, FILE *); */
-
-#define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x))
-/* int GACLsaveAcl(char *, GACLacl *); */
-
-#define GACLloadAcl(x) GRSTgaclAclLoadFile((x))
-/* GACLacl *GACLloadAcl(char *); */
-
-#define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x))
-/* char *GACLfindAclForFile(char *); */
-
-#define GACLloadAclForFile(x) GRSTgaclAclLoadforFile((x))
-/* GACLacl *GACLloadAclForFile(char *); */
-
-#define GACLisAclFile(x) GRSTgaclFileIsAcl((x))
-/* int GACLisAclFile(char *); */
-
-
-#define GACLnewUser(x) GRSTgaclUserNew((x))
-/* GACLuser *GACLnewUser(GACLcred *); */
-
-#define GACLfreeUser(x) GRSTgaclUserFree((x))
-/* int GACLfreeUser(GACLuser *); */
-
-#define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y))
-/* int GACLuserAddCred(GACLuser *, GACLcred *); */
-
-#define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y))
-/* int GACLuserHasCred(GACLuser *, GACLcred *); */
-
-#define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y))
-/* GACLcred *GACLuserFindCredType(GACLuser *, char *); */
-
-#define GACLtestDnList(x,y) GRSTgaclDNlistHasUser((x),(y))
-/* int GACLtestDnList(char *, GACLuser *); */
-
-#define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y))
-/* GACLperm GACLtestUserAcl(GACLacl *, GACLuser *); */
-
-#define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y))
-/* GACLperm GACLtestExclAcl(GACLacl *, GACLuser *); */
-
-
-#define GACLurlEncode(x) GRSThttpUrlEncode((x))
-/* char *GACLurlEncode(char *); */
-
-#define GACLmildUrlEncode(x) GRSThttpUrlMildencode((x))
-/* char *GACLmildUrlEncode(char *); */
-
-GACLentry *GRSTgaclEntryParse(xmlNodePtr cur);
-/* special function for legacy EDG LB service */
+++ /dev/null
-/*
- Copyright (c) 2002-5, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-#ifndef HEADER_SSL_H
-#include <openssl/ssl.h>
-#endif
-
-#ifndef HEADER_CRYPTO_H
-#include <openssl/crypto.h>
-#endif
-
-#ifndef FALSE
-#define FALSE (0)
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-
-/// Everything ok (= OpenSSL X509_V_OK)
-#define GRST_RET_OK 0
-
-/// Failed for unspecified reason
-#define GRST_RET_FAILED 1000
-
-/// Failed to find certificate in some cert store / directory
-#define GRST_RET_CERT_NOT_FOUND 1001
-
-/// Bad signature
-#define GRST_RET_BAD_SIGNATURE 1002
-
-/// No such file or directory
-#define GRST_RET_NO_SUCH_FILE 1003
-
-typedef struct { char *name;
- char *value;
- void *next; } GRSTgaclNamevalue;
-
-typedef struct { char *type;
- int delegation;
- GRSTgaclNamevalue *firstname;
- void *next; } GRSTgaclCred;
-
-typedef int GRSTgaclAction;
-typedef unsigned int GRSTgaclPerm;
-
-typedef struct { GRSTgaclCred *firstcred;
- GRSTgaclPerm allowed;
- GRSTgaclPerm denied;
- void *next; } GRSTgaclEntry;
-
-typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl;
-
-typedef struct { GRSTgaclCred *firstcred;
- char *dnlists; } GRSTgaclUser;
-
-#define GRST_PERM_NONE 0
-#define GRST_PERM_READ 1
-#define GRST_PERM_EXEC 2
-#define GRST_PERM_LIST 4
-#define GRST_PERM_WRITE 8
-#define GRST_PERM_ADMIN 16
-#define GRST_PERM_ALL 31
-
-/* DO NOT USE PermIsNone!! */
-#define GRSTgaclPermIsNone(perm) (perm == 0)
-
-#define GRSTgaclPermHasNone(perm) (perm == 0)
-#define GRSTgaclPermHasRead(perm) ((perm & GRST_PERM_READ ) != 0)
-#define GRSTgaclPermHasExec(perm) ((perm & GRST_PERM_EXEC ) != 0)
-#define GRSTgaclPermHasList(perm) ((perm & GRST_PERM_LIST ) != 0)
-#define GRSTgaclPermHasWrite(perm) ((perm & GRST_PERM_WRITE) != 0)
-#define GRSTgaclPermHasAdmin(perm) ((perm & GRST_PERM_ADMIN) != 0)
-
-#define GRST_ACTION_ALLOW 0
-#define GRST_ACTION_DENY 1
-
-#define GRST_HIST_PREFIX ".grsthist"
-#define GRST_ACL_FILE ".gacl"
-#define GRST_DN_LISTS "/etc/grid-security/dn-lists"
-#define GRST_RECURS_LIMIT 9
-
-#define GRST_PROXYCERTINFO_OID "1.3.6.1.4.1.3536.1.222"
-#define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5"
-#define GRST_VOMS_DIR "/etc/grid-security/vomsdir"
-
-#define GRST_ASN1_MAXCOORDLEN 50
-#define GRST_ASN1_MAXTAGS 500
-
-struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1];
- int start;
- int headerlength;
- int length;
- int tag; } ;
-
-#define GRST_HTTP_PORT 777
-#define GRST_HTTPS_PORT 488
-#define GRST_HTCP_PORT 777
-
-#define GRSThtcpNOPop 0
-#define GRSThtcpTSTop 1
-
-typedef struct { unsigned char length_msb;
- unsigned char length_lsb;
- char text[1]; } GRSThtcpCountstr;
-
-#define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb)
-
-typedef struct { unsigned char total_length_msb;
- unsigned char total_length_lsb;
- unsigned char version_msb;
- unsigned char version_lsb;
- unsigned char data_length_msb;
- unsigned char data_length_lsb;
- unsigned int response : 4;
- unsigned int opcode : 4;
- unsigned int rr : 1;
- unsigned int f1 : 1;
- unsigned int reserved : 6;
- unsigned int trans_id; /* must be 4 bytes */
- GRSThtcpCountstr *method;
- GRSThtcpCountstr *uri;
- GRSThtcpCountstr *version;
- GRSThtcpCountstr *req_hdrs;
- GRSThtcpCountstr *resp_hdrs;
- GRSThtcpCountstr *entity_hdrs;
- GRSThtcpCountstr *cache_hdrs; } GRSThtcpMessage;
-
-int GRSTgaclInit(void);
-
-/* #define GACLnewCred(x) GRSTgaclCredNew((x)) */
-GRSTgaclCred *GRSTgaclCredNew(char *);
-
-/* #define GACLaddToCred(x,y,z) GRSTgaclCredAddValue((x),(y),(z)) */
-int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *);
-
-#define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level))
-#define GRSTgaclCredGetDelegation(cred) ((cred)->delegation)
-
-/* #define GACLfreeCred(x) GRSTgaclCredFree((x)) */
-int GRSTgaclCredFree(GRSTgaclCred *);
-
-/* #define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) */
-int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *);
-
-/* #define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) */
-int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
-
-/* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */
-int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
-
-
-/* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */
-GRSTgaclEntry *GRSTgaclEntryNew(void);
-
-/* #define GACLfreeEntry(x) GRSTgaclEntryFree((x)) */
-int GRSTgaclEntryFree(GRSTgaclEntry *);
-
-/* #define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) */
-int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *);
-
-/* #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */
-int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *);
-
-
-/* #define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) */
-int GRSTgaclPermPrint(GRSTgaclPerm, FILE *);
-
-/* #define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) */
-int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm);
-
-/* #define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) */
-int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm);
-
-/* #define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) */
-int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
-
-/* #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */
-int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm);
-
-/* #define GACLpermToChar(x) GRSTgaclPermToChar((x)) */
-char *GRSTgaclPermToChar(GRSTgaclPerm);
-
-/* #define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) */
-GRSTgaclPerm GRSTgaclPermFromChar(char *);
-
-/* #define GACLnewAcl(x) GRSTgaclAclNew((x)) */
-GRSTgaclAcl *GRSTgaclAclNew(void);
-
-/* #define GACLfreeAcl(x) GRSTgaclAclFree((x)) */
-int GRSTgaclAclFree(GRSTgaclAcl *);
-
-/* #define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) */
-int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *);
-
-/* #define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) */
-int GRSTgaclAclSave(GRSTgaclAcl *, char *);
-
-/* #define GACLloadAcl(x) GRSTgaclFileLoadAcl((x)) */
-GRSTgaclAcl *GRSTgaclAclLoadFile(char *);
-
-/* #define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) */
-char *GRSTgaclFileFindAclname(char *);
-
-/* #define GACLloadAclForFile(x) GRSTgaclFileLoadAcl((x)) */
-GRSTgaclAcl *GRSTgaclAclLoadforFile(char *);
-
-/* #define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) */
-int GRSTgaclFileIsAcl(char *);
-
-
-/* #define GACLnewUser(x) GRSTgaclUserNew((x)) */
-GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *);
-
-/* #define GACLfreeUser(x) GRSTgaclUserFree((x)) */
-int GRSTgaclUserFree(GRSTgaclUser *);
-
-/* #define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) */
-int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *);
-
-/* #define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) */
-int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *);
-
-int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *);
-
-/* #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */
-GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *);
-
-/* #define GACLtestDnList(x,y) GRSTgaclDNlistHasUser((x),(y)) */
-int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *);
-
-/* #define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) */
-GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *);
-
-/* #define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) */
-GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *);
-
-char *GRSThttpUrlDecode(char *);
-
-/* #define GACLurlEncode(x) GRSThttpUrlEncode((x)) */
-char *GRSThttpUrlEncode(char *);
-
-/* #define GACLmildUrlEncode(x) GRSThttpMildUrlEncode((x)) */
-char *GRSThttpUrlMildencode(char *);
-
-int GRSTx509NameCmp(char *, char *);
-
-int GRSTx509KnownCriticalExts(X509 *);
-
-int GRSTx509IsCA(X509 *);
-int GRSTx509CheckChain(int *, X509_STORE_CTX *);
-int GRSTx509VerifyCallback(int, X509_STORE_CTX *);
-
-int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *);
-GRSTgaclCred *GRSTx509CompactToCred(char *);
-int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *);
-char *GRSTx509CachedProxyFind(char *, char *, char *);
-char *GRSTx509FindProxyFileName(void);
-int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
-char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
-int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
-int GRSTx509StringToChain(STACK_OF(X509) **, char *);
-char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *);
-int GRSTx509CacheProxy(char *, char *, char *, char *);
-
-#define GRST_HEADFILE "gridsitehead.txt"
-#define GRST_FOOTFILE "gridsitefoot.txt"
-#define GRST_ADMIN_FILE "gridsite-admin.cgi"
-
-typedef struct { char *text;
- void *next; } GRSThttpCharsList;
-
-typedef struct { size_t size;
- GRSThttpCharsList *first;
- GRSThttpCharsList *last; } GRSThttpBody;
-
-void GRSThttpBodyInit(GRSThttpBody *);
-void GRSThttpPrintf(GRSThttpBody *, char *, ...);
-int GRSThttpCopy(GRSThttpBody *, char *);
-void GRSThttpWriteOut(GRSThttpBody *);
-int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *);
-char *GRSThttpGetCGI(char *);
-
-time_t GRSTasn1TimeToTimeT(char *, size_t);
-int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *);
-int GRSTasn1ParseDump(BIO *, unsigned char *, long,
- struct GRSTasn1TagList taglist[], int, int *);
-int GRSTasn1GetX509Name(char *, int, char *, char *,
- struct GRSTasn1TagList taglist[], int);
-
-int GRSThtcpNOPrequestMake(char **, int *, unsigned int);
-int GRSThtcpNOPresponseMake(char **, int *, unsigned int);
-int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *);
-int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *);
-int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int);
+++ /dev/null
-#Wed Feb 23 03:19:54 CET 2005
-module.build=141
+++ /dev/null
- <!-- ======================================================
- Define extra properties here ...
- ====================================================== -->
-
- <project name="configure options">
- <property name="build.make.arguments"
- value='prefix=${stage.abs.dir} GSOAPDIR=${ext.gsoap.subdir} OPENSSL_GLOBUS_FLAGS=-I${with.globus.prefix}/include/${with.globus.dbg.nothr.flavor} OPENSSL_GLOBUS_LIBS=-L${with.globus.prefix}/lib/ FLAVOR_GLOBUS_EXT=_${with.globus.dbg.nothr.flavor} HTTPD_FLAGS="-I${with.httpd.prefix:-/usr}/include/httpd"' />
- </project>
-
+++ /dev/null
-###################################################################
-# System dependencies
-###################################################################
-
-org.glite.version = HEAD
-org.glite.core.version = HEAD
-
-# Component dependencies tag = do not remove this line =
-
+++ /dev/null
-<?xml version="1.0"?>
-<!--
- Copyright (c) 2004 on behalf of the EU EGEE Project:
- The European Organization for Nuclear Research (CERN),
- Istituto Nazionale di Fisica Nucleare (INFN), Italy
- Datamat Spa, Italy
- Centre National de la Recherche Scientifique (CNRS), France
- CS Systeme d'Information (CSSI), France
- Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
- Universiteit van Amsterdam (UvA), Netherlands
- University of Helsinki (UH.HIP), Finland
- University of Bergen (UiB), Norway
- Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
-
- GLite Middleware WMS Configuration Specification File
-
- Authors: Alberto Di Meglio <alberto.di.meglio@cern.ch>
- Joachim Flammer <Joachim.Flammer@cern.ch>
- Version info: $Id$
- Release: $Name$
-
- Revision history:
- $Log$
- Revision 1.3 2004/10/27 10:35:37 dimeglio
- Added missing closing target
-
- Revision 1.2 2004/10/27 10:28:29 dimeglio
- Modified to use gridsite-core
-
- Revision 1.1 2004/10/26 17:54:24 dimeglio
- First version of this file
-
- Revision 1.7 2004/10/18 23:01:18 dimeglio
- Added oscheck to various targets
-
- Revision 1.6 2004/10/12 14:21:21 eronchie
- Removed ssl_utils dependency
-
- Revision 1.5 2004/08/20 09:51:39 eronchie
- Updated buildmodules orders
-
- Revision 1.4 2004/08/04 07:30:29 eronchie
- Added cppunit
-
- Revision 1.3 2004/07/23 14:50:08 eronchie
- Added exception
-
- Revision 1.2 2004/07/23 08:27:03 eronchie
- Updated
-
-
--->
-
-<project name="Gridsite Core CSF" default="all">
-
- <!-- overwrite default workspace directory -->
- <property name="workspace.dir" value="../.." />
-
- <!-- ===============================================
- Load properties
- =============================================== -->
-
- <!-- load baseline and user properties -->
- <import file="${workspace.dir}/org.glite/project/baseline.properties.xml" />
-
- <!-- define build properties file location since we are already in project dir -->
- <property name="subsystem.build.properties.file" value="./build.properties" />
-
- <!-- Load subsytem-specific property files -->
- <import file="./properties.xml"/>
-
- <!-- load global properties -->
- <import file="${global.properties.file}" />
-
- <!-- ===============================================
- Load dependencies
- =============================================== -->
-
- <!-- Load user dependencies file -->
- <property file="${user.dependencies.file}" />
-
- <!-- Load subsystem dependencies file -->
- <property file="./dependencies.properties" />
-
- <!-- Load global dependencies file -->
- <property file="${global.dependencies.file}" />
-
- <!-- ===============================================
- Load targets
- =============================================== -->
- <import file="${global.targets-envchecks.file}" />
- <import file="${global.targets-external-dependencies.file}" />
-
- <!-- ===============================================
- Evaluate CVS tags
- =============================================== -->
-
- <target name="evaluate.cvs.tags" description="Figure out if we need tagged CVS checkout">
- <condition property="glite.head">
- <and>
- <equals arg1="${org.glite.version}" arg2="HEAD" />
- <or>
- <istrue value="${update}" />
- <not>
- <available file="${global.dependencies.file}" type="file" />
- </not>
- </or>
- </and>
- </condition>
- <condition property="glite.tag">
- <and>
- <not>
- <equals arg1="${org.glite.version}" arg2="HEAD" />
- </not>
- <or>
- <istrue value="${update}" />
- <not>
- <available file="${global.dependencies.file}" type="file" />
- </not>
- </or>
- </and>
- </condition>
- <condition property="gridsite-core.head">
- <and>
- <equals arg1="${org.gridsite-core.version}" arg2="HEAD" />
- <istrue value="${update}" />
- </and>
- </condition>
- <condition property="gridsite-core.tag">
- <and>
- <not>
- <equals arg1="${org.gridsite-core.version}" arg2="HEAD" />
- </not>
- <istrue value="${update}" />
- </and>
- </condition>
-
- </target>
-
- <!-- condition property tag = do not remove = -->
-
- <presetdef name="cvs-co">
- <cvs command="checkout" dest="${workspace.dir}" />
- </presetdef>
-
- <!-- =====================================================
- Self-update if required
- ===================================================== -->
-
- <!-- Update main GLite module -->
- <target name="org.glite" depends="get.glite.head, get.glite.tag"/>
- <target name="get.glite.head" if="glite.head">
- <cvs-co package="org.glite" />
- </target>
- <target name="get.glite.tag" if="glite.tag">
- <cvs-co package="org.glite"
- tag="${org.glite.version}" />
- </target>
-
- <!-- Update the current module -->
- <target name="org.gridsite.core" depends="get.gridsite-core.head, get.gridsite-core.tag"/>
- <target name="get.gridsite-core.head" if="gridsite-core.head">
- <cvs-co package="org.gridsite.core" />
- <fail>The org.glite and org.gridsite.core modules have been updated, please rerun the configuration file</fail>
- </target>
- <target name="get.gridsite-core.tag" if="gridsite-core.tag">
- <cvs-co package="org.gridsite.core"
- tag="${org.gridsite.core.version}" />
- <fail>The org.glite and org.gridsite.core modules have been updated, please rerun the configuration file</fail>
- </target>
-
- <!-- *****************************************************-->
- <!-- Development tools -->
- <!-- *****************************************************-->
-
- <!-- All development tools -->
- <target name="devtools" depends="oscheck,
- junitcheck,
- junit,
- chkstyle,
- jalopy,
- ant-contrib,
- cpptasks,
- egee-ant-ext"/>
-
- <!-- =====================================================
- External libraries
- ===================================================== -->
-
- <!-- All external libraries -->
- <target name="external" depends="oscheck,
- log4j"/>
-
- <!-- =====================================================
- GLite WMS modules
- ===================================================== -->
-
- <!-- component targets tag = do not remove = -->
-
- <!-- All project modules -->
- <target name="project" depends=""/>
-
-
- <!-- ====================================================
- Checkout all
- ==================================================== -->
-
- <!-- All libraries -->
- <target name="all" depends="oscheck,evaluate.cvs.tags,defaultenvchecks,org.glite,org.gridsite.core,devtools,external,project" />
-
- <!-- ====================================================
- Print dependecies to console
- ==================================================== -->
-
- <target name="dependencies">
- <concat>
- <fileset dir="." includes="dependencies.properties" />
- </concat>
- </target>
-
-</project>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright (c) 2004 on behalf of the EU EGEE Project:
- The European Organization for Nuclear Research (CERN),
- Istituto Nazionale di Fisica Nucleare (INFN), Italy
- Datamat Spa, Italy
- Centre National de la Recherche Scientifique (CNRS), France
- CS Systeme d'Information (CSSI), France
- Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
- Universiteit van Amsterdam (UvA), Netherlands
- University of Helsinki (UH.HIP), Finland
- University of Bergen (UiB), Norway
- Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
-
- Common build properties file for the Gridsite Core modules
-
- Authors: Alberto Di Meglio <alberto.di.meglio@cern.ch>
- Version info: $Id$
- Release: $Name$
-
- Revision history:
- $Log$
--->
-
-<project name="Gridsite Core common properties">
-
- <!-- Include build properties to allow overwriting
- of properties for subsystem -->
- <property name="subsystem.build.properties.file" value="./project/build.properties" />
- <property file="${subsystem.build.properties.file}" />
-
- <!-- ======================================================
- Define subsystem properties
- ====================================================== -->
-
- <!-- Subsystem name -->
- <property name="subsystem.name" value="${gridsite-core.subsystem.name}"/>
-
- <!-- Subsystem prefix -->
- <property name="subsystem.prefix" value="${gridsite-core.subsystem.prefix}"/>
-
- <!-- ======================================================
- Define general subsystem properties
- ====================================================== -->
-
- <!-- Include common subsystem properties -->
- <import file="${subsystem.general.properties.file}" />
-
- <!-- ======================================================
- Define extra properties here ...
- ====================================================== -->
-
-</project>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright (c) 2004 on behalf of the EU EGEE Project:
- The European Organization for Nuclear Research (CERN),
- Istituto Nazionale di Fisica Nucleare (INFN), Italy
- Datamat Spa, Italy
- Centre National de la Recherche Scientifique (CNRS), France
- CS Systeme d'Information (CSSI), France
- Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
- Universiteit van Amsterdam (UvA), Netherlands
- University of Helsinki (UH.HIP), Finland
- University of Bergen (UiB), Norway
- Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
-
- Common Ant task definition file for the Gridsite Core modules
-
- Authors: Alberto Di Meglio <alberto.di.meglio@cern.ch>
- Version info: $Id$
- Release: $Name$
-
- Revision history:
- $Log$
--->
-
-<project name="Gridsite Core common tasks and types definitions">
-
-<!-- ======================================================
- Subsystem task definitions
- ====================================================== -->
-
-</project>
\ No newline at end of file
+++ /dev/null
-# Doxyfile 1.2.18
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# General configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
-# by quotes) that should identify the project.
-
-PROJECT_NAME =
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER =
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY =
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch,
-# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en
-# (Japanese with english messages), Korean, Norwegian, Polish, Portuguese,
-# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish and Ukrainian.
-
-OUTPUT_LANGUAGE = English
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = YES
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these class will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = YES
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited
-# members of a class in the documentation of that class as if those members were
-# ordinary class members. Constructors, destructors and assignment operators of
-# the base classes will not be shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. It is allowed to use relative paths in the argument list.
-
-STRIP_FROM_PATH =
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower case letters. If set to YES upper case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# users are adviced to set this option to NO.
-
-CASE_SENSE_NAMES = YES
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful is your file systems
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like the Qt-style comments (thus requiring an
-# explict @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member
-# documentation.
-
-DETAILS_AT_TOP = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# reimplements.
-
-INHERIT_DOCS = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 8
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or define consist of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and defines in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
-# only. Doxygen will then generate output that is more tailored for C.
-# For instance some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources
-# only. Doxygen will then generate output that is more tailored for Java.
-# For instance namespaces will be presented as packages, qualified scopes
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text.
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT = . ../interface
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp
-# *.h++ *.idl *.odl
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories
-# that are symbolic links (a Unix filesystem feature) are excluded from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories.
-
-EXCLUDE_PATTERNS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-
-INPUT_FILTER =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default)
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = NO
-
-# If the REFERENCES_RELATION tag is set to YES (the default)
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = YES
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = doxygen
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header.
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet
-
-HTML_STYLESHEET = doxygen.css
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output dir.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non empty doxygen will try to run
-# the html help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the Html help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
-# top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it.
-
-DISABLE_INDEX = YES
-
-# This tag can be used to set the number of enum values (range [1..20])
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript and frames is required (for instance Mozilla, Netscape 4.0+,
-# or Internet explorer 4.0+). Note that for large projects the tree generation
-# can take a very long time. In such cases it is better to disable this feature.
-# Windows users are probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW = NO
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = NO
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, a4wide, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = NO
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = NO
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimised for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assigments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_XML = NO
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = NO
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_PREDEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_PREDEF_ONLY tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all function-like macros that are alone
-# on a line, have an all uppercase name, and do not end with a semicolon. Such
-# function macros are typically used for boiler-plate code, and will confuse the
-# parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES tag can be used to specify one or more tagfiles.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in Html, RTF and LaTeX) for classes with base or
-# super classes. Setting the tag to NO turns the diagrams off. Note that this
-# option is superceded by the HAVE_DOT option below. This is only a fallback. It is
-# recommended to install and use dot, since it yield more powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found on the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_WIDTH = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT = 1024
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermedate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to the search engine
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE = NO
-
-# The CGI_NAME tag should be the name of the CGI script that
-# starts the search engine (doxysearch) with the correct parameters.
-# A script with this name will be generated by doxygen.
-
-CGI_NAME = search.cgi
-
-# The CGI_URL tag should be the absolute URL to the directory where the
-# cgi binaries are located. See the documentation of your http daemon for
-# details.
-
-CGI_URL =
-
-# The DOC_URL tag should be the absolute URL to the directory where the
-# documentation is located. If left blank the absolute path to the
-# documentation, with file:// prepended to it, will be used.
-
-DOC_URL =
-
-# The DOC_ABSPATH tag should be the absolute path to the directory where the
-# documentation is located. If left blank the directory on the local machine
-# will be used.
-
-DOC_ABSPATH =
-
-# The BIN_ABSPATH tag must point to the directory where the doxysearch binary
-# is installed.
-
-BIN_ABSPATH = /usr/local/bin/
-
-# The EXT_DOC_PATHS tag can be used to specify one or more paths to
-# documentation generated for other projects. This allows doxysearch to search
-# the documentation for these projects as well.
-
-EXT_DOC_PATHS =
+++ /dev/null
-#
-# Andrew McNab and Shiv Kaushal, University of Manchester.
-# Copyright (c) 2002-6. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# o Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-# o Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-#---------------------------------------------------------------
-# For more information about GridSite: http://www.gridsite.org/
-#---------------------------------------------------------------
-
-include ../VERSION
-
-RPMCMD=$(shell if [ -x /usr/bin/rpmbuild ] ; then echo /usr/bin/rpmbuild; else echo rpm; fi)
-
-ifndef MYRPMDIR
-export MYRPMDIR=$(shell pwd)/../RPMTMP
-endif
-
-ifndef prefix
-export prefix=/usr/local
-endif
-
-ifndef MYCFLAGS
-export MYCFLAGS=-I. -I../interface $(HTTPD_FLAGS) -I/usr/include/httpd -I/usr/include/apr-0 -I/opt/glite/include -fPIC
-endif
-
-ifndef MYLDFLAGS
-export MYLDFLAGS=-L.
-endif
-
-#
-# Build
-#
-
-build: apidoc \
- libgridsite.so.$(VERSION) libgridsite.a htcp mod_gridsite.so \
- urlencode findproxyfile real-gridsite-admin.cgi gsexec \
- gridsite-copy.cgi
-
-build: libgridsite_globus.so.$(VERSION) libgridsite_globus.a
-
-# First, normal versions using system OpenSSL rather than Globus OpenSSL
-
-libgridsite.so.$(VERSION): grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o
- gcc -shared -Wl,-soname,libgridsite.so.$(MINOR_VERSION) \
- -o libgridsite.so.$(PATCH_VERSION) grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o
-
-libgridsite.a: grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o
- ar src libgridsite.a grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o
-
-grst_x509.o: grst_x509.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include -c grst_x509.c
-
-grst_gacl.o: grst_gacl.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include `xml2-config --cflags` -c grst_gacl.c
-
-grst_xacml.o: grst_xacml.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include `xml2-config --cflags` -c grst_xacml.c
-
-grst_http.o: grst_http.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include -c grst_http.c
-
-grst_asn1.o: grst_asn1.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include -c grst_asn1.c
-
-grst_htcp.o: grst_htcp.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) \
- -I/usr/kerberos/include -c grst_htcp.c
-
-# Then build versions using Globus OpenSSL if configured
-
-ifdef OPENSSL_GLOBUS_LIBS
-
-libgridsite_globus.so.$(VERSION): \
- grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o \
- grst_asn1_globus.o grst_xacml_globus.o grst_htcp_globus.o
- gcc -shared -Wl,-soname,libgridsite_globus.so.$(MINOR_VERSION) \
- -o libgridsite_globus.so.$(PATCH_VERSION) \
- grst_x509_globus.o grst_gacl_globus.o grst_xacml_globus.o grst_http_globus.o grst_asn1_globus.o
-
-libgridsite_globus.a: grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o grst_asn1_globus.o
- ar src libgridsite_globus.a \
- grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o grst_asn1_globus.o
-
-grst_x509_globus.o: grst_x509.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include -c grst_x509.c \
- -o grst_x509_globus.o
-
-grst_gacl_globus.o: grst_gacl.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include `xml2-config --cflags` -c grst_gacl.c \
- -o grst_gacl_globus.o
-
-grst_xacml_globus.o: grst_xacml.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include `xml2-config --cflags` -c grst_xacml.c \
- -o grst_xacml_globus.o
-
-grst_http_globus.o: grst_http.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include -c grst_http.c \
- -o grst_http_globus.o
-
-grst_asn1_globus.o: grst_asn1.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include -c grst_asn1.c \
- -o grst_asn1_globus.o
-
-grst_htcp_globus.o: grst_htcp.c ../interface/gridsite.h
- gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \
- -I/usr/kerberos/include -c grst_htcp.c \
- -o grst_htcp_globus.o
-
-else
-
-libgridsite_globus.so.$(VERSION): libgridsite.so.$(VERSION)
- cp -f libgridsite.so.$(VERSION) libgridsite_globus.so.$(VERSION)
-
-libgridsite_globus.a: libgridsite.a
- cp -f libgridsite.a libgridsite_globus.a
-
-endif
-
-gsexec: gsexec.c gsexec.h
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \
- -o gsexec gsexec.c
-
-urlencode: urlencode.c libgridsite.a
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \
- -o urlencode urlencode.c -L. \
- -I/usr/kerberos/include -lgridsite
-
-htcp: htcp.c libgridsite.a
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \
- -o htcp htcp.c -L. \
- -I/usr/kerberos/include \
- `curl-config --cflags` `curl-config --libs` -lgridsite
-
-gridsite-copy.cgi: gridsite-copy.c libgridsite.a
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \
- -o gridsite-copy.cgi gridsite-copy.c -L. \
- -I/usr/kerberos/include \
- `curl-config --cflags` `curl-config --libs` -lgridsite
-
-mod_gridsite.so: mod_gridsite.c mod_ssl-private.h libgridsite.a
- gcc -g $(MYCFLAGS) -shared -Wl,-soname=gridsite_module \
- -I/usr/kerberos/include \
- -I/usr/include/libxml2 \
- -DVERSION=\"$(VERSION)\" -o mod_gridsite.so \
- mod_gridsite.c $(MYLDFLAGS) -lxml2 -lm -lz -lgridsite
-
-real-gridsite-admin.cgi: grst_admin_main.c grst_admin_gacl.c \
- grst_admin_file.c grst_admin.h
- gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o real-gridsite-admin.cgi \
- grst_admin_main.c \
- grst_admin_gacl.c \
- grst_admin_file.c \
- -I/usr/kerberos/include \
- -DVERSION=\"$(VERSION)\" -lgridsite -lssl -lcrypto -lxml2 -lz -lm
-
-findproxyfile: findproxyfile.c libgridsite.a
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) $(MYLDFLAGS) \
- -o findproxyfile findproxyfile.c -L. \
- -I/usr/kerberos/include -lgridsite \
- -lssl -lcrypto -lxml2 -lz -lm
-
-showx509exts: showx509exts.c libgridsite.a
- gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) $(MYLDFLAGS) \
- -o showx509exts showx509exts.c -L. \
- -I/usr/kerberos/include \
- -lgridsite \
- -lssl -lcrypto -lxml2 -lz -lm
-
-apidoc:
- date
- doxygen Doxyfile
- mkdir -p ../doc/doxygen
- cp -f doxygen/*.html doxygen/*.css doxygen/*.png ../doc/doxygen
- cd ../doc ; for i in *.1 *.8 ; do ../src/roffit < $$i \
- > $$i.html ; done
-
-gaclexample: gaclexample.c libgridsite.a
- gcc -g -o gaclexample gaclexample.c -I. -L. \
- -I/usr/kerberos/include -lgridsite \
- -lssl -lcrypto -lxml2 -lz -lm
-
-xacmlexample: xacmlexample.c libgridsite.a
- gcc -g -o xacmlexample xacmlexample.c -I. -L. \
- -I/usr/kerberos/include -lgridsite \
- -lssl -lcrypto -lxml2 -lz -lm
-
-
-clean:
-
-#
-# Install
-#
-
-install: apidoc
- mkdir -p $(prefix)/include \
- $(prefix)/$(libdir) \
- $(prefix)/bin \
- $(prefix)/sbin \
- $(prefix)/share/man/man1 \
- $(prefix)/share/man/man8 \
- $(prefix)/$(libdir)/httpd/modules \
- $(prefix)/share/doc/gridsite-$(PATCH_VERSION)
- cp -f ../interface/gridsite.h $(prefix)/include
- cp -f ../interface/gridsite-gacl.h $(prefix)/include
- cp -f urlencode $(prefix)/bin
- cp -f findproxyfile $(prefix)/bin
- cp -f real-gridsite-admin.cgi $(prefix)/sbin
- cp -f gridsite-copy.cgi $(prefix)/sbin
- cp -f libgridsite.a $(prefix)/$(libdir)
- cp -f libgridsite.so.$(PATCH_VERSION) $(prefix)/$(libdir)
- ln -sf libgridsite.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite.so
- ln -sf libgridsite.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite.so.$(MAJOR_VERSION)
- ln -sf libgridsite.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite.so.$(MINOR_VERSION)
- cp -f libgridsite_globus.a $(prefix)/$(libdir)
- cp -f libgridsite_globus.so.$(PATCH_VERSION) $(prefix)/$(libdir)
- ln -sf libgridsite_globus.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite_globus.so
- ln -sf libgridsite_globus.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite_globus.so.$(MAJOR_VERSION)
- ln -sf libgridsite_globus.so.$(PATCH_VERSION) \
- $(prefix)/$(libdir)/libgridsite_globus.so.$(MINOR_VERSION)
- cp -f ../CHANGES ../README ../INSTALL ../LICENSE ../VERSION \
- $(prefix)/share/doc/gridsite-$(PATCH_VERSION)
- cp -f ../doc/*.html ../doc/*.conf ../doc/*.1 ../doc/*.8 ../doc/*.sh \
- ../doc/*.wsdl $(prefix)/share/doc/gridsite-$(VERSION)
- cp -f ../doc/*.1 $(prefix)/share/man/man1
- cp -f ../doc/*.8 $(prefix)/share/man/man8
- gzip -f $(prefix)/share/man/man1/*.1
- gzip -f $(prefix)/share/man/man8/*.8
- cp -f htcp $(prefix)/bin
- ln -sf htcp $(prefix)/bin/htls
- ln -sf htcp $(prefix)/bin/htll
- ln -sf htcp $(prefix)/bin/htrm
- ln -sf htcp $(prefix)/bin/htmkdir
- ln -sf htcp $(prefix)/bin/htmv
- ln -sf htcp $(prefix)/bin/htping
- ln -sf htcp $(prefix)/bin/htfind
- cp -f gsexec $(prefix)/sbin
- cp -f mod_gridsite.so $(prefix)/$(libdir)/httpd/modules
-
-#
-# Distributions
-#
-
-# source files tarball
-dist:
- mkdir -p ../dist/gridsite-$(PATCH_VERSION)/src \
- ../dist/gridsite-$(PATCH_VERSION)/doc \
- ../dist/gridsite-$(PATCH_VERSION)/interface
- cp -f ../VERSION ../README ../LICENSE ../CHANGES ../INSTALL \
- ../dist/gridsite-$(PATCH_VERSION)
- cp -f Makefile grst*.c htcp.c \
- urlencode.c findproxyfile.c gaclexample.c mod_gridsite.c \
- grst_admin.h mod_ssl-private.h \
- gsexec.c gsexec.h gridsite-copy.c \
- roffit gridsite.spec \
- Doxyfile doxygen.css doxyheader.html \
- ../dist/gridsite-$(PATCH_VERSION)/src
- cp -f ../doc/*.html ../doc/*.1 ../doc/*.8 ../doc/*.conf ../doc/*.sh \
- ../doc/*.wsdl ../dist/gridsite-$(PATCH_VERSION)/doc
- cp -f ../interface/*.h \
- ../dist/gridsite-$(PATCH_VERSION)/interface
- cd ../dist ; tar zcvf ../gridsite-$(PATCH_VERSION).src.tar.gz \
- gridsite-$(PATCH_VERSION)
- rm -Rf ../dist/gridsite-$(PATCH_VERSION)
-
-
-# binary tarball distribution for htcp users
-htcp-bin: htcp
- mkdir -p ../htcp-bin-$(PATCH_VERSION)/bin \
- ../htcp-bin-$(PATCH_VERSION)/man/man1
- cp -f ../doc/README.htcp-bin ../htcp-bin-$(PATCH_VERSION)
- cp -f htcp ../htcp-bin-$(PATCH_VERSION)/bin
- cp -f ../doc/htcp.1 ../doc/htrm.1 ../doc/htls.1 ../doc/htmkdir.1 \
- ../doc/htll.1 ../doc/htmv.1 ../doc/htping.1 ../doc/htfind.1 \
- ../htcp-bin-$(PATCH_VERSION)/man/man1
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htls
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htll
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htrm
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htmkdir
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htmv
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htping
- ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htfind
- cd ../htcp-bin-$(VERSION) ; tar zcvf ../htcp-$(VERSION).bin.tar.gz .
- rm -Rf ../htcp-bin-$(PATCH_VERSION)
-
-# RPM targets: build and RPMs go into subdirectories of ../RPMTMP/
-rpm: dist gridsite.spec
- rm -Rf $(MYRPMDIR)/BUILDROOT $(MYRPMDIR)/BUILD
- mkdir -p $(MYRPMDIR)/SOURCES $(MYRPMDIR)/SPECS $(MYRPMDIR)/BUILD \
- $(MYRPMDIR)/SRPMS $(MYRPMDIR)/RPMS/i386 $(MYRPMDIR)/BUILDROOT
- cp -f ../gridsite-$(PATCH_VERSION).src.tar.gz $(MYRPMDIR)/SOURCES
- cp -f gridsite.spec $(MYRPMDIR)/SPECS
- export MYPREFIX=/usr ; export MYVERSION=$(PATCH_VERSION) ; \
- $(RPMCMD) --define "_topdir $(MYRPMDIR)" \
- -ba --buildroot $(MYRPMDIR)/BUILDROOT gridsite.spec
-
-
-wtf:
- pwd
- printenv
- ls -l
- ls -lR /usr/local/
- ls -lR $(GSOAPDIR)
+++ /dev/null
-//gsoap ns service name: delegation
-//gsoap ns service style: rpc
-//gsoap ns service encoding: encoded
-//gsoap ns service namespace: http://www.gridsite.org/ns/delegation.wsdl
-//gsoap ns service location: http://localhost/delegserver.cgi
-
-struct ns__putProxyResponse { } ;
-
-//gsoap ns schema namespace: urn:delegation
-int ns__getProxyReq(char *delegationID, char **request);
-int ns__putProxy(char *delegationID, char *proxy,
- struct ns__putProxyResponse *unused);
+++ /dev/null
-H1 { text-align: center; }
-CAPTION { font-weight: bold }
-A.qindex {}
-A.qindexRef {}
-A.el { text-decoration: none; font-weight: bold }
-A.elRef { font-weight: bold }
-A.code { text-decoration: none; font-weight: normal; color: #4444ee }
-A.codeRef { font-weight: normal; color: #4444ee }
-A:hover { text-decoration: none; background-color: #f2f2ff }
-DL.el { margin-left: -1cm }
-DIV.fragment { width: 100%; border: none; background-color: #eeeeee }
-DIV.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px }
-TD.md { background-color: #f2f2ff; font-weight: bold; }
-TD.mdname1 { background-color: #f2f2ff; font-weight: bold; color: #602020; }
-TD.mdname { background-color: #f2f2ff; font-weight: bold; color: #602020; width: 600px; }
-DIV.groupHeader { margin-left: 16px; margin-top: 12px; margin-bottom: 6px; font-weight: bold }
-DIV.groupText { margin-left: 16px; font-style: italic; font-size: smaller }
-XXBODY { background: white }
-TD.indexkey {
- background-color: #eeeeff;
- font-weight: bold;
- padding-right : 10px;
- padding-top : 2px;
- padding-left : 10px;
- padding-bottom : 2px;
- margin-left : 0px;
- margin-right : 0px;
- margin-top : 2px;
- margin-bottom : 2px
-}
-TD.indexvalue {
- background-color: #eeeeff;
- font-style: italic;
- padding-right : 10px;
- padding-top : 2px;
- padding-left : 10px;
- padding-bottom : 2px;
- margin-left : 0px;
- margin-right : 0px;
- margin-top : 2px;
- margin-bottom : 2px
-}
-span.keyword { color: #008000 }
-span.keywordtype { color: #604020 }
-span.keywordflow { color: #e08000 }
-span.comment { color: #800000 }
-span.preprocessor { color: #806020 }
-span.stringliteral { color: #002080 }
-span.charliteral { color: #008080 }
+++ /dev/null
-<p><a href=http://www.gridsite.org/>GridSite</a> Version 1.1.x
+++ /dev/null
-/*
- Copyright (c) 2002-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef VERSION
-#define VERSION "0.0.0"
-#endif
-
-#define _GNU_SOURCE
-
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <getopt.h>
-
-#include "gridsite.h"
-
-void printsyntax(char *argv0)
-{
- char *p;
-
- p = rindex(argv0, '/');
- if (p != NULL) ++p;
- else p = argv0;
-
- fprintf(stderr, "%s [--outsidecache] [--proxycache=PATH] "
- "[--delegation-id=DELEGATION-ID] [--user-dn=USER-DN]\n"
- "(Version: %s)\n", p, VERSION);
-}
-
-#define GRST_PROXY_CACHE "/var/www/proxycache"
-
-int main(int argc, char *argv[])
-{
- char *delegation_id = "_", *proxycache = "", *user_dn = "",
- *proxyfile = NULL;
- int c, outsidecache = 0, verbose = 0, option_index;
- struct option long_options[] = { {"verbose", 0, 0, 'v'},
- {"outsidecache", 0, 0, 0},
- {"proxycache", 1, 0, 0},
- {"delegation-id", 1, 0, 0},
- {"user-dn", 1, 0, 0},
- {0, 0, 0, 0} };
-
- if (argc == 1)
- {
- printsyntax(argv[0]);
- return 0;
- }
-
- while (1)
- {
- option_index = 0;
-
- c = getopt_long(argc, argv, "v", long_options, &option_index);
-
- if (c == -1) break;
- else if (c == 0)
- {
- if (option_index == 1) outsidecache = 1;
- else if (option_index == 2) proxycache = optarg;
- else if (option_index == 3) delegation_id = optarg;
- else if (option_index == 4) user_dn = optarg;
- }
- else if (c == 'v') ++verbose;
- }
-
- if (*user_dn != '\0') /* try to find in proxy cache */
- {
- if ((proxycache == NULL) || (*proxycache == '\0'))
- proxycache = getenv("GRST_PROXY_CACHE");
-
- if ((proxycache == NULL) || (*proxycache == '\0'))
- proxycache = GRST_PROXY_CACHE;
-
- proxyfile = GRSTx509CachedProxyFind(proxycache, delegation_id, user_dn);
- }
-
- if (((proxyfile == NULL) || (*proxyfile == '\0')) && outsidecache)
- {
- proxyfile = GRSTx509FindProxyFileName();
- }
-
- if ((proxyfile != NULL) && (*proxyfile != '\0'))
- {
- puts(proxyfile);
- return 0;
- }
-
- fputs("No proxy file found\n", stderr);
-
- return 1;
-}
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-/*
- Example program using GACL
-
- Build with:
-
- gcc -o gaclexample gaclexample.c -L. -I. -lgridsite -lxml2 -lz -lm
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <gridsite.h>
-
-int main()
-{
- GRSTgaclCred *cred, *usercred;
- GRSTgaclEntry *entry;
- GRSTgaclAcl *acl1, *acl2;
- GRSTgaclUser *user;
- GRSTgaclPerm perm0, perm1, perm2;
- FILE *fp;
-
- /* must initialise GACL before using it */
-
- GRSTgaclInit();
-
- /* build up an ACL, starting with a credential */
-
- cred = GRSTgaclCredNew("person");
-
- GRSTgaclCredAddValue(cred, "dn", "/O=Grid/CN=Mr Grid Person");
-
- /* create an entry to put it in */
-
- entry = GRSTgaclEntryNew();
-
- /* add the credential to it */
-
- GRSTgaclEntryAddCred(entry, cred);
-
- /* add another credential */
-
- cred = GRSTgaclCredNew("dn-list");
- GRSTgaclCredAddValue(cred, "url", "example-dn-list");
- GRSTgaclEntryAddCred(entry, cred);
-
- fp = fopen("example-dn-list", "w");
- fputs("/O=Grid/CN=Mr Grid Person\n", fp);
- fclose(fp);
-
- /* associate some permissions and denials to the credential */
-
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_READ);
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_WRITE);
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_ADMIN);
- GRSTgaclEntryDenyPerm( entry, GRST_PERM_ADMIN);
- GRSTgaclEntryDenyPerm( entry, GRST_PERM_LIST);
-
- perm0 = GRST_PERM_READ | GRST_PERM_WRITE;
-
- printf("test perm should be %d\n", perm0);
-
- /* create a new ACL and add the entry to it */
-
- acl1 = GRSTgaclAclNew();
-
- GRSTgaclAclAddEntry(acl1, entry);
-
- /* create a GRSTgaclUser to compare with the ACL */
-
- usercred = GRSTgaclCredNew("person");
-
- GRSTgaclCredAddValue(usercred, "dn", "/O=Grid/CN=Mr Grid Person");
-
- user = GRSTgaclUserNew(usercred);
-
- GRSTgaclUserSetDNlists(user, getcwd(NULL, 0));
- printf("DN Lists dir %s\n", getcwd(NULL, 0));
-
-// putenv("GRST_DN_LISTS=.");
-
- perm1 = GRSTgaclAclTestUser(acl1, user);
-
- printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm1);
-
- /* print and save the whole ACL */
-
- GRSTgaclAclPrint(acl1, stdout);
-
- GRSTgaclAclSave(acl1, "example.gacl");
-
- puts("gridacl.out saved");
-
- puts("");
-
- /* load the ACL back off the disk, print and test it */
-
- acl2 = GRSTgaclAclLoadFile("example.gacl");
-
- puts("gridacl.out loaded");
-
- if (acl2 != NULL) GRSTgaclAclPrint(acl2, stdout); else puts("acl2 is NULL");
-
- perm2 = GRSTgaclAclTestUser(acl2, user);
-
- printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm2);
-
- if (perm1 != perm0) return 1;
- if (perm2 != perm0) return 2;
-
- return 0;
-}
+++ /dev/null
-/*
- Copyright (c) 2005, Yibiao Li, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-///////////////////////////////////////////////////////////////////
-//
-// compile: gcc -lcurl gridsite-copy.c -o gridsite-copy.cgi
-// usage: cp gridsite-copy.cgi to the cgi-bin directory
-// and map the COPY method to gridsite-copy.cgi
-// by adding a line in httpd.conf:
-// script COPY /cgi-bin/gridsite-copy.cgi
-//
-///////////////////////////////////////////////////////////////////
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
-#include <stdlib.h>
-#include <curl/curl.h>
-#include <sys/types.h>
-#include <sys/times.h>
-
-extern char **environ;
-
-size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
-{
- int written = fwrite(ptr, size, nmemb, (FILE *)stream);
- return written;
-}
-
-int main( int argn, char **argv )
-{
- char *getenv();
-
- CURL *curl;
- CURLcode res;
- struct tms s_time, e_time;
- FILE *fout;
-
- char *requestURI;
- int grstPerm, srcsecure;
- char passcode[100];
- char destination[500], destDir[400], destName[100];
- char *ptr, *ptr1;
-
- times(&s_time);
- passcode[0]='\0';
- char *capath="/etc/grid-security/certificates";
-
- printf("Content-type: text/html\n\n");
- printf("<html><head><title>HTTP COPY</title></head>\n");
- printf("<body><h1>HTTP FILE COPY</h1>\n");
-
- curl = curl_easy_init();
- printf("Server: Initialized!\n");
- if(curl) {
- //get the request URI
- requestURI = curl_getenv("REQUEST_URI");
- if( strncmp( requestURI, "https://", 8 )==0 )srcsecure=1;
- else srcsecure=0;
- printf("The request URL is %s\n", requestURI);
-
- //get the destination directory and file name
- strcpy(destination, getenv("HTTP_DESTINATION"));
- ptr=destination;
- ptr1 = strrchr(ptr, '/');
- ptr1+=1;
- strcpy( destName, ptr1 );
- *ptr1 = '\0';
- strcpy( destDir, ptr );
-
- // get the one time passcode from cookie string.
- // the segmenty of code is tested on 19th sep. 2005
- if( (ptr=curl_getenv("HTTP_COOKIE")) != NULL)
- {
- ptr += 17;
- strcpy( passcode, ptr );
- }
-
- //get permision attributes
- grstPerm = atoi(curl_getenv("GRST_DESTINATION_PERM"));
-
- if( grstPerm & 8 ) // write right
- {
- curl_easy_setopt(curl, CURLOPT_VERBOSE, 0);
-
- if( srcsecure == 1 )
- {
- curl_easy_setopt(curl, CURLOPT_COOKIE, passcode );
- curl_easy_setopt(curl, CURLOPT_CAPATH, capath );
- }
-
- curl_easy_setopt(curl, CURLOPT_URL, requestURI );
-
- strcpy( destination, getenv("GRST_DESTINATION_TRANSLATED"));
- fout = fopen( destination, "w" );
- if( fout == NULL ){
- printf("cannot open file to write,");
- printf(" maybe you have no right to write in the directory.\n");
- exit(-1);
- }
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
- curl_easy_setopt(curl, CURLOPT_WRITEDATA, fout );
- res = curl_easy_perform(curl);
- if( res!=0 )
- {
- printf("Server: There are some things wrong with OPT parameters.%d \n", res);
- }
- else printf("Server: The file has been successfully copied.\n");
- fclose(fout);
- }
- else
- {
- printf("You have no permission to write in the destination directory.\n");
- }
-
- curl_easy_cleanup(curl);
- }
- else{
- printf("Server: cannot initialize CURL!\n");
- }
-
- curl_global_cleanup();
-
- times(&e_time);
- printf("Server: copying time %ld seconds\n", e_time.tms_utime-s_time.tms_utime);
- printf("</body></html>\n");
- return 0;
-}
+++ /dev/null
-Name: gridsite
-Version: %(echo ${MYVERSION:-1.1.x})
-Release: 1
-Summary: GridSite
-License: Modified BSD
-Group: System Environment/Daemons
-Source: %{name}-%{version}.src.tar.gz
-Prefix: %(echo ${MYPREFIX:-/usr})
-URL: http://www.gridsite.org/
-Vendor: GridPP
-Requires: libxml2
-#Buildrequires: libxml2-devel,curl-ssl-devel,httpd-devel
-Packager: Andrew McNab <Andrew.McNab@manchester.ac.uk>
-
-%description
-GridSite adds GSI, VOMS and GACL support to Apache 2.0 (mod_gridsite),
-a library for manipulating these technologies (libgridsite), and CGI
-programs for interactive management of HTTP(S) servers (gridsite-admin.cgi)
-
-See %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version} and
-http://www.gridsite.org/ for details.
-
-%package shared
-Group: Development/Libraries
-Summary: GridSite shared library and core documentation
-
-%description shared
-GridSite shared library and core documentation
-
-%package devel
-Group: Development/Libraries
-Summary: GridSite .a libraries and .h headers
-
-%description devel
-GridSite development libraries
-
-%package apache
-Group: System Environment/Daemons
-Summary: GridSite mod_gridsite module for Apache httpd
-Requires: gridsite-shared
-
-%description apache
-GridSite Apache module and CGI binaries
-
-%package commands
-Group: Applications/Internet
-Summary: HTTP(S) read/write client and other GridSite commands
-Requires: curl, gridsite-shared
-
-%description commands
-htcp is a client to fetch files or directory listings from remote
-servers using HTTP or HTTPS, or to put or delete files or directories
-onto remote servers using HTTPS. htcp is similar to scp(1), but uses
-HTTP/HTTPS rather than ssh as its transfer protocol.
-
-%package gsexec
-Group: Applications/Internet
-Summary: gsexec binary for the Apache HTTP server
-
-%description gsexec
-This package includes the /usr/sbin/gsexec binary which can be installed
-to allow the Apache HTTP server to run CGI programs (and any programs
-executed by SSI pages) as a user other than the 'apache' user. gsexec
-is a drop-in replacement for suexec, with extended functionality for use
-with GridSite and Grid Security credentials.
-
-%prep
-
-%setup
-
-%build
-cd src
-make prefix=$RPM_BUILD_ROOT/%(echo ${MYPREFIX:-/usr}) \
-GSOAPDIR=$GSOAPDIR OPENSSL_FLAGS=$OPENSSL_FLAGS \
-OPENSSL_LIBS=$OPENSSL_LIBS FLAVOR_EXT=$FLAVOR_EXT
-
-%install
-cd src
-make install prefix=$RPM_BUILD_ROOT/%(echo ${MYPREFIX:-/usr}) \
-GSOAPDIR=$GSOAPDIR OPENSSL_FLAGS=$OPENSSL_FLAGS \
-OPENSSL_LIBS=$OPENSSL_LIBS FLAVOR_EXT=$FLAVOR_EXT
-
-%post shared
-/sbin/ldconfig
-ln -sf %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version} \
- %(echo ${MYPREFIX:-/usr})/share/doc/gridsite
-
-#%postun
-rm -f %(echo ${MYPREFIX:-/usr})/share/doc/gridsite
-
-%files shared
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.so.%{version}
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.so
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.so.%{version}
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.so
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version}
-
-%files devel
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/include/gridsite.h
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/include/gridsite-gacl.h
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.a
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.a
-
-%files apache
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man8/mod_gridsite.8.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/httpd/modules/mod_gridsite.so
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/sbin/real-gridsite-admin.cgi
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/sbin/gridsite-copy.cgi
-
-%files commands
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htcp
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htls
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htll
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htrm
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htmkdir
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htmv
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htping
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htfind
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/urlencode
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/findproxyfile
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htcp.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htrm.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htls.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htll.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htmkdir.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htmv.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htping.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htfind.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/urlencode.1.gz
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/findproxyfile.1.gz
-
-%files gsexec
-%attr(4510, root, apache) %(echo ${MYPREFIX:-/usr})/sbin/gsexec
-%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man8/gsexec.8.gz
+++ /dev/null
-/*
- Copyright (c) 2002-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridpp.ac.uk/authz/gridsite/ *
- *---------------------------------------------------------------------------*/
-
-#ifndef VERSION
-#define VERSION "0.0.1"
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include <time.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bio.h>
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-#include <curl/curl.h>
-/* #include <gacl.h> */
-
-#include "gridsite.h"
-
-#include "soapH.h"
-#include "delegation.nsmap"
-
-#include <time.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bio.h>
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-#define GRST_KEYSIZE 512
-#define GRST_PROXYCACHE "/../proxycache/"
-#define GRST_SUPPORT_G_HTTPS
-
-#ifdef GRST_SUPPORT_G_HTTPS
-void GRSThttpError(char *status)
-{
- printf("Status: %s\n", status);
- printf("Server-CGI: GridSite %s\n", VERSION);
- printf("Content-Length: %d\n", 2 * strlen(status) + 58);
- puts("Content-Type: text/html\n");
-
- printf("<head><title>%s</title></head>\n", status);
- printf("<body><h1 >%s</h1 ></body>\n", status);
-
- exit(0);
-}
-
-int GRSTmethodPutProxy(char *delegation_id, char *user_dn)
-/* return 0 on success; non-zero on error */
-{
- int c, len = 0, i;
- char *docroot, *contentlen, *contenttype, *proxychain, *proxydir;
- FILE *fp;
-
- if (((contenttype = getenv("CONTENT_TYPE")) == NULL) ||
- (strcmp(contenttype, "application/x-x509-user-cert-chain") != 0))
- return 2;
-
- contentlen = getenv("CONTENT_LENGTH");
- if (contentlen == NULL) return 2;
- len = atoi(contentlen);
-
- if ((delegation_id == NULL) || (*delegation_id == '\0'))
- delegation_id = "_";
-
- docroot = getenv("DOCUMENT_ROOT");
- asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE);
-
- if ((user_dn == NULL) || (user_dn[0] == '\0') ||
- (GRSTx509CacheProxy(proxydir, delegation_id, user_dn, proxychain)
- != GRST_RET_OK))
- {
- return GRST_RET_FAILED;
- }
-
- free(proxydir);
-
- return GRST_RET_OK;
-}
-#endif
-
-int main(int argn, char *argv[])
-{
- char *docroot, *method, *request, *p, *client_dn, *user_dn,
- *delegation_id, *reqtxt, *proxydir;
- struct soap soap;
-
-chdir("/var/tmp");
-
- method = getenv("REQUEST_METHOD");
- if (strcmp(method, "POST") == 0)
- {
- soap_init(&soap);
- soap_serve(&soap); /* CGI application */
- return 0;
- }
-
-#ifdef GRST_SUPPORT_G_HTTPS
- docroot = getenv("DOCUMENT_ROOT");
-
- request = strdup(getenv("REQUEST_URI"));
- p = index(request, '?');
- if (p != NULL) *p = '\0';
-
-
- /* non HTTP POST methods - ie special G-HTTPS methods */
-
- delegation_id = getenv("HTTP_DELEGATION_ID");
- if ((delegation_id == NULL) || (*delegation_id == '\0')) delegation_id = "_";
-
- user_dn = NULL;
- client_dn = getenv("SSL_CLIENT_S_DN");
- if (client_dn != NULL)
- {
- user_dn = strdup(client_dn);
-
- /* we assume here that mod_ssl has verified proxy chain already ... */
-
- p = strstr(user_dn, "/CN=proxy");
- if (p != NULL) *p = '\0';
-
- p = strstr(user_dn, "/CN=limited proxy");
- if (p != NULL) *p = '\0';
- }
-
- if (user_dn == NULL) /* all methods require client auth */
- {
- GRSThttpError("403 Forbidden");
- }
- else if (strcmp(method, "GET-PROXY-REQ") == 0)
- {
- docroot = getenv("DOCUMENT_ROOT");
- asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE);
-
- if (GRSTx509MakeProxyRequest(&reqtxt, proxydir,
- delegation_id, user_dn) == 0)
- {
- puts("Status: 200 OK");
- puts("Content-Type: application/x-x509-cert-request");
- printf("Content-Length: %d\n\n", strlen(reqtxt));
- fputs(reqtxt, stdout);
- free(proxydir);
- return 0;
- }
-
- puts("Status: 500 Internal Server Error\n");
- free(proxydir);
- return 0;
- }
- else if (strcmp(method, "PUT-PROXY-CERT") == 0)
- {
- if (GRSTmethodPutProxy(delegation_id, user_dn) == 0)
- {
- puts("Status: 200 OK\n");
- return 0;
- }
-
- puts("Status: 500 Internal Server Error\n");
- return 0;
- }
- else
- {
- GRSThttpError("501 Method Not Implemented");
- }
-#endif
-}
-
-int ns__getProxyReq(struct soap *soap, char *delegation_id,
- char **request)
-{
- char *p, *client_dn, *user_dn, *docroot, *proxydir;
-
- user_dn = NULL;
- client_dn = getenv("SSL_CLIENT_S_DN");
- if (client_dn != NULL)
- {
- user_dn = strdup(client_dn);
-
- /* we assume here that mod_ssl has verified proxy chain already ... */
-
- p = strstr(user_dn, "/CN=proxy");
- if (p != NULL) *p = '\0';
-
- p = strstr(user_dn, "/CN=limited proxy");
- if (p != NULL) *p = '\0';
- }
-
- if ((delegation_id == NULL) || (*delegation_id == '\0')) delegation_id = "_";
-
- docroot = getenv("DOCUMENT_ROOT");
- asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE);
-
- if ((user_dn != NULL) && (user_dn[0] != '\0') &&
- (GRSTx509MakeProxyRequest(request, proxydir,
- delegation_id, user_dn) == 0))
- {
- return SOAP_OK;
- }
-
- return SOAP_ERR;
-}
-
-int ns__putProxy(struct soap *soap, char *delegation_id,
- char *proxy,
- struct ns__putProxyResponse *unused)
-{
- int fd, c, len = 0, i;
- char *docroot, *proxydir, *p, *client_dn, *user_dn;
-
- user_dn = NULL;
- client_dn = getenv("SSL_CLIENT_S_DN");
- if (client_dn != NULL)
- {
- user_dn = strdup(client_dn);
-
- /* we assume here that mod_ssl has verified proxy chain already ... */
-
- p = strstr(user_dn, "/CN=proxy");
- if (p != NULL) *p = '\0';
-
- p = strstr(user_dn, "/CN=limited proxy");
- if (p != NULL) *p = '\0';
- }
-
- if ((delegation_id == NULL) || (*delegation_id == '\0'))
- delegation_id = "_";
-
- docroot = getenv("DOCUMENT_ROOT");
- asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE);
-
- if ((user_dn == NULL) || (user_dn[0] == '\0') ||
- (GRSTx509CacheProxy(proxydir, delegation_id, user_dn, proxy)
- != GRST_RET_OK))
- {
- return SOAP_ERR;
- }
-
- return SOAP_OK;
-}
-
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab and Shiv Kaushal,
- University of Manchester. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridsite.org/ *
- *------------------------------------------------------------------*/
-
-void GRSThttpError(char *);
-void adminfooter(GRSThttpBody *, char *, char *, char *, char *);
-int GRSTstrCmpShort(char *, char *);
-char *makevfilename(char *, size_t, char *);
-
-/*CGI GACL - Edit interface functions*/
-void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-
-/*Functions producing messages*/
-//void error(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp);
-
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridsite.org/ *
- *------------------------------------------------------------------*/
-
-#ifndef VERSION
-#define VERSION "x.x.x"
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <fcntl.h>
-
-// when porting: remember that sendfile() is very OS-specific!
-#include <sys/sendfile.h>
-
-#include <gridsite.h>
-
-#include "grst_admin.h"
-
-char *storeuploadfile(char *boundary, int *bufferused)
-{
-// rewrite this to copy whole POSTed stdin HTTP body to disk then
-// mmap() and pick apart? How to deal with 100MB uploaded files, say?
-
- char *filebuffer = NULL;
- int bufferlen = 0, c, boundarylen;
-
- *bufferused = 0;
- boundarylen = strlen(boundary);
-
- while ((c = getchar()) != EOF)
- {
- if (*bufferused > 1024*1024*100) return NULL;
-
- ++(*bufferused);
-
- if (*bufferused > bufferlen)
- {
- bufferlen = bufferlen + 1000;
- filebuffer = realloc(filebuffer, (size_t) bufferlen);
- }
-
- filebuffer[*bufferused - 1] = c;
-
- if ( (*bufferused >= boundarylen + 4) &&
- (boundary[boundarylen-1] == c) &&
- (boundary[boundarylen-2] == filebuffer[*bufferused - 2]) &&
- (strncmp(boundary, &filebuffer[*bufferused - boundarylen],
- boundarylen) == 0))
- {
- *bufferused = *bufferused - boundarylen - 4;
-
- if (filebuffer == NULL) return strdup("");
- else return filebuffer;
- }
- }
-
- return NULL;
-}
-
-void uploadfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *dir_uri, char *admin_file)
-{
- char *boundary, *p, oneline[200], *filename = NULL,
- tmpfilename[256], *filebuffer = NULL, *filepath,
- *vfile, *dir_path_vfile;
- int mimestate, bufferused = 0, itworked = 0;
- FILE *fp;
- GRSThttpBody bp;
-
-#define MIMESTUNKNOWN 1
-#define MIMESTUPLOAD 2
-#define MIMESTFILENM 3
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- p = getenv("CONTENT_TYPE");
- boundary = &p[30];
-
- mimestate = MIMESTUNKNOWN;
-
- while (fgets(oneline, sizeof(oneline), stdin) != NULL)
- {
- if (*oneline == 13) // MIME has CR/LF line breaks, CR=13
- {
- if (mimestate == MIMESTUPLOAD)
- {
- filebuffer = storeuploadfile(boundary, &bufferused);
- mimestate = MIMESTUNKNOWN;
- }
- else if (mimestate == MIMESTFILENM)
- {
- fgets(tmpfilename, sizeof(tmpfilename), stdin);
- if (*tmpfilename != 13)
- {
- p = index(tmpfilename, 13);
- *p = '\0';
- filename = strdup(tmpfilename);
- }
- mimestate = MIMESTUNKNOWN;
- }
- }
- else if (GRSTstrCmpShort(oneline,
- "Content-Disposition: form-data; name=\"uploadfile\"; filename=\"")
- == 0)
- {
- mimestate = MIMESTUPLOAD;
- if (filename == NULL)
- {
- filename = strdup(&oneline[61]);
-
- p = rindex(&oneline[61], '\\');
- if (p != NULL) { ++p ; filename = p; }
-
- p = rindex(&oneline[61], '/');
- if (p != NULL) { ++p ; filename = p; }
-
- p = index(filename, '"');
- if (p != NULL) *p = '\0';
- }
- }
- else if (GRSTstrCmpShort(oneline,
- "Content-Disposition: form-data; name=\"file\"") == 0)
- {
- mimestate = MIMESTFILENM;
- }
- }
-
- if ((filebuffer != NULL) && (bufferused >= 0))
- {
- if (filename == NULL) GRSThttpError("403 Forbidden");
- else if ((index(filename, '/') != NULL) ||
- (strcmp(filename, GRST_ACL_FILE) == 0))
- {
- puts("Status: 403 Forbidden filename\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Forbidden filename %s</title>\n", filename);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Forbidden filename %s</h1>\n",
- filename);
-
- GRSThttpPrintf(&bp,
- "<p align=center>New file names cannot include slashes "
- "or use the reserved ACL name, %s\n", GRST_ACL_FILE);
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
- return;
- }
- else
- {
- vfile = makevfilename(filename, bufferused, dn);
- asprintf(&dir_path_vfile, "%s/%s", dir_path, vfile);
-
- fp = fopen(dir_path_vfile, "w");
- if (fp != NULL)
- {
- if ((fwrite(filebuffer,
- sizeof(char), bufferused, fp) == bufferused) &&
- (fclose(fp) == 0))
- {
- asprintf(&filepath, "%s/%s", dir_path, filename);
-
- unlink(filepath); /* this can fail ok */
-
- itworked = (link(dir_path_vfile, filepath) == 0);
- }
- }
- }
-
- free((void *) filebuffer);
- }
-
- if (itworked)
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
- return;
- }
-
- puts("Status: 500 Failed trying to upload\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Failed to upload</title>\n");
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Failed to upload</h1>\n");
-
- GRSThttpPrintf(&bp, "<p align=center>GridSite considers you are authorized "
- "to upload the file, but the upload failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void deletefileaction(char *dn, GRSTgaclPerm perm, char *help_uri,
- char *dir_path, char *file, char *dir_uri,
- char *admin_file)
-{
- int fd, numfiles;
- char *dir_path_file, *dir_path_vfile, *p, *vfile, *dnlistsuri,
- *fulluri, *server_name, *realfile;
- struct stat statbuf;
- GRSThttpBody bp;
- struct dirent *subdirfile_ent;
- DIR *subDIR;
-
- if (((strcmp(file, GRST_ACL_FILE) != 0) && !GRSTgaclPermHasWrite(perm)) ||
- ((strcmp(file, GRST_ACL_FILE) == 0) && !GRSTgaclPermHasAdmin(perm)))
- GRSThttpError("403 Forbidden");
-
- dnlistsuri = getenv("GRST_DN_LISTS_URI");
- if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI");
-
- if ((dnlistsuri != NULL) &&
- (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0))
- realfile = GRSThttpUrlEncode(file);
- else if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
- else realfile = file;
-
- dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2);
-
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, realfile);
-
- if ((stat(dir_path_file, &statbuf) == 0) && S_ISDIR(statbuf.st_mode))
- {
- subDIR = opendir(dir_path_file);
- if (subDIR == NULL) numfiles = 99; /* stop deletion */
- else
- {
- numfiles = 0;
- while ((subdirfile_ent = readdir(subDIR)) != NULL)
- if (subdirfile_ent->d_name[0] != '.') ++numfiles;
- else if (strncmp(subdirfile_ent->d_name,
- GRST_ACL_FILE,
- sizeof(GRST_ACL_FILE)) == 0) ++numfiles;
- closedir(subDIR);
- }
-
- if (numfiles == 0)
- {
- vfile = makevfilename(file, 0, dn);
- dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2);
- strcpy(dir_path_vfile, dir_path);
- strcat(dir_path_vfile, "/");
- strcat(dir_path_vfile, vfile);
-
- if (rename(dir_path_file, dir_path_vfile) == 0)
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
- return;
- }
- }
- }
- else if (unlink(dir_path_file) == 0)
- {
- if (strcmp(file, GRST_ACL_FILE) != 0)
- {
- vfile = makevfilename(file, 0, dn);
- dir_path_file = malloc(strlen(dir_path) + strlen(vfile) + 2);
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, vfile);
-
- fd = open(dir_path_file, O_WRONLY | O_CREAT);
- if (fd != -1) close(fd);
- }
-
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
-
- return;
- }
-
- puts("Status: 500 Failed trying to delete\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Error deleting %s%s</title>\n", dir_uri, file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error deleting %s%s</h1>\n",
- dir_uri, file);
-
- GRSThttpPrintf(&bp, "<p align=center>GridSite considers you are authorized "
- "to delete %s, but the delete failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.",
- file);
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void deletefileform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Delete %s</title>\n", file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Delete %s</h1>\n", file);
-
- GRSThttpPrintf(&bp,"<form action=\"%s%s\" method=post>\n",dir_uri,admin_file);
- GRSThttpPrintf(&bp,"<h2 align=center>Do you really want to delete %s?", file);
- GRSThttpPrintf(&bp,"<p align=center><input type=submit value=\"Yes, delete %s\"></h2>\n", file);
- GRSThttpPrintf(&bp,"<input type=hidden name=file value=\"%s\">\n", file);
- GRSThttpPrintf(&bp,"<input type=hidden name=cmd value=deleteaction>\n");
- GRSThttpPrintf(&bp,"</form>\n");
-
- GRSThttpPrintf(&bp,"<p align=center>Or "
- "<a href=\"%s%s?cmd=managedir\">return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void renameform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Rename %s</title>\n", file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Rename %s%s</h1>\n", dir_uri, file);
-
- GRSThttpPrintf(&bp,"<form action=\"%s%s\" method=post>\n",dir_uri,admin_file);
- GRSThttpPrintf(&bp,"<h2 align=center>What do you want to rename %s to?</h2>", file);
- GRSThttpPrintf(&bp,"<input type=hidden name=file value=\"%s\">\n", file);
- GRSThttpPrintf(&bp,"<p align=center>New name: <input type=text name=newfile value=\"%s\">\n", file);
- GRSThttpPrintf(&bp,"<input type=submit value=\"Rename\">\n");
- GRSThttpPrintf(&bp,"<input type=hidden name=cmd value=renameaction>\n");
- GRSThttpPrintf(&bp,"</form>\n");
-
- GRSThttpPrintf(&bp,"<p align=center>Or "
- "<a href=\"%s%s?cmd=managedir&diruri=%s\">return to "
- "directory listing</a>\n", dir_uri, admin_file, dir_uri);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void editfileaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- char *pagetext, *dir_path_file, *vfile, *dir_path_vfile,
- *dnlistsuri, *server_name, *fulluri, *realfile;
- FILE *fp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0))
- GRSThttpError("403 Forbidden");
-
- dnlistsuri = getenv("GRST_DN_LISTS_URI");
- if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI");
-
- if ((dnlistsuri != NULL) &&
- (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0))
- {
- realfile = GRSThttpUrlEncode(file);
-
- if (realfile[0] == '.') GRSThttpError("403 Forbidden");
- }
- else if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
- else realfile = file;
-
- asprintf(&dir_path_file, "%s/%s", dir_path, realfile);
-
- pagetext = GRSThttpGetCGI("pagetext");
- vfile = makevfilename(file, strlen(pagetext), dn);
- asprintf(&dir_path_vfile, "%s/%s", dir_path, vfile);
-
- fp = fopen(dir_path_vfile, "w");
- if (fp == NULL)
- {
- puts("Status: 500 Failed trying to write\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error writing %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error writing %s%s</h1>\n",
- dir_uri, file);
-
- GRSThttpPrintf(&bp,
- "<p align=center>GridSite considers you are authorized "
- "to write the file, but the write failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
- return;
- }
-
- fwrite(pagetext, strlen(pagetext), sizeof(char), fp);
-
- fclose(fp);
-
- unlink(dir_path_file);
-
- if (link(dir_path_vfile,dir_path_file) != 0) GRSThttpError("403 Forbidden");
-
- if ((strlen(file) > 7) && (strcmp(&file[strlen(file) - 5], ".html") == 0))
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s\n\n", dir_uri, file);
- else printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
-}
-
-void create_acl(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int fd;
- char *tmpgacl, *newgacl;
- GRSTgaclAcl *acl;
- FILE *fp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError("403 Forbidden");
-
- asprintf(&tmpgacl, "%s/.tmp.XXXXXX", dir_path);
- asprintf(&newgacl, "%s/%s", dir_path, GRST_ACL_FILE);
-
- if (((acl = GRSTgaclAclLoadforFile(dir_path)) != NULL) &&
- ((fd = mkstemp(tmpgacl)) != -1) &&
- ((fp = fdopen(fd, "w+")) != NULL) &&
- GRSTgaclAclPrint(acl, fp) &&
- (fclose(fp) == 0) &&
- (rename(tmpgacl, newgacl) == 0))
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
-
- free(tmpgacl);
- free(newgacl);
- return;
- }
-
- puts("Status: 500 Failed trying to create\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error creating %s%s</title>\n", dir_uri,
- GRST_ACL_FILE);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error creating %s%s</h1>\n",
- dir_uri, GRST_ACL_FILE);
-
- GRSThttpPrintf(&bp, "<p align=center>GridSite considers you are authorized "
- "to create it, but the create failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-
- free(tmpgacl);
- free(newgacl);
-}
-
-void renameaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int len;
- char *dir_path_file, *vfile, *dir_path_vfile,
- *dnlistsuri, *newfile, *dir_path_newfile;
- struct stat statbuf;
- FILE *fp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0))
- GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2);
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, file);
-
- if (stat(dir_path_file, &statbuf) != 0) GRSThttpError("404 Not Found");
-
- newfile = GRSThttpGetCGI("newfile");
-
- if ((strcmp(newfile, GRST_ACL_FILE) == 0) ||
- (strcmp(newfile, file) == 0)) GRSThttpError("403 Forbidden");
-
- dir_path_newfile = malloc(strlen(dir_path) + strlen(newfile) + 2);
- strcpy(dir_path_newfile, dir_path);
- strcat(dir_path_newfile, "/");
- strcat(dir_path_newfile, newfile);
-
- vfile = makevfilename(newfile, statbuf.st_size, dn);
- dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2);
- strcpy(dir_path_vfile, dir_path);
- strcat(dir_path_vfile, "/");
- strcat(dir_path_vfile, vfile);
-
- unlink(dir_path_newfile); /* just in case */
-
- if ((link(dir_path_file, dir_path_vfile ) == 0) &&
- (link(dir_path_file, dir_path_newfile) == 0) &&
- (unlink(dir_path_file) == 0))
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s\n\n", dir_uri);
- return;
- }
-
- puts("Status: 500 Failed trying to rename\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error renaming %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error renaming %s%s</h1>\n",
- dir_uri, file);
-
- GRSThttpPrintf(&bp, "<p align=center>GridSite considers you are authorized "
- "to rename it, but the rename failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void newdirectory(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int len;
- char *dir_path_file, *vfile, *dir_path_vfile, *filedup;
- FILE *fp;
- GRSThttpBody bp;
-
- if ((file[0] == '\0') ||
- !GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0))
- GRSThttpError("403 Forbidden");
-
- filedup = strdup(file);
- if (filedup[strlen(filedup)-1] == '/') filedup[strlen(filedup)-1] = '\0';
- if (index(filedup, '/') != NULL) GRSThttpError("403 Forbidden");
-
- dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2);
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, file);
-
- if (mkdir(dir_path_file, 0751) == 0)
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
- return;
- }
-
- puts("Status: 500 Failed trying to create\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error create %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error creating directory %s%s</h1>\n",
- dir_uri, file);
-
- GRSThttpPrintf(&bp,
- "<p align=center>GridSite considers you are authorized "
- "to create the directory, but the creation failed. This "
- "is probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "parent directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void editdnlistaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int numdn = 0, ifd, ofd, numdnlines = 0, i, found;
- char *dir_path_file, *dir_path_tmpfile, *realfile,
- *dnlistsuri, *server_name, *fulldiruri, *p, oneline[513],
- **dnlines, name[81], *add;
- FILE *ofp;
- struct stat statbuf;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- dnlistsuri = getenv("GRST_DN_LISTS_URI");
- if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI");
-
- server_name = getenv("SERVER_NAME");
-
- if ((server_name == NULL) ||
- (dnlistsuri == NULL) ||
- (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) != 0))
- GRSThttpError("403 Forbidden");
-
- asprintf(&fulldiruri, "https://%s%s", server_name, dir_uri);
-
- if ((strncmp(fulldiruri, file, strlen(fulldiruri)) != 0) &&
- ((strncmp(fulldiruri, file, strlen(fulldiruri) - 1) != 0) ||
- (strlen(fulldiruri) - 1 != strlen(file))))
- {
- puts("Status: 403 Forbidden\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error writing %s</title>\n", file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error writing %s to %s</h1>\n",
- file, dir_uri);
-
- GRSThttpPrintf(&bp, "<p align=center>You cannot create a DN List "
- "with that prefix in this directory. Please see the "
- "the GridSite User's Guide for an explanation.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
- return;
- }
-
- p = GRSThttpGetCGI("numdn");
- if ((p == NULL) || (sscanf(p, "%d", &numdn) != 1))
- GRSThttpError("500 No number of DNs");
-
- if (numdn > 0)
- {
- dnlines = malloc(sizeof(char *) * numdn);
-
- for (i=1; i <= numdn; ++i)
- {
- sprintf(name, "dn%d", i);
- p = GRSThttpGetCGI(name);
-
- if (*p != '\0')
- {
- dnlines[numdnlines] = p;
- ++numdnlines;
- }
- }
- }
-
- add = GRSThttpGetCGI("add");
-
- realfile = GRSThttpUrlEncode(file);
-
- dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2);
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, realfile);
-
- dir_path_tmpfile = malloc(strlen(dir_path) + 13);
- strcpy(dir_path_tmpfile, dir_path);
- strcat(dir_path_tmpfile, "/.tmp.XXXXXX");
-
- if (((ofd = mkstemp(dir_path_tmpfile)) != -1) &&
- ((ofp = fdopen(ofd, "w")) != NULL))
- {
- if (*add != '\0')
- {
- fputs(add, ofp);
- fputc('\n', ofp);
- }
-
- for (i=0; i < numdnlines; ++i)
- {
- fputs(dnlines[i], ofp);
- fputc('\n', ofp);
- }
-
- if ((fclose(ofp) == 0) &&
- ((stat(dir_path_file, &statbuf) != 0) ||
- (unlink(dir_path_file) == 0)) &&
- (rename(dir_path_tmpfile, dir_path_file) == 0))
- {
- printf("Status: 302 Moved Temporarily\nContent-Length: 0\n"
- "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file);
- return;
- }
- }
-
- puts("Status: 500 Failed trying to write\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Error writing %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1 align=center>Error writing %s%s</h1>\n",
- dir_uri, file);
-
- GRSThttpPrintf(&bp, "<p align=center>GridSite considers you are authorized "
- "to write the file, but the write failed. This is "
- "probably a web server or operating system level "
- "misconfiguration. Consult the site administrator.");
-
- GRSThttpPrintf(&bp,"<p align=center>"
- "<a href=\"%s%s?cmd=managedir\">Return to "
- "directory listing</a>\n", dir_uri, admin_file);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-
- /* try to clean up */
- if (stat(dir_path_tmpfile, &statbuf) == 0) unlink(dir_path_tmpfile);
-}
-
-void printfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int fd;
- char *dir_path_file;
- struct stat statbuf;
-
- if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2);
-
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, file);
-
- fd = open(dir_path_file, O_RDONLY);
- if (fd == -1) GRSThttpError("500 Internal server error");
-
- if ((fstat(fd, &statbuf) != 0) ||
- !S_ISREG(statbuf.st_mode)) GRSThttpError("403 Forbidden");
-
- printf("Status: 200 OK\nContent-Type: text/html\nContent-Length: %d\n\n",
- statbuf.st_size);
-
- fflush(stdout);
-
- sendfile(1, fd, 0, statbuf.st_size);
-}
-
-void filehistory(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int fd, n, i, j, enclen, num = 0;
- char *encodedfile, *p, *dndecoded, modified[99], *vfile, *q,
- *encdn;
- time_t file_time;
- size_t file_size;
- struct stat statbuf;
- struct dirent **namelist;
- struct tm file_tm;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
- GRSThttpPrintf(&bp, "<title>History of %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
- GRSThttpPrintf(&bp,
- "<h1 align=center>History of <a href=\"%s%s\">%s%s</a></h1>\n",
- dir_uri, file, dir_uri, file);
-
- asprintf(&vfile, "%s/%s", dir_path, file);
- if (stat(vfile, &statbuf) == 0)
- {
- localtime_r((const time_t *) &(statbuf.st_mtime), &file_tm);
- strftime(modified, sizeof(modified),
- "%a %e %b %Y %k:%M", &file_tm);
-
- GRSThttpPrintf(&bp, "<p align=center>Last modified: %s\n", modified);
- }
- free(vfile);
-
- encodedfile = GRSThttpUrlEncode(file);
- for (p=encodedfile; *p != '\0'; ++p) if (*p == '%') *p = '=';
- enclen = strlen(encodedfile);
-
- n = scandir(dir_path, &namelist, 0, alphasort);
-
- if (n > 0)
- {
- for (i = n - 1; i >= 0; --i)
- {
- if ((strncmp(namelist[i]->d_name, GRST_HIST_PREFIX,
- sizeof(GRST_HIST_PREFIX) - 1) == 0) &&
- ((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX) - 1] == ':') &&
- (strncmp(&((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX)]),
- encodedfile, enclen) == 0) &&
- ((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX)+enclen] == ':'))
- {
- if (num == 0) GRSThttpPrintf(&bp,
- "<p align=center><table border=1 cellpadding=5>\n"
- "<tr><td>Date</td><td>Size after</td>"
- "<td colspan=2>Changed by</td></tr>\n");
-
- ++num;
-
- p = index(namelist[i]->d_name, ':');
- p = index(&p[1], ':');
- sscanf(&p[1], "%X:", &file_time);
- p = index(&p[1], ':'); /* skip over microseconds time */
- p = index(&p[1], ':');
- sscanf(&p[1], "%X:", &file_size);
- p = index(&p[1], ':');
-
- encdn = strdup(&p[1]);
- q = index(encdn, ':');
- if (q != NULL) *q = '\0';
-
- for (q=encdn; *q != '\0'; ++q) if (*q == '=') *q = '%';
- dndecoded = GRSThttpUrlDecode(encdn);
-
- localtime_r((const time_t *) &file_time, &file_tm);
- strftime(modified, sizeof(modified),
- "%a %e %b %Y %k:%M", &file_tm);
-
- GRSThttpPrintf(&bp,
- "<tr><td>%s</td><td align=right>%d</td><td>%s</td>\n",
- modified, file_size, dndecoded);
-
- free(dndecoded);
-
- asprintf(&vfile, "%s/%s", dir_path, namelist[i]->d_name);
- if ((stat(vfile, &statbuf) == 0) && (statbuf.st_size > 0))
- {
- GRSThttpPrintf(&bp, "<td><a href=\"");
- if (strcmp (file, GRST_ACL_FILE)==0)
- GRSThttpPrintf(&bp, "%s%s?cmd=acl_history&dir_uri=%s&file=%s\">View</a></td></tr>\n",
- dir_uri, admin_file, dir_uri, namelist[i]->d_name);
- else GRSThttpPrintf(&bp, "%s%s\">View</a></td></tr>\n",
- dir_uri, namelist[i]->d_name);
- }
- else GRSThttpPrintf(&bp, "<td> </td></tr>");
-
- free(vfile);
- }
- }
- }
-
- if (num > 0) GRSThttpPrintf(&bp, "</table>\n");
- else GRSThttpPrintf(&bp, "<p align=center>No history for this file\n");
-
- if (GRSTgaclPermHasList(perm))
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- else adminfooter(&bp, dn, help_uri, dir_uri, NULL);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
-void ziplist(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- char *shellcmd, *unzip, oneline[129];
- FILE *fp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
- GRSThttpPrintf(&bp, "<title>Contents of %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
- GRSThttpPrintf(&bp,
- "<h1 align=center>Contents of ZIP file <a href=\"%s%s\">%s%s</a></h1>\n",
- dir_uri, file, dir_uri, file);
-
- unzip = getenv("GRST_UNZIP");
- if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP");
-
- if (unzip != NULL)
- {
- GRSThttpPrintf(&bp, "<center><table><tr><td><pre>\n");
- asprintf(&shellcmd, "cd %s ; %s -Z %s", dir_path, unzip, file);
- fp = popen(shellcmd, "r");
-
- while (fgets(oneline, sizeof(oneline), fp) != NULL)
- GRSThttpPrintf(&bp, "%s", oneline);
- pclose(fp);
- GRSThttpPrintf(&bp, "</pre></td></tr></table></center>\n");
-
- if (GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp,
- "<p><center><form action=\"%s%s\" method=post>"
- "<input type=submit value=\"Unzip this file\"> in %s"
- "<input type=hidden name=cmd value=unzipfile>"
- "<input type=hidden name=file value=\"%s\"></form>"
- "<p>(All files are placed in the same directory and files "
- "beginning with "." are ignored.)</center>\n",
- dir_uri, admin_file, dir_uri, file);
- }
- else GRSThttpPrintf(&bp, "<p align=center>unzip path not defined!\n");
-
- if (GRSTgaclPermHasList(perm))
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- else adminfooter(&bp, dn, help_uri, dir_uri, NULL);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
-void unzipfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- char *shellcmd, *unzip, oneline[129];
- FILE *fp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
- GRSThttpPrintf(&bp, "<title>Unzipping %s%s</title>\n", dir_uri, file);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
- GRSThttpPrintf(&bp,
- "<h1 align=center>Unzipping <a href=\"%s%s\">%s%s</a></h1>\n",
- dir_uri, file, dir_uri, file);
-
- unzip = getenv("GRST_UNZIP");
- if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP");
-
- if (unzip != NULL)
- {
- GRSThttpPrintf(&bp, "<center><table><tr><td><pre>\n");
- asprintf(&shellcmd, "cd %s ; %s -jo %s -x '.*'", dir_path, unzip, file);
- fp = popen(shellcmd, "r");
-
- while (fgets(oneline, sizeof(oneline), fp) != NULL)
- GRSThttpPrintf(&bp, "%s", oneline);
- pclose(fp);
- GRSThttpPrintf(&bp, "</pre></td></tr></table></center>\n");
-
- if (GRSTgaclPermHasList(perm))
- GRSThttpPrintf(&bp, "<p align=center>"
- "<b><a href=\"%s%s?cmd=managedir\">Back to "
- "directory</a></b>", dir_uri, admin_file);
- }
- else GRSThttpPrintf(&bp, "<p align=center>unzip path not defined!\n");
-
- if (GRSTgaclPermHasList(perm))
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
- else adminfooter(&bp, dn, help_uri, dir_uri, NULL);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
-void editfileform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int fd, rawpagesize, i, c;
- char *dir_path_file, *rawpage, *p;
- FILE *fp = NULL;
- struct stat statbuf;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden");
-
- if (index(file, '/') != NULL) GRSThttpError("403 Forbidden");
-
- dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2);
-
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, file);
-
- fd = open(dir_path_file, O_RDONLY);
- if (fd != -1)
- {
- fp = fdopen(fd, "r");
- if (fp == NULL) GRSThttpError("500 File open failed!");
-
- if ((fstat(fd, &statbuf) != 0) ||
- !S_ISREG(statbuf.st_mode)) GRSThttpError("500 Not a regular file!");
- }
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Edit file %s</title>\n", file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1>Edit file %s</h1>\n", file);
-
- GRSThttpPrintf(&bp,"<form action=\"%s%s\" method=post>\n",dir_uri,admin_file);
- GRSThttpPrintf(&bp,"<p><input type=submit value=\"Save changes\">\n");
- GRSThttpPrintf(&bp,"<p>File name: <input type=text name=file value=\"%s\">\n", file);
- GRSThttpPrintf(&bp,"<input type=hidden name=cmd value=editaction>\n");
- GRSThttpPrintf(&bp,"<p><textarea name=pagetext cols=80 rows=22>");
-
- if (fp != NULL)
- {
- rawpagesize = statbuf.st_size + 1000;
- rawpage = malloc(rawpagesize);
-
- i = 0;
-
- while ((c = fgetc(fp)) != EOF)
- {
- if (c == '<') { strcpy(&rawpage[i], "<");
- i += 4; }
- else if (c == '>') { strcpy(&rawpage[i], ">");
- i += 4; }
- else if (c == '&') { strcpy(&rawpage[i], "&");
- i += 5; }
- else if (c == '"') { strcpy(&rawpage[i], """);
- i += 6; }
- else { rawpage[i] = c;
- i += 1; }
-
- if (i >= rawpagesize - 7)
- {
- rawpagesize += 1000;
- rawpage = realloc(rawpage, rawpagesize);
- }
- }
-
- rawpage[i] = '\0';
-
- GRSThttpPrintf(&bp, "%s", rawpage);
- }
-
- GRSThttpPrintf(&bp, "</textarea>\n");
- GRSThttpPrintf(&bp, "<p><input type=submit value=\"Save changes\">\n");
- GRSThttpPrintf(&bp, "</form>\n");
-
- if (fp != NULL) fclose(fp);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
-void editdnlistform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *file, char *dir_uri, char *admin_file)
-{
- int fd, i, c, numdn = 0;
- char *dir_path_file, *rawpage, *p, *dnlistsuri, *server_name, *fulluri,
- *realfile, oneline[513];
- FILE *fp = NULL;
- struct stat statbuf;
- GRSThttpBody bp;
-
- dnlistsuri = getenv("GRST_DN_LISTS_URI");
- if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI");
-
- if (!GRSTgaclPermHasWrite(perm) ||
- (dnlistsuri == NULL) ||
- (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) != 0))
- GRSThttpError("403 Forbidden");
-
- realfile = GRSThttpUrlEncode(file);
-
- dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2);
-
- strcpy(dir_path_file, dir_path);
- strcat(dir_path_file, "/");
- strcat(dir_path_file, realfile);
-
- fd = open(dir_path_file, O_RDONLY);
- if (fd != -1) /* we dont mind open failing, but it must work if it doesnt */
- {
- fp = fdopen(fd, "r");
- if (fp == NULL) GRSThttpError("500 File open failed!");
-
- if ((fstat(fd, &statbuf) != 0) ||
- !S_ISREG(statbuf.st_mode)) GRSThttpError("500 Not a regular file!");
- }
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp, "<title>Edit DN List %s</title>\n", file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1>Edit DN List</h1>\n");
-
- GRSThttpPrintf(&bp,"<form action=\"%s%s\" method=post>\n",dir_uri,admin_file);
- GRSThttpPrintf(&bp,"<p><input type=submit value=\"Update\">\n");
- GRSThttpPrintf(&bp,"<p>List URL: <input type=text name=file value=\"%s\" "
- "size=%d>\n", file, strlen(file));
- GRSThttpPrintf(&bp,"<input type=hidden name=cmd value=editdnlistaction>\n");
-
- if (fp != NULL)
- {
- GRSThttpPrintf(&bp, "<p><table>\n<tr><th>Keep?</th>"
- "<th>Name</th></tr>\n");
-
- while (fgets(oneline, sizeof(oneline), fp) != NULL)
- {
- ++numdn;
-
- p = rindex(oneline, '\n');
- if (p != NULL) *p = '\0';
-
- GRSThttpPrintf(&bp, "<tr><td align=center><input type=checkbox "
- "name=\"dn%d\" value=\"%s\" checked></td>"
- "<td>%s</td></tr>\n", numdn, oneline, oneline);
- }
-
- GRSThttpPrintf(&bp,"</table>\n");
- }
-
- GRSThttpPrintf(&bp,"<input type=hidden name=numdn value=\"%d\">\n", numdn);
-
- GRSThttpPrintf(&bp, "<p>Add new DN: <input type=text name=add "
- "size=60 maxlength=512>\n");
-
- GRSThttpPrintf(&bp,"<p><input type=submit value=\"Update\">\n");
- GRSThttpPrintf(&bp, "</form>\n");
-
- if (fp != NULL) fclose(fp);
-
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
-void managedir(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *dir_uri, char *admin_file)
-{
- int n, is_dnlists_dir = 0, enclen, numfiles, encprefixlen;
- char *d_namepath, modified[99], *absaclpath, *editable, *p, *unzip,
- *dnlistsuri, *d_name, *server_name, *fulluri, *encfulluri,
- *encprefix, *dnlistsprefix;
- GRSThttpBody bp;
- struct tm mtime_tm;
- struct stat statbuf;
- struct dirent **namelist, *subdirfile_ent;
- DIR *subDIR;
-
- if (((!GRSTgaclPermHasWrite(perm)) &&
- (!GRSTgaclPermHasList(perm))) ||
- (stat(dir_path, &statbuf) != 0) || !S_ISDIR(statbuf.st_mode))
- GRSThttpError("403 Forbidden");
-
- editable = getenv("GRST_EDITABLE");
- if (editable == NULL) editable = getenv("REDIRECT_GRST_EDITABLE");
-
- unzip = getenv("GRST_UNZIP");
- if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP");
-
- dnlistsuri = getenv("GRST_DN_LISTS_URI");
- if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI");
-
- if (dnlistsuri && (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0))
- {
- is_dnlists_dir = 1;
- server_name = getenv("SERVER_NAME");
-
- asprintf(&fulluri, "https://%s%s", server_name, dir_uri);
- encfulluri = GRSThttpUrlEncode(fulluri);
- enclen = strlen(encfulluri);
-
- asprintf(&dnlistsprefix, "https://%s%s", server_name, dnlistsuri);
- encprefix = GRSThttpUrlEncode(dnlistsprefix);
- encprefixlen = strlen(encprefix);
- }
-
- printf("Status: 200 OK\nContent-Type: text/html\n");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintf(&bp,"<title>Manage directory %s</title>\n", dir_uri);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpPrintf(&bp, "<h1>Manage directory %s</h1>\n<table>\n", dir_uri);
-
- if (dir_uri[1] != '\0')
- GRSThttpPrintf(&bp,
- "<tr><td colspan=3>[<a href=\"../%s?cmd=managedir\">Parent "
- "directory</a>]</td></tr>\n", admin_file);
-
- if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasAdmin(perm))
- {
- absaclpath = malloc(strlen(dir_path) + sizeof(GRST_ACL_FILE) + 1);
- strcpy(absaclpath, dir_path);
- strcat(absaclpath, "/");
- strcat(absaclpath, GRST_ACL_FILE);
-
- if (stat(absaclpath, &statbuf) == 0) /* ACL exists in THIS directory */
- {
- localtime_r(&(statbuf.st_mtime), &mtime_tm);
- strftime(modified, sizeof(modified),
- "<td align=right>%R</td><td align=right>%e %b %y</td>",
- &mtime_tm);
-
- if (!is_dnlists_dir)
- {
- GRSThttpPrintf(&bp,
- "<tr><td><a href=\"%s\">%s</a></td>"
- "<td align=right>%ld</td>%s\n",
- GRST_ACL_FILE,
- GRST_ACL_FILE,
- statbuf.st_size, modified);
-
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=history&file=%s\">"
- "History</a></td>",
- dir_uri, admin_file, GRST_ACL_FILE);
- }
- else GRSThttpPrintf(&bp,
- "<tr><td>%s</td>"
- "<td align=right>%ld</td>%s\n",
- GRST_ACL_FILE,
- statbuf.st_size, modified);
-
- if (GRSTgaclPermHasAdmin(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=admin_acl\">Edit</a></td>"
- "<td><a href=\"%s%s?cmd=delete&file=%s\">Delete</a></td>",
- dir_uri, admin_file,
- dir_uri, admin_file, GRST_ACL_FILE);
- else if (GRSTgaclPermHasRead(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=show_acl\">View</a></td>"
- "<td> </td>", dir_uri, admin_file);
- else GRSThttpPrintf(&bp, "<td> </td><td> </td>\n");
-
- GRSThttpPrintf(&bp, "<td> </td></tr>\n");
- }
- else if (GRSTgaclPermHasAdmin(perm))
- GRSThttpPrintf(&bp, "<form method=post action=\"%s%s\">\n"
- "<tr><td colspan=8><input type=submit value=\"Create .gacl\"></td>\n"
- "<input type=hidden name=cmd value=\"create_acl\"></tr></form>\n",
- dir_uri, admin_file);
- }
-
- if (GRSTgaclPermHasList(perm))
- {
- n = scandir(dir_path, &namelist, 0, alphasort);
- while (n--)
- {
- if (namelist[n]->d_name[0] != '.')
- {
- d_namepath = malloc(strlen(dir_path) +
- strlen(namelist[n]->d_name) + 2);
- strcpy(d_namepath, dir_path);
- strcat(d_namepath, "/");
- strcat(d_namepath, namelist[n]->d_name);
- stat(d_namepath, &statbuf);
-
- if (S_ISDIR(statbuf.st_mode))
- {
- subDIR = opendir(d_namepath);
-
- if (subDIR == NULL) numfiles = 99; /* stop deletion */
- else
- {
- numfiles = 0;
- while ((subdirfile_ent = readdir(subDIR)) != NULL)
- if (subdirfile_ent->d_name[0] != '.') ++numfiles;
- else if (strncmp(subdirfile_ent->d_name,
- GRST_ACL_FILE,
- sizeof(GRST_ACL_FILE)) == 0) ++numfiles;
-
- closedir(subDIR);
- }
- }
-
- free(d_namepath);
-
- localtime_r(&(statbuf.st_mtime), &mtime_tm);
- strftime(modified, sizeof(modified),
- "<td align=right>%R</td><td align=right>%e %b %y</td>",
- &mtime_tm);
-
- if (S_ISDIR(statbuf.st_mode))
- {
- GRSThttpPrintf(&bp,
- "<tr><td><a href=\"%s%s/%s?cmd=managedir\">"
- "%s/</a></td>"
- "<td align=right>%ld</td>%s\n<td colspan=2> </td>",
- dir_uri, namelist[n]->d_name, admin_file,
- namelist[n]->d_name,
- statbuf.st_size, modified);
-
- if (numfiles == 0)
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=delete&file=%s\">"
- "Delete</a></td>\n",
- dir_uri, admin_file, namelist[n]->d_name);
- else GRSThttpPrintf(&bp, "<td> </td>\n");
-
- GRSThttpPrintf(&bp, "<td> </td></tr>\n");
- }
- else if (is_dnlists_dir)
- {
- if ((strlen(namelist[n]->d_name) <= encprefixlen) ||
- (strncmp(namelist[n]->d_name, encprefix,
- encprefixlen) != 0)) continue;
-
- d_name = GRSThttpUrlDecode(namelist[n]->d_name);
-
- GRSThttpPrintf(&bp, "<tr><td><a href=\"%s\">%s</a></td>"
- "<td align=right>%ld</td>%s"
- "<td> </td>",
- d_name, d_name,
- statbuf.st_size, modified);
-
- if (GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp, "<form action=\"%s%s\" method=post>"
- "<td><input type=submit value=Edit></td>"
- "<input type=hidden name=cmd value=editdnlist>"
- "<input type=hidden name=file value=\"%s\">"
- "</form>\n",
- dir_uri, admin_file, d_name);
- else GRSThttpPrintf(&bp, "<td> </td>\n");
-
- if (GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp, "<form action=\"%s%s\" method=post>"
- "<td><input type=submit value=Delete></td>"
- "<input type=hidden name=cmd value=delete>"
- "<input type=hidden name=file value=\"%s\">"
- "</form>\n",
- dir_uri, admin_file, d_name);
- else GRSThttpPrintf(&bp, "<td> </td>\n");
-
- GRSThttpPrintf(&bp, "<td> </td></tr>");
- }
- else /* regular directory, not DN Lists */
- {
- d_name = namelist[n]->d_name;
-
- GRSThttpPrintf(&bp,
- "<tr><td><a href=\"%s%s\">%s</a></td>"
- "<td align=right>%ld</td>%s",
- dir_uri, d_name,
- d_name,
- statbuf.st_size, modified);
-
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=history&file=%s\">"
- "History</a></td>",
- dir_uri, admin_file, d_name);
-
- p = rindex(namelist[n]->d_name, '.');
-
- if ((unzip != NULL) &&
- (p != NULL) &&
- (strcasecmp(&p[1], "zip") == 0) &&
- GRSTgaclPermHasRead(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=ziplist&file=%s\">"
- "List</a></td>\n",
- dir_uri, admin_file, d_name);
- else if ((p != NULL) &&
- (strstr(editable, &p[1]) != NULL) &&
- GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=edit&file=%s\">"
- "Edit</a></td>\n",
- dir_uri, admin_file, d_name);
- else GRSThttpPrintf(&bp, "<td> </td>");
-
- if (GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=delete&file=%s\">"
- "Delete</a></td>\n", dir_uri, admin_file, d_name);
- else
- GRSThttpPrintf(&bp, "<td> </td>\n");
-
- if (GRSTgaclPermHasWrite(perm))
- GRSThttpPrintf(&bp,
- "<td><a href=\"%s%s?cmd=rename&file=%s\">"
- "Rename</a></td></tr>\n", dir_uri, admin_file, d_name);
- else
- GRSThttpPrintf(&bp, "<td> </td></tr>");
- }
- }
-
- free(namelist[n]);
- }
-
- free(namelist);
- }
-
- if (GRSTgaclPermHasWrite(perm))
- {
- if (is_dnlists_dir)
- {
- GRSThttpPrintf(&bp, "<form method=post action=\"%s%s\">\n"
- "<tr><td colspan=4>New list name: "
- "<input type=text name=file value=\"%sNEW_LIST\" size=%d>\n"
- "<input type=hidden name=cmd value=editdnlist></td>"
- "<td colspan=2 align=center><input type=submit value=Create></td>\n"
- "</tr></form>\n",
- dir_uri, admin_file, fulluri, strlen(fulluri)+8);
-
- GRSThttpPrintf(&bp, "<form method=post action=\"%s%s\">\n"
- "<tr><td colspan=4>New directory: "
- "<input type=text name=file>\n"
- "<td colspan=2 align=center><input type=submit name=button value=\"Create\"></td>\n"
- "<input type=hidden name=cmd value=edit></td></tr></form>\n",
- dir_uri, admin_file);
- }
- else
- {
- GRSThttpPrintf(&bp, "<form method=post action=\"%s%s\">\n"
- "<tr><td colspan=8><hr width=\"75%\"></td></tr>\n"
- "<tr><td>New name:</td>"
- "<td colspan=3><input type=text name=file size=25>\n"
- "<td colspan=2 align=center><input type=submit name=button value=\"New file\"></td>\n"
- "<td colspan=2 align=center><input type=submit name=button value=\"New directory\"></td>\n"
- "<input type=hidden name=cmd value=edit></td></tr></form>\n",
- dir_uri, admin_file);
-
- GRSThttpPrintf(&bp,
- "<form method=post action=\"%s%s\" enctype=\"multipart/form-data\">\n"
- "<tr><td colspan=8><hr width=\"75%\"></td></tr>\n"
- "<tr><td rowspan=2>Upload file:</td>"
- "<td colspan=2>New name:</td>"
- "<td colspan=6><input type=text name=file size=25> "
- "<input type=submit value=Upload></td></tr>\n"
- "<tr><td colspan=2>Local name:</td>"
- "<td colspan=6><input type=file name=uploadfile size=25></td></tr>\n"
- "</form>\n", dir_uri, admin_file);
- }
- }
-
- GRSThttpPrintf(&bp, "</table>\n");
-
- if (!is_dnlists_dir) adminfooter(&bp, dn, help_uri, dir_uri, NULL);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
-}
-
+++ /dev/null
-/*
- Copyright (c) 2003-5, Shiv Kaushal, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*-----------------------------------------------------------*
-* This program is part of GridSite: http://www.gridsite.org/ *
-*------------------------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <gridsite.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-extern char *grst_perm_syms[];
-extern int grst_perm_vals[];
-
-#include "grst_admin.h"
-
-// CGI GACL Editor interface functions
-void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp);
-
-// Functions for producing HTML output
-void StartHTML(GRSThttpBody *bp, char *dir_uri, char* dir_path);
-void StartForm(GRSThttpBody *bp, char* dir_uri, char* dir_path, char* admin_file, int timestamp, char* target_function);
-void EndForm(GRSThttpBody *bp);
-void GRSTgaclCredTableStart(GRSThttpBody *bp);
-void GRSTgaclCredTableAdd(GRSTgaclUser *user, GRSTgaclEntry *entry, GRSTgaclCred *cred, GRSTgaclNamevalue *namevalue, int cred_no, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-void GRSTgaclCredTableEnd(GRSTgaclEntry* entry, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-
-// ACL Manipulation functions
-int GACLentriesInAcl(GRSTgaclAcl *acl);
-int GRSTgaclCredsInEntry(GRSTgaclEntry *entry);
-void check_acl_save(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSTgaclUser* user, GRSTgaclAcl *acl, GRSThttpBody *bp);
-void GACLeditGetPerms(GRSTgaclEntry *entry);
-GRSTgaclEntry *GACLreturnEntry(GRSTgaclAcl *acl, int entry_no);
-GRSTgaclCred *GACLreturnCred(GRSTgaclEntry *entry, int cred_no);
-
-void StringHTMLEncode (char* string, GRSThttpBody *bp);
-
-void revert_acl(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file);
-
-/*****************************************/
-/********** FUNCTIONS FOLLOW *************/
-/*****************************************/
-
-void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Shows the contents of the ACL. Gives edit 'buttons' if (int admin) == 1
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclNamevalue *namevalue;
- int entry_no, cred_no, allow, deny,timestamp;
- GRSThttpBody bp;
- char* AclFilename;
- struct stat file_info;
- int history_mode=0;
-
- if (admin==2){
- history_mode=1;
- admin=0;
- }
-
- /*double-check access permision*/
- if (!GRSTgaclPermHasAdmin(perm)) admin=0;
-
- StartHTML(&bp, dir_uri, dir_path);
-
- /* Load ACL from file and get timestamp*/
- if (history_mode==1) {
- AclFilename=malloc(strlen(dir_path)+strlen(file)+2);
- strcpy(AclFilename, dir_path);
- strcat(AclFilename, "/");
- strcat(AclFilename, file);
- }
- else AclFilename=GRSTgaclFileFindAclname(dir_path);
-
- if (AclFilename==NULL){
- GRSThttpPrintf ( &bp,"The ACL was not found !!!<br>\n");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
- }
-
- stat(GRSTgaclFileFindAclname(dir_path), &file_info);
- timestamp=file_info.st_mtime;
- acl = GRSTgaclAclLoadFile(AclFilename);
-
- if (acl==NULL){
- GRSThttpPrintf ( &bp,"The ACL was found but could not be loaded - it could be incorrectly formatted<br>\n");
- adminfooter(&bp, dn, help_uri, dir_uri, NULL);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(&bp);
- return;
- }
-
- if (admin) GRSThttpPrintf (&bp,"<a href=\"%s%s?cmd=new_entry_form&diruri=%s×tamp=%d\">New Entry</a><br>\n", dir_uri, admin_file, dir_uri, timestamp );
-
- // Start with the first entry in the list and work through
- entry=acl->firstentry;
- entry_no=1;
- while (entry!=NULL){
-
- GRSThttpPrintf (&bp,"<br>Entry %d:\n", entry_no);
- if (admin){
- GRSThttpPrintf (&bp,"<a href=\"%s%s?cmd=edit_entry_form&entry_no=%d&diruri=%s×tamp=%d\">Edit Entry</a> ", dir_uri, admin_file, entry_no, dir_uri, timestamp );
- GRSThttpPrintf (&bp,"<a href=\"%s%s?cmd=del_entry_sure&entry_no=%d&diruri=%s×tamp=%d\">Delete Entry</a> ",dir_uri, admin_file, entry_no, dir_uri, timestamp );
- GRSThttpPrintf (&bp,"<p>\n");
- }
-
- GRSTgaclCredTableStart(&bp);
-
- // Start with the first credential in the entry and work through
- cred=entry->firstcred;
- cred_no=1;
- while (cred!=NULL){
- namevalue=cred->firstname;
- GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- // Change to next credential
- cred=cred->next;
- cred_no++;
- }
-
- GRSTgaclCredTableEnd (entry, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- // Change to next entry
- entry=entry->next;
- entry_no++;
- }
-
- if (!admin && GRSTgaclPermHasAdmin(perm) && !history_mode) //Print a link for admin mode, if not in admin mode but the user has admin permissions
- GRSThttpPrintf (&bp,"<a href=\"%s%s?cmd=admin_acl&diruri=%s×tamp=%d\">Admin Mode</a>", dir_uri, admin_file, dir_uri, timestamp );
- if (history_mode==1 && GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user)){
- StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "revert_acl");
-//GRSThttpPrintf (&bp,"<a href=\"%s%s?cmd=revert_acl&diruri=%s×tamp=%d&file=%s\">Revert to this Version</a>", dir_uri, admin_file, dir_uri, timestamp, file );
- GRSThttpPrintf (&bp, "<input type=\"hidden\" name=\"file\" value=\"%s\">\n", file);
- // Revert Button
- GRSThttpPrintf (&bp, "<p align=center><input type=\"submit\" value=\"Revert to this ACL\" name=\"B1\"></p>\n</form>\n");
- }
-
- adminfooter(&bp, dn, help_uri, dir_uri, NULL);
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); GRSThttpWriteOut(&bp); return;
-}
-
-
-void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm,char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Presents the user with a form asking for details required to create a new entry
- GRSThttpBody bp;
- int timestamp=atol(GRSThttpGetCGI("timestamp"));
- GRSTgaclCred* cred;
- GRSTgaclEntry *entry;
- GRSTgaclNamevalue* namevalue;
-
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
- entry = GRSTgaclEntryNew();
- StartHTML(&bp, dir_uri, dir_path);
- StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "new_entry");
- GRSThttpPrintf (&bp, "<font size=\"4\"><b>NEW ENTRY IN ACL FOR %s </b></font></p>\n", dir_uri);
-
- GRSTgaclCredTableStart(&bp);
- GRSTgaclCredTableAdd(user, entry,cred, namevalue, 0, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- GRSTgaclCredTableEnd (entry, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
-
- /*Submit and reset buttons - submit button sends the data in the form back to the script & new_entry() to be called*/
- EndForm(&bp);
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
-}
-
-void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Processes the information entered into the form from new_entry_form() and adds a new entry to the ACL
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- char *type, *value;
- GRSThttpBody bp;
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- // Get new credential info and perform checks
- type=GRSThttpGetCGI("type");
- value=GRSThttpGetCGI("cred0_value");
-
- if (strcmp(type, "not_chosen")==0){
- GRSThttpError ("500 Invalid input - credential type not chosen");
- return;
- }
-
- // Create the credential
- cred=GRSTgaclCredNew(type);
- if (strcmp(type, "person")==0) GRSTgaclCredAddValue(cred,"dn", value);
- else if (strcmp(type, "dn-list")==0) GRSTgaclCredAddValue(cred, "url", value);
- else if (strcmp(type, "voms")==0) GRSTgaclCredAddValue(cred, "fqan", value);
- else if (strcmp(type, "dns")==0) GRSTgaclCredAddValue(cred, "hostname", value);
- else if (strcmp(type, "any-user")==0) {} // namevalue not entered for any-user credential
- else{
- GRSThttpError ("500 Invalid input - credential type not valid");
- return;
- }
-
- // Create and empty entry, add the credential and get permissions
- entry = GRSTgaclEntryNew();
- GRSTgaclEntryAddCred(entry, cred);
- GACLeditGetPerms(entry);
-
- // Load the ACL, add the entry and save
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));
- GRSTgaclAclAddEntry(acl, entry);
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
- return;
-}
-
-void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Deletes the entry denoted by the GCI variable "entry_no"*/
- int entry_no;
- GRSTgaclAcl *acl;
- GRSTgaclEntry *previous, *entry;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- // Load the ACL
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));
-
- // Get the number of the entry to be deleted and check okay to delete
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- if(GACLentriesInAcl(acl)<=1){
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, "ERROR: Cannot delete all entries from the ACL<br>\n");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
- }
-
- // Get pointer to entry and previous entry
- entry = GACLreturnEntry(acl, entry_no);
- if (entry_no!=1) previous = GACLreturnEntry(acl, entry_no-1);
-
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read entry from ACL file");
- return;
- }
-
- // Perform deletion from the list by changing pointers
- if (entry_no==1) acl->firstentry=entry->next;
- else if (entry_no==GACLentriesInAcl(acl)) previous->next=NULL;
- else previous->next=entry->next;
-
- // Save ACL and exit
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
-
- return;
-}
-
-
-void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Presents the user with an editable form containing details of entry denoted by CGI variable entry_no*/
- int entry_no, cred_no, i, admin=0, timestamp=atol(GRSThttpGetCGI("timestamp"));
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclNamevalue *namevalue;
- // struct _GACLnamevalue *namevalue;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- // Load ACL from file
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));
-
- // Get pointer to the entry and check okay
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, "<b><font size=\"4\">EDITING ENTRY %d IN ACL FOR %s </font></b></p>\n", entry_no, dir_uri);
-
- // Start with first credential in the entry and display them in order*/
- cred=entry->firstcred;
- cred_no=1;
- StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "edit_entry");
- GRSThttpPrintf (&bp, "<input type=\"hidden\" name=\"entry_no\" value=\"%d\">\n", entry_no);
-
- GRSTgaclCredTableStart(&bp);
-
- while (cred!=NULL){
- // Start with the first namevalue in the credential
- namevalue=cred->firstname;
- GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- // Change to next credential
- cred=cred->next;
- cred_no++;
- }
- GRSTgaclCredTableEnd (entry, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- EndForm(&bp);
-
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
-}
-
-
-void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- //Processes the information entered into the form from edit_entry_form() and updates the entry corresponding to entry_no*/
- int entry_no, cred_no, i;
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclNamevalue *namevalue;
- char variable[30];
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- // Load the ACL
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));
-
- // Get pointer to the entry and perform checks
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- // Start with the first credential and update each one
- cred=entry->firstcred;
- cred_no=1;
-
- while (cred!=NULL){
- if (strcmp(cred->type, "any-user")!=0){
- namevalue=cred->firstname;
- sprintf(variable, "cred%d_value", cred_no);
- namevalue->value=GRSThttpGetCGI(variable);
- }
- //Change to next credential*/
- cred=cred->next;
- cred_no++;
- }
-
- // Update permissions
- GACLeditGetPerms(entry);
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
- return;
-}
-
-
-void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Presents the user with a form asking for details required to create a new credential in the entry denoted by entry_no
- GRSThttpBody bp;
- int timestamp=atol(GRSThttpGetCGI("timestamp")), entry_no=atol(GRSThttpGetCGI("entry_no"));
- GRSTgaclAcl *acl;
- GRSTgaclEntry* entry;
- GRSTgaclCred* cred;
- GRSTgaclNamevalue* namevalue;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); // Load the ACL
-
- //Get pointer to the entry and perform checks
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
-
- if (strcmp(GRSThttpGetCGI("cmd"), "add_cred_form")==0){ //if not a new entry check to see if <any-user> cred exists
- cred=entry->firstcred;
- while (cred!=NULL) {
- if (strcmp (cred->type, "any-user")==0) {
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, "ERROR: AND-ing \"any-user\" credential with other credential does not make sense <br>\n");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
- }
- cred=cred->next;
- }
- }
-
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, " <font size=\"4\"><b>NEW CREDENTIAL IN ENTRY %d OF ACL FOR %s</b></font></p>\n", entry_no, dir_uri);
- StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "add_cred");
-
- GRSThttpPrintf (&bp, " <input type=\"hidden\" name=\"entry_no\" value=\"%d\">\n", entry_no);
-
- GRSTgaclCredTableStart(&bp);
- GRSTgaclCredTableAdd(user, entry, cred, namevalue, 0, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- GRSTgaclCredTableEnd (entry, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
-
- EndForm(&bp);
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
-}
-
-
-void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Processes the information entered into the form [add_cred_form()]and adds a new credential to the entry corresponding to entry_no
- int entry_no;
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSThttpBody bp;
- char *type, *value;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load the ACL
-
- // Get pointer to the entry and perform checks
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl)){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- // Create new credential and add it to entry
- type=GRSThttpGetCGI("type");
- value=GRSThttpGetCGI("cred0_value");
- cred=GRSTgaclCredNew(type);
- if (strcmp(type, "person") ==0) GRSTgaclCredAddValue(cred,"dn", value);
- else if (strcmp(type, "dn-list") ==0) GRSTgaclCredAddValue(cred, "url", value);
- else if (strcmp(type, "voms") ==0) GRSTgaclCredAddValue(cred, "fqan", value);
- else if (strcmp(type, "dns") ==0) GRSTgaclCredAddValue(cred, "hostname", value);
- else if (strcmp(type, "any-user")==0) {}// namevalue not entered for any-user credential
- else{
- GRSThttpError ("500 Credential type not valid");
- return;
- }
- GRSTgaclEntryAddCred(entry, cred);
-
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
- return;
-}
-
-
-void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Deletes the credential denoted by the GCI variable "cred_no", in the entry denoted by "entry_no"
- int entry_no, cred_no;
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *previous, *cred;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));
-
- // Get pointer to the entry and perform checks
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
- // Get pointer the the credential and perform checks
- cred_no=atol(GRSThttpGetCGI("cred_no"));
- cred=GACLreturnCred(entry, cred_no);
- if(entry==NULL || entry_no<1 || cred_no>GRSTgaclCredsInEntry(entry)){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
- // Get pointer to previous credential - if needed
- if (cred_no!=1) previous = GACLreturnCred(entry, cred_no-1);
-
- // Perform deletion from the list by changing pointers
- if (cred_no==1) entry->firstcred=cred->next;
- else if (cred_no==GRSTgaclCredsInEntry(entry)) previous->next=NULL;
- else previous->next=cred->next;
-
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
- return;
-}
-
-void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp){
- // Single line printed out to forward users back to show_acl in admin mode
- // Should ALWAYS called from another function so no HTML header required
- // Should ALWAYS be the end of a page
- GRSThttpPrintf (bp, "\n<br><a href=\"%s%s?diruri=%s&cmd=admin_acl×tamp=%d\">Click Here</a> to return to the editor", dir_uri,admin_file,dir_uri, time(NULL));
- adminfooter(bp, dn, help_uri, dir_uri, NULL);
- GRSThttpPrintHeaderFooter(bp, dir_path, GRST_FOOTFILE);
- GRSThttpWriteOut(bp);
- return;
-}
-
-
-void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Prints out entry denoted by entry_no and asks if the user really wants to delete it
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclNamevalue *namevalue;
- int entry_no, cred_no, allow, deny, i, timestamp;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load ACL from file
-
- if (acl==NULL){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- // Get pointer to the entry and check okay
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, "<h1 align=center>Do you really want to delete the following entry?</h1><br><br>\n");
- GRSThttpPrintf (&bp,"<br>Entry %d:<br>\n", entry_no);
-
- // Print the entry out
- // Start with the first credential in the entry and work through
- cred=entry->firstcred;
- cred_no=1;
-
- GRSTgaclCredTableStart(&bp);
- while (cred!=NULL){
- // Start with the first namevalue in the credential
- namevalue=cred->firstname;
- GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- // Change to next credential
- cred=cred->next;
- cred_no++;
- }
-
- GRSTgaclCredTableEnd (entry, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
-
- StartForm(&bp, dir_uri, dir_path, admin_file, atol(GRSThttpGetCGI("timestamp")), "del_entry");
- GRSThttpPrintf (&bp, "<input type=\"hidden\" name=\"entry_no\" value=\"%d\">\n", entry_no);
- GRSThttpPrintf (&bp, " <p align=center><input type=\"submit\" value=\"Yes\" name=\"B1\"></p>\n</form>\n");
-
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
-}
-
-void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Prints out credential denoted by entry_no/cred_no and asks if the user really wants to delete it
- GRSTgaclAcl *acl;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclNamevalue *namevalue;
- int entry_no, cred_no, allow, deny, timestamp, i;
- GRSThttpBody bp;
-
- if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden");
-
- acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load ACL from file
-
- if (acl==NULL){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- // Get pointer to the entry and check okay
- entry_no=atol(GRSThttpGetCGI("entry_no"));
- entry = GACLreturnEntry(acl, entry_no);
- if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- // Get pointer to the credential and check okay
- cred_no=atol(GRSThttpGetCGI("cred_no"));
- cred=GACLreturnCred(entry, cred_no);
- if(entry==NULL || entry_no<1 || cred_no>GRSTgaclCredsInEntry(entry)){
- GRSThttpError ("500 Unable to read from ACL file");
- return;
- }
-
- if(GRSTgaclCredsInEntry(entry)<=1){
- del_entry_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- return;
- }
-
- StartHTML(&bp, dir_uri, dir_path);
- GRSThttpPrintf (&bp, "<h1 align=center>Do you really want to delete the following credential from entry %d?</h1><br><br>", entry_no);
-
- // Print the credential out
- GRSTgaclCredTableStart(&bp);
- GRSTgaclCredTableAdd(user, entry, cred, cred->firstname, cred_no, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- GRSTgaclCredTableEnd (entry, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- GRSThttpPrintf (&bp,"<br>\n");
-
- // Yes Button
- StartForm(&bp, dir_uri, dir_path, admin_file, atol(GRSThttpGetCGI("timestamp")), "del_cred");
- GRSThttpPrintf (&bp, "<input type=\"hidden\" name=\"entry_no\" value=\"%d\">\n", entry_no);
- GRSThttpPrintf (&bp, "<input type=\"hidden\" name=\"cred_no\" value=\"%d\">\n", cred_no);
- GRSThttpPrintf (&bp, " <p align=center><input type=\"submit\" value=\"Yes\" name=\"B1\"></p>\n</form>\n");
-
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp);
- return;
-}
-
-
-int GACLentriesInAcl(GRSTgaclAcl *acl){
- // Returns the number of entries in acl
- GRSTgaclEntry *entry;
- int number;
-
- entry=acl->firstentry;
- number=0;
-
- while (entry!=NULL)
- {
- number++;
- entry=entry->next;
- }
-
- return number;
-}
-
-int GRSTgaclCredsInEntry(GRSTgaclEntry *entry){
- // Returns the number of credentials in entry
- int number;
- GRSTgaclCred *cred;
-
- cred=entry->firstcred;
- number=0;
-
- while (cred!=NULL)
- {
- number++;
- cred=cred->next;
- }
-
- return number;
-}
-
-
-void GACLeditGetPerms(GRSTgaclEntry *entry){
- // Updates the permissions entry using permissions from a form produced using GRSTgaclCredTableEnd
- int i;
- char buf[30];
-
-
- for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of allowed permissions*/
- {
- sprintf (buf, "allow_%s", grst_perm_syms[i]); // Update allowed
- if (strcmp (GRSThttpGetCGI(buf), "ON") == 0 ) GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]); else GRSTgaclEntryUnallowPerm(entry, grst_perm_vals[i]);
-
- sprintf (buf, "deny_%s", grst_perm_syms[i]); // Update denied
- if (strcmp (GRSThttpGetCGI(buf), "ON") == 0 ) GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]); else GRSTgaclEntryUndenyPerm(entry, grst_perm_vals[i]);
-
- }
-
- return;
-}
-
-GRSTgaclEntry *GACLreturnEntry(GRSTgaclAcl *acl, int entry_no){
- // Returns a pointer to entry in ACL denoted by entry_no, returns NULL if not found
- int number;
- GRSTgaclEntry *entry;
-
- if (acl==NULL) return NULL;
-
- entry=acl->firstentry;
- number=1;
-
- while (entry!=NULL)
- {
- if (number==entry_no) return entry;
- number++;
- entry=entry->next;
- }
-
- return NULL;
-}
-
-
-GRSTgaclCred *GACLreturnCred(GRSTgaclEntry *entry, int cred_no){
- // Returns a pointer to credential denoted by cred_no in entry, returns NULL if not found
- int number;
- GRSTgaclCred *cred;
-
- if (entry==NULL) return NULL;
-
- cred=entry->firstcred;
- number=1;
-
- while (cred!=NULL)
- {
- if (number==cred_no) return cred;
- number++;
- cred=cred->next;
- }
-
- return NULL;
-}
-void StartHTML(GRSThttpBody *bp, char *dir_uri, char* dir_path){
- //Start HTML output and insert page title
- printf("Status: 200 OK\nContent-Type: text/html\n");
- GRSThttpBodyInit(bp);
- GRSThttpPrintf(bp, "<title>Access Control List for %s</title>\n", dir_uri);
- GRSThttpPrintHeaderFooter(bp, dir_path, GRST_HEADFILE);
- return;
-}
-void StartForm(GRSThttpBody *bp, char* dir_uri, char* dir_path, char* admin_file, int timestamp, char* target_function){
- // Starts an HTML form with gridsite admin as the target and target_function as the value of cmd.
- // Also inputs the dir_uri and the timestamp
- GRSThttpPrintf (bp, "<form method=\"POST\" action=\"%s%s?diruri=%s\">\n", dir_uri, admin_file, dir_uri);
- GRSThttpPrintf (bp, " <input type=\"hidden\" name=\"cmd\" value=\"%s\">\n", target_function);
- GRSThttpPrintf (bp, " <input type=\"hidden\" name=\"timestamp\" value=\"%d\">\n", timestamp);
- return;
-}
-
-void EndForm(GRSThttpBody *bp){
- GRSThttpPrintf (bp, " <br><input type=\"submit\" value=\"Submit\" name=\"B1\"><input type=\"reset\" value=\"Reset\" name=\"B2\"></p>\n");
- GRSThttpPrintf (bp, "</form>\n");
- return;
-}
-
-void GRSTgaclCredTableStart(GRSThttpBody *bp){
- //Starts an HTML table of credentials by setting the column widths and inputting the headings
- GRSThttpPrintf (bp,"<table border=\"1\" cellpadding=\"2\" cellspacing=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width=\"100%\" id=\"CredentialTable\">");
- GRSThttpPrintf (bp,"<tr><td align=center width=\"10%\"><b>Credential No.</td><td align=center width=\"15%\"><b>Type</td><td align=left width=\"75%\"><b>Value</td></tr>");
- return;
-}
-
-void GRSTgaclCredTableAdd(GRSTgaclUser *user, GRSTgaclEntry *entry, GRSTgaclCred *cred, GRSTgaclNamevalue *namevalue, int cred_no, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Adds the credential "cred" to a table started byGRSTgaclCredTableStart allowing the user to edit if appropriate
- char* cmd = GRSThttpGetCGI("cmd");
- int edit_values=0, new_cred=0, allow_new_person=1;
- int site_admin=GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user);
-
- if (strcmp(cmd, "new_entry_form")==0 || strcmp(cmd, "add_cred_form")==0) new_cred=1;
- if (new_cred || strcmp(cmd, "edit_entry_form")==0) edit_values=1;
-
- if (new_cred) { /*Print out type and descriptor*/
- if (strcmp(cmd, "add_cred_form")==0){ /*if not a new entry check to see if <person> cred exists.*/
- cred=entry->firstcred;
- while (cred!=NULL) {if (strcmp (cred->type, "person")==0) allow_new_person=0; cred=cred->next;}
- }
- //create dummy credential for the user to edit
- cred=GRSTgaclCredNew("new");
- GRSTgaclCredAddValue(cred, "", "");
- namevalue=cred->firstname;
- //Drop down list of types
- GRSThttpPrintf(bp,"<tr><td align=center >New</td>");
- GRSThttpPrintf(bp,"<td align=center >");
- GRSThttpPrintf (bp, " <select size=\"1\" name=\"type\">\n");
- GRSThttpPrintf (bp, " <option selected value=\"not_chosen\">(choose)</option>\n");
- if (allow_new_person) GRSThttpPrintf (bp, " <option value=\"person\">Person <dn> </dn></option>\n");
- GRSThttpPrintf (bp, " <option value=\"dn-list\">DN-List <url> </url></option>\n");
- GRSThttpPrintf (bp, " <option value=\"dns\">DNS <hostname> </hostname></option>\n");
- GRSThttpPrintf (bp, " <option value=\"voms\">VOMS <fqan> </fqan></option>\n");
- // Only alow any-user credential to be chosen if it is new entry
- if (strcmp(cmd, "new_entry_form")==0) GRSThttpPrintf (bp, " <option value=\"any-user\">Any User</option>\n");
- GRSThttpPrintf (bp, " </select></td>");
- }
-
- else { //Print out type and descriptor for existing cred
-
- GRSThttpPrintf(bp,"<tr><td align=center >%d", cred_no);
- if (admin) GRSThttpPrintf (bp,"<a href=\"%s%s?diruri=%s&cmd=del_cred_sure&entry_no=%d&cred_no=%d×tamp=%d\">(Delete)</a>", dir_uri,admin_file,dir_uri, entry_no, cred_no, timestamp);
- GRSThttpPrintf(bp, "</td><td align=center >%s ", cred->type);
- }
-
- if (strcmp(cred->type, "any-user")==0) GRSThttpPrintf (bp, "</td><td> "); /* Do not print out namevalue for any-user credential*/
- else{
- if (edit_values){ // Place namevalue in an editable box if appropriate
- GRSThttpPrintf (bp, "<td align=left><input type=\"text\" name=\"cred%d_value\"\n", cred_no);
- GRSThttpPrintf (bp, "size=\"50\" value=\"");
- StringHTMLEncode(namevalue->value, bp);
- GRSThttpPrintf (bp, "\">");
- }
- else if (strcmp(cred->type, "dn-list")==0){
- GRSThttpPrintf(bp, "<td align=left ><a href=\"");
- StringHTMLEncode(namevalue->value, bp);
- GRSThttpPrintf(bp, " \">");
- StringHTMLEncode(namevalue->value, bp);
- GRSThttpPrintf(bp, "</a>");
- }
- else { GRSThttpPrintf(bp, "<td align=left> "); StringHTMLEncode(namevalue->value, bp);}
-
- }
- //Print out warning symbol if cred being printed relates to current user - but NOT for users in site admin list
- if (GRSTgaclUserHasCred(user, cred) && !site_admin) GRSThttpPrintf(bp, "<font color=red><b> <--</b></font>");
- GRSThttpPrintf(bp, "</td></tr>");
-}
-
-void GRSTgaclCredTableEnd(GRSTgaclEntry* entry, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- // Finishes off a table of credentials by inputting "Add Credential" link and a list of premissions in the final row
- int i, blank_perms, edit_perms, show_perms;
- char* cmd = GRSThttpGetCGI("cmd");
-
- if (strcmp(cmd, "add_cred_form")==0 ||strcmp(cmd, "del_cred_sure")==0) show_perms=0; else show_perms=1;
- if (strcmp(cmd, "edit_entry_form")==0 || strcmp(cmd, "new_entry_form")==0) edit_perms=1; else edit_perms=0;
- if (strcmp(cmd, "new_entry_form")==0) blank_perms=1; else blank_perms=0;
-
- // If showing the last row is not required then exit
- if (show_perms==0){GRSThttpPrintf (bp,"</table><br>\n"); return;}
-
- GRSThttpPrintf (bp,"<tr><td align=center>");
-
- if (admin) GRSThttpPrintf (bp,"<a href=\"%s%s?diruri=%s&cmd=add_cred_form&entry_no=%d×tamp=%d\">Add Credential</a>", dir_uri,admin_file,dir_uri, entry_no, timestamp);
-
- GRSThttpPrintf (bp, "</td>\n<td> </td><td align=left>");
-
- if (blank_perms==1)entry->allowed=entry->denied=GRST_PERM_NONE;
-
- // Show Permissions - will produce a list or a list of check boxes depending on whether the permissions are to be edited or not
- GRSThttpPrintf (bp, "<b>Allowed:</b> ");
- for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of allowed permissions*/
- {
- if ( entry->allowed & grst_perm_vals[i]){
- if (edit_perms) GRSThttpPrintf (bp, "%s<input type=\"checkbox\" name=\"allow_%s\" value=\"ON\" checked> \n", grst_perm_syms[i],grst_perm_syms[i]);
- else GRSThttpPrintf(bp,"%s ", grst_perm_syms[i]); if (strcmp(grst_perm_syms[i], "none")==0) break;
- }
- else if (strcmp(grst_perm_syms[i], "none")!=0 && edit_perms) GRSThttpPrintf (bp, "%s<input type=\"checkbox\" name=\"allow_%s\" value=\"ON\" unchecked> \n", grst_perm_syms[i],grst_perm_syms[i]);
- }
-
- if (edit_perms) GRSThttpPrintf (bp, "<p>");
- GRSThttpPrintf (bp, "<b>Denied: </b>");
- for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of denied permissions*/
- {
- if ( entry->denied & grst_perm_vals[i])
- {
- if (edit_perms) GRSThttpPrintf (bp, "%s<input type=\"checkbox\" name=\"deny_%s\" value=\"ON\" checked> \n", grst_perm_syms[i],grst_perm_syms[i]);
- else GRSThttpPrintf(bp,"%s ", grst_perm_syms[i]);
- if (strcmp(grst_perm_syms[i], "none")==0) break;
- }
- else if (strcmp(grst_perm_syms[i], "none")!=0 && edit_perms) GRSThttpPrintf (bp, "%s<input type=\"checkbox\" name=\"deny_%s\" value=\"ON\" unchecked> \n", grst_perm_syms[i],grst_perm_syms[i]);
- }
-
- GRSThttpPrintf (bp, "</td></tr>");
- GRSThttpPrintf (bp,"</table><br>\n");
- GRSThttpPrintf (bp,"\n");
-}
-
-void check_acl_save(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSTgaclUser* user, GRSTgaclAcl *acl, GRSThttpBody *bp){
- // Checks if the acl for the current directory has been changed, check the current user's permissions.
- // If all is okay the ACl is saved -> returns 1 else returns 0
- struct stat file_info;
- GRSTgaclPerm new_perm;
- char *vfile, *dir_path_vfile, *dir_path_file;
- FILE *fp;
-
-
- /*Check ACL has not been modified*/
- stat(GRSTgaclFileFindAclname(dir_path), &file_info);
- if (atol(GRSThttpGetCGI("timestamp"))!=file_info.st_mtime){
- StartHTML(bp, dir_uri, dir_path);
- GRSThttpPrintf (bp, "ERROR: CANNOT SAVE CHANGES<p><p> The ACL has been modified since it was last viewed\n<p>");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp);
- return;
- }
-
- // check users permissions in the new ACL
-
- if (!GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user))
- {
- new_perm = GRSTgaclAclTestUser(acl, user);
- if (new_perm != perm){
- StartHTML(bp, dir_uri, dir_path);
- if (!GRSTgaclPermHasAdmin(new_perm)){//Check that user still has Admin permissions - if not then exit without saving the new ACL
- GRSThttpPrintf (bp, "ERROR: CANNOT SAVE CHANGES\n\n<p><p> You cannot deny yourself admin access from within the editor\n");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp);
- return;
- }
- //Functions to inform of other permission changes come next
- GRSThttpPrintf (bp, "WARNING: OPERATION CHANGED YOUR PERMISSIONS!\n\n<p><p> You still have Admin permissions<p>\n");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp);
- return;
- }
- }
- // ACL not modified, notified of permission changes - can now save
-
- dir_path_file=GRSTgaclFileFindAclname(dir_path);
- vfile=makevfilename(".gacl", file_info.st_size, dn); // Make temporary file name
- dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2);
- strcpy(dir_path_vfile, dir_path);
- strcat(dir_path_vfile, "/");
- strcat(dir_path_vfile, vfile);
-
-
- // save the new ACL to the temporary file in the correct format using the GridsiteACLFormat directive
-
- if (strcasecmp(getenv("REDIRECT_GRST_ACL_FORMAT"), "XACML") ==0) GRSTxacmlAclSave(acl, dir_path_vfile);
- else if (strcasecmp(getenv("REDIRECT_GRST_ACL_FORMAT"), "GACL") ==0) GRSTgaclAclSave(acl, dir_path_vfile);
- else
- {
- GRSThttpPrintf (bp, "ERROR: ACL type not correctly specified");
- admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp);
- return;
- }
-
-
- unlink(dir_path_file);
- if (link (dir_path_vfile,dir_path_file)!=0) GRSThttpError("403 Forbidden");
-
- printf ("Status: 302 Moved Temporarily\n Content Length: 0\nLocation: %s%s?cmd=admin_acl\n\n", dir_uri, admin_file);
- return;
-}
-
-void StringHTMLEncode (char* string, GRSThttpBody *bp){
-
- char* current_char;
- char* tmp;
- int n;
- tmp=malloc(2);
-
- *(tmp+1)='\0';
- current_char=string;
- while(*current_char != '\0'){
-
- if (*current_char == '<') GRSThttpPrintf (bp,"<");
- else if (*current_char == '>') GRSThttpPrintf (bp,">");
- else if (*current_char == '&') GRSThttpPrintf (bp,"&");
- else if (*current_char == '\'') GRSThttpPrintf (bp,"'");
- else if (*current_char == '"') GRSThttpPrintf (bp,""");
- else{
- *tmp=*current_char;
- GRSThttpPrintf(bp, "%s", tmp);
-
- }
- current_char++;
- }
- return;
-}
-
-void revert_acl(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){
- char *AclFilename;
- GRSTgaclAcl *acl;
- GRSThttpBody bp;
- // Load the old ACL, add the entry and save
- AclFilename=malloc(strlen(dir_path)+strlen(file)+2);
- strcpy(AclFilename, dir_path);
- strcat(AclFilename, "/");
- strcat(AclFilename, file);
-
- acl = GRSTgaclAclLoadFile(AclFilename);
- check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp);
- return;
-}
+++ /dev/null
-/*
- Andrew McNab and Shiv Kaushal, University of Manchester.
- Copyright (c) 2002-5. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridsite.org/ *
- *------------------------------------------------------------------*/
-
-#ifndef VERSION
-#define VERSION "x.x.x"
-#endif
-
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <fcntl.h>
-
-// when porting: remember that sendfile() is very OS-specific!
-#include <sys/sendfile.h>
-
-#include <gridsite.h>
-
-#include "grst_admin.h"
-
-/*
-
- GridSite human/interactive management interface. This should produce
- a CGI executable, usually ./sbin/real-gridsite-admin.cgi, which is
- called from HTML forms either by GET or POST methods or both (ie input
- present in both QUERY_STRING and the stdin of the CGI process.)
-
- The CGI name/value pairs used are:
-
- cmd = edit, managedir, print, history
- file = short name of file, without path
-
- If real-gridsite-admin.cgi is run by an internal redirection inside
- mod_gridsite (as should ALWAYS be the case) then the environment
- variable REDIRECT_GRST_DIR_PATH will be set to the full path of
- the directory holding the file in question. This respects any complex
- URI -> file path mapping done by Apache.
-
-*/
-
-void GRSThttpError(char *status)
-{
- printf("Status: %s\n", status);
- printf("Server-CGI: GridSite Admin %s\n", VERSION);
- printf("Content-Length: %d\n", 2 * strlen(status) + 58);
- puts("Content-Type: text/html\n");
-
- printf("<head><title>%s</title></head>\n", status);
- printf("<body><h1 >%s</h1 ></body>\n", status);
-
- exit(0);
-}
-
-void adminfooter(GRSThttpBody *bp, char *dn, char *help_uri, char *dir_uri,
- char *admin_file)
-{
- GRSThttpPrintf(bp, "<p><small>\n");
-
- if (dn != NULL) GRSThttpPrintf(bp, "<hr>You are %s<br>\n", dn);
- else GRSThttpPrintf(bp, "<hr>\n");
-
- if (admin_file != NULL)
- GRSThttpPrintf(bp, "<a href=\"%s%s?cmd=managedir\">"
- "Manage directory</a> .\n",
- dir_uri, admin_file);
- else GRSThttpPrintf(bp, "<a href=\"%s\">"
- "Back to directory</a> .\n", dir_uri);
-
- if (help_uri != NULL)
- GRSThttpPrintf(bp, "<a href=\"%s\">Website Help</a> .\n", help_uri);
-
- if ((getenv("GRST_NO_LINK") == NULL) &&
- (getenv("REDIRECT_GRST_NO_LINK") == NULL))
- GRSThttpPrintf(bp, "Built with "
- "<a href=\"http://www.gridsite.org/\">GridSite</a> %s\n",
- VERSION);
-
- GRSThttpPrintf(bp, "</small>\n");
-}
-
-int GRSTstrCmpShort(char *long_s, char *short_s)
-{
- while (*short_s != '\0')
- {
- if (*long_s > *short_s) return +1;
- if (*long_s < *short_s) return -1;
-
- ++long_s;
- ++short_s;
- }
-
- return 0;
-}
-
-char *makevfilename(char *publicname, size_t size, char *dn)
-{
- int i;
- char *ext, *vfilename, *encpublicname, *encdn, *p;
- struct timeval tv_now;
-
- gettimeofday(&tv_now, NULL);
-
- ext = rindex(publicname, '.');
- if (ext == NULL) ext = "";
-
- encpublicname = GRSThttpUrlEncode(publicname);
- for (p=encpublicname; *p != '\0'; ++p) if (*p == '%') *p = '=';
-
- encdn = GRSThttpUrlEncode(dn);
- for (p=encdn; *p != '\0'; ++p) if (*p == '%') *p = '=';
-
- /* we used zero-padding for times so
- alphanumeric sorting will sort chronologically too */
-
- asprintf(&vfilename, "%s:%s:%08X:%05X:%X:%s:%s", GRST_HIST_PREFIX,
- encpublicname, tv_now.tv_sec, tv_now.tv_usec, size, encdn, ext);
-
- return vfilename;
-}
-
-void justheader(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *dir_uri, char *admin_file)
-{
- GRSThttpBody bp;
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-void justfooter(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path,
- char *dir_uri, char *admin_file)
-{
- GRSThttpBody bp;
-
- puts("Status: 200 OK\nContent-Type: text/html");
-
- GRSThttpBodyInit(&bp);
-
- if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasWrite(perm)
- || GRSTgaclPermHasAdmin(perm))
- adminfooter(&bp, dn, help_uri, dir_uri, admin_file);
-
- GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE);
-
- GRSThttpWriteOut(&bp);
-}
-
-int main()
-{
- int i, gsiproxylimit_i = 1;
- char *cmd, *dir_uri, *file, *dir_path, *admin_file, *dn = NULL,
- *help_uri, *p, *content_type, *request_uri, *button,
- *grst_cred_0, *gsiproxylimit, *dn_lists, buf[12];
- GRSTgaclCred *cred;
- GRSTgaclUser *user = NULL;
- GRSTgaclAcl *acl;
- GRSTgaclPerm perm = GRST_PERM_NONE;
-
- help_uri = getenv("REDIRECT_GRST_HELP_URI"); /* can be NULL */
- admin_file = getenv("REDIRECT_GRST_ADMIN_FILE");
- dir_path = getenv("REDIRECT_GRST_DIR_PATH");
- request_uri = getenv("REQUEST_URI");
-
- if ((dir_path == NULL) || (admin_file == NULL) || (request_uri == NULL))
- {
- puts("Status: 500 Internal Server Error\nContent-type: text/plain\n\n"
- "REDIRECT_GRST_DIR_PATH or REDIRECT_GRST_ADMIN_FILE "
- "or REQUEST_URI missing");
- return;
- }
-
- GRSTgaclInit();
-
- grst_cred_0 = getenv("GRST_CRED_0");
-
- if ((grst_cred_0 != NULL) && (cred = GRSTx509CompactToCred(grst_cred_0)))
- {
- gsiproxylimit = getenv("REDIRECT_GRST_GSIPROXY_LIMIT");
- if (gsiproxylimit != NULL) sscanf(gsiproxylimit, "%d", &gsiproxylimit_i);
-
- if (GRSTgaclCredGetDelegation(cred) <= gsiproxylimit_i)
- {
- user = GRSTgaclUserNew(cred);
-
- if ((p = index(grst_cred_0, ' ')) &&
- (p = index(++p, ' ')) &&
- (p = index(++p, ' ')) &&
- (p = index(++p, ' '))) dn = &p[1];
- }
- /* User has a cert so check for voms attributes */
- for(i=1; ; i++)
- {
- sprintf (buf, "GRST_CRED_%d", i);
-
-
- grst_cred_0 = getenv(buf);
- if (grst_cred_0==NULL) break;
-
- if (cred=GRSTx509CompactToCred(grst_cred_0))
- GRSTgaclUserAddCred(user, cred);
- }
- /* no more voms attributes found found */
- }
- else if ((dn = getenv("SSL_CLIENT_S_DN")) != NULL)
- {
- cred = GRSTgaclCredNew("person");
- GRSTgaclCredAddValue(cred, "dn", dn);
- user = GRSTgaclUserNew(cred);
- }
-
- dn_lists = getenv("REDIRECT_GRST_DN_LISTS");
- if (dn_lists == NULL) dn_lists = getenv("GRST_DN_LISTS");
- if (dn_lists != NULL) GRSTgaclUserSetDNlists(user, dn_lists);
-
- if (GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"),
- user)) perm = GRST_PERM_ALL;
- else
- {
- p = getenv("REMOTE_HOST");
- if (p != NULL)
- {
- cred = GRSTgaclCredNew("dns");
- GRSTgaclCredAddValue(cred, "hostname", p);
-
- if (user == NULL) user = GRSTgaclUserNew(cred);
- else GRSTgaclUserAddCred(user, cred);
- }
-
- acl = GRSTgaclAclLoadforFile(dir_path);
- if (acl != NULL) perm = GRSTgaclAclTestUser(acl, user);
- }
-
- /* we're relying on being a CGI with all this un-free()ed strdup()ing */
-
- dir_uri = strdup(request_uri);
- p = rindex(dir_uri, '?');
- if (p != NULL) *p = '\0';
- p = rindex(dir_uri, '/');
- if (p != NULL) p[1] = '\0';
-
- content_type = getenv("CONTENT_TYPE");
-
- if ((content_type != NULL) &&
- (GRSTstrCmpShort(content_type, "multipart/form-data; boundary=") == 0))
- {
- uploadfile(dn, perm, help_uri, dir_path, dir_uri, admin_file);
- return 0;
- }
-
- cmd = GRSThttpGetCGI("cmd");
- file = GRSThttpGetCGI("file");
- button = GRSThttpGetCGI("button");
-
- /* file and directory functions in grst_admin_file.c */
-
- if (strcmp(cmd, "header") == 0)
- justheader(dn, perm, help_uri, dir_path, dir_uri, admin_file);
- else if (strcmp(cmd, "footer") == 0)
- justfooter(dn, perm, help_uri, dir_path, dir_uri, admin_file);
- else if (strcmp(cmd, "managedir") == 0)
- managedir(dn, perm, help_uri, dir_path, dir_uri, admin_file);
- else if (strcmp(cmd, "print") == 0)
- printfile(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "history") == 0)
- filehistory(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "editdnlist") == 0)
- editdnlistform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "edit") == 0)
- {
- if ((strcasecmp(button, "new directory") == 0) ||
- (strcasecmp(button, "Create") == 0))
- newdirectory(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else
- editfileform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- }
- else if (strcmp(cmd, "editaction") == 0)
- editfileaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "editdnlistaction") == 0)
- editdnlistaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "delete") == 0)
- deletefileform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "deleteaction") == 0)
- deletefileaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "rename") == 0)
- renameform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "renameaction") == 0)
- renameaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "ziplist") == 0)
- ziplist(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "unzipfile") == 0)
- unzipfile(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "create_acl") == 0)
- create_acl(dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
-
- /* GACL functions in grst_admin_gacl.c */
-
- else if (strcmp(cmd, "show_acl") == 0)
- show_acl(0, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "admin_acl") == 0)
- show_acl(1, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "acl_history") == 0)
- show_acl(2, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd, "revert_acl") == 0)
- revert_acl(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- //show_acl(2, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"new_entry_form")==0)
- new_entry_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"new_entry")==0)
- new_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"del_entry_sure")==0)
- del_entry_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"del_entry")==0)
- del_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"edit_entry_form")==0)
- edit_entry_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"edit_entry")==0)
- edit_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"add_cred_form")==0)
- add_cred_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"add_cred")==0)
- add_cred(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"del_cred_sure")==0)
- del_cred_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
- else if (strcmp(cmd,"del_cred")==0)
- del_cred(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file);
-
- /* you what? */
-
- else GRSThttpError("500 Internal Server Error");
-}
+++ /dev/null
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/x509_vfy.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-
-#include "gridsite.h"
-
-/// ASN1 time string (in a char *) to time_t
-/**
- * (Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if
- * necessary)
- */
-
-time_t GRSTasn1TimeToTimeT(char *asn1time, size_t len)
-{
- char zone;
- struct tm time_tm;
-
- if (len == 0) len = strlen(asn1time);
-
- if ((len != 13) && (len != 15)) return 0; /* dont understand */
-
- if ((len == 13) &&
- ((sscanf(asn1time, "%02d%02d%02d%02d%02d%02d%c",
- &(time_tm.tm_year),
- &(time_tm.tm_mon),
- &(time_tm.tm_mday),
- &(time_tm.tm_hour),
- &(time_tm.tm_min),
- &(time_tm.tm_sec),
- &zone) != 7) || (zone != 'Z'))) return 0; /* dont understand */
-
- if ((len == 15) &&
- ((sscanf(asn1time, "20%02d%02d%02d%02d%02d%02d%c",
- &(time_tm.tm_year),
- &(time_tm.tm_mon),
- &(time_tm.tm_mday),
- &(time_tm.tm_hour),
- &(time_tm.tm_min),
- &(time_tm.tm_sec),
- &zone) != 7) || (zone != 'Z'))) return 0; /* dont understand */
-
- /* time format fixups */
-
- if (time_tm.tm_year < 90) time_tm.tm_year += 100;
- --(time_tm.tm_mon);
-
- return timegm(&time_tm);
-}
-
-/* this function is taken from OpenSSL without modification */
-
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
- int indent)
- {
- static const char fmt[]="%-18s";
- static const char fmt2[]="%2d %-15s";
- char str[128];
- const char *p,*p2=NULL;
-
- if (constructed & V_ASN1_CONSTRUCTED)
- p="cons: ";
- else
- p="prim: ";
- if (BIO_write(bp,p,6) < 6) goto err;
-#if OPENSSL_VERSION_NUMBER >= 0x0090701fL
- BIO_indent(bp,indent,128);
-#endif
-
- p=str;
- if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
- sprintf(str,"priv [ %d ] ",tag);
- else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
- sprintf(str,"cont [ %d ]",tag);
- else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
- sprintf(str,"appl [ %d ]",tag);
- else p = ASN1_tag2str(tag);
-
- if (p2 != NULL)
- {
- if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
- }
- else
- {
- if (BIO_printf(bp,fmt,p) <= 0) goto err;
- }
- return(1);
-err:
- return(0);
- }
-
-static void GRSTasn1AddToTaglist(struct GRSTasn1TagList taglist[],
- int maxtag, int *lasttag,
- char *treecoords, int start, int headerlength,
- int length, int tag)
-{
- if ((strlen(treecoords) > GRST_ASN1_MAXCOORDLEN) ||
- (*lasttag + 1 > maxtag)) return;
-
- ++(*lasttag);
-
- strncpy(taglist[*lasttag].treecoords, treecoords, GRST_ASN1_MAXCOORDLEN+1);
- taglist[*lasttag].start = start;
- taglist[*lasttag].headerlength = headerlength;
- taglist[*lasttag].length = length;
- taglist[*lasttag].tag = tag;
-}
-
-int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[],
- int lasttag, char *treecoords)
-{
- int i;
-
- for (i=0; i <= lasttag; ++i)
- {
- if (strcmp(treecoords, taglist[i].treecoords) == 0) return i;
- }
-
- return -1;
-}
-
-static int GRSTasn1PrintPrintable(BIO *bp, char *str, int length)
-{
- int ret = 0;
- char *dup, *p;
-
- dup = strndup(str, length);
-
- for (p=dup; *p != '\0'; ++p) if ((*p < ' ') || (*p > '~')) *p = '.';
-
- if (bp != NULL) ret = BIO_write(bp, dup, strlen(dup));
-
- free(dup);
-
- return ret;
-}
-
-static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
- int depth, int indent, int dump, char *treecoords,
- struct GRSTasn1TagList taglist[], int maxtag, int *lasttag)
- {
- int sibling = 0;
- char sibtreecoords[512];
-
- unsigned char *p,*ep,*tot,*op,*opp;
- long len;
- int tag,xclass,ret=0;
- int nl,hl,j,r;
- ASN1_OBJECT *o=NULL;
- ASN1_OCTET_STRING *os=NULL;
- int dump_indent;
-
-
- dump_indent = 6; /* Because we know BIO_dump_indent() */
- p= *pp;
- tot=p+length;
- op=p-1;
- while ((p < tot) && (op < p))
- {
- op=p;
- j=ASN1_get_object(&p,&len,&tag,&xclass,length);
-
- if (j & 0x80)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"Error in encoding\n",18) <= 0))
- goto end;
- ret=0;
- goto end;
- }
- hl=(p-op);
- length-=hl;
-
- ++sibling;
- sprintf(sibtreecoords, "%s-%d", treecoords, sibling);
-
- GRSTasn1AddToTaglist(taglist, maxtag, lasttag, sibtreecoords,
- (int)offset+(int)(op - *pp),
- (int) hl, len, tag);
-
- if (bp != NULL)
- {
- BIO_printf(bp, " %s %ld %ld %d %d ", sibtreecoords,
- (long)offset+(long)(op - *pp), hl, len, tag);
-
- GRSTasn1PrintPrintable(bp, p,
-// &((*pp)[(long)offset+(long)(op - *pp)+hl]),
- (len > 30) ? 30 : len);
-
- BIO_printf(bp, "\n");
- }
-
-
- /* if j == 0x21 it is a constructed indefinite length object */
- if ((bp != NULL) &&
- (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
- <= 0)) goto end;
-
- if (j != (V_ASN1_CONSTRUCTED | 1))
- {
- if ((bp != NULL) &&
- (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
- depth,(long)hl,len) <= 0))
- goto end;
- }
- else
- {
- if ((bp != NULL) &&
- (BIO_printf(bp,"d=%-2d hl=%ld l=inf ",
- depth,(long)hl) <= 0))
- goto end;
- }
- if ((bp != NULL) &&
- !asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
- goto end;
- if (j & V_ASN1_CONSTRUCTED)
- {
- ep=p+len;
- if ((bp != NULL) &&
- (BIO_write(bp,"\n",1) <= 0)) goto end;
- if (len > length)
- {
- if (bp != NULL) BIO_printf(bp,
- "length is greater than %ld\n",length);
- ret=0;
- goto end;
- }
- if ((j == 0x21) && (len == 0))
- {
- for (;;)
- {
- r=GRSTasn1Parse2(bp,&p,(long)(tot-p),
- offset+(p - *pp),depth+1,
- indent,dump,sibtreecoords,
- taglist, maxtag, lasttag);
- if (r == 0) { ret=0; goto end; }
- if ((r == 2) || (p >= tot)) break;
- }
- }
- else
- while (p < ep)
- {
- r=GRSTasn1Parse2(bp,&p,(long)len,
- offset+(p - *pp),depth+1,
- indent,dump,sibtreecoords,
- taglist, maxtag, lasttag);
- if (r == 0) { ret=0; goto end; }
- }
- }
- else if (xclass != 0)
- {
- p+=len;
- if ((bp != NULL) &&
- (BIO_write(bp,"\n",1) <= 0)) goto end;
- }
- else
- {
- nl=0;
- if ( (tag == V_ASN1_PRINTABLESTRING) ||
- (tag == V_ASN1_T61STRING) ||
- (tag == V_ASN1_IA5STRING) ||
- (tag == V_ASN1_VISIBLESTRING) ||
- (tag == V_ASN1_UTCTIME) ||
- (tag == V_ASN1_GENERALIZEDTIME))
- {
- if ((bp != NULL) &&
- (BIO_write(bp,":",1) <= 0)) goto end;
- if ((len > 0) && (bp != NULL) &&
- BIO_write(bp,(char *)p,(int)len)
- != (int)len)
- goto end;
- }
- else if (tag == V_ASN1_OBJECT)
- {
- opp=op;
- if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
- {
- if (bp != NULL)
- {
- if (BIO_write(bp,":",1) <= 0) goto end;
- i2a_ASN1_OBJECT(bp,o);
- }
- }
- else
- {
- if ((bp != NULL) &&
- (BIO_write(bp,":BAD OBJECT",11) <= 0))
- goto end;
- }
- }
- else if (tag == V_ASN1_BOOLEAN)
- {
- int ii;
-
- opp=op;
- ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
- if (ii < 0)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"Bad boolean\n",12)))
- goto end;
- }
- if (bp != NULL) BIO_printf(bp,":%d",ii);
- }
- else if (tag == V_ASN1_BMPSTRING)
- {
- /* do the BMP thang */
- }
- else if (tag == V_ASN1_OCTET_STRING)
- {
- int i;
-
- opp=op;
- os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
- if (os != NULL)
- {
- opp=os->data;
-
- if (os->length > 0)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,":",1) <= 0))
- goto end;
- if ((bp != NULL) &&
- (GRSTasn1PrintPrintable(bp,
- opp,
- os->length) <= 0))
- goto end;
- }
-
- M_ASN1_OCTET_STRING_free(os);
- os=NULL;
- }
- }
- else if (tag == V_ASN1_INTEGER)
- {
- ASN1_INTEGER *bs;
- int i;
-
- opp=op;
- bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
- if (bs != NULL)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,":",1) <= 0)) goto end;
- if (bs->type == V_ASN1_NEG_INTEGER)
- if ((bp != NULL) &&
- (BIO_write(bp,"-",1) <= 0))
- goto end;
- for (i=0; i<bs->length; i++)
- {
- if ((bp != NULL) &&
- (BIO_printf(bp,"%02X",
- bs->data[i]) <= 0))
- goto end;
- }
- if (bs->length == 0)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"00",2) <= 0))
- goto end;
- }
- }
- else
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"BAD INTEGER",11) <= 0))
- goto end;
- }
- M_ASN1_INTEGER_free(bs);
- }
- else if (tag == V_ASN1_ENUMERATED)
- {
- ASN1_ENUMERATED *bs;
- int i;
-
- opp=op;
- bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
- if (bs != NULL)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,":",1) <= 0)) goto end;
- if (bs->type == V_ASN1_NEG_ENUMERATED)
- if ((bp != NULL) &&
- (BIO_write(bp,"-",1) <= 0))
- goto end;
- for (i=0; i<bs->length; i++)
- {
- if ((bp != NULL) &&
- (BIO_printf(bp,"%02X",
- bs->data[i]) <= 0))
- goto end;
- }
- if (bs->length == 0)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"00",2) <= 0))
- goto end;
- }
- }
- else
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"BAD ENUMERATED",11) <= 0))
- goto end;
- }
- M_ASN1_ENUMERATED_free(bs);
- }
- else if (len > 0 && dump)
- {
- if (!nl)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"\n",1) <= 0))
- goto end;
- }
- if ((bp != NULL) &&
- (BIO_dump_indent(bp,(char *)p,
- ((dump == -1 || dump > len)?len:dump),
- dump_indent) <= 0))
- goto end;
- nl=1;
- }
-
- if (!nl)
- {
- if ((bp != NULL) &&
- (BIO_write(bp,"\n",1) <= 0)) goto end;
- }
- p+=len;
- if ((tag == V_ASN1_EOC) && (xclass == 0))
- {
- ret=2; /* End of sequence */
- goto end;
- }
- }
-
- length-=len;
- }
- ret=1;
-end:
- if (o != NULL) ASN1_OBJECT_free(o);
- if (os != NULL) M_ASN1_OCTET_STRING_free(os);
- *pp=p;
- return(ret);
- }
-
-int GRSTasn1ParseDump(BIO *bp, unsigned char *pp, long len,
- struct GRSTasn1TagList taglist[],
- int maxtag, int *lasttag)
- {
- return(GRSTasn1Parse2(bp,&pp,len,0,0,0,0,"",
- taglist, maxtag, lasttag));
- }
-
-int GRSTasn1GetX509Name(char *x509name, int maxlength, char *coords,
- char *asn1string,
- struct GRSTasn1TagList taglist[], int lasttag)
-{
- int i, iobj, istr, n, len = 0;
- ASN1_OBJECT *obj = NULL;
- unsigned char coordstmp[81], *q;
- const unsigned char *shortname;
-
- for (i=1; ; ++i)
- {
- snprintf(coordstmp, sizeof(coordstmp), coords, i, 1);
- iobj = GRSTasn1SearchTaglist(taglist, lasttag, coordstmp);
- if (iobj < 0) break;
-
- snprintf(coordstmp, sizeof(coordstmp), coords, i, 2);
- istr = GRSTasn1SearchTaglist(taglist, lasttag, coordstmp);
- if (istr < 0) break;
-
- q = &asn1string[taglist[iobj].start];
- d2i_ASN1_OBJECT(&obj, &q, taglist[iobj].length +
- taglist[iobj].headerlength);
-
- n = OBJ_obj2nid(obj);
-// free obj now?
- shortname = OBJ_nid2sn(n);
-
- if (len + 2 + strlen(shortname) + taglist[istr].length >= maxlength)
- {
- x509name[0] = '\0';
- return GRST_RET_FAILED;
- }
-
- sprintf(&x509name[len], "/%s=%.*s", shortname,
- taglist[istr].length,
- &asn1string[taglist[istr].start+taglist[istr].headerlength]);
- len += 2 + strlen(shortname) + taglist[istr].length;
- }
-
- x509name[len] = '\0';
-
- return (x509name[0] != '\0') ? GRST_RET_OK : GRST_RET_FAILED;
-}
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-/*---------------------------------------------------------------*
- * For more information about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-#include <ctype.h>
-
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#include <fnmatch.h>
-
-#include <libxml/xmlmemory.h>
-#include <libxml/tree.h>
-#include <libxml/parser.h>
-
-#include "gridsite.h"
-
-/* *
- * Global variables, shared by all GACL functions by private to libgacl *
- * */
-
-char *grst_perm_syms[] = { "none",
- "read",
- "exec",
- "list",
- "write",
- "admin",
- NULL };
-
-GRSTgaclPerm grst_perm_vals[] = { GRST_PERM_NONE,
- GRST_PERM_READ,
- GRST_PERM_EXEC,
- GRST_PERM_LIST,
- GRST_PERM_WRITE,
- GRST_PERM_ADMIN,
- -1 };
-
-int GRSTgaclInit(void)
-{
- xmlInitParser();
-
- LIBXML_TEST_VERSION
-
- xmlKeepBlanksDefault(0);
-
- return 1;
-}
-
-/* declare these two private functions at the start */
-
-GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *);
-GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *);
-
-/* *
- * Functions to manipulate GRSTgaclCred structures *
- * */
-
-GRSTgaclCred *GRSTgaclCredNew(char *type)
-/*
- GRSTgaclCredNew - allocate a new GRSTgaclCred structure, and return
- it's pointer or NULL on (malloc) error.
-*/
-{
- GRSTgaclCred *newcred;
-
- if (type == NULL) return NULL;
-
- newcred = malloc(sizeof(GRSTgaclCred));
- if (newcred == NULL) return NULL;
-
- newcred->type = strdup(type);
- newcred->delegation = 0;
- newcred->firstname = NULL;
- newcred->next = NULL;
-
- return newcred;
-}
-
-int GRSTgaclCredAddValue(GRSTgaclCred *cred, char *rawname, char *rawvalue)
-/*
- GRSTgaclCredAddValue - add a name/value pair to a GRSTgaclCred
-*/
-{
- int i;
- char *name, *value;
- GRSTgaclNamevalue *p;
-
- name = strdup(rawname);
-
- /* no leading or trailing space in value */
-
- value = rawvalue;
- while ((*value != '\0') && isspace(*value)) ++value;
-
- value = strdup(value);
-
- for (i=strlen(value) - 1; (i >= 0) && isspace(value[i]); --i) value[i]='\0';
-
- if (cred->firstname == NULL)
- {
- cred->firstname = malloc(sizeof (GRSTgaclNamevalue));
- (cred->firstname)->name = name;
- (cred->firstname)->value = value;
- (cred->firstname)->next = NULL;
- }
- else
- {
- p = cred->firstname;
-
- while (p->next != NULL) p = (GRSTgaclNamevalue *) p->next;
-
- p->next = malloc(sizeof(GRSTgaclNamevalue));
- ((GRSTgaclNamevalue *) p->next)->name = name;
- ((GRSTgaclNamevalue *) p->next)->value = value;
- ((GRSTgaclNamevalue *) p->next)->next = NULL;
- }
-
- return 1;
-}
-
-static int GRSTgaclNamevalueFree(GRSTgaclNamevalue *p)
-{
- if (p == NULL) return 1;
-
- if (p->next != NULL)
- GRSTgaclNamevalueFree((GRSTgaclNamevalue *) p->next);
- if (p->name != NULL) free(p->name);
- if (p->value != NULL) free(p->value);
- free(p);
-
- return 1;
-}
-
-int GRSTgaclCredFree(GRSTgaclCred *cred)
-/*
- GRSTgaclCredFree - free memory structures of a GRSTgaclCred,
- returning 1 always!
-*/
-{
- if (cred == NULL) return 1;
-
- GRSTgaclNamevalueFree(cred->firstname);
- if (cred->type != NULL) free(cred->type);
- free(cred);
-
- return 1;
-}
-
-static int GRSTgaclCredsFree(GRSTgaclCred *firstcred)
-/*
- GRSTgaclCredsFree - free a cred and all the creds in its *next chain
-*/
-{
- if (firstcred == NULL) return 0;
-
- if (firstcred->next != NULL) GRSTgaclCredsFree(firstcred->next);
-
- return GRSTgaclCredFree(firstcred);
-}
-
-static int GRSTgaclCredInsert(GRSTgaclCred *firstcred, GRSTgaclCred *newcred)
-/*
- GRSTgaclCredInsert - insert a cred in the *next chain of firstcred
-
- FOR THE MOMENT THIS JUST APPENDS!
-*/
-{
- if (firstcred == NULL) return 0;
-
- if (firstcred->next == NULL)
- {
- firstcred->next = newcred;
- return 1;
- }
-
- return GRSTgaclCredInsert(firstcred->next, newcred);
-}
-
-int GRSTgaclEntryAddCred(GRSTgaclEntry *entry, GRSTgaclCred *cred)
-/*
- GRSTaddCred - add a new credential to an existing entry, returning 1
- on success or 0 on error
-*/
-{
- if (entry == NULL) return 0;
-
- if (entry->firstcred == NULL)
- {
- entry->firstcred = cred;
- return 1;
- }
- else return GRSTgaclCredInsert(entry->firstcred, cred);
-}
-
-static int GRSTgaclCredRemoveCred(GRSTgaclCred *firstcred, GRSTgaclCred *oldcred)
-/*
- (Private)
-
- GRSTgaclCredRemoveCred - remove a cred in the *next chain of firstcred
- and relink the chain
-*/
-{
- if (firstcred == NULL) return 0;
-
-// yeah, I know
-}
-
-int GRSTgaclEntryDelCred(GRSTgaclEntry *entry, GRSTgaclCred *cred)
-/*
- GRSTgaclEntryDelCred - remove a new cred from an entry, returning 1
- on success (or absense) or 0 on error.
-*/
-{
- if (entry == NULL) return 0;
-
- return GRSTgaclCredRemoveCred(entry->firstcred, cred);
-}
-
-int GRSTgaclCredPrint(GRSTgaclCred *cred, FILE *fp)
-/*
- GRSTgaclCredPrint - print a credential and any name-value pairs is contains
-*/
-{
- char *q;
- GRSTgaclNamevalue *p;
-
- if (cred->firstname != NULL)
- {
- fprintf(fp, "<%s>\n", cred->type);
-
- p = cred->firstname;
-
- do {
- fprintf(fp, "<%s>", p->name);
-
- for (q=p->value; *q != '\0'; ++q)
- if (*q == '<') fputs("<", fp);
- else if (*q == '>') fputs(">", fp);
- else if (*q == '&') fputs("&" , fp);
- else if (*q == '\'') fputs("'", fp);
- else if (*q == '"') fputs(""", fp);
- else fputc(*q, fp);
-
- fprintf(fp, "</%s>\n", p->name);
-
- p = (GRSTgaclNamevalue *) p->next;
-
- } while (p != NULL);
-
- fprintf(fp, "</%s>\n", cred->type);
- }
- else fprintf(fp, "<%s/>\n", cred->type);
-
- return 1;
-}
-
-/* *
- * Functions to manipulate GRSTgaclEntry structures *
- * */
-
-GRSTgaclEntry *GRSTgaclEntryNew(void)
-/*
- GRSTgaclEntryNew - allocate space for a new entry, returning its pointer
- or NULL on failure.
-*/
-{
- GRSTgaclEntry *newentry;
-
- newentry = (GRSTgaclEntry *) malloc(sizeof(GRSTgaclEntry));
- if (newentry == NULL) return NULL;
-
- newentry->firstcred = NULL;
- newentry->allowed = 0;
- newentry->denied = 0;
- newentry->next = NULL;
-
- return newentry;
-}
-
-int GRSTgaclEntryFree(GRSTgaclEntry *entry)
-/*
- GRSTgaclEntryFree - free up space used by an entry (always returns 1)
-*/
-{
- int i;
-
- if (entry == NULL) return 1;
-
- GRSTgaclCredsFree(entry->firstcred);
-
- free(entry);
-
- return 1;
-}
-
-static int GRSTgaclEntriesFree(GRSTgaclEntry *entry)
-/*
- GRSTgaclEntriesFree - free up entry and all entries linked to in its *next
- chain
-*/
-{
- if (entry == NULL) return 0;
-
- if (entry->next != NULL) GRSTgaclEntriesFree(entry->next);
-
- return GRSTgaclEntryFree(entry);
-}
-
-static int GRSTgaclEntryInsert(GRSTgaclEntry *firstentry, GRSTgaclEntry *newentry)
-/*
- GRSTgaclEntryInsert - insert an entry in the *next chain of firstentry
-
- FOR THE MOMENT THIS JUST APPENDS
-*/
-{
- if (firstentry == NULL) return 0;
-
- if (firstentry->next == NULL)
- {
- firstentry->next = newentry;
- return 1;
- }
-
- return GRSTgaclEntryInsert(firstentry->next, newentry);
-}
-
-int GRSTgaclAclAddEntry(GRSTgaclAcl *acl, GRSTgaclEntry *entry)
-/*
- GRSTgaclAclAddEntry - add a new entry to an existing acl, returning 1
- on success or 0 on error
-*/
-{
- if (acl == NULL) return 0;
-
- if (acl->firstentry == NULL)
- {
- acl->firstentry = entry;
- return 1;
- }
- else return GRSTgaclEntryInsert(acl->firstentry, entry);
-}
-
-int GRSTgaclEntryPrint(GRSTgaclEntry *entry, FILE *fp)
-{
- GRSTgaclCred *cred;
- GRSTgaclPerm i;
-
- fputs("<entry>\n", fp);
-
- for (cred = entry->firstcred; cred != NULL; cred = cred->next)
- GRSTgaclCredPrint(cred, fp);
-
- if (entry->allowed)
- {
- fputs("<allow>", fp);
-
- for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i)
- if ((entry->allowed) & i) GRSTgaclPermPrint(i, fp);
-
- fputs("</allow>\n", fp);
- }
-
-
- if (entry->denied)
- {
- fputs("<deny>", fp);
-
- for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i)
- if (entry->denied & i) GRSTgaclPermPrint(i, fp);
-
- fputs("</deny>\n", fp);
- }
-
- fputs("</entry>\n", fp);
-
- return 1;
-}
-
-/* *
- * Functions to manipulate GRSTgaclPerm items *
- * */
-
-int GRSTgaclPermPrint(GRSTgaclPerm perm, FILE *fp)
-{
- GRSTgaclPerm i;
-
- for (i=GRST_PERM_READ; grst_perm_syms[i] != NULL; ++i)
- if (perm == grst_perm_vals[i])
- {
- fprintf(fp, "<%s/>", grst_perm_syms[i]);
- return 1;
- }
-
- return 0;
-}
-
-int GRSTgaclEntryAllowPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm)
-{
- entry->allowed = entry->allowed | perm;
-
- return 1;
-}
-
-int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm)
-{
- entry->allowed = entry->allowed & ~perm;
-
- return 1;
-}
-
-int GRSTgaclEntryDenyPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm)
-{
- entry->denied = entry->denied | perm;
-
- return 1;
-}
-
-int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm)
-{
- entry->denied = entry->denied & ~perm;
-
- return 1;
-}
-
-char *GRSTgaclPermToChar(GRSTgaclPerm perm)
-/*
- GRSTgaclPermToChar - return char * or NULL corresponding to most significant
- set bit of perm.
-*/
-{
- char *p = NULL;
- GRSTgaclPerm i;
-
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (perm & grst_perm_vals[i]) p = grst_perm_syms[i];
-
- return p;
-}
-
-GRSTgaclPerm GRSTgaclPermFromChar(char *s)
-/*
- GRSTgaclPermToChar - return access perm corresponding to symbol s[]
-*/
-{
- GRSTgaclPerm i;
-
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (strcasecmp(grst_perm_syms[i], s) == 0) return grst_perm_vals[i];
-
- return -1;
-}
-
-/* *
- * Functions to manipulate GRSTgaclAcl structures *
- * */
-
-GRSTgaclAcl *GRSTgaclAclNew(void)
-/*
- GRSTgaclAclNew - allocate a new acl and return its pointer (or NULL
- on failure.)
-*/
-{
- GRSTgaclAcl *newacl;
-
- newacl = (GRSTgaclAcl *) malloc(sizeof(GRSTgaclAcl));
- if (newacl == NULL) return NULL;
-
- newacl->firstentry = NULL;
-
- return newacl;
-}
-
-int GRSTgaclAclFree(GRSTgaclAcl *acl)
-/*
- GRSTgaclAclFree - free up space used by *acl. Always returns 1.
-*/
-{
- if (acl == NULL) return 1;
-
- GRSTgaclEntriesFree(acl->firstentry);
-
- return 1;
-}
-
-int GRSTgaclAclPrint(GRSTgaclAcl *acl, FILE *fp)
-{
- GRSTgaclEntry *entry;
-
- fputs("<gacl version=\"0.0.1\">\n", fp);
-
- for (entry = acl->firstentry; entry != NULL; entry = entry->next)
- GRSTgaclEntryPrint(entry, fp);
-
- fputs("</gacl>\n", fp);
-
- return 1;
-}
-
-int GRSTgaclAclSave(GRSTgaclAcl *acl, char *filename)
-{
- int ret;
- FILE *fp;
-
- fp = fopen(filename, "w");
- if (fp == NULL) return 0;
-
- fputs("<?xml version=\"1.0\"?>\n", fp);
-
- ret = GRSTgaclAclPrint(acl, fp);
-
- fclose(fp);
-
- return ret;
-}
-
-/* *
- * Functions for loading and parsing XML using libxml *
- * */
-
-// need to check these for libxml memory leaks? - what needs to be freed?
-
-static GRSTgaclCred *GRSTgaclCredParse(xmlNodePtr cur)
-/*
- GRSTgaclCredParse - parse a credential stored in the libxml structure cur,
- returning it as a pointer or NULL on error.
-*/
-{
- xmlNodePtr cur2;
- GRSTgaclCred *cred;
-
- cred = GRSTgaclCredNew((char *) cur->name);
-
- cred->firstname = NULL;
- cred->next = NULL;
-
- for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next)
- {
- GRSTgaclCredAddValue(cred, (char *) cur2->name,
- (char *) xmlNodeGetContent(cur2));
- }
-
- return cred;
-}
-
-static GRSTgaclEntry *GRSTgaclEntryParse(xmlNodePtr cur)
-/*
- GRSTgaclEntryParse - parse an entry stored in the libxml structure cur,
- returning it as a pointer or NULL on error.
-*/
-{
- int i;
- xmlNodePtr cur2;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclPerm perm;
-
- if (xmlStrcmp(cur->name, (const xmlChar *) "entry") != 0) return NULL;
-
- cur = cur->xmlChildrenNode;
-
- entry = GRSTgaclEntryNew();
-
- while (cur != NULL)
- {
- if (xmlStrcmp(cur->name, (const xmlChar *) "allow") == 0)
- {
- for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next)
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (xmlStrcmp(cur2->name,
- (const xmlChar *) grst_perm_syms[i]) == 0)
- GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]);
- }
- else if (xmlStrcmp(cur->name, (const xmlChar *) "deny") == 0)
- {
- for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next)
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (xmlStrcmp(cur2->name,
- (const xmlChar *) grst_perm_syms[i]) == 0)
- GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]);
- }
- else if ((cred = GRSTgaclCredParse(cur)) != NULL)
- {
- if (!GRSTgaclEntryAddCred(entry, cred))
- {
- GRSTgaclCredFree(cred);
- GRSTgaclEntryFree(entry);
- return NULL;
- }
- }
- else /* I cannot parse this - give up rather than get it wrong */
- {
- GRSTgaclEntryFree(entry);
- return NULL;
- }
-
- cur=cur->next;
- }
-
- return entry;
-}
-
-GRSTgaclAcl *GRSTgaclAclLoadFile(char *filename)
-{
- xmlDocPtr doc;
- xmlNodePtr cur;
- GRSTgaclAcl *acl;
-
- doc = xmlParseFile(filename);
- if (doc == NULL) return NULL;
-
- cur = xmlDocGetRootElement(doc);
- if (cur == NULL)
- {
- xmlFreeDoc(doc);
- return NULL;
- }
-
- if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy"))
- {
- acl=GRSTxacmlAclParse(doc, cur, acl);
- }
- else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl"))
- {
- acl=GRSTgaclAclParse(doc, cur, acl);
- }
- else /* ACL format not recognised */
- {
- xmlFreeDoc(doc);
- return NULL;
- }
-
- xmlFreeDoc(doc);
- return acl;
-}
-
-GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr doc, xmlNodePtr cur, GRSTgaclAcl *acl)
-{
- GRSTgaclEntry *entry;
-
- cur = cur->xmlChildrenNode;
-
- acl = GRSTgaclAclNew();
-
- while (cur != NULL)
- {
- entry = GRSTgaclEntryParse(cur);
- if (entry == NULL)
- {
- GRSTgaclAclFree(acl);
- xmlFreeDoc(doc);
- return NULL;
- }
-
- GRSTgaclAclAddEntry(acl, entry);
-
- cur=cur->next;
- }
-
- return acl;
-}
-int GRSTgaclFileIsAcl(char *pathandfile)
-/* Return 1 if filename in *pathandfile starts GRST_ACL_FILE
- Return 0 otherwise. */
-{
- char *filename;
-
- filename = rindex(pathandfile, '/');
- if (filename == NULL) filename = pathandfile;
- else filename++;
-
- return (strncmp(filename, GRST_ACL_FILE, sizeof(GRST_ACL_FILE) - 1) == 0);
-}
-
-char *GRSTgaclFileFindAclname(char *pathandfile)
-/* Return malloc()ed ACL filename that governs the given file or directory
- (for directories, the ACL file is in the directory itself), or NULL if none
- can be found. */
-{
- int len;
- char *path, *file, *p;
- struct stat statbuf;
-
- len = strlen(pathandfile);
- if (len == 0) return NULL;
-
- path = malloc(len + sizeof(GRST_ACL_FILE) + 2);
- strcpy(path, pathandfile);
-
- if ((stat(path, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode) &&
- (path[len-1] != '/'))
- {
- strcat(path, "/");
- ++len;
- }
-
- if (path[len-1] != '/')
- {
- p = rindex(pathandfile, '/');
- if (p != NULL)
- {
- file = &p[1];
- p = rindex(path, '/');
- sprintf(p, "/%s:%s", GRST_ACL_FILE, file);
-
- if (stat(path, &statbuf) == 0) return path;
-
- *p = '\0'; /* otherwise strip off any filename */
- }
- }
-
- while (path[0] != '\0')
- {
- strcat(path, "/");
- strcat(path, GRST_ACL_FILE);
-
- if (stat(path, &statbuf) == 0) return path;
-
- p = rindex(path, '/');
- *p = '\0'; /* strip off the / we added for ACL */
-
- p = rindex(path, '/');
- if (p == NULL) break; /* must start without / and we there now ??? */
-
- *p = '\0'; /* strip off another layer of / */
- }
-
- free(path);
- return NULL;
-}
-
-GRSTgaclAcl *GRSTgaclAclLoadforFile(char *pathandfile)
-/* Return ACL that governs the given file or directory (for directories,
- the ACL file is in the directory itself.) */
-{
- char *path;
- GRSTgaclAcl *acl;
-
- path = GRSTgaclFileFindAclname(pathandfile);
-
- if (path != NULL)
- {
- acl = GRSTgaclAclLoadFile(path);
- free(path);
- return acl;
- }
-
- return NULL;
-}
-
-/* *
- * Functions to create and query GACLuser *
- * */
-
-GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *cred)
-{
- GRSTgaclUser *user;
-
- if (cred == NULL) return NULL;
-
- user = malloc(sizeof(GRSTgaclUser));
-
- if (user != NULL) user->firstcred = cred;
-
- user->dnlists = NULL;
-
- return user;
-}
-
-int GRSTgaclUserFree(GRSTgaclUser *user)
-{
- if (user == NULL) return 1;
-
- if (user->firstcred != NULL) GRSTgaclCredsFree(user->firstcred);
-
- if (user->dnlists != NULL) free(user->dnlists);
-
- free(user);
-
- return 1;
-}
-
-int GRSTgaclUserAddCred(GRSTgaclUser *user, GRSTgaclCred *cred)
-{
- GRSTgaclCred *crediter;
-
- if ((user == NULL) || (cred == NULL)) return 0;
-
- if (user->firstcred == NULL)
- {
- user->firstcred = cred;
- cred->next = NULL; /* so cannot be used to add whole lists */
- return 1;
- }
-
- crediter = user->firstcred;
-
- while (crediter->next != NULL) crediter = crediter->next;
-
- crediter->next = cred;
- cred->next = NULL; /* so cannot be used to add whole lists */
-
- return 1;
-}
-
-int GRSTgaclUserHasCred(GRSTgaclUser *user, GRSTgaclCred *cred)
-/* test if the user has the given credential */
-{
- GRSTgaclCred *crediter;
- GRSTgaclNamevalue *usernamevalue, *crednamevalue;
-
-
- if (cred == NULL) return 0;
-
- if (strcmp(cred->type, "any-user") == 0) return 1;
-
- if (user == NULL) return 0;
-
- if (strcmp(cred->type, "dn-list") == 0)
- {
- if ((cred->firstname == NULL) ||
- (strcmp((cred->firstname)->name, "url") != 0) ||
- ((cred->firstname)->next != NULL)) return 0;
-
- return GRSTgaclDNlistHasUser((cred->firstname)->value, user);
- }
-
- if (strcmp(cred->type, "dns") == 0)
- {
- if ((user->firstcred == NULL) ||
- ((user->firstcred)->firstname == NULL) ||
- (cred->firstname == NULL) ||
- (strcmp((cred->firstname)->name, "hostname") != 0) ||
- ((cred->firstname)->next != NULL)) return 0;
-
- for (crediter=user->firstcred;
- crediter != NULL;
- crediter = crediter->next)
- if (strcmp(crediter->type, "dns") == 0)
- {
- if ((crediter->firstname == NULL) ||
- (strcmp((crediter->firstname)->name, "hostname") != 0)) return 0;
-
- return (fnmatch((cred->firstname)->value,
- (crediter->firstname)->value, FNM_CASEFOLD) == 0);
- }
-
-
- return 0;
- }
-
- if (strcmp(cred->type, "auth-user") == 0)
- {
- if ((user->firstcred == NULL) ||
- ((user->firstcred)->firstname == NULL)) return 0;
-
- for (crediter=user->firstcred;
- crediter != NULL;
- crediter = crediter->next)
- if (strcmp(crediter->type, "person") == 0) return 1;
-
- return 0;
- }
-
- for (crediter=user->firstcred; crediter != NULL; crediter = crediter->next)
- {
- if (strcmp(crediter->type, cred->type) != 0) continue;
-
- if ((crediter->firstname == NULL) &&
- (cred->firstname == NULL)) return 1;
-
- if ((crediter->firstname == NULL) ||
- (cred->firstname == NULL)) continue;
-
- usernamevalue = crediter->firstname;
- crednamevalue = cred->firstname;
-
- for (;;)
- {
- if (strcmp(usernamevalue->name,crednamevalue->name) != 0) break;
-
- if (strcmp(cred->type, "person") == 0)
- {
- if (GRSTx509NameCmp(usernamevalue->value,
- crednamevalue->value) != 0) break;
- }
- else if (strcmp(usernamevalue->value,
- crednamevalue->value) != 0) break;
-
- /* ok if cred list runs out before user's cred list */
- if (crednamevalue->next == NULL) return 1;
-
- /* but not ok if more names to match which user doesn't have */
- if (usernamevalue->next == NULL) break;
-
- crednamevalue = (GRSTgaclNamevalue *) crednamevalue->next;
- usernamevalue = (GRSTgaclNamevalue *) usernamevalue->next;
- }
- }
-
- return 0;
-}
-
-GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *user, char *type)
-/* find the first credential of a given type for this user */
-{
- GRSTgaclCred *cred;
-
- if (user == NULL) return NULL;
-
- cred = user->firstcred;
-
- while (cred != NULL)
- {
- if (strcmp(cred->type, type) == 0) return cred;
-
- cred = cred->next;
- }
-
- return NULL;
-}
-
-int GRSTgaclUserSetDNlists(GRSTgaclUser *user, char *dnlists)
-{
- if ((user == NULL) || (dnlists == NULL)) return 0;
-
- if (user->dnlists != NULL) free(user->dnlists);
-
- user->dnlists = strdup(dnlists);
-
- return 1;
-}
-
-/* *
- * Functions to test for access perm of an individual *
- * */
-
-static char *recurse4file(char *dir, char *file, int recurse_level)
-/* try to find file[] in dir[]. try subdirs if not found.
- return full path to first found version or NULL on failure */
-{
- char *fullfilename, *fulldirname;
- struct stat statbuf;
- DIR *dirDIR;
- struct dirent *file_ent;
-
- /* try to find in current directory */
-
- asprintf(&fullfilename, "%s/%s", dir, file);
- if (stat(fullfilename, &statbuf) == 0) return fullfilename;
- free(fullfilename);
-
- /* maybe search in subdirectories */
-
- if (recurse_level >= GRST_RECURS_LIMIT) return NULL;
-
- dirDIR = opendir(dir);
-
- if (dirDIR == NULL) return NULL;
-
- while ((file_ent = readdir(dirDIR)) != NULL)
- {
- if (file_ent->d_name[0] == '.') continue;
-
- asprintf(&fulldirname, "%s/%s", dir, file_ent->d_name);
-
- if ((stat(fulldirname, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode) &&
- ((fullfilename = recurse4file(fulldirname, file,
- recurse_level + 1)) != NULL))
- {
- closedir(dirDIR);
- return fullfilename;
- }
-
- free(fulldirname);
- }
-
- closedir(dirDIR);
-
- return NULL;
-}
-
-int GRSTgaclDNlistHasUser(char *listurl, GRSTgaclUser *user)
-{
- char *dn_lists_dirs, *dn_list_ptr, *enclisturl, *filename, *dirname,
- line[512], *p;
- FILE *fp;
- GRSTgaclCred *cred;
-
- if ((listurl == NULL) || (user == NULL)) return 0;
-
- enclisturl = GRSThttpUrlEncode(listurl);
-
- if (user->dnlists != NULL) p = user->dnlists;
- else p = getenv("GRST_DN_LISTS");
-
- if (p == NULL) p = GRST_DN_LISTS;
- dn_lists_dirs = strdup(p); /* we need to keep this for free() later! */
- dn_list_ptr = dn_lists_dirs; /* copy, for naughty function strsep() */
-
- while ((dirname = strsep(&dn_list_ptr, ":")) != NULL)
- {
- filename = recurse4file(dirname, enclisturl, 0);
- if (filename == NULL) continue;
-
- fp = fopen(filename, "r");
- free(filename);
-
- if (fp == NULL) continue;
-
- while (fgets(line, sizeof(line), fp) != NULL)
- {
- p = index(line, '\n');
- if (p != NULL) *p = '\0';
-
- cred = user->firstcred;
-
- while (cred != NULL)
- {
- if ((strcmp(cred->type, "person") == 0) &&
- (cred->firstname != NULL) &&
- (strcmp("dn", (cred->firstname)->name) == 0) &&
- (GRSTx509NameCmp(line, (cred->firstname)->value) == 0))
- {
- fclose(fp);
- free(dn_lists_dirs);
- free(enclisturl);
- return 1;
- }
-
- cred = cred->next;
- }
- }
-
- fclose(fp);
- }
-
- free(dn_lists_dirs);
- free(enclisturl);
-
- return 0;
-}
-
-GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *acl, GRSTgaclUser *user)
-/*
- GACLgaclAclTestUser - return bit fields depending on access perms user has
- for given acl. All zero for no access. If *user is
- NULL, matching to "any-user" will still work.
-*/
-{
- int flag, onlyanyuser;
- GRSTgaclPerm allowperms = 0, denyperms = 0, allowed;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred, *usercred;
-
- if (acl == NULL) return 0;
-
- for (entry = acl->firstentry; entry != NULL; entry = entry->next)
- {
- flag = 1; /* begin by assuming this entry applies to us */
- onlyanyuser = 1; /* begin by assuming just <any-user/> */
-
- /* now go through creds, checking they all do apply to us */
-
- for (cred = entry->firstcred; cred != NULL; cred = cred->next)
- if (!GRSTgaclUserHasCred(user, cred)) flag = 0;
- else if (strcmp(cred->type, "any-user") != 0) onlyanyuser = 0;
-
- if (!flag) continue; /* flag false if a subtest failed */
-
- /* does apply to us, so we remember this entry's perms */
-
- /* we dont allow Write or Admin on the basis of any-user alone */
-
- allowed = entry->allowed;
-
- if (onlyanyuser)
- allowed = entry->allowed & ~GRST_PERM_WRITE & ~GRST_PERM_ADMIN;
- else allowed = entry->allowed;
-
- allowperms = allowperms | allowed;
- denyperms = denyperms | entry->denied;
- }
-
- return (allowperms & (~ denyperms));
- /* for each perm type, any deny we saw kills any allow */
-}
-
-GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *acl, GRSTgaclUser *user)
-/*
- GRSTgaclAclTestexclUser -
- return bit fields depending on ALLOW perms OTHER users
- have for given acl. All zero if they have no access.
- (used for testing if a user has exclusive access)
-*/
-{
- int flag;
- GRSTgaclPerm perm = 0;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
-
- if (acl == NULL) return 0;
-
- for (entry = acl->firstentry; entry != NULL; entry = entry->next)
- {
- flag = 0; /* flag will be set if cred implies other users */
-
- for (cred = entry->firstcred; cred != NULL; cred = cred->next)
- {
- if (strcmp(cred->type, "person") != 0)
- /* if we ever add support for other person-specific credentials,
- they must also be recognised here */
- {
- flag = 1;
- break;
- }
-
- if (!GRSTgaclUserHasCred(user, cred))
- /* if user doesnt have this person credential, assume
- it refers to a different individual */
- {
- flag = 1;
- break;
- }
- }
-
- if (flag) perm = perm | entry->allowed;
- }
-
- return perm;
-}
-
-/*
- Wrapper functions for gridsite-gacl.h support of legacy API
-*/
-
-GRSTgaclEntry *GACLparseEntry(xmlNodePtr cur)
-{
- return GRSTgaclEntryParse(cur);
-}
+++ /dev/null
-/*
- Copyright (c) 2002-5, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef VERSION
-#define VERSION "x.x.x"
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include "gridsite.h"
-
-int GRSThtcpNOPrequestMake(char **request, int *request_length,
- unsigned int trans_id)
-/*
- Make a complete HTCP NOP request and return a pointer to malloc'd
- memory pointing to it.
-*/
-{
- *request_length =
- asprintf(request,"%c%c" /* place holder for total length */
- "%c%c" /* HTCP version 0.0 */
- "%c%c" /* DATA length place holder */
- "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */
- "%c%c%c%c" /* TRANS-ID placeholder */
- "%c%c", /* AUTH (LENGTH=2 means no AUTH) */
- 0, 0,
- 0, 0,
- 0, 0,
- GRSThtcpNOPop * 16, 2,
- 0, 0, 0, 0,
- 0, 2);
-
- if (*request_length < 0) return GRST_RET_FAILED;
-
- (*request)[0] = *request_length / 256;
- (*request)[1] = *request_length % 256;
-
- (*request)[4] = (*request_length - 6) / 256;
- (*request)[5] = (*request_length - 6) % 256;
-
- memcpy(&((*request)[8]), &trans_id, 4);
-
- return GRST_RET_OK;
-}
-
-int GRSThtcpNOPresponseMake(char **message, int *message_length,
- unsigned int trans_id)
-/*
- Make a complete HTCP NOP response for a found file and return a pointer
- to malloc'd memory pointing to it.
-*/
-{
- *message_length =
- asprintf(message,
- "%c%c" /* place holder for total length */
- "%c%c" /* HTCP version 0.0 */
- "%c%c" /* DATA length place holder */
- "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */
- "%c%c%c%c" /* TRANS-ID place holder */
- "%c%c", /* AUTH (LENGTH=2 means no AUTH) */
- 0, 0,
- 0, 0,
- 0, 0,
- GRSThtcpNOPop * 16, 1, /* RR=1, MO=0, RESPONSE=0 (ie found) */
- 0, 0, 0, 0,
- 0, 2);
-
- if (*message_length < 0) return GRST_RET_FAILED;
-
- (*message)[0] = *message_length / 256;
- (*message)[1] = *message_length % 256;
-
- (*message)[4] = (*message_length - 6) / 256;
- (*message)[5] = (*message_length - 6) % 256;
-
- memcpy(&((*message)[8]), &trans_id, 4);
-
- return GRST_RET_OK;
-}
-
-int GRSThtcpTSTrequestMake(char **request, int *request_length,
- unsigned int trans_id,
- char *method, char *uri, char *req_hdrs)
-/*
- Make a complete HTCP TST request and return a pointer to malloc'd
- memory pointing to it.
-*/
-{
- if ((method == NULL) || (uri == NULL) || (req_hdrs == NULL))
- return GRST_RET_FAILED;
-
- *request_length =
- asprintf(request,"%c%c" /* place holder for total length */
- "%c%c" /* HTCP version 0.0 */
- "%c%c" /* DATA length place holder */
- "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */
- "%c%c%c%c" /* TRANS-ID placeholder */
- "%c%c%s" /* OP-DATA: METHOD */
- "%c%c%s" /* OP-DATA: URI */
- "%c%c%s" /* OP-DATA: VERSION */
- "%c%c%s" /* OP-DATA: REQ-HDRS */
- "%c%c", /* AUTH (LENGTH=2 means no AUTH) */
- 0, 0,
- 0, 0,
- 0, 0,
- GRSThtcpTSTop * 16, 2,
- 0, 0, 0, 0,
- strlen(method) / 256, strlen(method) % 256, method,
- strlen(uri) / 256, strlen(uri) % 256, uri,
- 0, 8, "HTTP/1.1",
- strlen(req_hdrs)/256, strlen(req_hdrs) % 256, req_hdrs,
- 0, 2);
-
- if (*request_length < 0) return GRST_RET_FAILED;
-
- (*request)[0] = *request_length / 256;
- (*request)[1] = *request_length % 256;
-
- (*request)[4] = (*request_length - 6) / 256;
- (*request)[5] = (*request_length - 6) % 256;
-
- memcpy(&((*request)[8]), &trans_id, 4);
-
- return GRST_RET_OK;
-}
-
-int GRSThtcpTSTresponseMake(char **message, int *message_length,
- unsigned int trans_id,
- char *resp_hdrs, char *entity_hdrs,
- char *cache_hdrs)
-/*
- Make a complete HTCP TST response for a found file and return a pointer
- to malloc'd memory pointing to it.
-*/
-{
- if ((resp_hdrs != NULL) && (entity_hdrs != NULL) && (cache_hdrs != NULL))
- /* found file response */
- *message_length =
- asprintf(message,
- "%c%c" /* place holder for total length */
- "%c%c" /* HTCP version 0.0 */
- "%c%c" /* DATA length place holder */
- "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */
- "%c%c%c%c" /* TRANS-ID place holder */
- "%c%c%s" /* OP-DATA: RESP-HDRS */
- "%c%c%s" /* OP-DATA: ENTITY-HDRS */
- "%c%c%s" /* OP-DATA: CACHE-HDRS */
- "%c%c", /* AUTH (LENGTH=2 means no AUTH) */
- 0, 0,
- 0, 0,
- 0, 0,
- GRSThtcpTSTop * 16, 1, /* RR=1, MO=0, RESPONSE=0 (ie found) */
- 0, 0, 0, 0,
- strlen(resp_hdrs) / 256, strlen(resp_hdrs) % 256, resp_hdrs,
- strlen(entity_hdrs) / 256, strlen(entity_hdrs) % 256, entity_hdrs,
- strlen(cache_hdrs) / 256, strlen(cache_hdrs) % 256, cache_hdrs,
- 0, 2);
- else if (cache_hdrs != NULL)
- /* not found file response, just cache_hdrs given */
- *message_length =
- asprintf(message,
- "%c%c" /* place holder for total length */
- "%c%c" /* HTCP version 0.0 */
- "%c%c" /* DATA length place holder */
- "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */
- "%c%c%c%c" /* TRANS-ID */
- "%c%c%s" /* OP-DATA: CACHE-HDRS */
- "%c%c", /* AUTH (LENGTH=2 means no AUTH) */
- 0, 0,
- 0, 0,
- 0, 0,
- GRSThtcpTSTop * 16 + 1, 1, /* RR=1, MO=0, RESPONSE=1 (missing) */
- 0, 0, 0, 0,
- strlen(cache_hdrs) / 256, strlen(cache_hdrs) % 256, cache_hdrs,
- 0, 2);
- else return GRST_RET_FAILED;
-
- if (*message_length < 0) return GRST_RET_FAILED;
-
- (*message)[0] = *message_length / 256;
- (*message)[1] = *message_length % 256;
-
- (*message)[4] = (*message_length - 6) / 256;
- (*message)[5] = (*message_length - 6) % 256;
-
- memcpy(&((*message)[8]), &trans_id, 4);
-
- return GRST_RET_OK;
-}
-
-int GRSThtcpMessageParse(GRSThtcpMessage *parsed, char *raw, int length)
-{
- GRSThtcpCountstr *s;
-
- bzero(parsed, sizeof(GRSThtcpMessage));
-
- if (length < (void *) &(parsed->method)
- - (void *) &(parsed->total_length_msb) + 2)
- return GRST_RET_FAILED;
-
- memcpy(parsed, raw, (void *) &(parsed->method)
- - (void *) &(parsed->total_length_msb));
-
- if (parsed->opcode == GRSThtcpNOPop) return GRST_RET_OK;
-
- if ((parsed->opcode == GRSThtcpTSTop) && (parsed->rr == 0))
- {
- /* a TST request */
-
- /* point to start of data/auth in raw */
- s = (GRSThtcpCountstr *) &(((GRSThtcpMessage *) raw)->method);
-
- /* METHOD string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->method = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- /* URI string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->uri = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- /* VERSION string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->version = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- /* REQ-HDRS string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->req_hdrs = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- return GRST_RET_OK;
- }
-
- if ((parsed->opcode == GRSThtcpTSTop) && (parsed->rr == 1))
- {
- /* a TST response */
-
- /* point to start of data/auth in raw */
- s = (GRSThtcpCountstr *) &(((GRSThtcpMessage *) raw)->method);
-
- /* RESP-HDRS string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->resp_hdrs = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- /* ENTITY-HDRS string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->entity_hdrs = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- /* CACHE-HDRS string */
-
- if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length)
- return GRST_RET_FAILED;
- parsed->cache_hdrs = s;
- s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s));
-
- return GRST_RET_OK;
- }
-
- return GRST_RET_FAILED;
-}
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef VERSION
-#define VERSION "x.x.x"
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include <time.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#include "gridsite.h"
-
-void GRSThttpBodyInit(GRSThttpBody *thisbody)
-{
- thisbody->size = 0; /* simple, but we don't expose internals to callers */
-}
-
-void GRSThttpPrintf(GRSThttpBody *thisbody, char *fmt, ...)
-/* append printf() style format and arguments to *thisbody.
- This requires vasprintf from glibc!! */
-{
- char *p;
- size_t size;
- va_list args;
-
- va_start(args, fmt);
- size = vasprintf(&p, fmt, args);
- va_end(args);
-
- if (size == 0) free(p); /* don't need to bother in this case */
- else if (size > 0)
- {
- if (thisbody->size == 0) /* need to initialise */
- {
- thisbody->first = (GRSThttpCharsList *)malloc(sizeof(GRSThttpCharsList));
- thisbody->first->text = p;
- thisbody->first->next = NULL;
-
- thisbody->last = thisbody->first;
- thisbody->size = size;
- }
- else
- {
- thisbody->last->next = (GRSThttpCharsList *)
- malloc(sizeof(GRSThttpCharsList));
- ((GRSThttpCharsList *) thisbody->last->next)->text = p;
- ((GRSThttpCharsList *) thisbody->last->next)->next = NULL;
-
- thisbody->last = thisbody->last->next;
- thisbody->size = thisbody->size + size;
- }
- }
-}
-
-int GRSThttpCopy(GRSThttpBody *thisbody, char *file)
-/*
- copy a whole file, named file[], into the body output buffer, returning
- 1 if file was found and copied ok, or 0 otherwise.
-*/
-{
- int fd, len;
- char c, *p;
- struct stat statbuf;
-
- fd = open(file, O_RDONLY);
-
- if (fd == -1) return 0;
-
- if (fstat(fd, &statbuf) != 0)
- {
- close(fd);
- return 0;
- }
-
- p = malloc(statbuf.st_size + 1);
-
- if (p == NULL)
- {
- close(fd);
- return 0;
- }
-
- len = read(fd, p, statbuf.st_size);
- p[len] = '\0';
-
- close(fd);
-
- if (thisbody->size == 0) /* need to initialise */
- {
- thisbody->first = (GRSThttpCharsList *) malloc(sizeof(GRSThttpCharsList));
- thisbody->first->text = p;
- thisbody->first->next = NULL;
-
- thisbody->last = thisbody->first;
- thisbody->size = len;
- }
- else
- {
- thisbody->last->next=(GRSThttpCharsList *)malloc(sizeof(GRSThttpCharsList));
- ((GRSThttpCharsList *) thisbody->last->next)->text = p;
- ((GRSThttpCharsList *) thisbody->last->next)->next = NULL;
-
- thisbody->last = thisbody->last->next;
- thisbody->size = thisbody->size + len;
- }
-
- return 1;
-}
-
-void GRSThttpWriteOut(GRSThttpBody *thisbody)
-/* output Content-Length header, blank line then whole of the body to
- standard output */
-{
- GRSThttpCharsList *p;
-
- printf("Content-Length: %d\n\n", thisbody->size);
-
- p = thisbody->first;
-
- while (p != NULL)
- {
- fputs(p->text, stdout);
-
- p = p->next;
- }
-}
-
-int GRSThttpPrintHeaderFooter(GRSThttpBody *bp, char *file, char *headfootname)
-/*
- try to print Header or Footer appropriate for absolute path file[],
- returning 1 rather than 0 if found.
-*/
-{
- int found = 0;
- char *pathfile, *p;
- struct stat statbuf;
-
- pathfile = malloc(strlen(file) + strlen(headfootname) + 2);
- strcpy(pathfile, file);
-
- if ((pathfile[strlen(pathfile) - 1] != '/') &&
- (stat(pathfile, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode)) strcat(pathfile, "/");
-
- for (;;)
- {
- p = rindex(pathfile, '/');
- if (p == NULL) break;
- p[1] = '\0';
- strcat(p, headfootname);
-
- if (stat(pathfile, &statbuf) == 0)
- {
- found = GRSThttpCopy(bp, pathfile);
- break;
- }
-
- p[0] = '\0';
- }
-
- free(pathfile);
- return found;
-}
-
-char *GRSThttpGetCGI(char *name)
-/*
- Return a malloc()ed copy of CGI form parameter identified by name[],
- either received by QUERY_STRING (via GET) or on stdin (via POST).
- Caller must free() the returned string itself. If name[] is not found,
- an empty NUL-terminated malloc()ed string is returned. name[] has any
- URL-encoding reversed.
-*/
-{
- char *p, *namepattern, *valuestart, *returnvalue, *querystring;
- int c, i, j, n, contentlength = 0;
- static char *cgiposted = NULL;
- size_t size_needed;
-
- if (cgiposted == NULL) /* have to initialise cgiposted */
- {
- p = getenv("CONTENT_LENGTH");
- if (p != NULL) sscanf(p, "%d", &contentlength);
-
- querystring = getenv("REDIRECT_QUERY_STRING");
- if (querystring == NULL) querystring = getenv("QUERY_STRING");
-
- if (querystring == NULL) cgiposted = malloc(contentlength + 3);
- else cgiposted = malloc(contentlength + strlen(querystring) + 4);
-
- cgiposted[0] = '&';
-
- for (i = 1; i <= contentlength; ++i)
- {
- c = getchar();
- if (c == EOF) break;
- cgiposted[i] = c;
- }
-
- cgiposted[i] = '&';
- cgiposted[i+1] = '\0';
-
- if (querystring != NULL)
- {
- strcat(cgiposted, querystring);
- strcat(cgiposted, "&");
- }
- }
-
- namepattern = malloc(strlen(name) + 3);
- sprintf(namepattern, "&%s=", name);
-
- p = strstr(cgiposted, namepattern);
- free(namepattern);
- if (p == NULL) return strdup("");
-
- valuestart = &p[strlen(name) + 2];
-
- for (n=0; valuestart[n] != '&'; ++n) ;
-
- returnvalue = malloc(n + 1);
-
- j=0;
-
- for (i=0; i < n; ++i)
- {
- if ((i < n - 2) && (valuestart[i] == '%')) /* url encoded as %HH */
- {
- returnvalue[j] = 0;
-
- if (isdigit(valuestart[i+1]))
- returnvalue[j] += 16 * (valuestart[i+1] - '0');
- else if (isalpha(valuestart[i+1]))
- returnvalue[j] += 16 * (10 + tolower(valuestart[i+1]) - 'a');
-
- if (isdigit(valuestart[i+2]))
- returnvalue[j] += valuestart[i+2] - '0';
- else if (isalpha(valuestart[i+2]))
- returnvalue[j] += 10 + tolower(valuestart[i+2]) - 'a';
-
- i = i + 2;
- }
- else if (valuestart[i] == '+') returnvalue[j] = ' ';
- else returnvalue[j] = valuestart[i];
-
- if (returnvalue[j] == '\r') continue; /* CR/LF -> LF */
- ++j;
- }
-
- returnvalue[j] = '\0';
-
- return returnvalue;
-}
-
-/* *
- * Utility functions *
- * */
-
-char *GRSThttpUrlDecode(char *in)
-{
- int i, j, n;
- char *out;
-
- n = strlen(in);
- out = malloc(n + 1);
-
- j=0;
-
- for (i=0; i < n; ++i)
- {
- if ((i < n - 2) && (in[i] == '%')) /* url encoded as %HH */
- {
- out[j] = 0;
-
- if (isdigit(in[i+1]))
- out[j] += 16 * (in[i+1] - '0');
- else if (isalpha(in[i+1]))
- out[j] += 16 * (10 + tolower(in[i+1]) - 'a');
-
- if (isdigit(in[i+2]))
- out[j] += in[i+2] - '0';
- else if (isalpha(in[i+2]))
- out[j] += 10 + tolower(in[i+2]) - 'a';
-
- i = i + 2;
- }
- else if (in[i] == '+') out[j] = ' ';
- else out[j] = in[i];
-
- ++j;
- }
-
- out[j] = '\0';
-
- return out;
-}
-
-char *GRSThttpUrlEncode(char *in)
-/* Return a pointer to a malloc'd string holding a URL-encoded (RFC 1738)
- version of *in. Only A-Z a-z 0-9 . _ - are passed through unmodified.
- (DN's processed by GRSThttpUrlEncode can be used as valid Unix filenames,
- assuming they do not exceed restrictions on filename length.) */
-{
- char *out, *p, *q;
-
- out = malloc(3*strlen(in) + 1);
-
- p = in;
- q = out;
-
- while (*p != '\0')
- {
- if (isalnum(*p) || (*p == '.') || (*p == '_') || (*p == '-'))
- {
- *q = *p;
- ++q;
- }
- else
- {
- sprintf(q, "%%%2X", *p);
- q = &q[3];
- }
-
- ++p;
- }
-
- *q = '\0';
- return out;
-}
-
-char *GRSThttpUrlMildencode(char *in)
-/* Return a pointer to a malloc'd string holding a partially URL-encoded
- version of *in. "Partially" means that A-Z a-z 0-9 . = - _ @ and /
- are passed through unmodified. (DN's processed by GRSThttpUrlMildencode()
- can be used as valid Unix paths+filenames if you are prepared to
- create or simulate the resulting /X=xyz directories.) */
-{
- char *out, *p, *q;
-
- out = malloc(3*strlen(in) + 1);
-
- p = in;
- q = out;
-
- while (*p != '\0')
- {
- if (isalnum(*p) || (*p == '.') || (*p == '=') || (*p == '-')
- || (*p == '/') || (*p == '@') || (*p == '_'))
- {
- *q = *p;
- ++q;
- }
- else if (*p == ' ')
- {
- *q = '+';
- ++q;
- }
- else
- {
- sprintf(q, "%%%2X", *p);
- q = &q[3];
- }
-
- ++p;
- }
-
- *q = '\0';
- return out;
-}
-
-/// Return a one-time passcode string, for use with GridHTTP
-/**
- * Returns
- *
- * String is timestamp+SHA1_HASH(timestamp+":"+method+":"+URL)
- * Timestamps and hashes are in lowercase hexadecimal. Timestamps are
- * seconds since 00:00:00 on January 1, 1970 UTC.
- */
-
-/*
-char *GRSThttpMakeOneTimePasscode(time_t timestamp, char *method, char *url)
-{
- int len, i;
- char *stringtohash, hashedstring[EVP_MAX_MD_SIZE], *returnstring;
- const EVP_MD *m;
- EVP_MD_CTX ctx;
-
- m = EVP_sha1();
- if (m == NULL) return NULL;
-
- asprintf(&stringtohash, "%08x:%s:%s", timestamp, method, url);
-
- EVP_DigestInit(&ctx, m);
- EVP_DigestUpdate(&ctx, stringtohash, strlen(stringtohash));
- EVP_DigestFinal(&ctx, hashedstring, &len);
-
- returnstring = malloc(9 + len * 2);
-
- sprintf(returnstring, "%08x", timestamp);
-
- for (i=0;
-
- return returnstring;
-}
-*/
+++ /dev/null
-/*
- Copyright (c) 2002-5, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- ---------------------------------------------------------------
- For more information about GridSite: http://www.gridsite.org/
- ---------------------------------------------------------------
-*/
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <time.h>
-#include <stdarg.h>
-#include <dirent.h>
-#include <string.h>
-#include <pwd.h>
-#include <errno.h>
-#include <getopt.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bio.h>
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-#include "gridsite.h"
-
-#define GRST_KEYSIZE 512
-#define GRST_PROXYCACHE "/../proxycache/"
-#define GRST_MAX_CHAIN_LEN 9
-
-/// Compare X509 Distinguished Name strings
-int GRSTx509NameCmp(char *a, char *b)
-/**
- * This function attempts to do with string representations what
- * would ideally be done with OIDs/values. In particular, we equate
- * "/Email=" == "/emailAddress=" to deal with this important change
- * between OpenSSL 0.9.6 and 0.9.7.
- * Other than that, it is currently the same as ordinary strcmp(3).
- */
-{
- int ret;
- char *aa, *bb, *p;
-
- aa = strdup(a);
- while ((p = strstr(aa, "/emailAddress=")) != NULL)
- {
- memmove(&p[6], &p[13], strlen(&p[13]) + 1);
- p[1] = 'E';
- }
-
- bb = strdup(b);
- while ((p = strstr(bb, "/emailAddress=")) != NULL)
- {
- memmove(&p[6], &p[13], strlen(&p[13]) + 1);
- p[1] = 'E';
- }
-
- ret = strcmp(aa, bb);
-
- free(aa);
- free(bb);
-
- return ret;
-}
-
-
-/// Check critical extensions
-/**
- * Returning GRST_RET_OK if all of extensions are known to us or
- * OpenSSL; GRST_REF_FAILED otherwise.
- *
- * Since this function relies on functionality (X509_supported_extension)
- * introduced in 0.9.7, then we do nothing and report an error
- * (GRST_RET_FAILED) if one of the associated defines
- * (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.
- */
-
-int GRSTx509KnownCriticalExts(X509 *cert)
-{
- int i;
- char s[80];
- X509_EXTENSION *ex;
-
-#ifdef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
- for (i = 0; i < X509_get_ext_count(cert); ++i)
- {
- ex = X509_get_ext(cert, i);
-
- if (X509_EXTENSION_get_critical(ex) &&
- !X509_supported_extension(ex))
- {
- OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1);
-
- if (strcmp(s, GRST_PROXYCERTINFO_OID) != 0) return GRST_RET_FAILED;
- }
- }
-
- return GRST_RET_OK;
-#else
- return GRST_RET_FAILED;
-#endif
-}
-
-/// Check if certificate can be used as a CA to sign standard X509 certs
-/*
- * Return GRST_RET_OK if true; GRST_RET_FAILED if not.
- */
-
-int GRSTx509IsCA(X509 *cert)
-{
- int idret, purpose_id;
-
- purpose_id = X509_PURPOSE_get_by_sname("sslclient");
-
- /* final argument to X509_check_purpose() is whether to check for CAness */
-
- if (X509_check_purpose(cert, purpose_id + X509_PURPOSE_MIN, 1))
- return GRST_RET_OK;
- else return GRST_RET_FAILED;
-}
-
-/// Check certificate chain for GSI proxy acceptability.
-/**
- * Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.
- *
- * Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing,
- * The University of Manchester.
- *
- * The GridSite version handles old and new style Globus proxies, and
- * proxies derived from user certificates issued with "X509v3 Basic
- * Constraints: CA:FALSE" (eg UK e-Science CA)
- *
- * We do not check chain links between certs here: this is done by
- * GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c
- *
- * TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions
- * (although via GRSTx509KnownCriticalExts() we can accept them.)
- */
-
-int GRSTx509CheckChain(int *first_non_ca, X509_STORE_CTX *ctx)
-{
- STACK_OF(X509) *certstack; /* Points to the client's cert chain */
- X509 *cert; /* Points to the client's cert */
- int depth; /* Depth of cert chain */
- size_t len,len2; /* Lengths of issuer and cert DN */
- int IsCA; /* Holds whether cert is allowed to sign */
- int prevIsCA; /* Holds whether previous cert in chain is
- allowed to sign */
- int prevIsLimited; /* previous cert was proxy and limited */
- int i,j; /* Iteration variables */
- char *cert_DN; /* Pointer to current-certificate-in-chain's
- DN */
- char *issuer_DN; /* Pointer to
- issuer-of-current-cert-in-chain's DN */
- char *proxy_part_DN; /* Pointer to end part of current-cert-in-chain
- maybe eg "/CN=proxy" */
- time_t now;
-
- time(&now);
-
- *first_non_ca = 0; /* set to something predictable if things fail */
-
- /* Check for context */
- if (!ctx) return X509_V_ERR_INVALID_CA;
- /* Can't GSI-verify if there is no context. Here and throughout this
- function we report all errors as X509_V_ERR_INVALID_CA. */
-
- /* Set necessary preliminary values */
- IsCA = TRUE; /* =prevIsCA - start from a CA */
- prevIsLimited = 0;
-
- /* Get the client cert chain */
- certstack = X509_STORE_CTX_get_chain(ctx); /* Get the client's chain */
- depth = sk_X509_num(certstack); /* How deep is that chain? */
-
- /* Check the client chain */
- for (i=depth-1; i >= 0; --i)
- /* loop through client-presented chain starting at CA end */
- {
- prevIsCA=IsCA;
-
- /* Check for X509 certificate and point to it with 'cert' */
- if (cert = sk_X509_value(certstack, i))
- {
- /* we check times and reject immediately if invalid */
-
- if (now <
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0))
- return X509_V_ERR_INVALID_CA;
-
- if (now >
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0))
- return X509_V_ERR_INVALID_CA;
-
- /* If any forebear certificate is not allowed to sign we must
- assume all decendents are proxies and cannot sign either */
- if (prevIsCA)
- {
- /* always treat the first cert (from the CA files) as a CA */
- if (i == depth-1) IsCA = TRUE;
- /* check if this cert is valid CA for signing certs */
- else IsCA = (GRSTx509IsCA(cert) == GRST_RET_OK);
-
- if (!IsCA) *first_non_ca = i;
- }
- else
- {
- IsCA = FALSE;
- /* Force proxy check next iteration. Important because I can
- sign any CA I create! */
- }
-
- cert_DN = X509_NAME_oneline(X509_get_subject_name(cert),NULL,0);
- issuer_DN = X509_NAME_oneline(X509_get_issuer_name(cert),NULL,0);
- len = strlen(cert_DN);
- len2 = strlen(issuer_DN);
-
- /* issuer didn't have CA status, so this is (at best) a proxy:
- check for bad proxy extension*/
-
- if (!prevIsCA)
- {
- if (prevIsLimited) /* we reject proxies of limited proxies! */
- return X509_V_ERR_INVALID_CA;
-
- /* User not allowed to sign shortened DN */
- if (len2 > len) return X509_V_ERR_INVALID_CA;
-
- /* Proxy subject must begin with issuer. */
- if (strncmp(cert_DN, issuer_DN, len2) != 0)
- return X509_V_ERR_INVALID_CA;
-
- /* Set pointer to end of base DN in cert_DN */
- proxy_part_DN = &cert_DN[len2];
-
- /* First attempt at support for Old and New style GSI
- proxies: /CN=anything is ok for now */
- if (strncmp(proxy_part_DN, "/CN=", 4) != 0)
- return X509_V_ERR_INVALID_CA;
-
- if ((strncmp(proxy_part_DN, "/CN=limited proxy", 17) == 0) &&
- (i > 0)) prevIsLimited = 1; /* ready for next cert ... */
- }
- }
- }
-
- /* Check cert whose private key is being used by client. If previous in
- chain is not allowed to be a CA then need to check this final cert for
- valid proxy-icity too */
- if (!prevIsCA)
- {
- if (prevIsLimited) return X509_V_ERR_INVALID_CA;
- /* we do not accept proxies signed by limited proxies */
-
- if (cert = sk_X509_value(certstack, 0))
- {
- /* Load DN & length of DN and either its issuer or the
- first-bad-issuer-in-chain */
- cert_DN = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
- issuer_DN = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
- len = strlen(cert_DN);
- len2 = strlen(issuer_DN);
-
- /* issuer didn't have CA status, check for bad proxy extension */
-
- if (len2 > len) return X509_V_ERR_INVALID_CA;
- /* User not allowed to sign shortened DN */
-
- if (strncmp(cert_DN, issuer_DN, len2) != 0)
- return X509_V_ERR_INVALID_CA;
- /* Proxy subject must begin with issuer. */
-
- proxy_part_DN = &cert_DN[len2];
- /* Set pointer to end of DN base in cert_DN */
-
- /* Remander of subject must be either "/CN=proxy" or
- "/CN=limited proxy" (or /CN=XYZ for New style GSI) */
-
- /* First attempt at support for Old and New style GSI
- proxies: /CN=anything is ok for now. */
- if (strncmp(proxy_part_DN, "/CN=", 4) != 0)
- return X509_V_ERR_INVALID_CA;
- }
- }
-
- return X509_V_OK; /* this is also GRST_RET_OK, of course - by choice */
-}
-
-/// Example VerifyCallback routine
-
-/**
- *
- */
-
-int GRSTx509VerifyCallback (int ok, X509_STORE_CTX *ctx)
-{
- int errnum = X509_STORE_CTX_get_error(ctx);
- int errdepth = X509_STORE_CTX_get_error_depth(ctx);
- int first_non_ca;
-
-#ifndef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
-#endif
-
- if (errnum == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
- {
- if (GRSTx509KnownCriticalExts(X509_STORE_CTX_get_current_cert(ctx))
- == GRST_RET_OK)
- {
- ok = TRUE;
- errnum = X509_V_OK;
- X509_STORE_CTX_set_error(ctx, errnum);
- }
- }
- else if ((errdepth == 0) &&
- (errnum == X509_V_OK) &&
- (GRSTx509CheckChain(&first_non_ca, ctx) != X509_V_OK)) ok = FALSE;
-
-
- return ok;
-
-// check this
-
-// if (ok) return GRST_RET_OK;
-// else return GRST_RET_FAILED;
-}
-
-/// Check the signature of the VOMS attributes
-/*
- * Returns GRST_RET_OK if signature is ok, other values if not.
- */
-
-static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time,
- unsigned char *asn1string,
- struct GRSTasn1TagList taglist[],
- int lasttag,
- char *vomsdir, int acnumber)
-{
-#define GRST_ASN1_COORDS_VOMS_DN "-1-1-%d-1-3-1-1-1-%%d-1-%%d"
-#define GRST_ASN1_COORDS_VOMS_INFO "-1-1-%d-1"
-#define GRST_ASN1_COORDS_VOMS_SIG "-1-1-%d-3"
- int ret, isig, iinfo;
- char *certpath, acvomsdn[200], dn_coords[200],
- info_coords[200], sig_coords[200];
- unsigned char *q;
- DIR *vomsDIR;
- struct dirent *vomsdirent;
- X509 *cert;
- EVP_PKEY *prvkey;
- FILE *fp;
- EVP_MD_CTX ctx;
- time_t voms_service_time1, voms_service_time2;
-
- if ((vomsdir == NULL) || (vomsdir[0] == '\0')) return GRST_RET_FAILED;
-
- snprintf(dn_coords, sizeof(dn_coords),
- GRST_ASN1_COORDS_VOMS_DN, acnumber);
-
- if (GRSTasn1GetX509Name(acvomsdn, sizeof(acvomsdn), dn_coords,
- asn1string, taglist, lasttag) != GRST_RET_OK) return GRST_RET_FAILED;
-
- snprintf(info_coords, sizeof(info_coords),
- GRST_ASN1_COORDS_VOMS_INFO, acnumber);
- iinfo = GRSTasn1SearchTaglist(taglist, lasttag, info_coords);
-
- snprintf(sig_coords, sizeof(sig_coords),
- GRST_ASN1_COORDS_VOMS_SIG, acnumber);
- isig = GRSTasn1SearchTaglist(taglist, lasttag, sig_coords);
-
- if ((iinfo < 0) || (isig < 0)) return GRST_RET_FAILED;
-
- vomsDIR = opendir(vomsdir);
- if (vomsDIR == NULL) return GRST_RET_FAILED;
-
- while ((vomsdirent = readdir(vomsDIR)) != NULL)
- {
- asprintf(&certpath, "%s/%s", vomsdir, vomsdirent->d_name);
- fp = fopen(certpath, "r");
- free(certpath);
- if (fp == NULL) continue;
-
- cert = PEM_read_X509(fp, NULL, NULL, NULL);
- fclose(fp);
- if (cert == NULL) continue;
-
- if (GRSTx509NameCmp(acvomsdn,
- X509_NAME_oneline(X509_get_subject_name(cert),NULL,0)) != 0)
- {
- X509_free(cert);
- continue;
- }
-
- prvkey = X509_extract_key(cert);
- if (prvkey == NULL)
- {
- X509_free(cert);
- continue;
- }
-
- OpenSSL_add_all_digests();
-#if OPENSSL_VERSION_NUMBER >= 0x0090701fL
- EVP_MD_CTX_init(&ctx);
- EVP_VerifyInit_ex(&ctx, EVP_md5(), NULL);
-#else
- EVP_VerifyInit(&ctx, EVP_md5());
-#endif
-
- EVP_VerifyUpdate(&ctx,
- &asn1string[taglist[iinfo].start+
- 0*taglist[iinfo].headerlength],
- taglist[iinfo].length+taglist[iinfo].headerlength);
-
- ret = EVP_VerifyFinal(&ctx,
- &asn1string[taglist[isig].start+
- taglist[isig].headerlength]+1,
- taglist[isig].length - 1,
- prvkey);
-
-#if OPENSSL_VERSION_NUMBER >= 0x0090701fL
- EVP_MD_CTX_cleanup(&ctx);
-#endif
- EVP_PKEY_free(prvkey);
-
- if (ret != 1) /* signature doesnt match, look for more */
- {
- continue;
- X509_free(cert);
- }
-
- voms_service_time1 =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0);
- if (voms_service_time1 > *time1_time)
- *time1_time = voms_service_time1;
-
- voms_service_time2 =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0);
- if (voms_service_time2 < *time1_time)
- *time2_time = voms_service_time2;
-
- X509_free(cert);
- closedir(vomsDIR);
- return GRST_RET_OK ; /* verified */
- }
-
- closedir(vomsDIR);
- return GRST_RET_FAILED;
-}
-
-/// Get the VOMS attributes in the given extension
-/*
- * Puts any VOMS credentials found into the Compact Creds string array
- * starting at *creds. Always returns GRST_RET_OK - even for invalid
- * credentials, which are just ignored.
- */
-
-int GRSTx509ParseVomsExt(int *lastcred, int maxcreds, size_t credlen,
- char *creds, time_t time1_time, time_t time2_time,
- X509_EXTENSION *ex, char *ucuserdn, char *vomsdir)
-{
-#define MAXTAG 500
-#define GRST_ASN1_COORDS_FQAN "-1-1-%d-1-7-1-2-1-2-%d"
-#define GRST_ASN1_COORDS_USER_DN "-1-1-%d-1-2-1-1-1-1-%%d-1-%%d"
-#define GRST_ASN1_COORDS_TIME1 "-1-1-%d-1-6-1"
-#define GRST_ASN1_COORDS_TIME2 "-1-1-%d-1-6-2"
- ASN1_OCTET_STRING *asn1data;
- char *asn1string, acuserdn[200], acvomsdn[200],
- dn_coords[200], fqan_coords[200], time1_coords[200],
- time2_coords[200];
- long asn1length;
- int lasttag=-1, itag, i, acnumber = 1;
- struct GRSTasn1TagList taglist[MAXTAG+1];
- time_t actime1, actime2, time_now;
-
- asn1data = X509_EXTENSION_get_data(ex);
- asn1string = ASN1_STRING_data(asn1data);
- asn1length = ASN1_STRING_length(asn1data);
-
- GRSTasn1ParseDump(NULL, asn1string, asn1length, taglist, MAXTAG, &lasttag);
-
- for (acnumber = 1; ; ++acnumber) /* go through ACs one by one */
- {
- snprintf(dn_coords, sizeof(dn_coords), GRST_ASN1_COORDS_USER_DN, acnumber);
- if (GRSTasn1GetX509Name(acuserdn, sizeof(acuserdn), dn_coords,
- asn1string, taglist, lasttag) != GRST_RET_OK) break;
-
- if (GRSTx509NameCmp(ucuserdn, acuserdn) != 0) continue;
-
- if (GRSTx509VerifyVomsSig(&time1_time, &time2_time,
- asn1string, taglist, lasttag, vomsdir, acnumber)
- != GRST_RET_OK) continue;
-
- snprintf(time1_coords, sizeof(time1_coords), GRST_ASN1_COORDS_TIME1, acnumber);
- itag = GRSTasn1SearchTaglist(taglist, lasttag, time1_coords);
- actime1 = GRSTasn1TimeToTimeT(&asn1string[taglist[itag].start+
- taglist[itag].headerlength],
- taglist[itag].length);
- if (actime1 > time1_time) time1_time = actime1;
-
- snprintf(time2_coords, sizeof(time2_coords), GRST_ASN1_COORDS_TIME2, acnumber);
- itag = GRSTasn1SearchTaglist(taglist, lasttag, time2_coords);
- actime2 = GRSTasn1TimeToTimeT(&asn1string[taglist[itag].start+
- taglist[itag].headerlength],
- taglist[itag].length);
- if (actime2 < time2_time) time2_time = actime2;
-
- time(&time_now);
- if ((time1_time > time_now) || (time2_time < time_now))
- continue; /* expiration isnt invalidity ...? */
-
- for (i=1; ; ++i)
- {
- snprintf(fqan_coords, sizeof(fqan_coords), GRST_ASN1_COORDS_FQAN, acnumber, i);
- itag = GRSTasn1SearchTaglist(taglist, lasttag, fqan_coords);
-
- if (itag > -1)
- {
- if (*lastcred < maxcreds - 1)
- {
- ++(*lastcred);
- snprintf(&creds[*lastcred * (credlen + 1)], credlen+1,
- "VOMS %010lu %010lu 0 %.*s",
- time1_time, time2_time,
- taglist[itag].length,
- &asn1string[taglist[itag].start+
- taglist[itag].headerlength]);
- }
- }
- else break;
- }
- }
-
- return GRST_RET_OK;
-}
-
-/// Get the VOMS attributes in the extensions to the given cert stack
-/*
- * Puts any VOMS credentials found into the Compact Creds string array
- * starting at *creds. Always returns GRST_RET_OK.
- */
-
-int GRSTx509GetVomsCreds(int *lastcred, int maxcreds, size_t credlen,
- char *creds, X509 *usercert, STACK_OF(X509) *certstack,
- char *vomsdir)
-{
- int i, j;
- char s[80];
- unsigned char *ucuser;
- X509_EXTENSION *ex;
- ASN1_STRING *asn1str;
- X509 *cert;
- time_t time1_time = 0, time2_time = 0, uctime1_time, uctime2_time;
-
- uctime1_time =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(usercert)),0);
- uctime2_time =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(usercert)),0);
- ucuser =
- X509_NAME_oneline(X509_get_subject_name(usercert), NULL, 0);
-
- for (j=sk_X509_num(certstack)-1; j >= 0; --j)
- {
- cert = sk_X509_value(certstack, j);
-
- time1_time =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0);
- uctime1_time = (time1_time > uctime1_time) ? time1_time:uctime1_time;
-
- time2_time =
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0);
- uctime2_time = (time2_time < uctime2_time) ? time2_time:uctime2_time;
-
- for (i=0; i < X509_get_ext_count(cert); ++i)
- {
- ex = X509_get_ext(cert, i);
- OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1);
-
- if (strcmp(s, GRST_VOMS_OID) == 0) /* a VOMS extension */
- {
- GRSTx509ParseVomsExt(lastcred, maxcreds, credlen, creds,
- uctime1_time, uctime2_time,
- ex, ucuser, vomsdir);
- }
- }
- }
-
- return GRST_RET_OK;
-}
-
-/// Turn a Compact Cred line into a GRSTgaclCred object
-/**
- * Returns pointer to created GRSTgaclCred or NULL or failure.
- */
-
-GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred)
-{
- int delegation;
- char *p;
- time_t now, notbefore, notafter;
- GRSTgaclCred *cred = NULL;
-
- time(&now);
-
- if (grst_cred == NULL) return NULL; /* just in case */
-
- if (strncmp(grst_cred, "X509USER ", 9) == 0)
- {
- if ((sscanf(grst_cred, "X509USER %lu %lu %d",
- ¬before, ¬after, &delegation) == 3)
- && (now >= notbefore)
- && (now <= notafter)
- && (p = index(grst_cred, ' '))
- && (p = index(++p, ' '))
- && (p = index(++p, ' '))
- && (p = index(++p, ' ')))
- {
- cred = GRSTgaclCredNew("person");
- GRSTgaclCredSetDelegation(cred, delegation);
- GRSTgaclCredAddValue(cred, "dn", &p[1]);
- }
-
- return cred;
- }
-
- if (strncmp(grst_cred, "VOMS ", 5) == 0)
- {
- if ((sscanf(grst_cred, "VOMS %lu %lu %d",
- ¬before, ¬after, &delegation) == 3)
- && (now >= notbefore)
- && (now <= notafter)
- && (p = index(grst_cred, ' '))
- && (p = index(++p, ' '))
- && (p = index(++p, ' '))
- && (p = index(++p, ' ')))
- {
- /* include /VO/group/subgroup/Role=role/Capability=cap */
-
- if (p[1] != '/') return NULL; /* must begin with / */
-
- cred = GRSTgaclCredNew("voms");
- GRSTgaclCredSetDelegation(cred, delegation);
- GRSTgaclCredAddValue(cred, "fqan", &p[1]);
- }
-
- return cred;
- }
-
- return NULL; /* dont recognise this credential type */
-}
-
-/// Get the credentials in an X509 cert/GSI proxy, including any VOMS
-/**
- * Credentials are placed in Compact Creds string array at *creds.
- *
- * Function returns GRST_RET_OK on success, or GRST_RET_FAILED if
- * some inconsistency found in certificate.
- */
-
-int GRSTx509CompactCreds(int *lastcred, int maxcreds, size_t credlen,
- char *creds, STACK_OF(X509) *certstack, char *vomsdir,
- X509 *peercert)
-{
- int i, j, delegation = 0;
- char credtemp[credlen+1];
- X509 *cert, *usercert = NULL, *gsiproxycert = NULL;
-
- *lastcred = -1;
-
- for (i = sk_X509_num(certstack) - 1; i >= 0; --i)
- {
- cert = sk_X509_value(certstack, i);
-
- if (usercert != NULL)
- { /* found a (GSI proxy) cert after the user cert */
- gsiproxycert = cert;
- ++delegation;
- }
-
- if ((usercert == NULL) &&
- (i < sk_X509_num(certstack) - 1) &&
- (GRSTx509IsCA(cert) != GRST_RET_OK)) usercert = cert;
- /* found the 1st non-CA cert */
- }
-
- if (peercert != NULL)
- {
- if (usercert != NULL) /* found a (GSI proxy) cert after user cert */
- {
- gsiproxycert = peercert;
- ++delegation;
- }
-
- if ((usercert == NULL) &&
- (GRSTx509IsCA(peercert) != GRST_RET_OK)) usercert = peercert;
- /* found the 1st non-CA cert */
- }
-
- if ((usercert == NULL) /* if no usercert ("EEC"), we're not interested */
- ||
- (snprintf(credtemp, credlen+1, "X509USER %010lu %010lu %d %s",
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(usercert)),0),
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(usercert)),0),
- delegation,
- X509_NAME_oneline(X509_get_subject_name(usercert), NULL, 0)) >= credlen+1)
- ||
- (*lastcred >= maxcreds-1))
- {
- *lastcred = -1; /* just in case the caller looks at it */
- return GRST_RET_FAILED; /* tell caller that things didn't work out */
- }
-
- ++(*lastcred);
- strcpy(&creds[*lastcred * (credlen + 1)], credtemp);
-
- if ((gsiproxycert != NULL)
- &&
- (snprintf(credtemp, credlen+1, "GSIPROXY %010lu %010lu %d %s",
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(gsiproxycert)),0),
- GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(gsiproxycert)),0),
- delegation,
- X509_NAME_oneline(X509_get_subject_name(gsiproxycert), NULL, 0)) < credlen+1)
- &&
- (*lastcred < maxcreds-1))
- {
- ++(*lastcred);
- strcpy(&creds[*lastcred * (credlen + 1)], credtemp);
-
- GRSTx509GetVomsCreds(lastcred, maxcreds, credlen, creds,
- usercert, certstack, vomsdir);
-
- }
-
- return GRST_RET_OK;
-}
-
-/// Find proxy file name of the current user
-/**
- * Return a string with the proxy file name or NULL if not present.
- * This function does not check if the proxy has expired.
- */
-
-char *GRSTx509FindProxyFileName(void)
-{
- char *p;
-
- p = getenv("X509_USER_PROXY");
-
- if (p != NULL) return strdup(p);
-
- p = malloc(sizeof("/tmp/x509up_uXYYYXXXYYY"));
-
- sprintf(p, "/tmp/x509up_u%d", getuid());
-
- return p;
-}
-
-static void mpcerror(FILE *debugfp, char *msg)
-{
- if (debugfp != NULL)
- {
- fputs(msg, debugfp);
- ERR_print_errors_fp(debugfp);
- }
-}
-
-/// Make a GSI Proxy chain from a request, certificate and private key
-/**
- * The proxy chain is returned in *proxychain. If debugfp is non-NULL,
- * errors are output to that file pointer. The proxy will expired in
- * the given number of minutes starting from the current time.
- */
-
-int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp,
- char *reqtxt, char *cert, char *key, int minutes)
-{
- char *ptr, *certchain;
- int i, subjAltName_pos, ncerts;
- long serial = 2796, ptrlen;
- EVP_PKEY *pkey, *CApkey;
- const EVP_MD *digest;
- X509 *certs[GRST_MAX_CHAIN_LEN];
- X509_REQ *req;
- X509_NAME *name, *CAsubject, *newsubject;
- X509_NAME_ENTRY *ent;
- X509V3_CTX ctx;
- X509_EXTENSION *subjAltName;
- STACK_OF (X509_EXTENSION) * req_exts;
- FILE *fp;
- BIO *reqmem, *certmem;
-
- /* read in the request */
- reqmem = BIO_new(BIO_s_mem());
- BIO_puts(reqmem, reqtxt);
-
- if (!(req = PEM_read_bio_X509_REQ(reqmem, NULL, NULL, NULL)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error reading request from BIO memory\n");
- BIO_free(reqmem);
- return GRST_RET_FAILED;
- }
-
- BIO_free(reqmem);
-
- /* verify signature on the request */
- if (!(pkey = X509_REQ_get_pubkey (req)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error getting public key from request\n");
- return GRST_RET_FAILED;
- }
-
- if (X509_REQ_verify(req, pkey) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error verifying signature on certificate\n");
- return GRST_RET_FAILED;
- }
-
- /* read in the signing certificate */
- if (!(fp = fopen(cert, "r")))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error opening signing certificate file\n");
- return GRST_RET_FAILED;
- }
-
- for (ncerts = 1; ncerts < GRST_MAX_CHAIN_LEN; ++ncerts)
- if (!(certs[ncerts] = PEM_read_X509(fp, NULL, NULL, NULL))) break;
-
- if (ncerts == 1) /* zeroth cert with be new proxy cert */
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error reading signing certificate file\n");
- return GRST_RET_FAILED;
- }
-
- fclose(fp);
-
- CAsubject = X509_get_subject_name(certs[1]);
-
- /* read in the CA private key */
- if (!(fp = fopen(key, "r")))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error reading signing private key file\n");
- return GRST_RET_FAILED;
- }
-
- if (!(CApkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error reading signing private key in file\n");
- return GRST_RET_FAILED;
- }
-
- fclose(fp);
-
- /* get subject name */
- if (!(name = X509_REQ_get_subject_name (req)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error getting subject name from request\n");
- return GRST_RET_FAILED;
- }
-
- /* create new certificate */
- if (!(certs[0] = X509_new ()))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error creating X509 object\n");
- return GRST_RET_FAILED;
- }
-
- /* set version number for the certificate (X509v3) and the serial number
- need 3 = v4 for GSI proxy?? */
- if (X509_set_version (certs[0], 3L) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting certificate version\n");
- return GRST_RET_FAILED;
- }
-
- ASN1_INTEGER_set (X509_get_serialNumber (certs[0]), serial++);
-
- if (!(name = X509_get_subject_name(certs[1])))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error getting subject name from CA certificate\n");
- return GRST_RET_FAILED;
- }
-
- if (X509_set_issuer_name (certs[0], name) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting issuer name of certificate\n");
- return GRST_RET_FAILED;
- }
-
- /* set issuer and subject name of the cert from the req and the CA */
- ent = X509_NAME_ENTRY_create_by_NID(NULL, OBJ_txt2nid("commonName"),
- MBSTRING_ASC, "proxy", -1);
-
- newsubject = X509_NAME_dup(CAsubject);
-
- X509_NAME_add_entry(newsubject, ent, -1, 0);
-
- if (X509_set_subject_name(certs[0], newsubject) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting subject name of certificate\n");
- return GRST_RET_FAILED;
- }
-
- /* set public key in the certificate */
- if (X509_set_pubkey(certs[0], pkey) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting public key of the certificate\n");
- return GRST_RET_FAILED;
- }
-
-// need to set validity within limits of earlier certificates in the chain
-
- /* set duration for the certificate */
- if (!(X509_gmtime_adj (X509_get_notBefore(certs[0]), 0)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting beginning time of the certificate\n");
- return GRST_RET_FAILED;
- }
-
- if (!(X509_gmtime_adj (X509_get_notAfter(certs[0]), 60 * minutes)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error setting ending time of the certificate\n");
- return GRST_RET_FAILED;
- }
-
- /* sign the certificate with the signing private key */
- if (EVP_PKEY_type (CApkey->type) == EVP_PKEY_RSA)
- digest = EVP_md5();
- else
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error checking signing private key for a valid digest\n");
- return GRST_RET_FAILED;
- }
-
- if (!(X509_sign (certs[0], CApkey, digest)))
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error signing certificate\n");
- return GRST_RET_FAILED;
- }
-
- /* store the completed certificate chain */
-
- certchain = strdup("");
-
- for (i=0; i < ncerts; ++i)
- {
- certmem = BIO_new(BIO_s_mem());
-
- if (PEM_write_bio_X509(certmem, certs[i]) != 1)
- {
- mpcerror(debugfp,
- "GRSTx509MakeProxyCert(): error writing certificate to memory BIO\n");
- return GRST_RET_FAILED;
- }
-
- ptrlen = BIO_get_mem_data(certmem, &ptr);
-
- certchain = realloc(certchain, strlen(certchain) + ptrlen + 1);
-
- strncat(certchain, ptr, ptrlen);
-
- BIO_free(certmem);
- }
-
- *proxychain = certchain;
-
- return GRST_RET_OK;
-}
-
-/// Find a proxy file in the proxy cache
-/**
- * Returns the full path and file name of proxy file associated
- * with given delegation ID and user DN.
- */
-
-char *GRSTx509CachedProxyFind(char *proxydir, char *delegation_id,
- char *user_dn)
-/*
- Return a pointer to a malloc'd string with the full path of the
- proxy file corresponding to the given delegation_id, or NULL
- if not found.
-*/
-{
- int ret, len;
- char *filename = NULL, *line, *p, *proxyfile = NULL;
- DIR *proxyDIR;
- FILE *fp;
- struct dirent *ent;
- struct stat entstat;
-
- if ((proxyDIR = opendir(proxydir)) == NULL) return NULL;
-
- len = strlen(delegation_id);
- if (strlen(user_dn) > len) len = strlen(user_dn);
-
- if ((line = malloc(len + 2)) == NULL) return NULL;
-
- while ((ent = readdir(proxyDIR)) != NULL)
- {
- if (ent->d_name[0] != '.') /* private keys begin with . */
- {
- if (asprintf(&filename, "%s/%s", proxydir, ent->d_name) == -1)
- break;
- if ((stat(filename, &entstat) != 0)
- || !S_ISREG(entstat.st_mode))
- {
- free(filename);
- continue;
- }
-
- fp = fopen(filename, "r");
- if (fp != NULL)
- {
- if (fgets(line, len + 2, fp) != NULL)
- {
- p = index(line, '\n');
-
- if (p != NULL)
- {
- *p = '\0';
- if (strcmp(line, delegation_id) == 0)
- {
- if (fgets(line, len + 2, fp) != NULL)
- {
- p = index(line, '\n');
-
- if (p != NULL)
- {
- *p = '\0';
-
- if (strcmp(line, user_dn) == 0)
- {
- proxyfile = filename;
- fclose(fp);
- break;
- }
- }
- }
- }
- }
- }
-
- fclose(fp);
- }
-
- free(filename);
- }
- }
-
- closedir(proxyDIR);
- free(line);
-
- return proxyfile;
-}
-
-/// Find a temporary proxy private key file in the proxy cache
-/**
- * Returns the full path and file name of the private key file associated
- * with given delegation ID and user DN.
- */
-
-char *GRSTx509CachedProxyKeyFind(char *proxydir, char *delegation_id,
- char *user_dn)
-/*
- Return a pointer to a malloc'd string with the full path of the
- private proxy key corresponding to the given delegation_id, or NULL
- if not found.
-*/
-{
- int ret, len;
- char *filename = NULL, *line, *p, *keyfile = NULL;
- DIR *proxyDIR;
- FILE *fp;
- struct dirent *ent;
- struct stat entstat;
-
- if ((proxyDIR = opendir(proxydir)) == NULL) return NULL;
-
- len = strlen(delegation_id);
- if (strlen(user_dn) > len) len = strlen(user_dn);
-
- if ((line = malloc(len + 2)) == NULL) return NULL;
-
- while ((ent = readdir(proxyDIR)) != NULL)
- {
- if (ent->d_name[0] == '.') /* private keys begin with . */
- {
- if (asprintf(&filename, "%s/%s", proxydir, ent->d_name) == -1)
- break;
- if ((stat(filename, &entstat) != 0)
- || !S_ISREG(entstat.st_mode))
- {
- free(filename);
- continue;
- }
-
- fp = fopen(filename, "r");
- if (fp != NULL)
- {
- if (fgets(line, len + 2, fp) != NULL)
- {
- p = index(line, '\n');
-
- if (p != NULL)
- {
- *p = '\0';
- if (strcmp(line, delegation_id) == 0)
- {
- if (fgets(line, len + 2, fp) != NULL)
- {
- p = index(line, '\n');
-
- if (p != NULL)
- {
- *p = '\0';
-
- if (strcmp(line, user_dn) == 0)
- {
- keyfile = filename;
- fclose(fp);
- break;
- }
- }
- }
- }
- }
- }
-
- fclose(fp);
- }
-
- free(filename);
- }
- }
-
- closedir(proxyDIR);
- free(line);
-
- return keyfile;
-}
-
-/// Make and store a X.509 request for a GSI proxy
-/**
- * Returns GRST_RET_OK on success, non-zero otherwise. Request string
- * is PEM encoded, and the key is stored in proxydir as temporary file
- * with a filename like .XXXXXX
- */
-
-int GRSTx509MakeProxyRequest(char **reqtxt, char *proxydir,
- char *delegation_id, char *user_dn)
-{
- int i, fd;
- char *docroot, *reqfile, *prvkeyfile, *ptr;
- size_t ptrlen;
- FILE *fp;
- RSA *keypair;
- X509_NAME *subject;
- X509_NAME_ENTRY *ent;
- EVP_PKEY *pkey;
- X509_REQ *certreq;
- BIO *reqmem;
- const EVP_MD *digest;
- struct stat statbuf;
-
- if ((keypair = RSA_generate_key(GRST_KEYSIZE, 65537, NULL, NULL)) == NULL)
- return 1;
- asprintf(&prvkeyfile, "%s/.XXXXXX", proxydir);
-
- fd = mkstemp(prvkeyfile);
-
- if ((fp = fdopen(fd, "w")) == NULL) return 1;
-
- fprintf(fp, "%s\n%s\n", delegation_id, user_dn);
-
- if (!PEM_write_RSAPrivateKey(fp, keypair, NULL, NULL, 0, NULL, NULL))
- return 1;
-
- if (fclose(fp) != 0) return 1;
-
- /* now create the certificate request */
-
- certreq = X509_REQ_new();
- if (certreq == NULL) return 1;
-
- OpenSSL_add_all_algorithms();
-
- pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, keypair);
-
- X509_REQ_set_pubkey(certreq, pkey);
-
- subject = X509_NAME_new();
- ent = X509_NAME_ENTRY_create_by_NID(NULL, OBJ_txt2nid("organizationName"),
- MBSTRING_ASC, "Dummy", -1);
- X509_NAME_add_entry (subject, ent, -1, 0);
- X509_REQ_set_subject_name (certreq, subject);
-
- digest = EVP_md5();
- X509_REQ_sign(certreq, pkey, digest);
-
- reqmem = BIO_new(BIO_s_mem());
- PEM_write_bio_X509_REQ(reqmem, certreq);
- ptrlen = BIO_get_mem_data(reqmem, &ptr);
-
- *reqtxt = malloc(ptrlen + 1);
- memcpy(*reqtxt, ptr, ptrlen);
- (*reqtxt)[ptrlen] = '\0';
-
- BIO_free(reqmem);
-
- X509_REQ_free(certreq);
-
- return 0;
-}
-
-/// Create a stack of X509 certificate from a PEM-encoded string
-/**
- * Creates a dynamically allocated stack of X509 certificate objects
- * by walking through the PEM-encoded X509 certificates.
- *
- * Returns GRST_RET_OK on success, non-zero otherwise.
- *
- */
-
-int GRSTx509StringToChain(STACK_OF(X509) **certstack, char *certstring)
-{
- STACK_OF(X509_INFO) *sk=NULL;
- BIO *certbio;
- X509_INFO *xi;
-
- *certstack = sk_X509_new_null();
- if (*certstack == NULL) return GRST_RET_FAILED;
-
- certbio = BIO_new_mem_buf(certstring, -1);
-
- if (!(sk=PEM_X509_INFO_read_bio(certbio, NULL, NULL, NULL)))
- {
- BIO_free(certbio);
- sk_X509_INFO_free(sk);
- sk_X509_free(*certstack);
- return GRST_RET_FAILED;
- }
-
- while (sk_X509_INFO_num(sk))
- {
- xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
- sk_X509_push(*certstack, xi->x509);
- xi->x509=NULL;
- }
- X509_INFO_free(xi);
- }
-
- if (!sk_X509_num(*certstack))
- {
- BIO_free(certbio);
- sk_X509_INFO_free(sk);
- sk_X509_free(*certstack);
- return GRST_RET_FAILED;
- }
-
- BIO_free(certbio);
- sk_X509_INFO_free(sk);
-
- return GRST_RET_OK;
-}
-
-/// Return the short file name for the given delegation_id and user_dn
-/**
- * Returns a malloc'd string with the short file name (no paths) that
- * derived from the hashed delegation_id and user_dn
- *
- * File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN
- * is DER encoded version of user_dn with any trailing CN=proxy removed
- * Hashes are the most significant 8 bytes, in lowercase hexadecimal.
- */
-
-char *GRSTx509MakeProxyFileName(char *delegation_id,
- STACK_OF(X509) *certstack)
-{
- int i, depth, prevIsCA = 1, IsCA, hash_name_len, delegation_id_len,
- der_name_len;
- unsigned char *der_name, *buf, hash_name[EVP_MAX_MD_SIZE],
- hash_delegation_id[EVP_MAX_MD_SIZE],
- filename[34];
- X509_NAME *subject_name;
- X509 *cert;
- const EVP_MD *m;
- EVP_MD_CTX ctx;
-
- depth = sk_X509_num(certstack);
-
- for (i=depth-1; i >= 0; --i)
- /* loop through the proxy chain starting at CA end */
- {
- if (cert = sk_X509_value(certstack, i))
- {
- IsCA = (GRSTx509IsCA(cert) == GRST_RET_OK);
-
- if (prevIsCA && !IsCA) /* the full certificate of the user */
- {
- break;
- }
- }
- }
-
- if (i < 0) return NULL; /* not found: something wrong with the chain */
-
- if ((subject_name = X509_get_subject_name(cert)) == NULL) return NULL;
-
- der_name_len = i2d_X509_NAME(X509_get_subject_name(cert), NULL);
- if (der_name_len == 0) return NULL;
-
- buf = OPENSSL_malloc(der_name_len);
- der_name = buf;
-
-
- if (!i2d_X509_NAME(X509_get_subject_name(cert), &der_name))
- {
- OPENSSL_free(der_name);
- return NULL;
- }
-
- OpenSSL_add_all_digests();
-
- m = EVP_sha1();
- if (m == NULL)
- {
- OPENSSL_free(der_name);
- return NULL;
- }
-
-
- EVP_DigestInit(&ctx, m);
- EVP_DigestUpdate(&ctx, delegation_id, strlen(delegation_id));
- EVP_DigestFinal(&ctx, hash_delegation_id, &delegation_id_len);
-
- /* lots of nasty hard coded numbers:
- "8bytes/16chars delegation ID" + "-" + "8bytes/16chars DN" */
-
- for (i=0; i <=7; ++i)
- sprintf(&filename[i*2], "%02x", hash_delegation_id[i]);
-
- filename[16] = '-';
-
-
-
- EVP_DigestInit(&ctx, m);
- EVP_DigestUpdate(&ctx, buf, der_name_len);
- EVP_DigestFinal(&ctx, hash_name, &hash_name_len);
-
- for (i=0; i <=7; ++i)
- sprintf(&filename[17 + i*2], "%02x", hash_name[i]);
-
- return strdup(filename);
-}
-
-/// Store a GSI proxy chain in the proxy cache, along with the private key
-/**
- * Returns GRST_RET_OK on success, non-zero otherwise. The existing
- * private key with the same delegation ID and user DN is appended to
- * make a valid proxy file, and the temporary private key file deleted.
- */
-
-int GRSTx509CacheProxy(char *proxydir, char *delegation_id,
- char *user_dn, char *proxychain)
-{
- int c, len = 0, i;
- char *upcertfile, *upcertpath, *prvkeyfile, *p, *ptr;
- FILE *ifp, *ofp;
- STACK_OF(X509) *certstack;
- BIO *certmem;
- X509 *cert;
- long ptrlen;
-
- prvkeyfile = GRSTx509CachedProxyKeyFind(proxydir, delegation_id, user_dn);
-
- if (prvkeyfile == NULL)
- {
- return GRST_RET_FAILED;
- }
-
- if ((ifp = fopen(prvkeyfile, "r")) == NULL)
- {
- free(prvkeyfile);
- return GRST_RET_FAILED;
- }
-
-// fprintf(stderr, "\n\n\n\n PROXYCHAIN = \n %s", proxychain);
- if (GRSTx509StringToChain(&certstack, proxychain) != GRST_RET_OK)
- return GRST_RET_FAILED;
-
- upcertfile = GRSTx509MakeProxyFileName(delegation_id, certstack);
-
- if (upcertfile == NULL)
- {
- free(prvkeyfile);
- sk_X509_free(certstack);
- return GRST_RET_FAILED;
- }
-
- asprintf(&upcertpath, "%s/%s", proxydir, upcertfile);
- ofp = fopen(upcertpath, "w");
- chmod(upcertpath, S_IRUSR | S_IWUSR);
- free(upcertpath);
-
- if (ofp == NULL)
- {
- fclose(ifp);
- free(prvkeyfile);
- free(upcertfile);
- return GRST_RET_FAILED;
- }
-
- fprintf(ofp, "%s\n%s\n", delegation_id, user_dn);
-
- /* write out the most recent proxy by itself */
-
- if (cert = sk_X509_value(certstack, 0))
- {
- certmem = BIO_new(BIO_s_mem());
- if (PEM_write_bio_X509(certmem, cert) == 1)
- {
- ptrlen = BIO_get_mem_data(certmem, &ptr);
- fwrite(ptr, 1, ptrlen, ofp);
- }
-
- BIO_free(certmem);
- }
-
- /* insert proxy private key */
-
- while ((c = fgetc(ifp)) != EOF) fputc(c, ofp);
- unlink(prvkeyfile);
- free(prvkeyfile);
-
- for (i=1; i <= sk_X509_num(certstack) - 1; ++i)
- /* loop through the proxy chain starting at 2nd most recent proxy */
- {
- if (cert = sk_X509_value(certstack, i))
- {
- certmem = BIO_new(BIO_s_mem());
- if (PEM_write_bio_X509(certmem, cert) == 1)
- {
- ptrlen = BIO_get_mem_data(certmem, &ptr);
- fwrite(ptr, 1, ptrlen, ofp);
- }
-
- BIO_free(certmem);
- }
- }
-
- sk_X509_free(certstack);
- free(upcertfile);
-
- if (fclose(ifp) != 0) return GRST_RET_FAILED;
- if (fclose(ofp) != 0) return GRST_RET_FAILED;
-
-/* should also check validity of proxy cert to avoid suprises? */
-
- return GRST_RET_OK;
-}
+++ /dev/null
-/*
- Andrew McNab and Shiv Kaushal, University of Manchester.
- Copyright (c) 2002-3. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-/*------------------------------------------------------------------------*
- * For more information about GridSite: http://www.gridpp.ac.uk/gridsite/ *
- *------------------------------------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-#include <ctype.h>
-
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#include <fnmatch.h>
-
-#include <libxml/xmlmemory.h>
-#include <libxml/tree.h>
-#include <libxml/parser.h>
-
-#include "gridsite.h"
-
-//#define XACML_DEBUG
-
-#ifdef XACML_DEBUG
- #define XACML_DEBUG_FILE "/tmp/grstxacmldebug.out"
-#endif
-
-
-/* *
- * Global variables, shared by all GACL functions by private to libgacl *
- * */
-
-extern char *grst_perm_syms[];
-extern GRSTgaclPerm grst_perm_vals[];
-
-
-FILE* debugfile;
-
-GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *);
-GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *);
-
-/* *
- * Functions to read in XACML 1.1 compliant format ACL *
- * Functions based on method for opening GACL format *
- * */
-
-// need to check these for libxml memory leaks? - what needs to be freed?
-
-
-static GRSTgaclCred *GRSTxacmlCredParse(xmlNodePtr cur)
-/*
- GRSTxacmlCredParse - parse a credential stored in the libxml structure cur,
- returning it as a pointer or NULL on error.
-*/
-{
- xmlNodePtr attr_val;
- xmlNodePtr attr_des;
- GRSTgaclCred *cred;
-
- // cur points to <Subject> or <AnySubjects/>, loop done outside this function.
-
- if ( (xmlStrcmp(cur->name, (const xmlChar *) "AnySubject") == 0)) cred = GRSTgaclCredNew("any-user");
-
- else{
-
- attr_val=cur->xmlChildrenNode->xmlChildrenNode;
- attr_des=attr_val->next;
-
- cred = GRSTgaclCredNew((char *) xmlNodeGetContent(attr_des->properties->children));
-
- cred->firstname = NULL;
- cred->next = NULL;
-
- //Assumed that there is only one name/value pair per credential
- GRSTgaclCredAddValue(cred, (char *) xmlNodeGetContent(attr_des->properties->next->children),
- (char *) xmlNodeGetContent(attr_val));
- }
-
- return cred;
-}
-
-static GRSTgaclEntry *GRSTxacmlEntryParse(xmlNodePtr cur)
-/*
- GRSTxacmlEntryParse - parse an entry stored in the libxml structure cur,
- returning it as a pointer or NULL on error. Also checks to see if the following
- <Rule> tag refers to the same <Target> by checking the <RuleId> of both
-*/
-{
- int i, check=0;
- xmlDocPtr doc=cur->doc;
- xmlNodePtr cur2;
- xmlNodePtr rule_root=cur;
- GRSTgaclEntry *entry;
- GRSTgaclCred *cred;
- GRSTgaclPerm perm;
-
-
- // Next line not needed as function only called if <Rule> tag found
- // if (xmlStrcmp(cur->name, (const xmlChar *) "Rule") != 0) return NULL;
- // cur and rule_root point to the <Rule> tag
-
- cur = cur->xmlChildrenNode->xmlChildrenNode;
- // cur should now be pointing at <Subjects> tag
-#ifdef XACML_DEBUG
- fprintf (debugfile, "Starting to Parse Entry\n");
-#endif
- entry = GRSTgaclEntryNew();
-
- while (cur!=NULL){
-
- if (xmlStrcmp(cur->name, (const xmlChar *) "Subjects") == 0){
-#ifdef XACML_DEBUG
- fprintf (debugfile, "Starting to Parse Credentials\n");
-#endif
- if (check==0){
- // cur still pointing at <Subjects> tag make cur2 point to <Subject> and loop over them.
- cur2=cur->xmlChildrenNode;
- while (cur2!=NULL){
- if ( ((cred = GRSTxacmlCredParse(cur2)) != NULL) && (!GRSTgaclEntryAddCred(entry, cred))){
- GRSTgaclCredFree(cred);
- GRSTgaclEntryFree(entry);
- return NULL;
- }
- cur2=cur2->next;
- }
- }
- }
-
- else if (xmlStrcmp(cur->name, (const xmlChar *) "Actions") == 0){
-#ifdef XACML_DEBUG
- fprintf (debugfile, "Starting to Parse Permissions\n");
-#endif
- if (xmlStrcmp(xmlNodeGetContent(rule_root->properties->next->children), (const xmlChar *) "Permit") == 0 ){
-#ifdef XACML_DEBUG
- fprintf (debugfile, "\tPermit-ed actions: ");
-#endif
- for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) //cur2-><Action>
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (xmlStrcmp(xmlNodeGetContent(cur2->xmlChildrenNode->xmlChildrenNode), (const xmlChar *) grst_perm_syms[i]) == 0)
- {
-#ifdef XACML_DEBUG
- fprintf (debugfile, "%s ", grst_perm_syms[i]);
-#endif
- GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]);
- }
- }
-
- if (xmlStrcmp(xmlNodeGetContent(rule_root->properties->next->children), (const xmlChar *) "Deny") == 0 ) {
-#ifdef XACML_DEBUG
- fprintf (debugfile, "\tDeny-ed actions: ");
-#endif
- for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) //cur2-><Action>
- for (i=0; grst_perm_syms[i] != NULL; ++i)
- if (xmlStrcmp(xmlNodeGetContent(cur2->xmlChildrenNode->xmlChildrenNode), (const xmlChar *) grst_perm_syms[i]) == 0)
- {
-
-#ifdef XACML_DEBUG
- fprintf (debugfile, "%s ", grst_perm_syms[i]);
-#endif
- GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]);
- }
- }
-
- }
- else{ // I cannot parse this - give up rather than get it wrong
-#ifdef XACML_DEBUG
- fprintf (debugfile, "OOOPSIE\n");
-#endif
- GRSTgaclEntryFree(entry);
- return NULL;
- }
-
- cur=cur->next;
-
- // Check if next Rule should be included when end of current rule reached
- // If RuleId are from the same entry (eg Entry1A and Entry1D)
- // make cur point to the next Rule's <Subjects> tag
- if (cur==NULL)
- if (check==0)
- if (rule_root->next!=NULL)
- if ( strncmp(xmlNodeGetContent(rule_root->properties->children), // RuleId of this Rule
- xmlNodeGetContent(rule_root->next->properties->children), // RuleId of next Rule
- 6) == 0){
-#ifdef XACML_DEBUG
- fprintf (debugfile, "End of perms and creds, next is %s \n", xmlNodeGetContent(rule_root->next->properties->children));
-#endif
- rule_root=rule_root->next;
- cur=rule_root->xmlChildrenNode->xmlChildrenNode;
-#ifdef XACML_DEBUG
- fprintf (debugfile, "skipped to <%s> tag of next Rule\n", cur->name);
-#endif
- check++;
- }
- }
-
- return entry;
-}
-
-GRSTgaclAcl *GRSTxacmlAclLoadFile(char *filename)
-{
-xmlDocPtr doc;
- xmlNodePtr cur;
- GRSTgaclAcl *acl;
-
- doc = xmlParseFile(filename);
- if (doc == NULL) return NULL;
-
- cur = xmlDocGetRootElement(doc);
- if (cur == NULL) return NULL;
-
- if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy")) { acl=GRSTxacmlAclParse(doc, cur, acl);}
- else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl")) {acl=GRSTgaclAclParse(doc, cur, acl);}
- else /* ACL format not recognised */
- {
- free(doc);
- free(cur);
- return NULL;
- }
-
- xmlFreeDoc(doc);
- return acl;
-}
-
-GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr doc, xmlNodePtr cur, GRSTgaclAcl *acl)
-{
- GRSTgaclEntry *entry;
-
- #ifdef XACML_DEBUG
- debugfile=fopen(XACML_DEBUG_FILE, "w");
- fprintf (debugfile, "ACL loaded..\n");
- fprintf (debugfile, "Parsing XACML\n");
- #endif
-
- // Have an XACML policy file.
- // Skip <Target> tag and set cur to first <Rule> tag
- cur = cur->xmlChildrenNode->next;
-
- acl = GRSTgaclAclNew();
-
- while (cur != NULL){
-
- if ( !xmlStrcmp(cur->name, (const xmlChar *)"Rule") )
- { // IF statement not needed?
- #ifdef XACML_DEBUG
- fprintf (debugfile, "Rule %s found\n", xmlNodeGetContent(cur->properties->children) );
- fprintf (debugfile, "Parsing Entry for this rule\n");
- #endif
- entry = GRSTxacmlEntryParse(cur);
-
- if (entry == NULL)
- {
- GRSTgaclAclFree(acl);
- xmlFreeDoc(doc);
- return NULL;
- }
- else GRSTgaclAclAddEntry(acl, entry);
-
- #ifdef XACML_DEBUG
- fprintf (debugfile, "Entry read in\n\n");
- #endif
- }
-
- // If the current and next Rules are part of the same entry then advance two Rules
- // If not then advance 1
- if (cur->next != NULL)
- {
- if ( strncmp(xmlNodeGetContent(cur->properties->children), // RuleId of this Rule
- xmlNodeGetContent(cur->next->properties->children), // RuleId of next Rule
- 6) == 0)
- {
- #ifdef XACML_DEBUG
- fprintf (debugfile, "skipping next rule %s, should have been caught previously\n\n", xmlNodeGetContent(cur->next->properties->children) );
- #endif
- cur=cur->next;
- } // Check first 6 characters i.e. Entry1**/
- }
-
- cur=cur->next;
-
- }
-
- #ifdef XACML_DEBUG
- fprintf (debugfile, "Finished loading ACL - Fanfare!\n");
- fclose(debugfile);
- #endif
-
- return acl;
-}
-
-
-int GRSTxacmlFileIsAcl(char *pathandfile)
-/* Return 1 if filename in *pathandfile starts GRST_ACL_FILE
- Return 0 otherwise. */
-{
- char *filename;
-
- filename = rindex(pathandfile, '/');
- if (filename == NULL) filename = pathandfile;
- else filename++;
-
- return (strncmp(filename, GRST_ACL_FILE, sizeof(GRST_ACL_FILE) - 1) == 0);
-}
-
-char *GRSTxacmlFileFindAclname(char *pathandfile)
-/* Return malloc()ed ACL filename that governs the given file or directory
- (for directories, the ACL file is in the directory itself), or NULL if none
- can be found. */
-{
- char *path, *p;
- struct stat statbuf;
-
- path = malloc(strlen(pathandfile) + sizeof(GRST_ACL_FILE) + 1);
- strcpy(path, pathandfile);
-
- if (stat(path, &statbuf) == 0)
- {
- if (!S_ISDIR(statbuf.st_mode)) /* can strip this / off straightaway */
- {
- p = rindex(path, '/');
- if (p != NULL) *p = '\0';
- }
- }
-
- while (path[0] != '\0')
- {
- strcat(path, "/");
- strcat(path, GRST_ACL_FILE);
-
- if (stat(path, &statbuf) == 0) return path;
-
- p = rindex(path, '/');
- *p = '\0'; /* strip off the / we added for ACL */
-
- p = rindex(path, '/');
- if (p == NULL) break; /* must start without / and we there now ??? */
-
- *p = '\0'; /* strip off another layer of / */
- }
-
- free(path);
- return NULL;
-}
-
-GRSTgaclAcl *GRSTxacmlAclLoadforFile(char *pathandfile)
-/* Return ACL that governs the given file or directory (for directories,
- the ACL file is in the directory itself.) */
-{
- char *path;
- GRSTgaclAcl *acl;
-
- path = GRSTxacmlFileFindAclname(pathandfile);
-
- if (path != NULL)
- {
- acl = GRSTxacmlAclLoadFile(path);
- free(path);
- return acl;
- }
-
- return NULL;
-}
-
-
-
-/* *
- * Functions to save ACL in XACML 1.1 compliant format *
- * Functions based on method for saving to GACL format *
- * */
-
-
-int GRSTxacmlCredPrint(GRSTgaclCred *cred, FILE *fp)
-/*
- GRSTxacmlCredPrint - print a credential and any name-value pairs is contains in XACML form
-*/
-{
- char *q;
- GRSTgaclNamevalue *p;
-
- if (cred->firstname != NULL)
- {
-
- p = cred->firstname;
-
- do {
-
- fputs("\t\t\t\t<Subject>\n", fp);
- fputs("\t\t\t\t\t<SubjectMatch MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n", fp);
- fputs("\t\t\t\t\t\t<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">", fp);
- for (q=p->value; *q != '\0'; ++q)
- if (*q == '<') fputs("<", fp);
- else if (*q == '>') fputs(">", fp);
- else if (*q == '&') fputs("&" , fp);
- else if (*q == '\'') fputs("'", fp);
- else if (*q == '"') fputs(""", fp);
- else fputc(*q, fp);
-
-
- fputs("</AttributeValue>\n", fp);
-
- fputs("\t\t\t\t\t\t<SubjectAttributeDesignator\n", fp);
- fputs("\t\t\t\t\t\t\tAttributeId=", fp);
- fprintf(fp, "\"%s\"\n", cred->type);
- fputs("\t\t\t\t\t\t\tDataType=", fp);
- fprintf(fp, "\"%s\"/>\n", p->name);
- fputs("\t\t\t\t\t</SubjectMatch>\n", fp);
- fputs("\t\t\t\t</Subject>\n", fp);
- p = (GRSTgaclNamevalue *) p->next;
- } while (p != NULL);
-
- }
- else fputs("\t\t\t\t<AnySubject/>\n", fp);
-
- return 1;
-}
-
-
-int GRSTxacmlEntryPrint(GRSTgaclEntry *entry, FILE *fp, int rule_number)
-{
- GRSTgaclCred *cred;
- GRSTgaclPerm i;
-
- if (entry->allowed){
-
- fprintf(fp, "\t<Rule RuleId=\"Entry%dA\" Effect=\"Permit\">\n", rule_number);
- fputs("\t\t<Target>\n", fp);
- fputs("\t\t\t<Subjects>\n", fp);
-
- for (cred = entry->firstcred; cred != NULL; cred = cred->next)
- GRSTxacmlCredPrint(cred, fp);
-
- fputs("\t\t\t</Subjects>\n", fp);
- fputs("\t\t\t<Actions>\n", fp);
-
- for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i)
- if ((entry->allowed) & i) GRSTxacmlPermPrint(i, fp);
-
- fputs("\t\t\t</Actions>\n", fp);
- fputs("\t\t</Target>\n", fp);
- fputs("\t</Rule>\n", fp);
- }
-
- if (entry->denied){
-
- fprintf(fp, "\t<Rule RuleId=\"Entry%dD\" Effect=\"Deny\">\n", rule_number);
- fputs("\t\t<Target>\n", fp);
- fputs("\t\t\t<Subjects>\n", fp);
-
- for (cred = entry->firstcred; cred != NULL; cred = cred->next)
- GRSTxacmlCredPrint(cred, fp);
-
- fputs("\t\t\t</Subjects>\n", fp);
- fputs("\t\t\t<Actions>\n", fp);
-
- for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i)
- if (entry->denied & i) GRSTxacmlPermPrint(i, fp);
-
- fputs("\t\t\t</Actions>\n", fp);
- fputs("\t\t</Target>\n", fp);
- fputs("\t</Rule>\n", fp);
- }
- return 1;
-}
-
-
-int GRSTxacmlPermPrint(GRSTgaclPerm perm, FILE *fp)
-{
- GRSTgaclPerm i;
-
- for (i=GRST_PERM_READ; grst_perm_syms[i] != NULL; ++i)
- if (perm == grst_perm_vals[i])
- {
-
- fputs("\t\t\t\t<Action>\n", fp);
- fputs("\t\t\t\t\t<ActionMatch MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n", fp);
- fputs("\t\t\t\t\t\t<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">", fp);
- fprintf(fp, "%s", grst_perm_syms[i]);
- fputs("</AttributeValue>\n", fp);
- fputs("\t\t\t\t\t\t<ActionAttributeDesignator\n", fp);
- fputs("\t\t\t\t\t\t\tAttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\"\n", fp);
- fputs("\t\t\t\t\t\t\tDataType=\"http://www.w3.org/2001/XMLSchema#string\"/>\n", fp);
- fputs("\t\t\t\t\t</ActionMatch>\n", fp);
- fputs("\t\t\t\t</Action>\n",fp);
-
- return 1;
- }
-
- return 0;
-}
-
-int GRSTxacmlAclPrint(GRSTgaclAcl *acl, FILE *fp, char* dir_uri)
-{
- GRSTgaclEntry *entry;
- int rule_number=1;
-
- fputs("<Policy", fp);
- fputs("\txmlns=\"urn:oasis:names:tc:xacml:1.0:policy\"\n", fp);
- fputs("\txmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n", fp);
- fputs("\txsi:schemaLocation=\"urn:oasis:names:tc:xacml:1.0:policy cs-xacml-schema-policy-01.xsd\"\n", fp);
- fputs("\tPolicyId=\"GridSitePolicy\"\n", fp);
- fputs("\tRuleCombiningAlgId=\"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides\">\n\n", fp);
-
- fputs("\t<Target>\n\t\t<Resources>\n\t\t\t<Resource>\n", fp);
- fputs("\t\t\t\t<ResourceMatch MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n", fp);
- fputs("\t\t\t\t\t<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">", fp);
- fprintf(fp, "%s", dir_uri);
- fputs("</AttributeValue>\n", fp);
- fputs("\t\t\t\t\t<ResourceAttributeDesignator\n", fp);
- fputs("\t\t\t\t\t\tAttributeId=\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\"\n", fp);
- fputs("\t\t\t\t\t\tDataType=\"http://www.w3.org/2001/XMLSchema#string\"/>\n", fp);
-
- fputs("\t\t\t\t</ResourceMatch>\n\t\t\t</Resource>\n\t\t</Resources>\n\t\t<Subjects>\n\t\t\t<AnySubject/>\n\t\t</Subjects>", fp);
- fputs("\n\t\t<Actions>\n\t\t\t<AnyAction/>\n\t\t</Actions>\n\t</Target>\n\n", fp);
-
- for (entry = acl->firstentry; entry != NULL; entry = entry->next){
-
- GRSTxacmlEntryPrint(entry, fp, rule_number);
- rule_number++;
- }
-
- fputs("</Policy>\n", fp);
-
- return 1;
-}
-
-int GRSTxacmlAclSave(GRSTgaclAcl *acl, char *filename, char* dir_uri)
-{
- int ret;
- FILE *fp;
-
- fp = fopen(filename, "w");
- if (fp == NULL) return 0;
-
- fprintf(fp,"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
-
- ret = GRSTxacmlAclPrint(acl, fp, dir_uri);
-
- fclose(fp);
-
- return ret;
-}
-
-
-
-
+++ /dev/null
-/* Copyright 1999-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * suexec.c -- "Wrapper" support program for suEXEC behaviour for Apache
- *
- ***********************************************************************
- *
- * NOTE! : DO NOT edit this code!!! Unless you know what you are doing,
- * editing this code might open up your system in unexpected
- * ways to would-be crackers. Every precaution has been taken
- * to make this code as safe as possible; alter it at your own
- * risk.
- *
- ***********************************************************************
- *
- *
- */
-
-#include "apr.h"
-#include "apr_file_io.h"
-#include "ap_config.h"
-#include "gsexec.h"
-
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <string.h>
-#include <time.h>
-#if APR_HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-
-/*
- ***********************************************************************
- * There is no initgroups() in QNX, so I believe this is safe :-)
- * Use cc -osuexec -3 -O -mf -DQNX suexec.c to compile.
- *
- * May 17, 1997.
- * Igor N. Kovalenko -- infoh mail.wplus.net
- ***********************************************************************
- */
-
-#if defined(NEED_INITGROUPS)
-int initgroups(const char *name, gid_t basegid)
-{
- /* QNX and MPE do not appear to support supplementary groups. */
- return 0;
-}
-#endif
-
-#if defined(SUNOS4)
-extern char *sys_errlist[];
-#define strerror(x) sys_errlist[(x)]
-#endif
-
-#if defined(PATH_MAX)
-#define AP_MAXPATH PATH_MAX
-#elif defined(MAXPATHLEN)
-#define AP_MAXPATH MAXPATHLEN
-#else
-#define AP_MAXPATH 8192
-#endif
-
-#define AP_ENVBUF 256
-
-extern char **environ;
-static FILE *log = NULL;
-
-char *safe_env_lst[] =
-{
- /* variable name starts with */
- "HTTP_",
- "SSL_",
- "GRST_",
-
- /* variable name is */
- "AUTH_TYPE=",
- "CONTENT_LENGTH=",
- "CONTENT_TYPE=",
- "DATE_GMT=",
- "DATE_LOCAL=",
- "DOCUMENT_NAME=",
- "DOCUMENT_PATH_INFO=",
- "DOCUMENT_ROOT=",
- "DOCUMENT_URI=",
- "GATEWAY_INTERFACE=",
- "HTTPS=",
- "LAST_MODIFIED=",
- "PATH_INFO=",
- "PATH_TRANSLATED=",
- "QUERY_STRING=",
- "QUERY_STRING_UNESCAPED=",
- "REMOTE_ADDR=",
- "REMOTE_HOST=",
- "REMOTE_IDENT=",
- "REMOTE_PORT=",
- "REMOTE_USER=",
- "REDIRECT_HANDLER=",
- "REDIRECT_QUERY_STRING=",
- "REDIRECT_REMOTE_USER=",
- "REDIRECT_STATUS=",
- "REDIRECT_URL=",
- "REQUEST_METHOD=",
- "REQUEST_URI=",
- "SCRIPT_FILENAME=",
- "SCRIPT_NAME=",
- "SCRIPT_URI=",
- "SCRIPT_URL=",
- "SERVER_ADMIN=",
- "SERVER_NAME=",
- "SERVER_ADDR=",
- "SERVER_PORT=",
- "SERVER_PROTOCOL=",
- "SERVER_SIGNATURE=",
- "SERVER_SOFTWARE=",
- "UNIQUE_ID=",
- "USER_NAME=",
- "TZ=",
- NULL
-};
-
-
-static void err_output(int is_error, const char *fmt, va_list ap)
-{
-#ifdef AP_LOG_EXEC
- time_t timevar;
- struct tm *lt;
-
- if (!log) {
- if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
- fprintf(stderr, "suexec failure: could not open log file\n");
- perror("fopen");
- exit(1);
- }
- }
-
- if (is_error) {
- fprintf(stderr, "suexec policy violation: see suexec log for more "
- "details\n");
- }
-
- time(&timevar);
- lt = localtime(&timevar);
-
- fprintf(log, "[%d-%.2d-%.2d %.2d:%.2d:%.2d]: ",
- lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday,
- lt->tm_hour, lt->tm_min, lt->tm_sec);
-
- vfprintf(log, fmt, ap);
-
- fflush(log);
-#endif /* AP_LOG_EXEC */
- return;
-}
-
-static void log_err(const char *fmt,...)
-{
-#ifdef AP_LOG_EXEC
- va_list ap;
-
- va_start(ap, fmt);
- err_output(1, fmt, ap); /* 1 == is_error */
- va_end(ap);
-#endif /* AP_LOG_EXEC */
- return;
-}
-
-static void log_no_err(const char *fmt,...)
-{
-#ifdef AP_LOG_EXEC
- va_list ap;
-
- va_start(ap, fmt);
- err_output(0, fmt, ap); /* 0 == !is_error */
- va_end(ap);
-#endif /* AP_LOG_EXEC */
- return;
-}
-
-static void clean_env(void)
-{
- char pathbuf[512];
- char **cleanenv;
- char **ep;
- int cidx = 0;
- int idx;
-
- /* While cleaning the environment, the environment should be clean.
- * (e.g. malloc() may get the name of a file for writing debugging info.
- * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd. Sprintf() may be
- * susceptible to bad locale settings....)
- * (from PR 2790)
- */
- char **envp = environ;
- char *empty_ptr = NULL;
-
- environ = &empty_ptr; /* VERY safe environment */
-
- if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
- log_err("failed to malloc memory for environment\n");
- exit(120);
- }
-
- sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
- cleanenv[cidx] = strdup(pathbuf);
- cidx++;
-
- for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
- for (idx = 0; safe_env_lst[idx]; idx++) {
- if (!strncmp(*ep, safe_env_lst[idx],
- strlen(safe_env_lst[idx]))) {
- cleanenv[cidx] = *ep;
- cidx++;
- break;
- }
- }
- }
-
- cleanenv[cidx] = NULL;
-
- environ = cleanenv;
-}
-
-/* Pool account functions */
-
-
-#include <utime.h>
-#include <errno.h>
-#include <dirent.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <pwd.h>
-#include <sys/types.h>
-
-/******************************************************************************
-Function: mapdir_otherlink
-Description:
- find another link in map directory to the same inode as firstlink
- and change the modification time of firstlink to now (so that we
- always know when this pair was last used)
-
-Parameters:
- firstlink, the filename of the link we already know
-
-Returns:
- a pointer to the other link's filename (without path) or NULL if none
- found (this is malloc'd and will need freeing)
-
-******************************************************************************/
-static char *mapdir_otherlink(char *mapdir, char *firstlink)
-{
- int ret;
- char *firstlinkpath, *otherlinkdup, *otherlinkpath;
- struct dirent *mapdirentry;
- DIR *mapdirstream;
- struct stat statbuf;
- ino_t firstinode;
-
- firstlinkpath = malloc(strlen(mapdir) + 2 + strlen(firstlink));
- sprintf(firstlinkpath, "%s/%s", mapdir, firstlink);
- ret = stat(firstlinkpath, &statbuf);
- free(firstlinkpath);
- if (ret != 0) return NULL;
- if (statbuf.st_nlink != 2) return NULL;
-
- firstinode = statbuf.st_ino; /* save for comparisons */
-
- mapdirstream = opendir(mapdir);
-
- if (mapdirstream != NULL)
- {
- while ((mapdirentry = readdir(mapdirstream)) != NULL)
- {
- if (strcmp(mapdirentry->d_name, firstlink) == 0) continue;
-
- otherlinkpath = malloc(strlen(mapdir) + 2 +
- strlen(mapdirentry->d_name));
- sprintf(otherlinkpath, "%s/%s", mapdir,
- mapdirentry->d_name);
-
- ret = stat(otherlinkpath, &statbuf);
- if ((ret == 0) && (statbuf.st_ino == firstinode))
- {
- utime(otherlinkpath, (struct utimbuf *) NULL);
- free(otherlinkpath);
- otherlinkdup = strdup(mapdirentry->d_name);
- closedir(mapdirstream);
- return otherlinkdup;
- }
- else free(otherlinkpath);
- }
-
- closedir(mapdirstream);
- }
-
- return NULL;
-}
-
-/******************************************************************************
-Function: mapdir_urlencode
-Description:
- Convert string to URL encoded and return pointer to the encoded
- version, obtained through malloc. Calling routine must free
- this. Here "URL encoded" means anything other than an isalnum()
- goes to %HH where HH is its ascii value in hex; also A-Z => a-z
- This name is suitable for filenames since no / or spaces.
-
-Parameters:
- rawstring, the string to be converted
-
-Returns:
- a pointer to the encoded string or NULL if the malloc failed
-
-******************************************************************************/
-static char *mapdir_urlencode(char *rawstring)
-{
- int encodedchar = 0, rawchar = 0;
- char * encodedstring;
-
- encodedstring = (char *) malloc(3 * strlen(rawstring) + 1);
-
- if (encodedstring == NULL) return (char *) NULL;
-
- while (rawstring[rawchar] != '\0')
- {
- if (isalnum(rawstring[rawchar]))
- {
- encodedstring[encodedchar] = tolower(rawstring[rawchar]);
- ++rawchar;
- ++encodedchar;
- }
- else
- {
- sprintf(&encodedstring[encodedchar], "%%%02x",
- rawstring[rawchar]);
- ++rawchar;
- encodedchar = encodedchar + 3;
- }
- }
-
- encodedstring[encodedchar] = '\0';
-
- return encodedstring;
-}
-
-/******************************************************************************
-Function: mapdir_newlease
-Description:
- Search for an unleased local username to give to the X.509 DN or
- directory key corresponding to encodedfilename, and then lease it.
-
-Parameters:
- encodedfilename, URL-encoded X.509 DN or directory key to associate
- with an unlease pool username
-
-Returns:
- no return value
-******************************************************************************/
-
-void mapdir_newlease(char *mapdir, char *encodedkey)
-{
- int ret;
- char *userfilename, *encodedfilename;
- struct dirent *mapdirentry;
- DIR *mapdirstream;
- struct stat statbuf;
-
- encodedfilename = malloc(strlen(mapdir) + (size_t) 2 +
- strlen(encodedkey));
- sprintf(encodedfilename, "%s/%s", mapdir, encodedkey);
-
- mapdirstream = opendir(mapdir);
-
- while ((mapdirentry = readdir(mapdirstream)) != NULL)
- {
- /* we dont want any files that dont look like acceptable usernames */
- if ((*(mapdirentry->d_name) == '%') ||
- (strcmp(mapdirentry->d_name, "root") == 0)) continue;
- else if (*(mapdirentry->d_name) == '.') continue;
- else if (index(mapdirentry->d_name, '~') != NULL) continue;
-
- userfilename = malloc(strlen(mapdir) + (size_t) 2 +
- strlen(mapdirentry->d_name));
- sprintf(userfilename, "%s/%s", mapdir, mapdirentry->d_name);
- stat(userfilename, &statbuf);
-
- if (statbuf.st_nlink == 1) /* this one isnt leased yet */
- {
- ret = link(userfilename, encodedfilename);
- free(userfilename);
- if (ret != 0)
- {
- /* link failed: this is probably because a VERY lucky
- other process has obtained a lease for encodedfilename
- while we were faffing around */
- closedir(mapdirstream);
- free(encodedfilename);
- return;
- }
-
- stat(encodedfilename, &statbuf);
- if (statbuf.st_nlink > 2)
- {
- /* two keys have grabbed the same username: back off */
- unlink(encodedfilename);
- continue;
- }
-
- closedir(mapdirstream);
- free(encodedfilename);
- return; /* link worked ok, so return */
- }
- else free(userfilename); /* already in use, try next one */
- }
-
- closedir(mapdirstream);
- free(encodedfilename);
- return; /* no unleased names left: give up */
-}
-
-/******************************************************************************
-Based on gridmapdir_userid:
-
-Function: gridmapdir_userid
-Description:
- This is equivalent to globus_gss_assist_gridmap but for the dynamic
- user ids in the gridmapdir: maps a globusID to a local unix user id,
- either one already leased, or calls gridmapdir_newlease() to obtain
- a new lease. This is called by globus_gss_assist_gridmap if the
- local user id in the static gridmap file begins . (for a dynamic id)
-
-Parameters:
- globusidp, globus client name who requested authentication
- usernameprefix, prefix of the local usernames which would
- be acceptable (or "\0" )
- *userid returned userid name for local system.
-
-Returns:
-
- 0 on success
- !=0 on failure
-
-******************************************************************************/
-
-
-
-int GRSTexecGetMapping(char **target_uname, char **target_gname,
- char *mapdir, char *key)
-{
- char *encodedkey;
- struct passwd *pw = NULL;
-
- if (key[0] != '/') return 1; /* must be a proper X.509 DN or path */
-
- encodedkey = mapdir_urlencode(key);
- *target_uname = mapdir_otherlink(mapdir, encodedkey);
-
- if (*target_uname == NULL) /* maybe no lease yet */
- {
- mapdir_newlease(mapdir, encodedkey);
- /* try making a lease */
-
- *target_uname = mapdir_otherlink(mapdir, encodedkey);
- /* check if there is a now a lease - possibly made by someone else */
-
- if (*target_uname == NULL)
- {
- free(encodedkey);
- return 1; /* still no good */
- }
- }
-
- free(encodedkey);
-
- /*
- * Get the group name of target user.
- (Contributed by Gerben Venekamp venekamp@nikhef.nl )
- */
-
- if ((pw = getpwnam(*target_uname)) != NULL)
- {
- struct group grp = { NULL, NULL, -1, NULL };
- struct group *tst = NULL;
- char tmp_buf[100];
-
- /*
- * NOTE: Do not use the getgrgid() function call! Calling this function
- * will overwrite the contents of the internal buffer associated with
- * this call. Hence, further down the execution path we will run into
- * a wall, head first; simply because the guid has changed to that of
- * the targer uid. The only solution out of the situation is avoiding
- * the function call and manage the needed buffers ourselves.
- */
-
- switch (getgrgid_r(pw->pw_gid, &grp, tmp_buf, sizeof(tmp_buf), &tst))
- {
- case 0: /* no error */
- *target_gname = strdup(grp.gr_name);
- break;
- case ERANGE:
- log_err("The buffer for holding strings is too small "
- "(%d byte now)\n", sizeof(tmp_buf));
- break;
- default:
- log_err("Could not get group name for user (%s)\n",
- *target_uname);
- }
-
- /* Test if all was well. */
-
- if (target_gname == NULL)
- {
- exit(102);
- }
- }
- else
- {
- log_err("Could not get info for the target user (%s)\n",*target_uname);
- exit(102);
- }
-
- log_no_err("target group name determined (%s -> %s)\n",
- *target_uname, *target_gname);
-
- return 0;
-}
-
-void internal_server_error(void)
-{
- /* use this when its probably an httpd.conf configuration error */
-
- puts("Status: 500 Internal Server Error\n"
- "Content-Type: text/html\n\n"
- "<html><head><title>500 Internal Server Error</title></head>\n"
- "<body><h1>Internal Server Error</h1></body></html>");
-}
-
-void forbidden_error(void)
-{
- /* use this when unix file permissions/ownerships are probably wrong */
-
- puts("Status: 403 Forbidden\n"
- "Content-Type: text/html\n\n"
- "<html><head><title>403 Forbidden</title></head>\n"
- "<body><h1>Forbidden</h1></body></html>");
-}
-
-int main(int argc, char *argv[])
-{
- int userdir = 0; /* ~userdir flag */
- uid_t uid; /* user information */
- gid_t gid; /* target group placeholder */
- uid_t httpd_uid; /* uid for AP_HTTPD_USER */
- gid_t httpd_gid; /* uid for AP_HTTPD_GROUP */
- char *mapping_type; /* suexec / X509DN / directory */
- char *grst_cred_0; /* GRST_CRED_0 */
- char *map_x509dn; /* DN to use as pool acct. key */
- char *map_directory; /* directory as pool acct. key */
-
- char *diskmode_env; /* GRST_DISK_MODE as a string */
- apr_fileperms_t diskmode_apr; /* GRST_DISK_MODE as Apache perms */
- mode_t diskmode_t; /* GRST_DISK_MODE as mode_t */
-
- char *target_uname; /* target user name */
- char *target_gname; /* target group name */
- char *target_homedir; /* target home directory */
- char *actual_uname; /* actual user name */
- char *actual_gname; /* actual group name */
- char *prog; /* name of this program */
- char *cmd; /* command to be executed */
- char cwd[AP_MAXPATH]; /* current working directory */
- char dwd[AP_MAXPATH]; /* docroot working directory */
- struct passwd *pw; /* password entry holder */
- struct group *gr; /* group entry holder */
- struct stat dir_info; /* directory info holder */
- struct stat prg_info; /* program info holder */
-
- /*
- * Start with a "clean" environment
- */
- clean_env();
-
- prog = argv[0];
- /*
- * Check existence/validity of the UID of the user
- * running this program. Error out if invalid.
- */
- uid = getuid();
- if ((pw = getpwuid(uid)) == NULL) {
- log_err("crit: invalid uid: (%ld)\n", uid);
- internal_server_error();
- exit(102);
- }
- /*
- * Check existence/validity of the GID of the user
- * running this program. Error out if invalid.
- */
- gid = getgid();
- if ((gr = getgrgid(gid)) == NULL) {
- log_err("crit: invalid gid: (%ld)\n", gid);
- internal_server_error();
- exit(102);
- }
- /*
- * See if this is a 'how were you compiled' request, and
- * comply if so.
- */
- if ((argc > 1)
- && (! strcmp(argv[1], "-V"))
- && ((uid == 0)
-#ifdef _OSD_POSIX
- /* User name comparisons are case insensitive on BS2000/OSD */
- || (! strcasecmp(AP_HTTPD_USER, pw->pw_name)))
-#else /* _OSD_POSIX */
- || (! strcmp(AP_HTTPD_USER, pw->pw_name)))
-#endif /* _OSD_POSIX */
- ) {
-#ifdef AP_DOC_ROOT
- fprintf(stderr, " -D AP_DOC_ROOT=\"%s\"\n", AP_DOC_ROOT);
-#endif
-#ifdef AP_GID_MIN
- fprintf(stderr, " -D AP_GID_MIN=%d\n", AP_GID_MIN);
-#endif
-#ifdef AP_HTTPD_USER
- fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER);
-#endif
-#ifdef AP_LOG_EXEC
- fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC);
-#endif
-#ifdef AP_SAFE_PATH
- fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH);
-#endif
-#ifdef AP_SUEXEC_UMASK
- fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK);
-#endif
-#ifdef AP_UID_MIN
- fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN);
-#endif
-#ifdef AP_USERDIR_SUFFIX
- fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX);
-#endif
- exit(0);
- }
- /*
- * If there are a proper number of arguments, set
- * all of them to variables. Otherwise, error out.
- */
- if (argc < 4) {
- log_err("too few arguments\n");
- internal_server_error();
- exit(101);
- }
-
- mapping_type = getenv("GRST_EXEC_METHOD");
- if ((mapping_type == NULL) ||
- (mapping_type[0] == '\0') ||
- (strcasecmp(mapping_type, "suexec") == 0))
- {
- target_uname = argv[1];
- target_gname = argv[2];
- mapping_type = NULL;
- }
- else if (strcasecmp(mapping_type, "X509DN") == 0)
- {
- if ((grst_cred_0 = getenv("GRST_CRED_0")) == NULL)
- map_x509dn = getenv("SSL_CLIENT_S_DN");
- else map_x509dn = index(grst_cred_0, '/');
-
- if ((map_x509dn == NULL) || (map_x509dn[0] == '\0'))
- {
- log_err("No GRST_CRED_0/SSL_CLIENT_S_DN despite X509DN mapping\n");
- forbidden_error();
- exit(151);
- }
-
- if (GRSTexecGetMapping(&target_uname, &target_gname,
- GRST_EXECMAPDIR, map_x509dn)
- != 0)
- {
- log_err("GRSTexecGetMapping() failed mapping \"%s\"\n",
- map_x509dn);
- forbidden_error();
- exit(152);
- }
- }
- else if (strcasecmp(mapping_type, "directory") == 0)
- {
- map_directory = getenv("GRST_EXEC_DIRECTORY");
- if (map_directory == NULL)
- {
- log_err("No GRST_EXEC_DIRECTORY despite directory mapping\n");
- internal_server_error();
- exit(153);
- }
-
- if (GRSTexecGetMapping(&target_uname, &target_gname,
- GRST_EXECMAPDIR, map_directory)
- != 0)
- {
- log_err("GRSTexecGetMapping() failed mapping \"%s\"\n",
- map_directory);
- internal_server_error();
- exit(154);
- }
- }
- else
- {
- log_err("mapping type \"%s\" not recognised\n", mapping_type);
- internal_server_error();
- exit(155);
- }
-
- cmd = argv[3];
-
- /*
- * Check to see if the user running this program
- * is the user allowed to do so as defined in
- * suexec.h. If not the allowed user, error out.
- */
-#ifdef _OSD_POSIX
- /* User name comparisons are case insensitive on BS2000/OSD */
- if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
- internal_server_error();
- exit(103);
- }
- /* User name comparisons are case insensitive on BS2000/OSD */
- if (strcasecmp(AP_HTTPD_GROUP, gr->gr_name)) {
- log_err("group mismatch (%s instead of %s)\n", gr->gr_name, AP_HTTPD_GROUP);
- internal_server_error();
- exit(103);
- }
-#else /*_OSD_POSIX*/
- if (strcmp(AP_HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
- internal_server_error();
- exit(103);
- }
- if (strcmp(AP_HTTPD_GROUP, gr->gr_name)) {
- log_err("group mismatch (%s instead of %s)\n", gr->gr_name, AP_HTTPD_GROUP);
- internal_server_error();
- exit(103);
- }
-#endif /*_OSD_POSIX*/
-
- /* Since they match (via name) save these for later */
-
- httpd_uid = uid;
- httpd_gid = gid;
-
- /*
- * Check for a leading '/' (absolute path) in the command to be executed,
- * or attempts to back up out of the current directory,
- * to protect against attacks. If any are
- * found, error out. Naughty naughty crackers.
- */
- if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
- || (strstr(cmd, "/../") != NULL)) {
- log_err("invalid command (%s)\n", cmd);
- internal_server_error();
- exit(104);
- }
-
- /*
- * Check to see if this is a ~userdir request. If
- * so, set the flag, and remove the '~' from the
- * target username.
- */
- if (!strncmp("~", target_uname, 1)) {
- target_uname++;
- userdir = 1;
- }
-
- /*
- * Error out if the target username is invalid.
- */
- if (strspn(target_uname, "1234567890") != strlen(target_uname)) {
- if ((pw = getpwnam(target_uname)) == NULL) {
- log_err("invalid target user name: (%s)\n", target_uname);
- internal_server_error();
- exit(105);
- }
- }
- else {
- if ((pw = getpwuid(atoi(target_uname))) == NULL) {
- log_err("invalid target user id: (%s)\n", target_uname);
- internal_server_error();
- exit(121);
- }
- }
-
- /*
- * Error out if the target group name is invalid.
- */
- if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
- if ((gr = getgrnam(target_gname)) == NULL) {
- log_err("invalid target group name: (%s)\n", target_gname);
- internal_server_error();
- exit(106);
- }
- gid = gr->gr_gid;
- actual_gname = strdup(gr->gr_name);
- }
- else {
- gid = atoi(target_gname);
- actual_gname = strdup(target_gname);
- }
-
-#ifdef _OSD_POSIX
- /*
- * Initialize BS2000 user environment
- */
- {
- pid_t pid;
- int status;
-
- switch (pid = ufork(target_uname)) {
- case -1: /* Error */
- log_err("failed to setup bs2000 environment for user %s: %s\n",
- target_uname, strerror(errno));
- internal_server_error();
- exit(150);
- case 0: /* Child */
- break;
- default: /* Father */
- while (pid != waitpid(pid, &status, 0))
- ;
- /* @@@ FIXME: should we deal with STOP signals as well? */
- if (WIFSIGNALED(status)) {
- kill (getpid(), WTERMSIG(status));
- }
- internal_server_error();
- exit(WEXITSTATUS(status));
- }
- }
-#endif /*_OSD_POSIX*/
-
- /*
- * Save these for later since initgroups will hose the struct
- */
- uid = pw->pw_uid;
- actual_uname = strdup(pw->pw_name);
- target_homedir = strdup(pw->pw_dir);
-
- /*
- * Log the transaction here to be sure we have an open log
- * before we setuid().
- */
- log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
- target_uname, actual_uname,
- target_gname, actual_gname,
- cmd);
-
- /*
- * Error out if attempt is made to execute as root or as
- * a UID less than AP_UID_MIN. Tsk tsk.
- */
- if ((uid == 0) || (uid < AP_UID_MIN)) {
- log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
- internal_server_error();
- exit(107);
- }
-
- /*
- * Error out if attempt is made to execute as root group
- * or as a GID less than AP_GID_MIN. Tsk tsk.
- */
- if ((gid == 0) || (gid < AP_GID_MIN)) {
- log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
- internal_server_error();
- exit(108);
- }
-
- /*
- * Change UID/GID here so that the following tests work over NFS.
- *
- * Initialize the group access list for the target user,
- * and setgid() to the target group. If unsuccessful, error out.
- */
- if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
- log_err("failed to setgid (%ld: %s)\n", gid, cmd);
- internal_server_error();
- exit(109);
- }
-
- /*
- * setuid() to the target user. Error out on fail.
- */
- if ((setuid(uid)) != 0) {
- log_err("failed to setuid (%ld: %s)\n", uid, cmd);
- internal_server_error();
- exit(110);
- }
-
- /*
- * Get the current working directory, as well as the proper
- * document root (dependant upon whether or not it is a
- * ~userdir request). Error out if we cannot get either one,
- * or if the current working directory is not in the docroot.
- * Use chdir()s and getcwd()s to avoid problems with symlinked
- * directories. Yuck.
- */
- if (getcwd(cwd, AP_MAXPATH) == NULL) {
- log_err("cannot get current working directory\n");
- internal_server_error();
- exit(111);
- }
-
-#if 0
- if (userdir) {
- if (((chdir(target_homedir)) != 0) ||
- ((chdir(AP_USERDIR_SUFFIX)) != 0) ||
- ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
- ((chdir(cwd)) != 0)) {
- log_err("cannot get docroot information (%s)\n", target_homedir);
- internal_server_error();
- exit(112);
- }
- }
- else {
- if (((chdir(AP_DOC_ROOT)) != 0) ||
- ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
- ((chdir(cwd)) != 0)) {
- log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT);
- internal_server_error();
- exit(113);
- }
- }
-
- if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("command not in docroot (%s/%s)\n", cwd, cmd);
- internal_server_error();
- exit(114);
- }
-#endif
-
- /*
- * Stat the cwd and verify it is a directory, or error out.
- */
- if (((lstat(cwd, &dir_info)) != 0) || !(S_ISDIR(dir_info.st_mode))) {
- log_err("cannot stat directory: (%s)\n", cwd);
- internal_server_error();
- exit(115);
- }
-
- /*
- * Error out if cwd is writable by others.
- */
- if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
- log_err("directory is writable by others: (%s)\n", cwd);
- forbidden_error();
- exit(116);
- }
-
- /*
- * Error out if we cannot stat the program.
- */
- if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
- log_err("cannot stat program: (%s)\n", cmd);
- forbidden_error();
- exit(117);
- }
-
- /*
- * Error out if the program is writable by others.
- */
- if (prg_info.st_mode & S_IWOTH) {
- log_err("file is writable by others: (%s/%s)\n", cwd, cmd);
- forbidden_error();
- exit(118);
- }
-
- /*
- * Error out if the file is setuid or setgid.
- */
- if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) {
- log_err("file is either setuid or setgid: (%s/%s)\n", cwd, cmd);
- forbidden_error();
- exit(119);
- }
-
- /*
- * Error out if the target name/group is different from
- * the name/group of the cwd or the program AND the name/group
- * of the cwd and program are not the AP_HTTPD_USER/AP_HTTPD_GROUP
- * AND the name/group of the cwd and program are not root
- */
- if (((uid != dir_info.st_uid) && (httpd_uid != dir_info.st_uid)
- && (0 != dir_info.st_uid)) ||
- ((gid != dir_info.st_gid) && (httpd_gid != dir_info.st_gid)
- && (0 != dir_info.st_gid)) ||
- ((uid != prg_info.st_uid) && (httpd_uid != prg_info.st_uid)
- && (0 != prg_info.st_uid)) ||
- ((gid != prg_info.st_gid) && (httpd_gid != prg_info.st_gid)
- && (0 != prg_info.st_gid)))
- {
- log_err("target (%ld/%ld) or %s (%ld/%ld) or root (0/0) uid/gid "
- "mismatch with directory (%ld/%ld) or program (%ld/%ld)\n",
- uid, gid, AP_HTTPD_USER, httpd_uid, httpd_gid,
- dir_info.st_uid, dir_info.st_gid,
- prg_info.st_uid, prg_info.st_gid);
- forbidden_error();
- exit(120);
- }
- /*
- * Error out if the program is not executable for the user.
- * Otherwise, she won't find any error in the logs except for
- * "[error] Premature end of script headers: ..."
- */
- if (!(prg_info.st_mode & S_IXUSR)) {
- log_err("file has no execute permission: (%s/%s)\n", cwd, cmd);
- forbidden_error();
- exit(121);
- }
-
- diskmode_env = getenv("GRST_DISK_MODE");
- if (diskmode_env != NULL)
- {
- diskmode_apr = 0;
- sscanf(diskmode_env, "%i", &diskmode_apr);
-
- diskmode_t = S_IRUSR | S_IWUSR;
-
- if (diskmode_apr & APR_GREAD ) diskmode_t |= S_IRGRP;
- if (diskmode_apr & APR_GWRITE) diskmode_t |= S_IWGRP;
- if (diskmode_apr & APR_WREAD ) diskmode_t |= S_IROTH;
-
- diskmode_t &= (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
-
-// log_err("diskmode_env=%s diskmode_apr=%x diskmode_t=%o ~diskmode_t=%o\n", diskmode_env, diskmode_apr, diskmode_t, ~diskmode_t);
-
- umask(~diskmode_t);
- }
-#ifdef AP_SUEXEC_UMASK
- else umask(AP_SUEXEC_UMASK);
-#else
- else umask(~(S_IRUSR | S_IWUSR));
-#endif /* AP_SUEXEC_UMASK */
-
- /*
- * Be sure to close the log file so the CGI can't
- * mess with it. If the exec fails, it will be reopened
- * automatically when log_err is called. Note that the log
- * might not actually be open if AP_LOG_EXEC isn't defined.
- * However, the "log" cell isn't ifdef'd so let's be defensive
- * and assume someone might have done something with it
- * outside an ifdef'd AP_LOG_EXEC block.
- */
- if (log != NULL) {
- fclose(log);
- log = NULL;
- }
-
- /*
- * Execute the command, replacing our image with its own.
- */
-#ifdef NEED_HASHBANG_EMUL
- /* We need the #! emulation when we want to execute scripts */
- {
- extern char **environ;
-
- ap_execve(cmd, &argv[3], environ);
- }
-#else /*NEED_HASHBANG_EMUL*/
- execv(cmd, &argv[3]);
-#endif /*NEED_HASHBANG_EMUL*/
-
- /*
- * (I can't help myself...sorry.)
- *
- * Uh oh. Still here. Where's the kaboom? There was supposed to be an
- * EARTH-shattering kaboom!
- *
- * Oh well, log the failure and error out.
- */
- log_err("(%d)%s: exec failed (%s)\n", errno, strerror(errno), cmd);
- internal_server_error();
- exit(255);
-}
+++ /dev/null
-/* Copyright 1999-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * suexec.h -- user-definable variables for the suexec wrapper code.
- * (See README.configure on how to customize these variables.)
- */
-
-
-#ifndef _SUEXEC_H
-#define _SUEXEC_H
-
-/*
- * Include ap_config_layout so we can work out where the default htdocsdir
- * and logsdir are.
- */
-#include "ap_config_layout.h"
-
-/*
- * HTTPD_USER -- Define as the username under which Apache normally
- * runs. This is the only user allowed to execute
- * this program.
- */
-#ifndef AP_HTTPD_USER
-#define AP_HTTPD_USER "apache"
-#endif
-
-/*
- * HTTPD_GROUP -- Define as the group under which Apache normally
- * runs. This is the only user allowed to execute
- * this program.
- */
-#ifndef AP_HTTPD_GROUP
-#define AP_HTTPD_GROUP "apache"
-#endif
-
-/*
- * UID_MIN -- Define this as the lowest UID allowed to be a target user
- * for suEXEC. For most systems, 500 or 100 is common, but
- * 99 will include user nobody on RedHat Linux systems.
- */
-#ifdef AP_UID_MIN
-#undef AP_UID_MIN
-#endif
-#define AP_UID_MIN 99
-
-/*
- * GID_MIN -- Define this as the lowest GID allowed to be a target group
- * for suEXEC. For most systems, 100 is common, but 99 will
- * include group nobody on RedHat Linux systems.
- */
-#ifdef AP_GID_MIN
-#undef AP_GID_MIN
-#endif
-#define AP_GID_MIN 99
-
-/*
- * USERDIR_SUFFIX -- Define to be the subdirectory under users'
- * home directories where suEXEC access should
- * be allowed. All executables under this directory
- * will be executable by suEXEC as the user so
- * they should be "safe" programs. If you are
- * using a "simple" UserDir directive (ie. one
- * without a "*" in it) this should be set to
- * the same value. suEXEC will not work properly
- * in cases where the UserDir directive points to
- * a location that is not the same as the user's
- * home directory as referenced in the passwd file.
- *
- * If you have VirtualHosts with a different
- * UserDir for each, you will need to define them to
- * all reside in one parent directory; then name that
- * parent directory here. IF THIS IS NOT DEFINED
- * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
- * See the suEXEC documentation for more detailed
- * information.
- */
-#ifndef AP_USERDIR_SUFFIX
-#define AP_USERDIR_SUFFIX "public_html"
-#endif
-
-/*
- * LOG_EXEC -- Define this as a filename if you want all suEXEC
- * transactions and errors logged for auditing and
- * debugging purposes.
- */
-#ifndef AP_LOG_EXEC
-#define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
-#endif
-
-/*
- * DOC_ROOT -- Define as the DocumentRoot set for Apache. This
- * will be the only hierarchy (aside from UserDirs)
- * that can be used for suEXEC behavior.
- */
-#ifndef AP_DOC_ROOT
-#define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
-#endif
-
-/*
- * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
- *
- */
-#ifndef AP_SAFE_PATH
-#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
-#endif
-
-/*
- * GRST_EXECMAPDIR -- Location of the gridmapdir-style directory of lock files
- *
- */
-#define GRST_EXECMAPDIR "/var/www/execmapdir"
-
-#endif /* _SUEXEC_H */
+++ /dev/null
-/*
- Copyright (c) 2002-5, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-#ifndef VERSION
-#define VERSION "0.0.0"
-#endif
-
-#define _GNU_SOURCE
-
-#include <pwd.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <string.h>
-#include <malloc.h>
-#include <dirent.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <sys/time.h>
-#include <sys/select.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <curl/curl.h>
-
-#include "gridsite.h"
-
-/* deal with older versions of libcurl and curl.h */
-
-#ifndef CURLOPT_WRITEDATA
-#define CURLOPT_WRITEDATA CURLOPT_FILE
-#endif
-
-#ifndef CURLOPT_READDATA
-#define CURLOPT_READDATA CURLOPT_FILE
-#endif
-
-#ifndef CURLE_HTTP_RETURNED_ERROR
-#define CURLE_HTTP_RETURNED_ERROR CURLE_HTTP_NOT_FOUND
-#endif
-
-#define HTCP_GET 1
-#define HTCP_PUT 2
-#define HTCP_DELETE 3
-#define HTCP_LIST 4
-#define HTCP_LONGLIST 5
-#define HTCP_MKDIR 6
-#define HTCP_MOVE 7
-#define HTCP_PING 8
-#define HTCP_FIND 9
-#define HTCP_RMTCP 10
-
-#define HTCP_SITECAST_GROUPS 32
-
-#define HTCP_HOST_CONF "/etc/htcp.conf"
-#define HTCP_USER_CONF ".htcp.conf"
-
-struct grst_stream_data { char *source;
- char *destination;
- int ishttps;
- int method;
- FILE *fp;
- char *cert;
- char *key;
- char *capath;
- char *useragent;
- char *errorbuf;
- int noverify;
- int anonymous;
- int gridhttp;
- int verbose;
- int timeout;
- char *groups;
- int sitecast;
- char *domain; } ;
-
-struct grst_index_blob { char *text;
- size_t used;
- size_t allocated; } ;
-
-struct grst_dir_list { char *filename;
- size_t length;
- int length_set;
- time_t modified;
- int modified_set; } ;
-
-struct grst_header_data { int retcode;
- char *location;
- char *gridhttppasscode;
- size_t length;
- int length_set;
- time_t modified;
- int modified_set;
- struct grst_stream_data *common_data; } ;
-
-struct grst_sitecast_group { unsigned char quad1; unsigned char quad2;
- unsigned char quad3; unsigned char quad4;
- int port; int timewait; int ttl; };
-
-size_t headers_callback(void *ptr, size_t size, size_t nmemb, void *p)
-/* Find the values of the return code, Content-Length, Last-Modified
- and Location headers */
-{
- float f;
- char *s, *q;
- size_t realsize;
- struct tm modified_tm;
- struct grst_header_data *header_data;
-
- header_data = (struct grst_header_data *) p;
- realsize = size * nmemb;
- s = malloc(realsize + 1);
- memcpy(s, ptr, realsize);
- s[realsize] = '\0';
-
- if (sscanf(s, "Content-Length: %d", &(header_data->length)) == 1)
- header_data->length_set = 1;
- else if (sscanf(s, "HTTP/%f %d ", &f, &(header_data->retcode)) == 2) ;
- else if (strncmp(s, "Location: ", 10) == 0)
- {
- header_data->location = strdup(&s[10]);
-
- for (q=header_data->location; *q != '\0'; ++q)
- if ((*q == '\r') || (*q == '\n')) *q = '\0';
-
- if (header_data->common_data->verbose > 0)
- fprintf(stderr, "Received Location: %s\n", header_data->location);
- }
- else if (strncmp(s, "Set-Cookie: GRIDHTTP_PASSCODE=", 29) == 0)
- {
- header_data->gridhttppasscode = strdup(&s[12]);
- q = index(header_data->gridhttppasscode, ';');
- if (q != NULL) *q = '\0';
-
- if (header_data->common_data->verbose > 0)
- fprintf(stderr, "Received GridHTTP Auth Cookie: %s\n",
- header_data->gridhttppasscode);
- }
- else if (strncmp(s, "Last-Modified: ", 15) == 0)
- {
- /* follow RFC 2616: first try RFC 822 (kosher), then RFC 850 and
- asctime() formats too. Must be GMT whatever the format. */
-
- if (strptime(&s[15], "%a, %d %b %Y %T GMT", &modified_tm) != NULL)
- {
- header_data->modified = mktime(&modified_tm);
- header_data->modified_set = 1;
- }
- else if (strptime(&s[15], "%a, %d-%b-%y %T GMT", &modified_tm) != NULL)
- {
- header_data->modified = mktime(&modified_tm);
- header_data->modified_set = 1;
- }
- else if (strptime(&s[15], "%a %b %d %T %Y", &modified_tm) != NULL)
- {
- header_data->modified = mktime(&modified_tm);
- header_data->modified_set = 1;
- }
- }
-
- free(s);
- return realsize;
-}
-
-int set_std_opts(CURL *easyhandle, struct grst_stream_data *common_data)
-{
- struct stat statbuf;
-
- curl_easy_setopt(easyhandle, CURLOPT_FOLLOWLOCATION, 0);
-
- if ((common_data->cert != NULL) && (common_data->key != NULL))
- {
- curl_easy_setopt(easyhandle, CURLOPT_SSLENGINE, NULL);
- curl_easy_setopt(easyhandle, CURLOPT_SSLCERTTYPE, "PEM");
- curl_easy_setopt(easyhandle, CURLOPT_SSLCERT, common_data->cert);
- curl_easy_setopt(easyhandle, CURLOPT_SSLKEY, common_data->key);
- }
- else
- {
- curl_easy_setopt(easyhandle, CURLOPT_SSLENGINE, "RSA");
- curl_easy_setopt(easyhandle, CURLOPT_SSLCERTTYPE, "ENG");
- }
-
- if (common_data->capath != NULL)
- {
-#if (LIBCURL_VERSION_NUM >= 0x070908)
- if ((stat(common_data->capath, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode))
- curl_easy_setopt(easyhandle, CURLOPT_CAPATH, common_data->capath);
- else
-#endif
- curl_easy_setopt(easyhandle, CURLOPT_CAINFO, common_data->capath);
- }
-
- if (common_data->noverify)
- {
- curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 0);
- curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYHOST, 0);
- }
- else
- {
- curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 2);
- curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYHOST, 2);
- }
-
- return 1;
-}
-
-int do_rmtcp(char *sources[], char *destination,
- struct grst_stream_data *common_data)
-{
- CURL *easyhandle;
- char *p, *thisdestination;
- int isrc, anyerror = 0, thiserror, isdirdest;
- struct grst_header_data header_data;
- struct curl_slist *gh_header_slist=NULL, *nogh_header_slist=NULL;
- char remoteserver[255];
-
- easyhandle = curl_easy_init();
- if( !easyhandle )
- {
- fprintf(stderr, "Cannot initialize CURL handle while preparing to copy file.\n");
- exit(-1);
- }
-
- common_data->gridhttp = 1; // for debug purpose
- if (common_data->gridhttp)
- {
- asprintf(&p, "Upgrade: GridHTTP/1.0");
- gh_header_slist = curl_slist_append(gh_header_slist, p);
- free(p);
-
- nogh_header_slist = curl_slist_append(nogh_header_slist, "Upgrade:");
- }
-
- // common_data->verbose = 1; //for debug purpose
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
-
- set_std_opts(easyhandle, common_data);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
-
- if (destination[strlen(destination) - 1] != '/')
- {
- isdirdest = 0;
- thisdestination = destination;
- }
- else isdirdest = 1;
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- if (isdirdest)
- {
- p = rindex(sources[isrc], '/');
- if (p == NULL) p = sources[isrc];
- else p++;
-
- asprintf(&thisdestination, "%s%s", destination, p);
- }
-
- if( strncmp(sources[isrc], "https://", 8) == 0 ){
- if (common_data->verbose > 0)
- fprintf(stderr, "%s -> %s\n", sources[isrc], thisdestination);
-
- curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]);
-
- if ((common_data->gridhttp) &&
- (strncmp(sources[isrc], "https://", 8) == 0))
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "Add Upgrade: GridHTTP/1.0\n");
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist);
- }
- else
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist);
-
- header_data.retcode = 0;
- header_data.location = NULL;
- header_data.gridhttppasscode = NULL;
- header_data.common_data = common_data;
- thiserror = curl_easy_perform(easyhandle);
-
- }
-
- asprintf(&p, "Destination: %s", thisdestination);
- nogh_header_slist=NULL;
- nogh_header_slist = curl_slist_append(nogh_header_slist,p);
- // fprintf(stdout, "complete destination file: %s\n", p);
- free(p);
-
- // send request to destination server,
- // to ask it to download file from source server
- strcpy( remoteserver, destination);
- while( (p=strrchr(remoteserver, '/')) !=NULL)
- {
- if( *(p-1) == '/' )break;
- else *p = '\0';
- }
-
- common_data->source = sources[isrc];
- common_data->destination = remoteserver;
- set_std_opts(easyhandle, common_data);
- // send copy request to copy server (destination)
- asprintf(&p, "COPY %s", sources[isrc]);
- curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, p);//"COPY");//gh_header_slist);
- curl_easy_setopt(easyhandle, CURLOPT_URL, remoteserver);
- curl_easy_setopt(easyhandle, CURLOPT_COOKIE, header_data.gridhttppasscode);
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, nogh_header_slist);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
- thiserror = curl_easy_perform(easyhandle);
- free(p);
- }
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-
-}
-
-int do_copies(char *sources[], char *destination,
- struct grst_stream_data *common_data)
-{
- char *p, *thisdestination;
- int isrc, anyerror = 0, thiserror, isdirdest;
- CURL *easyhandle;
- struct stat statbuf;
- struct grst_header_data header_data;
- struct curl_slist *gh_header_slist = NULL, *nogh_header_slist = NULL;
-
- easyhandle = curl_easy_init();
-
- if (common_data->gridhttp)
- {
- asprintf(&p, "Upgrade: GridHTTP/1.0");
- gh_header_slist = curl_slist_append(gh_header_slist, p);
- free(p);
-
- nogh_header_slist = curl_slist_append(nogh_header_slist, "Upgrade:");
- }
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
-
- set_std_opts(easyhandle, common_data);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
-
- if (destination[strlen(destination) - 1] != '/')
- {
- isdirdest = 0;
- thisdestination = destination;
- }
- else isdirdest = 1;
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- if (isdirdest)
- {
- p = rindex(sources[isrc], '/');
- if (p == NULL) p = sources[isrc];
- else p++;
-
- asprintf(&thisdestination, "%s%s", destination, p);
- }
-
- if (common_data->verbose > 0)
- fprintf(stderr, "Copy %s -> %s\n", sources[isrc], thisdestination);
-
- if (common_data->method == HTCP_GET)
- {
- common_data->fp = fopen(thisdestination, "w");
- if (common_data->fp == NULL)
- {
- fprintf(stderr,"... failed to open destination source file %s\n",
- thisdestination);
- anyerror = 99;
- if (isdirdest) free(thisdestination);
- continue;
- }
-
- curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, common_data->fp);
- curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]);
-
- if ((common_data->gridhttp) &&
- (strncmp(sources[isrc], "https://", 8) == 0))
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "Add Upgrade: GridHTTP/1.0\n");
-
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist);
- }
- else
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist);
- }
- else if (common_data->method == HTCP_PUT)
- {
- if (stat(sources[isrc], &statbuf) != 0)
- {
- fprintf(stderr, "... source file %s not found\n", sources[isrc]);
- anyerror = 99;
- if (isdirdest) free(thisdestination);
- continue;
- }
-
- common_data->fp = fopen(sources[isrc], "r");
- if (common_data->fp == NULL)
- {
- fprintf(stderr, "... failed to open source file %s\n",
- sources[isrc]);
- anyerror = 99;
- if (isdirdest) free(thisdestination);
- continue;
- }
-
- curl_easy_setopt(easyhandle, CURLOPT_READDATA, common_data->fp);
- curl_easy_setopt(easyhandle, CURLOPT_URL, thisdestination);
- curl_easy_setopt(easyhandle, CURLOPT_INFILESIZE, statbuf.st_size);
- curl_easy_setopt(easyhandle, CURLOPT_UPLOAD, 1);
-
- if ((common_data->gridhttp) &&
- (strncmp(thisdestination, "https://", 8) == 0))
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist);
- else
- curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist);
- }
-
- header_data.retcode = 0;
- header_data.location = NULL;
- header_data.gridhttppasscode = NULL;
- header_data.common_data = common_data;
- thiserror = curl_easy_perform(easyhandle);
-
- fclose(common_data->fp);
-
- if ((common_data->gridhttp) &&
- (thiserror == 0) &&
- (header_data.retcode == 302) &&
- (header_data.location != NULL) &&
- (strncmp(header_data.location, "http://", 7) == 0) &&
- (header_data.gridhttppasscode != NULL))
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "... Found (%d)\nGridHTTP redirect to %s\n",
- header_data.retcode, header_data.location);
-
- /* try again with new URL and all the previous CURL options */
-
- if (common_data->method == HTCP_GET)
- {
- common_data->fp = fopen(thisdestination, "w");
- if (common_data->fp == NULL)
- {
- fprintf(stderr, "... failed to open destination source "
- "file %s\n", thisdestination);
- anyerror = 99;
- if (isdirdest) free(thisdestination);
- continue;
- }
- }
- else if (common_data->method == HTCP_PUT)
- {
- common_data->fp = fopen(sources[isrc], "r");
- if (common_data->fp == NULL)
- {
- fprintf(stderr, "... failed to open source file %s\n",
- sources[isrc]);
- anyerror = 99;
- if (isdirdest) free(thisdestination);
- continue;
- }
- }
-
- header_data.retcode = 0;
- curl_easy_setopt(easyhandle, CURLOPT_URL, header_data.location);
- curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, nogh_header_slist);
- curl_easy_setopt(easyhandle, CURLOPT_COOKIE,
- header_data.gridhttppasscode);
- thiserror = curl_easy_perform(easyhandle);
-
- fclose(common_data->fp);
- }
-
- if ((thiserror != 0) ||
- (header_data.retcode >= 300))
- {
- fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n",
- common_data->errorbuf, thiserror, header_data.retcode);
-
- if (thiserror != 0) anyerror = thiserror;
- else anyerror = header_data.retcode;
- }
- else if (common_data->verbose > 0)
- fprintf(stderr, "... OK (%d)\n", header_data.retcode);
-
- if (isdirdest) free(thisdestination);
- }
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-}
-
-int do_deletes(char *sources[], struct grst_stream_data *common_data)
-{
- int isrc, anyerror = 0, thiserror;
- CURL *easyhandle;
- struct grst_header_data header_data;
-
- header_data.common_data = common_data;
-
- easyhandle = curl_easy_init();
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
- curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "DELETE");
- curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1);
-
- set_std_opts(easyhandle, common_data);
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "Deleting %s\n", sources[isrc]);
-
- curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]);
-
- header_data.retcode = 0;
- thiserror = curl_easy_perform(easyhandle);
-
- if ((thiserror != 0) ||
- (header_data.retcode >= 300))
- {
- fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n",
- common_data->errorbuf, thiserror, header_data.retcode);
-
- if (thiserror != 0) anyerror = thiserror;
- else anyerror = header_data.retcode;
- }
- else if (common_data->verbose > 0)
- fprintf(stderr, "... OK (%d)\n", header_data.retcode);
- }
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-}
-
-int do_move(char *source, char *destination,
- struct grst_stream_data *common_data)
-{
- int anyerror = 0, thiserror;
- char *destination_header;
- CURL *easyhandle;
- struct grst_header_data header_data;
- struct curl_slist *header_slist = NULL;
-
- easyhandle = curl_easy_init();
-
- header_data.common_data = common_data;
-
- easyhandle = curl_easy_init();
-
- asprintf(&destination_header, "Destination: %s", destination);
- header_slist = curl_slist_append(header_slist, destination_header);
- curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, header_slist);
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
- curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "MOVE");
- curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1);
-
- set_std_opts(easyhandle, common_data);
-
- if (common_data->verbose > 0)
- fprintf(stderr, "Moving %s to %s\n", source, destination);
-
- curl_easy_setopt(easyhandle, CURLOPT_URL, source);
-
- header_data.retcode = 0;
- thiserror = curl_easy_perform(easyhandle);
-
- if ((thiserror != 0) ||
- (header_data.retcode >= 300))
- {
- fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n",
- common_data->errorbuf, thiserror, header_data.retcode);
-
- if (thiserror != 0) anyerror = thiserror;
- else anyerror = header_data.retcode;
- }
- else if (common_data->verbose > 0)
- fprintf(stderr, "... OK (%d)\n", header_data.retcode);
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-}
-
-int do_mkdirs(char *sources[], struct grst_stream_data *common_data)
-{
- int isrc, anyerror = 0, thiserror;
- CURL *easyhandle;
- struct grst_header_data header_data;
-
- header_data.common_data = common_data;
-
- easyhandle = curl_easy_init();
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
- curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "PUT");
- curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1);
-
- set_std_opts(easyhandle, common_data);
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "Make directory %s\n", sources[isrc]);
-
- curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]);
-
- header_data.retcode = 0;
- thiserror = curl_easy_perform(easyhandle);
-
- if ((thiserror != 0) ||
- (header_data.retcode >= 300))
- {
- fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n",
- common_data->errorbuf, thiserror, header_data.retcode);
-
- if (thiserror != 0) anyerror = thiserror;
- else anyerror = header_data.retcode;
- }
- else if (common_data->verbose > 0)
- fprintf(stderr, "... OK (%d)\n", header_data.retcode);
- }
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-}
-
-int do_ping(struct grst_stream_data *common_data_ptr)
-{
- int request_length, response_length, i, ret, s, igroup;
- struct sockaddr_in srv, from;
- socklen_t fromlen;
-#define MAXBUF 8192
- char *request, response[MAXBUF], *p;
- GRSThtcpMessage msg;
- struct timeval start_timeval, wait_timeval, response_timeval;
- struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS];
- fd_set readsckts;
-
- /* parse common_data_ptr->groups */
-
- p = common_data_ptr->groups;
- igroup = -1;
-
- for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS; ++igroup)
- {
- sitecast_groups[igroup+1].port = GRST_HTCP_PORT;
- sitecast_groups[igroup+1].timewait = 1;
- sitecast_groups[igroup+1].ttl = 1;
-
- ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d",
- &(sitecast_groups[igroup+1].quad1),
- &(sitecast_groups[igroup+1].quad2),
- &(sitecast_groups[igroup+1].quad3),
- &(sitecast_groups[igroup+1].quad4),
- &(sitecast_groups[igroup+1].port),
- &(sitecast_groups[igroup+1].ttl),
- &(sitecast_groups[igroup+1].timewait));
-
- if (ret == 0) break; /* end of list ? */
-
- if (ret < 5)
- {
- fprintf(stderr, "Failed to parse multicast group "
- "parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- ++igroup;
-
- if ((p = index(p, ',')) == NULL) break;
- ++p;
- }
-
- if (igroup == -1)
- {
- fprintf(stderr, "Failed to parse multicast group parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- {
- fprintf(stderr, "Failed to open UDP socket\n");
- return CURLE_FAILED_INIT;
- }
-
- /* loop through multicast groups and send off the NOP pings */
-
- gettimeofday(&start_timeval, NULL);
-
- for (i=0; i <= igroup; ++i)
- {
- bzero(&srv, sizeof(srv));
- srv.sin_family = AF_INET;
- srv.sin_port = htons(sitecast_groups[i].port);
- srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000
- + sitecast_groups[i].quad2*0x10000
- + sitecast_groups[i].quad3*0x100
- + sitecast_groups[i].quad4);
-
- GRSThtcpNOPrequestMake(&request, &request_length,
- (int) (start_timeval.tv_usec + i));
-
- sendto(s, request, request_length, 0, (struct sockaddr *) &srv,
- sizeof(srv));
- free(request);
- }
-
- /* reusing wait_timeval is a Linux-specific feature of select() */
- wait_timeval.tv_sec = common_data_ptr->timeout
- ? common_data_ptr->timeout : 60;
- wait_timeval.tv_usec = 0;
-
- while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0))
- {
- FD_ZERO(&readsckts);
- FD_SET(s, &readsckts);
-
- ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval);
- gettimeofday(&response_timeval, NULL);
-
- if (ret > 0)
- {
- response_length = recvfrom(s, response, MAXBUF,
- 0, &from, &fromlen);
-
- if ((GRSThtcpMessageParse(&msg, response, response_length)
- == GRST_RET_OK) &&
- (msg.opcode == GRSThtcpNOPop) && (msg.rr == 1) &&
- (msg.trans_id >= (int) start_timeval.tv_usec) &&
- (msg.trans_id <= (int) (start_timeval.tv_usec + igroup)))
- {
- printf("%s:%d %.3fms\n",
- inet_ntoa(from.sin_addr),
- ntohs(from.sin_port),
- (((long) 1000000 * response_timeval.tv_sec) +
- ((long) response_timeval.tv_usec) -
- ((long) 1000000 * start_timeval.tv_sec) -
- ((long) start_timeval.tv_usec)) / 1000.0);
- }
- }
- }
-
- return GRST_RET_OK;
-}
-
-int do_finds(char *sources[],
- struct grst_stream_data *common_data_ptr, int num)
-{
- int isrc;
-
- int request_length, response_length, i, ret, s, igroup;
- struct sockaddr_in srv, from;
- socklen_t fromlen;
-#define MAXBUF 8192
- char *request, response[MAXBUF], *p;
- GRSThtcpMessage msg;
- struct timeval start_timeval, wait_timeval;
- struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS];
- fd_set readsckts;
-
- /* parse common_data_ptr->groups */
-
- if (common_data_ptr->groups == NULL)
- {
- fprintf(stderr, "No multicast groups given\n");
- return CURLE_FAILED_INIT;
- }
-
- p = common_data_ptr->groups;
- igroup = -1;
-
- for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS;)
- {
- sitecast_groups[igroup+1].port = GRST_HTCP_PORT;
- sitecast_groups[igroup+1].timewait = 1;
- sitecast_groups[igroup+1].ttl = 1;
-
- ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d",
- &(sitecast_groups[igroup+1].quad1),
- &(sitecast_groups[igroup+1].quad2),
- &(sitecast_groups[igroup+1].quad3),
- &(sitecast_groups[igroup+1].quad4),
- &(sitecast_groups[igroup+1].port),
- &(sitecast_groups[igroup+1].ttl),
- &(sitecast_groups[igroup+1].timewait));
-
- if (ret == 0) break; /* end of list ? */
-
- if (ret < 5)
- {
- fprintf(stderr, "Failed to parse multicast group "
- "parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- ++igroup;
-
- if ((p = index(p, ',')) == NULL) break;
- ++p;
- }
-
- if (igroup == -1)
- {
- fprintf(stderr, "Failed to parse multicast group parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- {
- fprintf(stderr, "Failed to open UDP socket\n");
- return CURLE_FAILED_INIT;
- }
-
- /* loop through multicast groups since we need to take each
- ones timewait into account */
-
- gettimeofday(&start_timeval, NULL);
-
- for (i=0; i <= igroup; ++i)
- {
- if (common_data_ptr->verbose)
- fprintf(stderr, "Querying multicast group %d.%d.%d.%d:%d:%d:%d\n",
- sitecast_groups[i].quad1, sitecast_groups[i].quad2,
- sitecast_groups[i].quad3, sitecast_groups[i].quad4,
- sitecast_groups[i].port, sitecast_groups[i].ttl,
- sitecast_groups[i].timewait);
-
- bzero(&srv, sizeof(srv));
- srv.sin_family = AF_INET;
- srv.sin_port = htons(sitecast_groups[i].port);
- srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000
- + sitecast_groups[i].quad2*0x10000
- + sitecast_groups[i].quad3*0x100
- + sitecast_groups[i].quad4);
-
- /* send off queries, one for each source file */
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- GRSThtcpTSTrequestMake(&request, &request_length,
- (int) (start_timeval.tv_usec + isrc),
- "GET", sources[isrc], "");
-
- sendto(s, request, request_length, 0,
- (struct sockaddr *) &srv, sizeof(srv));
-
- free(request);
- }
-
- /* reusing wait_timeval is a Linux-specific feature of select() */
- wait_timeval.tv_usec = 0;
- wait_timeval.tv_sec = sitecast_groups[i].timewait;
-
- while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0))
- {
- FD_ZERO(&readsckts);
- FD_SET(s, &readsckts);
-
- ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval);
-
- if (ret > 0)
- {
- response_length = recvfrom(s, response, MAXBUF,
- 0, &from, &fromlen);
-
- if ((GRSThtcpMessageParse(&msg, response, response_length)
- == GRST_RET_OK) &&
- (msg.opcode == GRSThtcpTSTop) && (msg.rr == 1) &&
- (msg.trans_id >= (int) start_timeval.tv_usec) &&
- (msg.trans_id < (int) (start_timeval.tv_usec + num)) &&
- (msg.resp_hdrs != NULL) &&
- (GRSThtcpCountstrLen(msg.resp_hdrs) > 12))
- {
- if (num > 1) printf("%s -> %.*s\n",
- sources[msg.trans_id - (int) start_timeval.tv_usec],
- GRSThtcpCountstrLen(msg.resp_hdrs) - 12,
- &(msg.resp_hdrs->text[10]));
- else printf("%.*s\n",
- GRSThtcpCountstrLen(msg.resp_hdrs) - 12,
- &(msg.resp_hdrs->text[10]));
- }
- }
- }
-
- }
-
- return GRST_RET_OK;
-}
-
-int translate_sitecast_url(char **source_ptr,
- struct grst_stream_data *common_data_ptr)
-{
- int request_length, response_length, i, ret, s, igroup;
- struct sockaddr_in srv, from;
- socklen_t fromlen;
-#define MAXBUF 8192
- char *request, response[MAXBUF], *p;
- GRSThtcpMessage msg;
- struct timeval start_timeval, wait_timeval;
- struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS];
- fd_set readsckts;
-
- /* parse common_data_ptr->groups */
-
- if (common_data_ptr->groups == NULL)
- {
- fprintf(stderr, "No multicast groups given\n");
- return CURLE_FAILED_INIT;
- }
-
- p = common_data_ptr->groups;
- igroup = -1;
-
- for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS;)
- {
- sitecast_groups[igroup+1].port = GRST_HTCP_PORT;
- sitecast_groups[igroup+1].timewait = 1;
- sitecast_groups[igroup+1].ttl = 1;
-
- ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d",
- &(sitecast_groups[igroup+1].quad1),
- &(sitecast_groups[igroup+1].quad2),
- &(sitecast_groups[igroup+1].quad3),
- &(sitecast_groups[igroup+1].quad4),
- &(sitecast_groups[igroup+1].port),
- &(sitecast_groups[igroup+1].ttl),
- &(sitecast_groups[igroup+1].timewait));
-
- if (ret == 0) break; /* end of list ? */
-
- if (ret < 5)
- {
- fprintf(stderr, "Failed to parse multicast group "
- "parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- ++igroup;
-
- if ((p = index(p, ',')) == NULL) break;
- ++p;
- }
-
- if (igroup == -1)
- {
- fprintf(stderr, "Failed to parse multicast group parameter %s\n", p);
- return CURLE_FAILED_INIT;
- }
-
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- {
- fprintf(stderr, "Failed to open UDP socket\n");
- return CURLE_FAILED_INIT;
- }
-
- /* loop through multicast groups since we need to take each
- ones timewait into account */
-
- gettimeofday(&start_timeval, NULL);
-
- for (i=0; i <= igroup; ++i)
- {
- if (common_data_ptr->verbose)
- fprintf(stderr, "Querying multicast group %d.%d.%d.%d:%d:%d:%d\n",
- sitecast_groups[i].quad1, sitecast_groups[i].quad2,
- sitecast_groups[i].quad3, sitecast_groups[i].quad4,
- sitecast_groups[i].port, sitecast_groups[i].ttl,
- sitecast_groups[i].timewait);
-
- bzero(&srv, sizeof(srv));
- srv.sin_family = AF_INET;
- srv.sin_port = htons(sitecast_groups[i].port);
- srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000
- + sitecast_groups[i].quad2*0x10000
- + sitecast_groups[i].quad3*0x100
- + sitecast_groups[i].quad4);
-
- /* send off queries, one for each source file */
-
- GRSThtcpTSTrequestMake(&request, &request_length,
- (int) (start_timeval.tv_usec),
- "GET", *source_ptr, "");
-
- sendto(s, request, request_length, 0,
- (struct sockaddr *) &srv, sizeof(srv));
-
- free(request);
-
- /* reusing wait_timeval is a Linux-specific feature of select() */
- wait_timeval.tv_usec = 0;
- wait_timeval.tv_sec = sitecast_groups[i].timewait;
-
- while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0))
- {
- FD_ZERO(&readsckts);
- FD_SET(s, &readsckts);
-
- ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval);
-
- if (ret > 0)
- {
- response_length = recvfrom(s, response, MAXBUF,
- 0, &from, &fromlen);
-
- if ((GRSThtcpMessageParse(&msg, response, response_length)
- == GRST_RET_OK) &&
- (msg.opcode == GRSThtcpTSTop) && (msg.rr == 1) &&
- (msg.trans_id == (int) start_timeval.tv_usec) &&
- (msg.resp_hdrs != NULL) &&
- (GRSThtcpCountstrLen(msg.resp_hdrs) > 12))
- {
- /* found one */
-
- if (common_data_ptr->verbose > 0)
- fprintf(stderr, "Sitecast %s -> %.*s\n",
- *source_ptr,
- GRSThtcpCountstrLen(msg.resp_hdrs) - 12,
- &(msg.resp_hdrs->text[10]));
-
- free(*source_ptr);
-
- asprintf(source_ptr, "%.*s",
- GRSThtcpCountstrLen(msg.resp_hdrs) - 12,
- &(msg.resp_hdrs->text[10]));
-
- return GRST_RET_OK;
- }
- }
- }
-
- }
-
- return GRST_RET_OK;
-}
-
-size_t rawindex_callback(void *ptr, size_t size, size_t nmemb, void *data)
-{
- if ( ((struct grst_index_blob *) data)->used + size * nmemb >=
- ((struct grst_index_blob *) data)->allocated )
- {
- ((struct grst_index_blob *) data)->allocated =
- ((struct grst_index_blob *) data)->used + size * nmemb + 4096;
-
- ((struct grst_index_blob *) data)->text =
- realloc( ((struct grst_index_blob *) data)->text,
- ((struct grst_index_blob *) data)->allocated );
- }
-
- memcpy( &( ((struct grst_index_blob *)
- data)->text[((struct grst_index_blob *) data)->used] ),
- ptr, size * nmemb);
-
- ((struct grst_index_blob *) data)->used += size * nmemb;
-
- return size * nmemb;
-}
-
-char *canonicalise(char *link, char *source)
-{
- int i, j, srclen;
- char *s;
-
- srclen = strlen(source);
-
- if ((strncmp(link, "https://", 8) == 0) ||
- (strncmp(link, "http://", 7) == 0))
- {
- if (strncmp(link, source, srclen) != 0) return NULL; /* other site */
-
- if (link[srclen] == '\0') return NULL; /* we dont self-link! */
-
- for (i=0; link[srclen + i] != '\0'; ++i)
- if (link[srclen + i] == '/')
- {
- if (link[srclen + i + 1] != '\0') return NULL; /* no subdirs */
- else return strdup(&link[srclen]); /* resolves to this dir */
- }
- }
- else if (link[0] != '/') /* relative link - need to check for subsubdirs */
- {
- for (i=0; link[i] != '\0'; ++i)
- if ((link[i] == '/') && (link[i+1] != '\0')) return NULL;
-
- s = strdup(link);
-
- for (i=0; s[i] != '\0'; ++i)
- if (s[i] == '#')
- {
- s[i] = '\0';
- break;
- }
-
- return s;
- }
-
- /* absolute link on this server, starting / */
-
- for (i=8; source[i] != '\0'; ++i) if (source[i] == '/') break;
-
- if (strncmp(link, &source[i], srclen - i) != 0) return NULL;
-
- for (j = srclen - i; link[j] != '\0'; ++j)
- if ((link[j] == '/') && (link[j+1] != '\0')) return NULL;
-
- s = strdup(&link[srclen - i]);
-
- for (i=0; s[i] != '\0'; ++i)
- if (s[i] == '#')
- {
- s[i] = '\0';
- break;
- }
-
- if (s[0] == '\0') /* on second thoughts... */
- {
- free(s);
- return NULL;
- }
-
- return s;
-}
-
-int grst_dir_list_cmp(const void *a, const void *b)
-{
- return strcmp( ((struct grst_dir_list *) a)->filename,
- ((struct grst_dir_list *) b)->filename);
-}
-
-struct grst_dir_list *index_to_dir_list(char *text, char *source)
-{
- int taglevel = 0, wordnew = 1, i, namestart, used = 0,
- allocated = 256;
- char *p, *s;
- struct grst_dir_list *list;
-
- list = (struct grst_dir_list *)
- malloc(allocated * sizeof(struct grst_dir_list));
-
- list[0].filename = NULL;
- list[0].length = 0;
- list[0].length_set = 0;
- list[0].modified = 0;
- list[0].modified_set = 0;
-
- for (p=text; *p != '\0'; ++p)
- {
- if (*p == '<')
- {
- ++taglevel;
-
- if ((taglevel == 1) && (list[used].filename != NULL))
- {
- ++used;
- if (used >= allocated)
- {
- allocated += 256;
- list = (struct grst_dir_list *)
- realloc((void *) list,
- allocated * sizeof(struct grst_dir_list));
- }
-
- list[used].filename = NULL;
- list[used].length = 0;
- list[used].length_set = 0;
- list[used].modified = 0;
- list[used].modified_set = 0;
- }
-
- wordnew = 1;
- continue;
- }
-
- if (*p == '>')
- {
- --taglevel;
- wordnew = 1;
- continue;
- }
-
- if (isspace(*p))
- {
- wordnew = 1;
- continue;
- }
-
- if ((wordnew) && (taglevel == 1))
- {
- if (((*p == 'h') || (*p == 'H')) &&
- (strncasecmp(p, "href=", 5) == 0))
- {
- if (p[5] == '"') { namestart = 6;
- for (i=namestart; (p[i] != '\0') &&
- (p[i] != '"' ) &&
- (p[i] != '\n') &&
- (p[i] != '\t') &&
- (p[i] != '>' ) ; ++i) ; }
- else { namestart = 5;
- for (i=namestart; (p[i] != '\0') &&
- (p[i] != '"' ) &&
- (p[i] != ' ' ) &&
- (p[i] != '\n') &&
- (p[i] != '\t') &&
- (p[i] != ')' ) &&
- (p[i] != '>' ) ; ++i) ; }
- if (i > namestart)
- {
- s = malloc(1 + i - namestart);
- memcpy(s, &p[namestart], i - namestart);
- s[i - namestart] = '\0';
-
- list[used].filename = canonicalise(s, source);
- free(s);
- }
-
- p = &p[i-1]; /* -1 since continue results in ++i */
- continue;
- }
-
- if (((*p == 'c') || (*p == 'C')) &&
- (strncasecmp(p, "content-length=", 15) == 0))
- {
- list[used].length = 0;
- list[used].length_set = 1;
-
- if (p[15] == '"') list[used].length = atoi(&p[16]);
- else list[used].length = atoi(&p[15]);
-
- p = &p[15];
- continue;
- }
-
- if (((*p == 'l') || (*p == 'L')) &&
- (strncasecmp(p, "last-modified=", 14) == 0))
- {
- list[used].modified = 0;
- list[used].modified_set = 1;
-
- if (p[14] == '"') list[used].modified = atoi(&p[15]);
- else list[used].modified = atoi(&p[14]);
-
- p = &p[14];
- continue;
- }
- }
-
- wordnew = 0;
- }
-
- qsort((void *) list, used, sizeof(struct grst_dir_list), grst_dir_list_cmp);
-
- return list;
-}
-
-int do_listings(char *sources[], struct grst_stream_data *common_data,
- int islonglist)
-{
- int isrc, anyerror = 0, thiserror, i, isdir, ilast;
- CURL *easyhandle;
- const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
- char *s;
- struct grst_index_blob rawindex;
- struct grst_dir_list *list;
- struct grst_header_data header_data;
- struct tm modified_tm;
- time_t now;
-
- time(&now);
-
- header_data.common_data = common_data;
-
- easyhandle = curl_easy_init();
-
- curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent);
- if (common_data->verbose > 1)
- curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1);
-
- curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data);
- curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback);
-
- curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf);
-
- set_std_opts(easyhandle, common_data);
-
- for (isrc=0; sources[isrc] != NULL; ++isrc)
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "Listing %s\n", sources[isrc]);
-
- if (sources[1] != NULL) printf("\n%s:\n", sources[isrc]);
-
- curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]);
-
- if (sources[isrc][strlen(sources[isrc])-1] == '/')
- {
- isdir = 1;
- curl_easy_setopt(easyhandle,CURLOPT_WRITEFUNCTION,rawindex_callback);
- curl_easy_setopt(easyhandle,CURLOPT_WRITEDATA,(void *) &rawindex);
- curl_easy_setopt(easyhandle,CURLOPT_NOBODY,0);
- rawindex.text = NULL;
- rawindex.used = 0;
- rawindex.allocated = 0;
- }
- else
- {
- isdir = 0;
- curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, NULL);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, NULL);
- curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1);
- }
-
- header_data.gridhttppasscode = NULL;
- header_data.length_set = 0;
- header_data.modified_set = 0;
- header_data.retcode = 0;
- thiserror = curl_easy_perform(easyhandle);
-
- if ((thiserror != 0) ||
- (header_data.retcode >= 300))
- {
- fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n",
- common_data->errorbuf, thiserror, header_data.retcode);
-
- if (thiserror != 0) anyerror = thiserror;
- else anyerror = header_data.retcode;
- }
- else if (isdir)
- {
- if (common_data->verbose > 0)
- fprintf(stderr, "... OK (%d)\n", header_data.retcode);
-
- rawindex.text[rawindex.used] = '\0';
-
- list = index_to_dir_list(rawindex.text, sources[isrc]);
- ilast = -1;
-
- for (i=0; list[i].filename != NULL; ++i)
- {
- if (list[i].filename[0] == '.') continue;
-
- if (strncmp(list[i].filename, "mailto:", 7) == 0) continue;
-
- if ((ilast >= 0) &&
- (strcmp(list[i].filename, list[ilast].filename) == 0))
- continue;
- ilast=i;
-
- if (islonglist)
- {
- if (!list[i].length_set || !list[i].modified_set)
- {
- curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION,
- NULL);
- curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, NULL);
- curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1);
-
- asprintf(&s, "%s%s", sources[isrc], list[i].filename);
- curl_easy_setopt(easyhandle, CURLOPT_URL, s);
-
- header_data.gridhttppasscode = NULL;
- header_data.length_set = 0;
- header_data.modified_set = 0;
- header_data.retcode = 0;
- thiserror = curl_easy_perform(easyhandle);
- free(s);
-
- if ((thiserror == 0) &&
- (header_data.retcode >= 200) &&
- (header_data.retcode <= 299))
- {
- if (header_data.length_set)
- {
- list[i].length_set = 1;
- list[i].length = header_data.length;
- }
-
- if (header_data.modified_set)
- {
- list[i].modified_set = 1;
- list[i].modified = header_data.modified;
- }
- }
- }
-
- if (list[i].length_set) printf("%10ld ", list[i].length);
- else fputs(" ? ", stdout);
-
- if (list[i].modified_set)
- {
- localtime_r(&(list[i].modified), &modified_tm);
-
- if (list[i].modified < now - 15552000)
- printf("%s %2d %4d ",
- months[modified_tm.tm_mon],
- modified_tm.tm_mday,
- modified_tm.tm_year + 1900);
- else printf("%s %2d %02d:%02d ",
- months[modified_tm.tm_mon],
- modified_tm.tm_mday,
- modified_tm.tm_hour,
- modified_tm.tm_min);
- }
- else fputs(" ? ? ? ", stdout);
- }
-
- puts(list[i].filename);
- }
- }
- else
- {
- if (islonglist)
- {
- printf("%10ld ", header_data.length);
-
- localtime_r(&(header_data.modified), &modified_tm);
-
- if (header_data.modified < now - 15552000)
- printf("%s %2d %4d ",
- months[modified_tm.tm_mon],
- modified_tm.tm_mday,
- modified_tm.tm_year + 1900);
- else printf("%s %2d %02d:%02d ",
- months[modified_tm.tm_mon],
- modified_tm.tm_mday,
- modified_tm.tm_hour,
- modified_tm.tm_min);
- }
-
- puts(sources[isrc]);
- }
- }
-
- curl_easy_cleanup(easyhandle);
-
- return anyerror;
-}
-
-#if (LIBCURL_VERSION_NUM < 0x070908)
-char *make_tmp_ca_roots(char *dir)
-/* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory,
- so we make a temporary file with the concatenated CA root certs: that
- is, all the files in that directory which end in .0 */
-{
- int ofd, ifd, c;
- size_t size;
- char tmp_ca_roots[] = "/tmp/.ca-roots-XXXXXX", buffer[4096], *s;
- DIR *rootsDIR;
- struct dirent *root_ent;
-
- if ((rootsDIR = opendir(dir)) == NULL) return NULL;
-
- if ((ofd = mkstemp(tmp_ca_roots)) == -1)
- {
- closedir(rootsDIR);
- return NULL;
- }
-
- while ((root_ent = readdir(rootsDIR)) != NULL)
- {
- if ((root_ent->d_name[0] != '.') &&
- (strlen(root_ent->d_name) > 2) &&
- (strncmp(&(root_ent->d_name[strlen(root_ent->d_name)-2]),
- ".0", 2) == 0))
- {
- asprintf(&s, "%s/%s", dir, root_ent->d_name);
- ifd = open(s, O_RDONLY);
- free(s);
-
- if (ifd != -1)
- {
- while ((size = read(ifd, buffer, sizeof(buffer))) > 0)
- write(ofd, buffer, size);
- close(ifd);
- }
- }
- }
-
- closedir(rootsDIR);
-
- if (close(ofd) == 0) return strdup(tmp_ca_roots);
-
- unlink(tmp_ca_roots); /* try to clean up */
-
- return NULL;
-}
-#endif
-
-void printsyntax(char *argv0)
-{
- char *p;
-
- p = rindex(argv0, '/');
- if (p != NULL) ++p;
- else p = argv0;
-
- fprintf(stderr, "%s [options] Source-URL[s] [Destination URL]\n"
- "%s is one of a set of clients to fetch files or directory listings\n"
-"from remote servers using HTTP or HTTPS, or to put or delete files or\n"
-"directories onto remote servers using HTTPS. htcp is similar to scp(1)\n"
-"but uses HTTP/HTTPS rather than ssh as its transfer protocol.\n"
-"See the htcp(1) or http://www.gridsite.org/ for details.\n"
-"(Version: %s)\n", p, p, VERSION);
-}
-
-struct option long_options[] = { {"verbose", 0, 0, 'v'},
- {"cert", 1, 0, 0},
- {"key", 1, 0, 0},
- {"capath", 1, 0, 0},
- {"delete", 0, 0, 0},
- {"list", 0, 0, 0},
- {"long-list", 0, 0, 0},
- {"mkdir", 0, 0, 0},
- {"no-verify", 0, 0, 0},
- {"anon", 0, 0, 0},
- {"grid-http", 0, 0, 0},
- {"move", 0, 0, 0},
- {"ping", 0, 0, 0},
- {"groups", 1, 0, 0},
- {"timeout", 1, 0, 0},
- {"sitecast", 0, 0, 0},
- {"domain", 1, 0, 0},
- {"find", 0, 0, 0},
- {"rmtcp", 0, 0, 0},
- {"conf", 1, 0, 0},
- {0, 0, 0, 0} };
-
-int update_common_data(struct grst_stream_data *, int, char *);
-
-void parse_conf(struct grst_stream_data *common_data_ptr, char *conf_file)
-{
- int option_index;
- char line[1001], *p;
- FILE *fp;
-
- fp = fopen(conf_file, "r");
- if (fp == NULL)
- {
- if (common_data_ptr->verbose)
- fprintf(stderr, "Failed to open configuration file %s\n", conf_file);
- return;
- }
-
- if (common_data_ptr->verbose)
- fprintf(stderr, "Opened configuration file %s\n", conf_file);
-
- while (fgets(line, sizeof(line), fp) != NULL)
- {
- if ((p = index(line, '\n')) != NULL) *p = '\0';
-
- for (option_index=0;
- long_options[option_index].name != NULL; ++option_index)
- {
- if (long_options[option_index].has_arg &&
- (strncmp(line, long_options[option_index].name,
- strlen(long_options[option_index].name)) == 0) &&
- (line[strlen(long_options[option_index].name)] == '='))
- {
- update_common_data(common_data_ptr, option_index,
- strdup(&line[strlen(long_options[option_index].name) + 1]));
- break;
- }
-
- if (!long_options[option_index].has_arg &&
- (strcmp(line, long_options[option_index].name) == 0))
- {
- update_common_data(common_data_ptr, option_index, "");
- break;
- }
- }
- }
-
- fclose(fp);
-}
-
-int update_common_data(struct grst_stream_data *common_data_ptr,
- int option_index, char *optarg)
-{
- if (option_index == 1) common_data_ptr->cert = optarg;
- else if (option_index == 2) common_data_ptr->key = optarg;
- else if (option_index == 3) common_data_ptr->capath = optarg;
- else if (option_index == 4) common_data_ptr->method = HTCP_DELETE;
- else if (option_index == 5) common_data_ptr->method = HTCP_LIST;
- else if (option_index == 6) common_data_ptr->method = HTCP_LONGLIST;
- else if (option_index == 7) common_data_ptr->method = HTCP_MKDIR;
- else if (option_index == 8) common_data_ptr->noverify = 1;
- else if (option_index == 9) common_data_ptr->anonymous = 1;
- else if (option_index ==10) common_data_ptr->gridhttp = 1;
- else if (option_index ==11) common_data_ptr->method = HTCP_MOVE;
- else if (option_index ==12) common_data_ptr->method = HTCP_PING;
- else if (option_index ==13) common_data_ptr->groups = optarg;
- else if (option_index ==14) common_data_ptr->timeout = atoi(optarg);
- else if (option_index ==15) common_data_ptr->sitecast = 1;
- else if (option_index ==16) { common_data_ptr->sitecast = 1;
- common_data_ptr->domain = optarg; }
- else if (option_index ==17) common_data_ptr->method = HTCP_FIND;
- else if (option_index ==18) { printf("OK\n");common_data_ptr->method = HTCP_RMTCP;}
- /* option_index == 19 is used by the --conf command line-only option */
- else return GRST_RET_FAILED;
-
- return GRST_RET_OK;
-}
-
-int main(int argc, char *argv[])
-{
- char **sources, *destination = NULL, *executable, *p, *htcp_conf;
- int c, i, option_index, anyerror;
- struct stat statbuf;
- struct grst_stream_data common_data;
- struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS];
- struct passwd *userpasswd;
-
-#if (LIBCURL_VERSION_NUM < 0x070908)
- char *tmp_ca_roots = NULL;
-#endif
-
- if (argc == 1)
- {
- printsyntax(argv[0]);
- return 0;
- }
-
- common_data.cert = NULL;
- common_data.key = NULL;
- common_data.capath = NULL;
- common_data.method = 0;
- common_data.errorbuf = malloc(CURL_ERROR_SIZE);
- asprintf(&(common_data.useragent),
- "htcp/%s (http://www.gridsite.org/)", VERSION);
- common_data.verbose = 0;
- common_data.noverify = 0;
- common_data.anonymous = 0;
- common_data.gridhttp = 0;
-
- common_data.groups = NULL;
- common_data.timeout = 0;
- common_data.sitecast = 0;
- common_data.domain = NULL;
-
- if ((argc > 1) && ((strcmp(argv[1], "--verbose") == 0) ||
- (strcmp(argv[1], "-v") == 0))) common_data.verbose = 1;
-
- /* examine any configuration files */
-
- parse_conf(&common_data, HTCP_HOST_CONF);
-
- userpasswd = getpwuid(geteuid());
- asprintf(&htcp_conf, "%s/%s", userpasswd->pw_dir, HTCP_USER_CONF);
- parse_conf(&common_data, htcp_conf);
- free(htcp_conf);
-
- htcp_conf = getenv("HTCP_CONF");
- if (htcp_conf != NULL) parse_conf(&common_data, htcp_conf);
-
- common_data.verbose = 0;
-
- while (1)
- {
- option_index = 0;
-
- c = getopt_long(argc, argv, "v", long_options, &option_index);
-
- if (c == -1) break;
- else if (c == 0)
- {
- if (option_index == 19) parse_conf(&common_data, optarg);
- else update_common_data(&common_data, option_index, optarg);
- }
- else if (c == 'v') ++(common_data.verbose);
- }
-
- if (common_data.verbose > 0)
- {
- p = rindex(argv[0], '/');
- if (p != NULL) ++p;
- else p = argv[0];
- fprintf(stderr, "%s version %s\n", p, VERSION);
- }
-
- if (common_data.anonymous) /* prevent any use of user certs */
- {
- common_data.cert = NULL;
- common_data.key = NULL;
- }
- else if ((common_data.cert == NULL) && (common_data.key != NULL))
- common_data.cert = common_data.key;
- else if ((common_data.cert != NULL) && (common_data.key == NULL))
- common_data.key = common_data.cert;
- else if ((common_data.cert == NULL) && (common_data.key == NULL))
- {
- common_data.cert = getenv("X509_USER_PROXY");
- if (common_data.cert != NULL) common_data.key = common_data.cert;
- else
- {
- asprintf(&(common_data.cert), "/tmp/x509up_u%d", geteuid());
-
- /* one fine day, we will check the proxy file for expiry too ... */
-
- if (stat(common_data.cert, &statbuf) == 0)
- common_data.key = common_data.cert;
- else
- {
- common_data.cert = getenv("X509_USER_CERT");
- common_data.key = getenv("X509_USER_KEY");
-
- if ((common_data.cert == NULL) &&
- (userpasswd != NULL) &&
- (userpasswd->pw_dir != NULL))
- asprintf(&(common_data.cert), "%s/.globus/usercert.pem",
- userpasswd->pw_dir);
-
- if ((common_data.key == NULL) &&
- (userpasswd != NULL) &&
- (userpasswd->pw_dir != NULL))
- asprintf(&(common_data.key), "%s/.globus/userkey.pem",
- userpasswd->pw_dir);
- }
- }
- }
-
- if (common_data.capath == NULL) common_data.capath = getenv("X509_CERT_DIR");
-
- if (common_data.capath == NULL)
- common_data.capath = "/etc/grid-security/certificates";
-
-#if (LIBCURL_VERSION_NUM < 0x070908)
- /* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory */
-
- if ((common_data.capath != NULL) &&
- (stat(common_data.capath, &statbuf) == 0) && S_ISDIR(statbuf.st_mode))
- {
- tmp_ca_roots = make_tmp_ca_roots(common_data.capath);
- common_data.capath = tmp_ca_roots;
- }
-#endif
-
- executable = rindex(argv[0], '/');
- if (executable != NULL) executable++;
- else executable = argv[0];
-
- if (common_data.method == 0) /* command-line options override exec name */
- {
- if (strcmp(executable,"htls")==0) common_data.method=HTCP_LIST;
- else if (strcmp(executable,"htll")==0) common_data.method=HTCP_LONGLIST;
- else if (strcmp(executable,"htrm")==0) common_data.method=HTCP_DELETE;
- else if (strcmp(executable,"htmkdir")==0) common_data.method=HTCP_MKDIR;
- else if (strcmp(executable,"htmv")==0) common_data.method=HTCP_MOVE;
- else if (strcmp(executable,"htping")==0) common_data.method=HTCP_PING;
- else if (strcmp(executable,"htfind")==0) common_data.method=HTCP_FIND;
- else if (strcmp(executable,"htrmtcp")==0) common_data.method=HTCP_RMTCP;
- }
-
- if (common_data.method == HTCP_PING)
- {
- if (common_data.groups != NULL) return do_ping(&common_data);
-
- fprintf(stderr, "Must specify at least one multicast group\n\n");
- printsyntax(argv[0]);
- return CURLE_FAILED_INIT;
- }
-
- if ((common_data.method == HTCP_DELETE) ||
- (common_data.method == HTCP_LIST) ||
- (common_data.method == HTCP_FIND) ||
- (common_data.method == HTCP_MKDIR) ||
- (common_data.method == HTCP_LONGLIST))
- {
- if (optind >= argc)
- {
- fprintf(stderr, "Must give at least 1 non-option argument\n\n");
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- sources = (char **) malloc(sizeof(char *) * (1 + argc - optind));
- for (i=0; i < argc - optind; ++i)
- {
- sources[i] = argv[optind + i];
-
- if ((common_data.method == HTCP_MKDIR) &&
- (sources[i][strlen(sources[i])-1] != '/'))
- {
- fprintf(stderr, "Argument \"%s\" is not a "
- "directory URL (no trailing /)\n\n", sources[i]);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
- }
-
- sources[i] = NULL;
-
- if (common_data.method == HTCP_DELETE)
- anyerror = do_deletes(sources, &common_data);
- else if (common_data.method == HTCP_MKDIR)
- anyerror = do_mkdirs(sources, &common_data);
- else if (common_data.method == HTCP_FIND)
- anyerror = do_finds(sources, &common_data, argc - optind);
- else if (common_data.method == HTCP_LONGLIST)
- anyerror = do_listings(sources, &common_data, 1);
- else anyerror = do_listings(sources, &common_data, 0);
-
- if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR;
-
- return anyerror;
- }
-
- if (common_data.method == HTCP_MOVE)
- {
- if (optind >= argc - 1)
- {
- fputs("Must give exactly 2 non-option arguments\n\n", stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- anyerror = do_move(argv[optind], argv[optind + 1], &common_data);
-
- if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR;
-
- return anyerror;
- }
-
- if (optind >= argc - 1)
- {
- fputs("Must give at least 2 non-option arguments\n\n", stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- sources = (char **) malloc(sizeof(char *) * (argc - optind));
-
- for (i=0; i < (argc - optind - 1); ++i)
- {
- if (strncmp(argv[optind + i], "file:", 5) == 0)
- sources[i] = strdup(&argv[optind + i][5]);
- else sources[i] = strdup(argv[optind + i]);
-
- if (sources[i][0] == '\0')
- {
- fprintf(stderr, "Source argument %d is empty\n\n", i + 1);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
- }
-
- sources[i] = NULL;
-
- if (strncmp(argv[optind+i], "file:", 5) == 0)
- {
- if ((argv[optind+i][strlen(argv[optind+i]) - 1] != '/') &&
- (stat(&argv[optind + i][5], &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode))
- asprintf(&destination, "%s/", &argv[optind + i][5]);
- else destination = strdup(&argv[optind + i][5]);
- }
- else if ((strncmp(argv[optind+i], "http://", 7) != 0) &&
- (strncmp(argv[optind+i], "https://", 8) != 0))
- {
- if ((argv[optind+i][strlen(argv[optind+i]) - 1] != '/') &&
- (stat(argv[optind+i], &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode))
- asprintf(&destination, "%s/", argv[optind+i]);
- else destination = strdup(argv[optind+i]);
- }
- else destination = strdup(argv[optind+i]);
-
- if (destination[0] == '\0')
- {
- fputs("Destination argument is empty\n\n", stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- if ((argc - optind > 2) && (destination[strlen(destination)-1] != '/'))
- {
- fputs("For multiple sources, destination "
- "must be a directory (end in /)\n\n", stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- // remote file copy
- if ( common_data.method == HTCP_RMTCP )
- {
- anyerror = do_rmtcp(sources, destination, &common_data);
- fprintf(stdout, "The file has been moved!\n");
- // printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- if ((strncmp(destination, "http://", 7) == 0) ||
- (strncmp(destination, "https://", 8) == 0))
- common_data.method = HTCP_PUT;
- else common_data.method = HTCP_GET;
-
- for (i=0; sources[i] != NULL; ++i)
- {
- if ((common_data.method == HTCP_PUT) &&
- ((strncmp(sources[i], "http://", 7) == 0) ||
- (strncmp(sources[i], "https://", 8) == 0)))
- {
- fputs("Cannot have both source and destination remote\n\n",stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- if (common_data.method == HTCP_GET)
- {
- if ((strncmp(sources[i], "http://", 7) != 0) &&
- (strncmp(sources[i], "https://", 8) != 0))
- {
- fputs("Cannot have both source and "
- "destination local (for now)\n\n",stderr);
- printsyntax(argv[0]);
- return CURLE_URL_MALFORMAT;
- }
-
- if ((common_data.sitecast) &&
- ((common_data.domain == NULL) ||
-
- ((strncmp(sources[i], "http://", 7) == 0) &&
- (strncmp(&sources[i][7], common_data.domain,
- strlen(common_data.domain)) == 0) &&
- ((sources[i][7+strlen(common_data.domain)] == ':') ||
- (sources[i][7+strlen(common_data.domain)] == '/'))) ||
-
- ((strncmp(sources[i], "https://", 8) == 0) &&
- (strncmp(&sources[i][8], common_data.domain,
- strlen(common_data.domain)) == 0) &&
- ((sources[i][8+strlen(common_data.domain)] == ':') ||
- (sources[i][8+strlen(common_data.domain)] == '/')))))
- {
- translate_sitecast_url(&sources[i], &common_data);
- }
- }
- }
-
- anyerror = do_copies(sources, destination, &common_data);
- if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR;
-
- return anyerror;
-}
+++ /dev/null
-/*
- Copyright (c) 2002-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*
-
-Build with:
-
-gcc -lcurl -lssl -lcrypto -o grst-proxy-put grst-proxy-put.c libgridsite.a
-
-http://www.gridpp.ac.uk/authz/gridsite/
-
-*/
-
-#ifndef VERSION
-#define VERSION "0.0.0"
-#endif
-
-#define _GNU_SOURCE
-
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-#include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
-#include <getopt.h>
-
-#include "gridsite.h"
-
-#include "soapH.h"
-#include "delegation.nsmap"
-
-#define USE_SOAP 0
-#define USE_G_HTTPS 1
-#define HTPROXY_PUT 0
-
-int debugfunction(CURL *curl, curl_infotype type, char *s, size_t n, void *p)
-{
- fwrite(s, sizeof(char), n, (FILE *) p);
-
- return 0;
-}
-
-size_t parsegprheaders(void *ptr, size_t size, size_t nmemb, void *p)
-{
- int i;
-
- if ((size * nmemb > 15) &&
- (strncmp((char *) ptr, "Delegation-ID: ", 15) == 0))
- {
- *((char **) p) = malloc( size * nmemb - 14 );
-
- memcpy(*((char **) p), &(((char *) ptr)[15]), size * nmemb - 15);
-
- for (i=0; i < size * nmemb - 15; ++i)
- if (((*((char **) p))[i] == '\n') || ((*((char **) p))[i] == '\r'))
- {
- (*((char **) p))[i] = '\0'; /* drop trailing newline */
- break;
- }
-
- (*((char **) p))[size * nmemb - 15] = '\0';
- }
-
- return size * nmemb;
-}
-
-struct gprparams { char *req; size_t len; } ;
-
-size_t storegprbody(void *ptr, size_t size, size_t nmemb, void *p)
-{
- ((struct gprparams *) p)->req = realloc( ((struct gprparams *) p)->req,
- ((struct gprparams *) p)->len + size * nmemb + 1);
-
- memcpy( &((((struct gprparams *) p)->req)[((struct gprparams *) p)->len]),
- ptr, size * nmemb);
-
- ((struct gprparams *) p)->len += size * nmemb;
-
- return size * nmemb;
-}
-
-int GRSTgetProxyReq(CURL *curl, FILE *debugfp, char *delegid, char **reqtxt,
- char *requrl, char *cert, char *key)
-{
- char *delheader;
- struct curl_slist *headerlist = NULL;
- CURLcode res;
- struct gprparams params;
-
- params.req = NULL;
- params.len = 0;
-
- curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *) ¶ms);
- curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, storegprbody);
-
- curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
- curl_easy_setopt(curl, CURLOPT_SSLCERT, cert);
-
- curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
- curl_easy_setopt(curl, CURLOPT_SSLKEY, key);
- curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL);
-
-// curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, parsegprheaders);
-// curl_easy_setopt(curl, CURLOPT_WRITEHEADER, (void *) delegid);
-
- curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/grid-security/certificates/");
-
- curl_easy_setopt(curl, CURLOPT_URL, requrl);
- curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET-PROXY-REQ");
-
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER,0);
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST,0);
-
- asprintf(&delheader, "Delegation-ID: %s", delegid);
- headerlist = curl_slist_append(headerlist, delheader);
- curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
-
- if (debugfp != NULL)
- {
- curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
- curl_easy_setopt(curl, CURLOPT_DEBUGDATA, debugfp);
- curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debugfunction);
- }
-
- res = curl_easy_perform(curl);
-
- if (params.req != NULL)
- {
- params.req[params.len] = '\0';
- *reqtxt = params.req;
- }
- else *reqtxt = NULL;
-
- return (int) res;
-}
-
-struct ppcparams{ char *cert; size_t len; };
-
-size_t getppcbody(void *ptr, size_t size, size_t nmemb, void *p)
-{
- size_t i;
-
- if (((struct ppcparams *) p)->len == 0) return 0;
-
- if (size * nmemb < ((struct ppcparams *) p)->len) i = size * nmemb;
- else i = ((struct ppcparams *) p)->len;
-
- memcpy(ptr, ((struct ppcparams *) p)->cert, i);
-
- ((struct ppcparams *) p)->len -= i;
- ((struct ppcparams *) p)->cert = &((((struct ppcparams *) p)->cert)[i+1]);
-
- return i;
-}
-
-int GRSTputProxyCerts(CURL *curl, FILE *debugfp, char *delegid, char *certtxt,
- char *requrl, char *cert, char *key)
-{
- CURLcode res;
- char *delheader;
- long httpcode;
- struct curl_slist *headerlist = NULL;
- struct ppcparams params;
-
- params.cert = certtxt;
- params.len = strlen(certtxt);
-
- curl_easy_setopt(curl, CURLOPT_READDATA, ¶ms);
- curl_easy_setopt(curl, CURLOPT_READFUNCTION, getppcbody);
- curl_easy_setopt(curl, CURLOPT_INFILESIZE, strlen(certtxt));
- curl_easy_setopt(curl, CURLOPT_UPLOAD, 1);
-
- curl_easy_setopt(curl, CURLOPT_NOBODY, 1);
-
- curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
- curl_easy_setopt(curl, CURLOPT_SSLCERT, cert);
-
- curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
- curl_easy_setopt(curl, CURLOPT_SSLKEY, key);
-// curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL);
-
- curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/grid-security/certificates/");
-
- curl_easy_setopt(curl, CURLOPT_URL, requrl);
- curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT-PROXY-CERT");
-
- headerlist = curl_slist_append(headerlist,
- "Content-Type: application/x-x509-user-cert-chain");
-
- asprintf(&delheader, "Delegation-ID: %s", delegid);
- headerlist = curl_slist_append(headerlist, delheader);
- curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
-
-curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
-curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
-
- if (debugfp != NULL)
- {
- curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
- curl_easy_setopt(curl, CURLOPT_DEBUGDATA, debugfp);
- curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debugfunction);
- }
-
- res = curl_easy_perform(curl);
-
- curl_easy_getinfo(curl, CURLINFO_HTTP_CODE, &httpcode);
-
- curl_slist_free_all(headerlist);
-
- free(delheader);
-
- return (int) res;
-}
-
-
-#if (LIBCURL_VERSION_NUM < 0x070908)
-char *make_tmp_ca_roots(char *dir)
-/* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory,
- so we make a temporary file with the concatenated CA root certs: that
- is, all the files in that directory which end in .0 */
-{
- int ofd, ifd, c;
- size_t size;
- char tmp_ca_roots[] = "/tmp/.ca-roots-XXXXXX", buffer[4096], *s;
- DIR *rootsDIR;
- struct dirent *root_ent;
-
- if ((rootsDIR = opendir(dir)) == NULL) return NULL;
-
- if ((ofd = mkstemp(tmp_ca_roots)) == -1)
- {
- closedir(rootsDIR);
- return NULL;
- }
-
- while ((root_ent = readdir(rootsDIR)) != NULL)
- {
- if ((root_ent->d_name[0] != '.') &&
- (strlen(root_ent->d_name) > 2) &&
- (strncmp(&(root_ent->d_name[strlen(root_ent->d_name)-2]),
- ".0", 2) == 0))
- {
- asprintf(&s, "%s/%s", dir, root_ent->d_name);
- ifd = open(s, O_RDONLY);
- free(s);
-
- if (ifd != -1)
- {
- while ((size = read(ifd, buffer, sizeof(buffer))) > 0)
- write(ofd, buffer, size);
-
- close(ifd);
- }
- }
- }
-
- closedir(rootsDIR);
-
- if (close(ofd) == 0) return strdup(tmp_ca_roots);
-
- unlink(tmp_ca_roots); /* try to clean up if errors */
-
- return NULL;
-}
-#endif
-
-void printsyntax(char *argv0)
-{
- char *p;
-
- p = rindex(argv0, '/');
- if (p != NULL) ++p;
- else p = argv0;
-
- fprintf(stderr, "%s [options] URL\n"
- "(Version: %s)\n", p, VERSION);
-}
-
-int main(int argc, char *argv[])
-{
- char *delegation_id = "", *reqtxt, *certtxt, *valid = NULL,
- *cert = NULL, *key = NULL, *capath = NULL, *keycert;
- struct ns__putProxyResponse *unused;
- int option_index, c, protocol = USE_SOAP, noverify = 0,
- method = HTPROXY_PUT, verbose = 0, fd, minutes;
- struct soap soap_get, soap_put;
- FILE *ifp, *ofp;
- struct stat statbuf;
- struct passwd *userpasswd;
- struct option long_options[] = { {"verbose", 0, 0, 'v'},
- {"cert", 1, 0, 0},
- {"key", 1, 0, 0},
- {"capath", 1, 0, 0},
- {"soap", 0, 0, 0},
- {"g-https", 0, 0, 0},
- {"no-verify", 0, 0, 0},
- {"valid", 1, 0, 0},
- {"delegation-id",1, 0, 0},
- {"put", 0, 0, 0},
- {0, 0, 0, 0} };
- CURL *curl;
-
- if (argc == 1)
- {
- printsyntax(argv[0]);
- return 0;
- }
-
- while (1)
- {
- option_index = 0;
-
- c = getopt_long(argc, argv, "v", long_options, &option_index);
-
- if (c == -1) break;
- else if (c == 0)
- {
- if (option_index == 1) cert = optarg;
- else if (option_index == 2) key = optarg;
- else if (option_index == 3) capath = optarg;
- else if (option_index == 4) protocol = USE_SOAP;
- else if (option_index == 5) protocol = USE_G_HTTPS;
- else if (option_index == 6) noverify = 1;
- else if (option_index == 7) valid = optarg;
- else if (option_index == 8) delegation_id = optarg;
- else if (option_index == 9) method = HTPROXY_PUT;
- }
- else if (c == 'v') ++verbose;
- }
-
- if (optind + 1 != argc)
- {
- fprintf(stderr, "Must specify a target URL!\n");
- return 1;
- }
-
- if (valid == NULL) minutes = 60 * 12;
- else minutes = atoi(valid);
-
- if (verbose) fprintf(stderr, "Proxy valid for %d minutes\n", minutes);
-
- ERR_load_crypto_strings ();
- OpenSSL_add_all_algorithms();
-
- if ((cert == NULL) && (key != NULL)) cert = key;
- else if ((cert != NULL) && (key == NULL)) key = cert;
- else if ((cert == NULL) && (key == NULL))
- {
- cert = getenv("X509_USER_PROXY");
- if (cert != NULL) key = cert;
- else
- {
- asprintf(&(cert), "/tmp/x509up_u%d", geteuid());
-
- /* one fine day, we will check the proxy file for
- expiry too to avoid suprises when we try to use it ... */
-
- if (stat(cert, &statbuf) == 0) key = cert;
- else
- {
- cert = getenv("X509_USER_CERT");
- key = getenv("X509_USER_KEY");
-
- userpasswd = getpwuid(geteuid());
-
- if ((cert == NULL) &&
- (userpasswd != NULL) &&
- (userpasswd->pw_dir != NULL))
- asprintf(&(cert), "%s/.globus/usercert.pem",
- userpasswd->pw_dir);
-
- if ((key == NULL) &&
- (userpasswd != NULL) &&
- (userpasswd->pw_dir != NULL))
- asprintf(&(key), "%s/.globus/userkey.pem",
- userpasswd->pw_dir);
-
- }
- }
- }
-
- if (capath == NULL) capath = getenv("X509_CERT_DIR");
- if (capath == NULL) capath = "/etc/grid-security/certificates";
-
- if (verbose) fprintf(stderr, "key=%s\ncert=%s\ncapath=%s\n",
- key, cert, capath);
-
-#if (LIBCURL_VERSION_NUM < 0x070908)
- /* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory */
-
- if ((capath != NULL) &&
- (stat(capath, &statbuf) == 0) && S_ISDIR(statbuf.st_mode))
- {
- tmp_ca_roots = make_tmp_ca_roots(capath);
- capath = tmp_ca_roots;
- }
-#endif
-
- if (protocol == USE_G_HTTPS)
- {
- if (verbose) fprintf(stderr, "Using G-HTTPS delegation protocol\n");
-
- if (verbose) fprintf(stderr, "Delegation-ID: %s\n", delegation_id);
-
- curl_global_init(CURL_GLOBAL_DEFAULT);
- curl = curl_easy_init();
-
-// curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL);
-
- GRSTgetProxyReq(curl, stderr, delegation_id, &reqtxt,
- argv[optind], cert, key);
-
- if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt, cert, key, minutes)
- != GRST_RET_OK)
- {
- return 1;
- }
-
- GRSTputProxyCerts(curl, stderr, delegation_id, certtxt,
- argv[optind], cert, key);
-
- curl_easy_cleanup(curl);
- curl_global_cleanup();
-
- return 0;
- }
- else if (protocol == USE_SOAP)
- {
- if (strcmp(key, cert) != 0) /* we have to concatenate for gSOAP */
- {
- keycert = strdup("/tmp/XXXXXX");
-
- fd = mkstemp(keycert);
- ofp = fdopen(fd, "w");
-
- ifp = fopen(key, "r");
- while ((c = fgetc(ifp)) != EOF) fputc(c, ofp);
- fclose(ifp);
-
- ifp = fopen(cert, "r");
- while ((c = fgetc(ifp)) != EOF) fputc(c, ofp);
- fclose(ifp);
-
- fclose(ofp);
-
- if (verbose) fprintf(stderr, "Created %s key/cert file\n", keycert);
- }
- else keycert = key;
-
- if (verbose)
- {
- fprintf(stderr, "Using SOAP delegation protocol\n");
- fprintf(stderr, "Delegation-ID: %s\n", delegation_id);
- fprintf(stderr, "Send getProxyReq to service\n");
- }
-
- soap_init(&soap_get);
-
- if (soap_ssl_client_context(&soap_get,
- SOAP_SSL_DEFAULT,
- keycert,
- "",
- NULL,
- capath,
- NULL))
- {
- soap_print_fault(&soap_get, stderr);
- return 1;
- }
-
- soap_call_ns__getProxyReq(&soap_get,
- argv[optind], /* HTTPS url of service */
- "", /* no password on proxy */
- delegation_id,
- &reqtxt);
-
- if (soap_get.error)
- {
- soap_print_fault(&soap_get, stderr);
- return 1;
- }
-
- if (verbose) fprintf(stderr, "reqtxt:\n%s", reqtxt);
-
- if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt, cert, key, minutes)
- != GRST_RET_OK)
- {
- return 1;
- }
-
- soap_init(&soap_put);
-
- if (verbose) fprintf(stderr, "Send putProxy to service:\n%s\n", certtxt);
-
- if (soap_ssl_client_context(&soap_put,
- SOAP_SSL_DEFAULT,
- keycert,
- "",
- NULL,
- capath,
- NULL))
- {
- soap_print_fault(&soap_put, stderr);
- return 1;
- }
-
- soap_call_ns__putProxy(&soap_put, argv[optind], "", delegation_id,
- certtxt, unused);
- if (soap_put.error)
- {
- soap_print_fault(&soap_put, stderr);
- return 1;
- }
-
- return 0;
- }
-
- /* weirdness */
-}
-
+++ /dev/null
-/*
- Copyright (c) 2003-6, Andrew McNab and Shiv Kaushal,
- University of Manchester. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
-
- This program includes dav_parse_range() from Apache mod_dav.c and
- associated code contributed by David O Callaghan
-
- Copyright 2000-2005 The Apache Software Foundation or its licensors, as
- applicable.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-/*------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridsite.org/ *
- *------------------------------------------------------------------*/
-
-#ifndef VERSION
-#define VERSION "x.x.x"
-#endif
-
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-
-#include <apr_strings.h>
-#include <apr_tables.h>
-
-#include <ap_config.h>
-#include <httpd.h>
-#include <http_config.h>
-#include <http_core.h>
-#include <http_log.h>
-#include <http_protocol.h>
-#include <http_request.h>
-#include <unixd.h>
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <malloc.h>
-#include <stdlib.h>
-#include <string.h>
-#include <dirent.h>
-#include <ctype.h>
-#include <time.h>
-
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <libxml/parser.h>
-#include <libxml/tree.h>
-
-#include "mod_ssl-private.h"
-
-#include "gridsite.h"
-
-#ifndef UNSET
-#define UNSET -1
-#endif
-
-#define GRST_SESSIONS_DIR "/var/www/sessions"
-
-module AP_MODULE_DECLARE_DATA gridsite_module;
-
-#define GRST_SITECAST_GROUPS 32
-
-struct sitecast_group
- { int socket; int quad1; int quad2; int quad3; int quad4; int port; };
-
-#define GRST_SITECAST_ALIASES 32
-
-struct sitecast_alias
- { const char *sitecast_url; const char *local_path; server_rec *server; };
-
-/* Globals, defined by main server directives in httpd.conf
- These are assigned default values in create_gridsite_srv_config() */
-
-int gridhttpport = 0;
-char *sessionsdir = NULL;
-char *sitecastdnlists = NULL;
-struct sitecast_group sitecastgroups[GRST_SITECAST_GROUPS+1];
-struct sitecast_alias sitecastaliases[GRST_SITECAST_ALIASES];
-
-typedef struct
-{
- int auth;
- int envs;
- int format;
- int indexes;
- char *indexheader;
- int gridsitelink;
- char *adminfile;
- char *adminuri;
- char *helpuri;
- char *dnlists;
- char *dnlistsuri;
- char *adminlist;
- int gsiproxylimit;
- char *unzip;
- char *methods;
- char *editable;
- char *headfile;
- char *footfile;
- int gridhttp;
- char *aclformat;
- char *execmethod;
- char *delegationuri;
- ap_unix_identity_t execugid;
- apr_fileperms_t diskmode;
-} mod_gridsite_dir_cfg; /* per-directory config choices */
-
-
-/*
- * dav_parse_range() is based on modules/dav/main/mod_dav.c from Apache
- */
-
-int dav_parse_range(request_rec *r, apr_off_t *range_start,
- apr_off_t *range_end)
-{
- const char *range_c;
- char *range;
- char *dash;
- char *slash;
-
- range_c = apr_table_get(r->headers_in, "content-range");
- if (range_c == NULL)
- return 0;
-
- range = apr_pstrdup(r->pool, range_c);
- if (strncasecmp(range, "bytes ", 6) != 0
- || (dash = ap_strchr(range, '-')) == NULL
- || (slash = ap_strchr(range, '/')) == NULL) {
- /* malformed header. ignore it (per S14.16 of RFC2616) */
- return 0;
- }
-
- *dash = *slash = '\0';
-
- *range_start = apr_atoi64(range + 6);
- *range_end = apr_atoi64(dash + 1);
-
- if (*range_end < *range_start
- || (slash[1] != '*' && apr_atoi64(slash + 1) <= *range_end)) {
- /* invalid range. ignore it (per S14.16 of RFC2616) */
- return 0;
- }
-
- /* we now have a valid range */
- return 1;
-}
-
-char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf,
- int isdirectory)
-/*
- make string holding last modified text and admin links
-*/
-{
- char *out, *https, *p, *dn = NULL, *file = NULL, *permstr = NULL,
- *temp, modified[99], *dir_uri, *grst_cred_0 = NULL;
- GRSTgaclPerm perm = GRST_PERM_NONE;
- struct tm mtime_tm;
- time_t mtime_time;
-
- https = (char *) apr_table_get(r->subprocess_env, "HTTPS");
-
- dir_uri = apr_pstrdup(r->pool, r->uri);
- p = rindex(dir_uri, '/');
-
- if (p == NULL) return "";
-
- file = apr_pstrdup(r->pool, &p[1]);
- p[1] = '\0';
- /* dir_uri always gets both a leading and a trailing slash */
-
- out = apr_pstrdup(r->pool, "<p>\n");
-
- if (!isdirectory)
- {
- mtime_time = apr_time_sec(r->finfo.mtime);
-
- localtime_r(&mtime_time, &mtime_tm);
- strftime(modified, sizeof(modified),
- "%a %e %B %Y", &mtime_tm);
- temp = apr_psprintf(r->pool,"<hr><small>Last modified %s\n", modified);
- out = apr_pstrcat(r->pool, out, temp, NULL);
-
- if ((conf->adminuri != NULL) &&
- (conf->adminuri[0] != '\0') &&
- (conf->adminfile != NULL) &&
- (conf->adminfile[0] != '\0') &&
- (strncmp(file, GRST_HIST_PREFIX, sizeof(GRST_HIST_PREFIX)-1) != 0))
- {
- temp = apr_psprintf(r->pool,
- ". <a href=\"%s?cmd=history&file=%s\">"
- "View page history</a>\n",
- conf->adminfile, file);
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
-
- out = apr_pstrcat(r->pool, out, "</small>", NULL);
- }
-
- out = apr_pstrcat(r->pool, out, "<hr><small>", NULL);
-
- if (r->connection->notes != NULL)
- grst_cred_0 = (char *)
- apr_table_get(r->connection->notes, "GRST_CRED_0");
-
- if ((grst_cred_0 != NULL) &&
- (strncmp(grst_cred_0, "X509USER ", sizeof("X509USER")) == 0))
- {
- p = index(grst_cred_0, ' ');
- if (p != NULL)
- {
- p = index(++p, ' ');
- if (p != NULL)
- {
- p = index(++p, ' ');
- if (p != NULL)
- {
- p = index(++p, ' ');
- if (p != NULL) dn = p;
- }
- }
- }
- }
-
- if (dn != NULL)
- {
- temp = apr_psprintf(r->pool, "You are %s<br>\n", dn);
- out = apr_pstrcat(r->pool, out, temp, NULL);
-
- if (r->notes != NULL)
- permstr = (char *) apr_table_get(r->notes, "GRST_PERM");
-
- if ((permstr != NULL) &&
- (conf->adminuri != NULL) &&
- (conf->adminuri[0] != '\0') &&
- (conf->adminfile != NULL) &&
- (conf->adminfile[0] != '\0'))
- {
- sscanf(permstr, "%d", &perm);
-
- if (!isdirectory &&
- GRSTgaclPermHasWrite(perm) &&
- (strncmp(file, GRST_HIST_PREFIX,
- sizeof(GRST_HIST_PREFIX) - 1) != 0))
- {
- temp = apr_psprintf(r->pool,
- "<a href=\"%s?cmd=edit&file=%s\">"
- "Edit page</a> .\n", conf->adminfile, file);
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
-
- if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasWrite(perm))
- {
- temp = apr_psprintf(r->pool,
- "<a href=\"%s%s?cmd=managedir\">Manage directory</a> .\n",
- dir_uri, conf->adminfile);
-
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
- }
- }
-
- if ((https != NULL) && (strcasecmp(https, "on") == 0))
- temp = apr_psprintf(r->pool,
- "<a href=\"http://%s%s\">Switch to HTTP</a> \n",
- r->server->server_hostname, r->unparsed_uri);
- else temp = apr_psprintf(r->pool,
- "<a href=\"https://%s%s\">Switch to HTTPS</a> \n",
- r->server->server_hostname, r->unparsed_uri);
-
- out = apr_pstrcat(r->pool, out, temp, NULL);
-
- if ((conf->helpuri != NULL) && (conf->helpuri[0] != '\0'))
- {
- temp = apr_psprintf(r->pool,
- ". <a href=\"%s\">Website Help</a>\n", conf->helpuri);
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
-
- if ((!isdirectory) &&
- (conf->adminuri != NULL) &&
- (conf->adminuri[0] != '\0') &&
- (conf->adminfile != NULL) &&
- (conf->adminfile[0] != '\0'))
- {
- temp = apr_psprintf(r->pool, ". <a href=\"%s?cmd=print&file=%s\">"
- "Print View</a>\n", conf->adminfile, file);
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
-
- if (conf->gridsitelink)
- {
- temp = apr_psprintf(r->pool,
- ". Built with <a href=\"http://www.gridsite.org/\">"
- "GridSite</a> %s\n", VERSION);
- out = apr_pstrcat(r->pool, out, temp, NULL);
- }
-
- out = apr_pstrcat(r->pool, out, "\n</small>\n", NULL);
-
- return out;
-}
-
-void delegation_header(request_rec *r, mod_gridsite_dir_cfg *conf){
-
- apr_table_add(r->headers_out,
- apr_pstrdup(r->pool, "Proxy-Delegation-Service"),
- apr_psprintf(r->pool,"https://%s%s", r->hostname, conf->delegationuri));
- return;
-
-}
-
-int html_format(request_rec *r, mod_gridsite_dir_cfg *conf)
-/*
- try to do GridSite formatting of .html files (NOT .shtml etc)
-*/
-{
- int i, fd, errstatus;
- char *buf, *p, *file, *s, *head_formatted, *header_formatted,
- *body_formatted, *admin_formatted, *footer_formatted;
- size_t length;
- struct stat statbuf;
- apr_file_t *fp;
-
- if (r->finfo.filetype == APR_NOFILE) return HTTP_NOT_FOUND;
-
- if (apr_file_open(&fp, r->filename, APR_READ, 0, r->pool) != 0)
- return HTTP_INTERNAL_SERVER_ERROR;
-
-
- /* Put in Delegation service header if required */
- if (conf->delegationuri) delegation_header(r, conf);
-
- file = rindex(r->uri, '/');
- if (file != NULL) ++file; /* file points to name without path */
-
- buf = apr_palloc(r->pool, (size_t)(r->finfo.size + 1));
- length = r->finfo.size;
- apr_file_read(fp, buf, &length);
- buf[r->finfo.size] = '\0';
- apr_file_close(fp);
-
- /* **** try to find a header file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1);
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
- p[1] = '\0';
- strcat(p, conf->headfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* not found, so set up not to output one */
- {
- head_formatted = apr_pstrdup(r->pool, "");
- header_formatted = apr_pstrdup(r->pool, "");
- body_formatted = buf;
- }
- else /* found a header file, so set up head and body to surround it */
- {
- fstat(fd, &statbuf);
- header_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, header_formatted, statbuf.st_size);
- header_formatted[statbuf.st_size] = '\0';
- close(fd);
-
- p = strstr(buf, "<body");
- if (p == NULL) p = strstr(buf, "<BODY");
- if (p == NULL) p = strstr(buf, "<Body");
-
- if (p == NULL)
- {
- head_formatted = apr_pstrdup(r->pool, "");
- body_formatted = buf;
- }
- else
- {
- *p = '\0';
- head_formatted = buf;
- ++p;
-
- while ((*p != '>') && (*p != '\0')) ++p;
-
- if (*p == '\0')
- {
- body_formatted = p;
- }
- else
- {
- *p = '\0';
- ++p;
- body_formatted = p;
- }
- }
- }
-
- /* **** remove closing </body> tag from body **** */
-
- p = strstr(body_formatted, "</body");
- if (p == NULL) p = strstr(body_formatted, "</BODY");
- if (p == NULL) p = strstr(body_formatted, "</Body");
-
- if (p != NULL) *p = '\0';
-
- /* **** set up dynamic part of footer to go at end of body **** */
-
- admin_formatted = make_admin_footer(r, conf, FALSE);
-
- /* **** try to find a footer file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->footfile));
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
-
- p[1] = '\0';
- strcat(p, conf->footfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* failed to find a footer, so set up empty default */
- {
- footer_formatted = apr_pstrdup(r->pool, "");
- }
- else /* found a footer, so set up to use it */
- {
- fstat(fd, &statbuf);
- footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, footer_formatted, statbuf.st_size);
- footer_formatted[statbuf.st_size] = '\0';
- close(fd);
- }
-
- /* **** can now calculate the Content-Length and output headers **** */
-
- length = strlen(head_formatted) + strlen(header_formatted) +
- strlen(body_formatted) + strlen(admin_formatted) +
- strlen(footer_formatted);
-
- ap_set_content_length(r, length);
- ap_set_content_type(r, "text/html");
-
- /* ** output the HTTP body (HTML Head+Body) ** */
-
- ap_rputs(head_formatted, r);
- ap_rputs(header_formatted, r);
- ap_rputs(body_formatted, r);
- ap_rputs(admin_formatted, r);
- ap_rputs(footer_formatted, r);
-
- return OK;
-}
-
-int html_dir_list(request_rec *r, mod_gridsite_dir_cfg *conf)
-/*
- output HTML directory listing, with level of formatting controlled
- by GridSiteHtmlFormat/conf->format
-*/
-{
- int i, fd, n, nn;
- char *buf, *p, *s, *head_formatted, *header_formatted,
- *body_formatted, *admin_formatted, *footer_formatted, *temp,
- modified[99], *d_namepath, *indexheaderpath, *indexheadertext;
- size_t length;
- struct stat statbuf;
- struct tm mtime_tm;
- struct dirent **namelist;
-
- if (r->finfo.filetype == APR_NOFILE) return HTTP_NOT_FOUND;
-
-
- /* Put in Delegation service header if required */
- if (conf->delegationuri) delegation_header(r, conf);
-
- head_formatted = apr_psprintf(r->pool,
- "<head><title>Directory listing %s</title></head>\n", r->uri);
-
- if (conf->format)
- {
- /* **** try to find a header file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1);
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
- p[1] = '\0';
- strcat(p, conf->headfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* not found, so set up to output sensible default */
- {
- header_formatted = apr_pstrdup(r->pool, "<body bgcolor=white>");
- }
- else /* found a header file, so set up head and body to surround it */
- {
- fstat(fd, &statbuf);
- header_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, header_formatted, statbuf.st_size);
- header_formatted[statbuf.st_size] = '\0';
- close(fd);
- }
- }
- else header_formatted = apr_pstrdup(r->pool, "<body bgcolor=white>");
-
- body_formatted = apr_psprintf(r->pool,
- "<h1>Directory listing %s</h1>\n", r->uri);
-
- if (conf->indexheader != NULL)
- {
- indexheaderpath = apr_psprintf(r->pool, "%s/%s", r->filename,
- conf->indexheader);
- fd = open(indexheaderpath, O_RDONLY);
- if (fd != -1)
- {
- fstat(fd, &statbuf);
- indexheadertext = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, indexheadertext, statbuf.st_size);
- indexheadertext[statbuf.st_size] = '\0';
- close(fd);
-
- body_formatted = apr_pstrcat(r->pool, body_formatted,
- indexheadertext, NULL);
- }
- }
-
- body_formatted = apr_pstrcat(r->pool, body_formatted, "<p><table>\n", NULL);
-
- if (r->unparsed_uri[1] != '\0')
- body_formatted = apr_pstrcat(r->pool, body_formatted,
- "<tr><td colspan=3>[<a href=\"../\">Parent directory</a>]</td></tr>\n",
- NULL);
-
- nn = scandir(r->filename, &namelist, 0, versionsort);
- for (n=0; n < nn; ++n)
- {
- if ((namelist[n]->d_name[0] != '.') &&
- ((conf->indexheader == NULL) ||
- (strcmp(conf->indexheader, namelist[n]->d_name) != 0)))
- {
- d_namepath = apr_psprintf(r->pool, "%s/%s", r->filename,
- namelist[n]->d_name);
- stat(d_namepath, &statbuf);
-
- localtime_r(&(statbuf.st_mtime), &mtime_tm);
- strftime(modified, sizeof(modified),
- "<td align=right>%R</td><td align=right>%e %b %y</td>",
- &mtime_tm);
-
- if (S_ISDIR(statbuf.st_mode))
- temp = apr_psprintf(r->pool,
- "<tr><td><a href=\"%s/\" content-length=\"%ld\" "
- "last-modified=\"%ld\">"
- "%s/</a></td>"
- "<td align=right>%ld</td>%s</tr>\n",
- namelist[n]->d_name, statbuf.st_size, statbuf.st_mtime,
- namelist[n]->d_name,
- statbuf.st_size, modified);
- else temp = apr_psprintf(r->pool,
- "<tr><td><a href=\"%s\" content-length=\"%ld\" "
- "last-modified=\"%ld\">"
- "%s</a></td>"
- "<td align=right>%ld</td>%s</tr>\n",
- namelist[n]->d_name, statbuf.st_size, statbuf.st_mtime,
- namelist[n]->d_name,
- statbuf.st_size, modified);
-
- body_formatted = apr_pstrcat(r->pool,body_formatted,temp,NULL);
- }
-
- free(namelist[n]);
- }
-
- free(namelist);
-
- body_formatted = apr_pstrcat(r->pool, body_formatted, "</table>\n", NULL);
-
- if (conf->format)
- {
- /* **** set up dynamic part of footer to go at end of body **** */
-
- admin_formatted = make_admin_footer(r, conf, TRUE);
-
- /* **** try to find a footer file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->footfile));
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
-
- p[1] = '\0';
- strcat(p, conf->footfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* failed to find a footer, so use standard default */
- {
- footer_formatted = apr_pstrdup(r->pool, "</body>");
- }
- else /* found a footer, so set up to use it */
- {
- fstat(fd, &statbuf);
- footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, footer_formatted, statbuf.st_size);
- footer_formatted[statbuf.st_size] = '\0';
- close(fd);
- }
- }
- else
- {
- admin_formatted = apr_pstrdup(r->pool, "");
- footer_formatted = apr_pstrdup(r->pool, "</body>");
- }
-
- /* **** can now calculate the Content-Length and output headers **** */
-
- length = strlen(head_formatted) + strlen(header_formatted) +
- strlen(body_formatted) + strlen(admin_formatted) +
- strlen(footer_formatted);
-
- ap_set_content_length(r, length);
- ap_set_content_type(r, "text/html");
-
- /* ** output the HTTP body (HTML Head+Body) ** */
-
- ap_rputs(head_formatted, r);
- ap_rputs(header_formatted, r);
- ap_rputs(body_formatted, r);
- ap_rputs(admin_formatted, r);
- ap_rputs(footer_formatted, r);
-
- return OK;
-}
-
-int http_gridhttp(request_rec *r, mod_gridsite_dir_cfg *conf)
-{
- int i;
- char *httpurl, *filetemplate, *cookievalue, *envname_i,
- *grst_cred_i, expires_str[APR_RFC822_DATE_LEN];
- apr_uint64_t gridauthcookie;
- apr_table_t *env;
- apr_time_t expires_time;
- apr_file_t *fp;
-
- /* create random cookie and gridauthcookie file */
-
- if (apr_generate_random_bytes((char *) &gridauthcookie,
- sizeof(gridauthcookie))
- != APR_SUCCESS) return HTTP_INTERNAL_SERVER_ERROR;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Generated GridHTTP passcode %016llx", gridauthcookie);
-
- filetemplate = apr_psprintf(r->pool, "%s/passcode-%016llxXXXXXX",
- ap_server_root_relative(r->pool,
- sessionsdir),
- gridauthcookie);
-
- if (apr_file_mktemp(&fp,
- filetemplate,
- APR_CREATE | APR_WRITE | APR_EXCL,
- r->pool)
- != APR_SUCCESS) return HTTP_INTERNAL_SERVER_ERROR;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Created passcode file %s", filetemplate);
-
- expires_time = apr_time_now() + apr_time_from_sec(300);
- /* passcode cookies are valid for only 5 mins! */
-
- apr_file_printf(fp,
- "expires=%lu\ndomain=%s\npath=%s\nonetime=yes\nmethod=%s\n",
- (time_t) apr_time_sec(expires_time),
- r->hostname, r->uri, r->method);
- /* above variables are evaluated in order and method= MUST be last! */
-
- for (i=0; ; ++i)
- {
- envname_i = apr_psprintf(r->pool, "GRST_CRED_%d", i);
- if (grst_cred_i = (char *)
- apr_table_get(r->connection->notes, envname_i))
- {
- apr_file_printf(fp, "%s=%s\n", envname_i, grst_cred_i);
- }
- else break; /* GRST_CRED_i are numbered consecutively */
- }
-
- if (apr_file_close(fp) != APR_SUCCESS)
- {
- apr_file_remove(filetemplate, r->pool); /* try to clean up */
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- /* send redirection header back to client */
-
- cookievalue = rindex(filetemplate, '-');
- if (cookievalue != NULL) ++cookievalue;
- else cookievalue = filetemplate;
-
- apr_rfc822_date(expires_str, expires_time);
-
- apr_table_add(r->headers_out,
- apr_pstrdup(r->pool, "Set-Cookie"),
- apr_psprintf(r->pool,
- "GRIDHTTP_PASSCODE=%s; "
- "expires=%s; "
- "domain=%s; "
- "path=%s",
- cookievalue, expires_str, r->hostname, r->uri));
-
- if (gridhttpport != DEFAULT_HTTP_PORT)
- httpurl = apr_psprintf(r->pool, "http://%s:%d%s", r->hostname,
- gridhttpport, ap_escape_uri(r->pool, r->uri));
- else httpurl = apr_pstrcat(r->pool, "http://", r->hostname,
- ap_escape_uri(r->pool, r->uri), NULL);
-
- apr_table_setn(r->headers_out, apr_pstrdup(r->pool, "Location"), httpurl);
-
- r->status = HTTP_MOVED_TEMPORARILY;
- return OK;
-}
-
-int http_put_method(request_rec *r, mod_gridsite_dir_cfg *conf)
-{
- char buf[2048];
- size_t length, total_length;
- int retcode, stat_ret;
- apr_file_t *fp;
- apr_int32_t open_flag;
- struct stat statbuf;
-
- int has_range = 0, is_done = 0;
- apr_off_t range_start;
- apr_off_t range_end;
- size_t range_length;
-
- /* *** check if directory creation: PUT /.../ *** */
-
- if ((r->unparsed_uri != NULL) &&
- (r->unparsed_uri[0] != '\0') &&
- (r->unparsed_uri[strlen(r->unparsed_uri) - 1] == '/'))
- {
- if (apr_dir_make(r->filename,
- conf->diskmode
- | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE,
- r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
-
- /* we force the permissions, rather than accept any existing ones */
-
- apr_file_perms_set(r->filename, conf->diskmode
- | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE);
-
- ap_set_content_length(r, 0);
- ap_set_content_type(r, "text/html");
- return OK;
- }
-
- /* *** otherwise assume trying to create a regular file *** */
-
- stat_ret = stat(r->filename, &statbuf);
-
- /* find if a range is specified */
-
- has_range = dav_parse_range(r, &range_start, &range_end);
-
- if (has_range)
- open_flag = APR_WRITE | APR_CREATE | APR_BUFFERED;
- else
- open_flag = APR_WRITE | APR_CREATE | APR_BUFFERED | APR_TRUNCATE;
-
- if (apr_file_open(&fp, r->filename, open_flag,
- conf->diskmode, r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR;
-
- /* we force the permissions, rather than accept any existing ones */
-
- apr_file_perms_set(r->filename, conf->diskmode);
-
- if (has_range)
- {
- if (apr_file_seek(fp, APR_SET, &range_start) != 0)
- {
- retcode = HTTP_INTERNAL_SERVER_ERROR;
- //break;
- return retcode;
- }
-
- range_length = range_end - range_start + 1;
- }
-
- retcode = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK);
- if (retcode == OK)
- {
- if (has_range) total_length = 0;
- if (ap_should_client_block(r))
- while ((length = ap_get_client_block(r, buf, sizeof(buf))) > 0)
- {
- if (has_range && (total_length + length > range_length))
- {
- length = range_length - total_length;
- is_done = 1;
- }
-
- if (apr_file_write(fp, buf, &length) != 0)
- {
- retcode = HTTP_INTERNAL_SERVER_ERROR;
- break;
- }
-
- if (has_range)
- {
- if (is_done) break;
- else total_length += length;
- }
- }
- ap_set_content_length(r, 0);
- ap_set_content_type(r, "text/html");
- }
-
- if (apr_file_close(fp) != 0) return HTTP_INTERNAL_SERVER_ERROR;
-
- if ((retcode == OK) && (stat_ret != 0))
- {
- retcode = HTTP_CREATED;
- ap_custom_response(r, HTTP_CREATED, "");
- }
-
- return retcode;
-}
-
-int http_delete_method(request_rec *r, mod_gridsite_dir_cfg *conf)
-{
- if (apr_file_remove(r->filename, r->pool) != 0) return HTTP_FORBIDDEN;
-
- ap_set_content_length(r, 0);
- ap_set_content_type(r, "text/html");
-
- return OK;
-}
-
-int http_move_method(request_rec *r, mod_gridsite_dir_cfg *conf)
-{
- char *destination_translated = NULL;
-
- if (r->notes != NULL) destination_translated =
- (char *) apr_table_get(r->notes, "GRST_DESTINATION_TRANSLATED");
-
-
- if ((destination_translated == NULL) ||
- (apr_file_rename(r->filename, destination_translated, r->pool) != 0))
- return HTTP_FORBIDDEN;
-
- ap_set_content_length(r, 0);
- ap_set_content_type(r, "text/html");
-
- return OK;
-}
-
-static int mod_gridsite_dir_handler(request_rec *r, mod_gridsite_dir_cfg *conf)
-/*
- handler switch for directories
-*/
-{
- /* *** is this a write method? only possible if GridSiteAuth on *** */
-
- if (conf->auth)
- {
- if ((r->method_number == M_PUT) &&
- (conf->methods != NULL) &&
- (strstr(conf->methods, " PUT " ) != NULL))
- return http_put_method(r, conf);
-
- if ((r->method_number == M_DELETE) &&
- (conf->methods != NULL) &&
- (strstr(conf->methods, " DELETE ") != NULL))
- return http_delete_method(r, conf);
- }
-
- /* *** directory listing? *** */
- if ((r->method_number == M_GET) && (conf->indexes))
- return html_dir_list(r, conf); /* directory listing */
-
- return DECLINED; /* *** nothing to see here, move along *** */
-}
-
-static int mod_gridsite_nondir_handler(request_rec *r, mod_gridsite_dir_cfg *conf)
-/*
- one big handler switch for everything other than directories, since we
- might be responding to MIME * / * for local PUT, MOVE, COPY and DELETE,
- and GET inside ghost directories.
-*/
-{
- char *upgradeheader, *upgradespaced, *p;
- const char *https_env;
-
- /* *** is this a write method or GridHTTP HTTPS->HTTP redirection?
- only possible if GridSiteAuth on *** */
-
- if (conf->auth)
- {
- if ((conf->gridhttp) &&
- ((r->method_number == M_GET) ||
- ((r->method_number == M_PUT) &&
- (strstr(conf->methods, " PUT ") != NULL))) &&
- ((upgradeheader = (char *) apr_table_get(r->headers_in,
- "Upgrade")) != NULL) &&
- ((https_env=apr_table_get(r->subprocess_env,"HTTPS")) != NULL) &&
- (strcasecmp(https_env, "on") == 0))
- {
- upgradespaced = apr_psprintf(r->pool, " %s ", upgradeheader);
-
- for (p=upgradespaced; *p != '\0'; ++p)
- if ((*p == ',') || (*p == '\t')) *p = ' ';
-
-// TODO: what if we're pointing at a CGI or some dynamic content???
-
- if (strstr(upgradespaced, " GridHTTP/1.0 ") != NULL)
- return http_gridhttp(r, conf);
- }
-
- if ((r->method_number == M_PUT) &&
- (conf->methods != NULL) &&
- (strstr(conf->methods, " PUT " ) != NULL))
- return http_put_method(r, conf);
-
- if ((r->method_number == M_DELETE) &&
- (conf->methods != NULL) &&
- (strstr(conf->methods, " DELETE ") != NULL))
- return http_delete_method(r, conf);
-
- if ((r->method_number == M_MOVE) &&
- (conf->methods != NULL) &&
- (strstr(conf->methods, " MOVE ") != NULL))
- return http_move_method(r, conf);
- }
-
- /* *** check if a special ghost admin CGI *** */
-
- if (conf->adminfile && conf->adminuri &&
- (strlen(r->filename) > strlen(conf->adminfile) + 1) &&
- (strcmp(&(r->filename[strlen(r->filename) - strlen(conf->adminfile)]),
- conf->adminfile) == 0) &&
- (r->filename[strlen(r->filename)-strlen(conf->adminfile)-1] == '/') &&
- ((r->method_number == M_POST) ||
- (r->method_number == M_GET)))
- {
- ap_internal_redirect(conf->adminuri, r);
- return OK;
- }
-
- /* *** finally look for .html files that we should format *** */
-
- if ((conf->format) && /* conf->format set by GridSiteHtmlFormat on */
- (strlen(r->filename) > 5) &&
- (strcmp(&(r->filename[strlen(r->filename)-5]), ".html") == 0) &&
- (r->method_number == M_GET)) return html_format(r, conf);
-
- return DECLINED; /* *** nothing to see here, move along *** */
-}
-
-static void recurse4dirlist(char *dirname, time_t *dirs_time,
- char *fulluri, int fullurilen,
- char *encfulluri, int enclen,
- apr_pool_t *pool, char **body,
- int recurse_level)
-/* try to find DN Lists in dir[] and its subdirs that match the fulluri[]
- prefix. add blobs of HTML to body as they are found. */
-{
- char *unencname, modified[99], *oneline, *d_namepath;
- DIR *oneDIR;
- struct dirent *onedirent;
- struct tm mtime_tm;
- size_t length;
- struct stat statbuf;
-
- if ((stat(dirname, &statbuf) != 0) ||
- (!S_ISDIR(statbuf.st_mode)) ||
- ((oneDIR = opendir(dirname)) == NULL)) return;
-
- if (statbuf.st_mtime > *dirs_time) *dirs_time = statbuf.st_mtime;
-
- while ((onedirent = readdir(oneDIR)) != NULL)
- {
- if (onedirent->d_name[0] == '.') continue;
-
- d_namepath = apr_psprintf(pool, "%s/%s", dirname, onedirent->d_name);
- if (stat(d_namepath, &statbuf) != 0) continue;
-
- if (S_ISDIR(statbuf.st_mode) && (recurse_level < GRST_RECURS_LIMIT))
- recurse4dirlist(d_namepath, dirs_time, fulluri,
- fullurilen, encfulluri, enclen,
- pool, body, recurse_level + 1);
- else if ((strncmp(onedirent->d_name, encfulluri, enclen) == 0) &&
- (onedirent->d_name[strlen(onedirent->d_name) - 1] != '~'))
- {
- unencname = GRSThttpUrlDecode(onedirent->d_name);
-
- if (strncmp(unencname, fulluri, fullurilen) == 0)
- {
-
- if (statbuf.st_mtime > *dirs_time)
- *dirs_time = statbuf.st_mtime;
-
- localtime_r(&(statbuf.st_mtime), &mtime_tm);
- strftime(modified, sizeof(modified),
- "<td align=right>%R</td><td align=right>%e %b %y</td>",
- &mtime_tm);
-
- oneline = apr_psprintf(pool,
- "<tr><td><a href=\"%s\" "
- "content-length=\"%ld\" "
- "last-modified=\"%ld\">"
- "%s</a></td>"
- "<td align=right>%ld</td>%s</tr>\n",
- &unencname[fullurilen], statbuf.st_size,
- statbuf.st_mtime, unencname,
- statbuf.st_size, modified);
-
- *body = apr_pstrcat(pool, *body, oneline, NULL);
- }
-
- free(unencname); /* libgridsite doesnt use pools */
- }
- }
-
- closedir(oneDIR);
-}
-
-static int mod_gridsite_dnlistsuri_dir_handler(request_rec *r,
- mod_gridsite_dir_cfg *conf)
-/*
- virtual DN-list file lister: make all DN lists on the dn-lists
- path of this server appear to be in the dn-lists directory itself
- (ie where they appear in the DN lists path doesnt matter, as long
- as their name matches)
-*/
-{
- int enclen, fullurilen, fd;
- char *fulluri, *encfulluri, *dn_list_ptr, *dirname, *unencname,
- *body, *oneline, *p, *s,
- *head_formatted, *header_formatted, *footer_formatted,
- *permstr = NULL;
- struct stat statbuf;
- size_t length;
- time_t dirs_time = 0;
- GRSTgaclPerm perm = GRST_PERM_NONE;
-
- if (r->notes != NULL)
- permstr = (char *) apr_table_get(r->notes, "GRST_PERM");
-
- if (permstr != NULL) sscanf(permstr, "%d", &perm);
-
- fulluri = apr_psprintf(r->pool, "https://%s%s",
- ap_get_server_name(r), conf->dnlistsuri);
- fullurilen = strlen(fulluri);
-
- encfulluri = GRSThttpUrlEncode(fulluri);
- enclen = strlen(encfulluri);
-
- if (conf->dnlists != NULL) p = conf->dnlists;
- else p = getenv("GRST_DN_LISTS");
-
- if (p == NULL) p = GRST_DN_LISTS;
- dn_list_ptr = apr_pstrdup(r->pool, p);
-
- head_formatted = apr_psprintf(r->pool,
- "<head><title>Directory listing %s</title></head>\n", r->uri);
-
- if (conf->format)
- {
- /* **** try to find a header file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1);
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
- p[1] = '\0';
- strcat(p, conf->headfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* not found, so set up to output sensible default */
- {
- header_formatted = apr_pstrdup(r->pool, "<body bgcolor=white>");
- }
- else /* found a header file, so set up head and body to surround it */
- {
- fstat(fd, &statbuf);
- header_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, header_formatted, statbuf.st_size);
- header_formatted[statbuf.st_size] = '\0';
- close(fd);
- }
- }
- else header_formatted = apr_pstrdup(r->pool, "<body bgcolor=white>");
-
- body = apr_psprintf(r->pool,
- "<h1>Directory listing %s</h1>\n<table>", r->uri);
-
- if ((r->uri)[1] != '\0')
- body = apr_pstrcat(r->pool, body,
- "<tr><td>[<a href=\"../\">Parent directory</a>]</td></tr>\n",
- NULL);
-
- while ((dirname = strsep(&dn_list_ptr, ":")) != NULL)
- recurse4dirlist(dirname, &dirs_time, fulluri, fullurilen,
- encfulluri, enclen, r->pool, &body, 0);
-
- if ((stat(r->filename, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode) &&
- GRSTgaclPermHasWrite(perm))
- {
- oneline = apr_psprintf(r->pool,
- "<form action=\"%s%s\" method=post>\n"
- "<input type=hidden name=cmd value=managedir>"
- "<tr><td colspan=4 align=center><small><input type=submit "
- "value=\"Manage directory\"></small></td></tr></form>\n",
- r->uri, conf->adminfile);
-
- body = apr_pstrcat(r->pool, body, oneline, NULL);
- }
-
- body = apr_pstrcat(r->pool, body, "</table>\n", NULL);
-
- free(encfulluri); /* libgridsite doesnt use pools */
-
- if (conf->format)
- {
- /* **** try to find a footer file in this or parent directories **** */
-
- /* first make a buffer big enough to hold path names we want to try */
- fd = -1;
- s = malloc(strlen(r->filename) + strlen(conf->footfile));
- strcpy(s, r->filename);
-
- for (;;)
- {
- p = rindex(s, '/');
- if (p == NULL) break; /* failed to find one */
-
- p[1] = '\0';
- strcat(p, conf->footfile);
-
- fd = open(s, O_RDONLY);
- if (fd != -1) break; /* found one */
-
- *p = '\0';
- }
-
- free(s);
-
- if (fd == -1) /* failed to find a footer, so use standard default */
- {
- footer_formatted = apr_pstrdup(r->pool, "</body>");
- }
- else /* found a footer, so set up to use it */
- {
- fstat(fd, &statbuf);
- footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, footer_formatted, statbuf.st_size);
- footer_formatted[statbuf.st_size] = '\0';
- close(fd);
- }
- }
- else footer_formatted = apr_pstrdup(r->pool, "</body>");
-
- /* **** can now calculate the Content-Length and output headers **** */
-
- length = strlen(head_formatted) + strlen(header_formatted) +
- strlen(body) + strlen(footer_formatted);
-
- ap_set_content_length(r, length);
- r->mtime = apr_time_from_sec(dirs_time);
- ap_set_last_modified(r);
- ap_set_content_type(r, "text/html");
-
- /* ** output the HTTP body (HTML Head+Body) ** */
- ap_rputs(head_formatted, r);
- ap_rputs(header_formatted, r);
- ap_rputs(body, r);
- ap_rputs(footer_formatted, r);
-
- return OK;
-}
-
-static char *recurse4file(char *dir, char *file, apr_pool_t *pool,
- int recurse_level)
-/* try to find file[] in dir[]. try subdirs if not found.
- return full path to first found version or NULL on failure */
-{
- char *fullfilename, *fulldirname;
- struct stat statbuf;
- DIR *dirDIR;
- struct dirent *file_ent;
-
- /* try to find in current directory */
-
- fullfilename = apr_psprintf(pool, "%s/%s", dir, file);
-
- if (stat(fullfilename, &statbuf) == 0) return fullfilename;
-
- /* maybe search in subdirectories */
-
- if (recurse_level >= GRST_RECURS_LIMIT) return NULL;
-
- dirDIR = opendir(dir);
-
- if (dirDIR == NULL) return NULL;
-
- while ((file_ent = readdir(dirDIR)) != NULL)
- {
- if (file_ent->d_name[0] == '.') continue;
-
- fulldirname = apr_psprintf(pool, "%s/%s", dir, file_ent->d_name);
- if ((stat(fulldirname, &statbuf) == 0) &&
- S_ISDIR(statbuf.st_mode) &&
- ((fullfilename = recurse4file(fulldirname, file,
- pool, recurse_level + 1)) != NULL))
- {
- closedir(dirDIR);
- return fullfilename;
- }
- }
-
- closedir(dirDIR);
-
- return NULL;
-}
-
-static int mod_gridsite_dnlistsuri_handler(request_rec *r,
- mod_gridsite_dir_cfg *conf)
-/*
- virtual DN-list file generator
-*/
-{
- int fd;
- char *fulluri, *encfulluri, *dn_list_ptr, *filename, *dirname, *p,
- *buf;
- struct stat statbuf;
-
- /* *** check if a special ghost admin CGI *** */
-
- if (conf->adminfile && conf->adminuri &&
- (strlen(r->filename) > strlen(conf->adminfile) + 1) &&
- (strcmp(&(r->filename[strlen(r->filename) - strlen(conf->adminfile)]),
- conf->adminfile) == 0) &&
- (r->filename[strlen(r->filename)-strlen(conf->adminfile)-1] == '/') &&
- ((r->method_number == M_POST) ||
- (r->method_number == M_GET)))
- {
- ap_internal_redirect(conf->adminuri, r);
- return OK;
- }
-
- fulluri = apr_psprintf(r->pool, "https://%s%s",
- ap_get_server_name(r), r->uri);
-
- encfulluri = GRSThttpUrlEncode(fulluri);
-
- if (conf->dnlists != NULL) p = conf->dnlists;
- else p = getenv("GRST_DN_LISTS");
-
- if (p == NULL) p = GRST_DN_LISTS;
- dn_list_ptr = apr_pstrdup(r->pool, p);
-
- while ((dirname = strsep(&dn_list_ptr, ":")) != NULL)
- {
- filename = recurse4file(dirname, encfulluri, r->pool, 0);
-
- if (filename == NULL) continue;
-
- fd = open(filename, O_RDONLY);
-
- if (fd == -1) continue;
-
- fstat(fd, &statbuf);
- ap_set_content_length(r, (apr_off_t) statbuf.st_size);
- r->mtime = apr_time_from_sec(statbuf.st_mtime);
- ap_set_content_type(r, "text/plain");
- ap_set_last_modified(r);
-
- buf = apr_palloc(r->pool, statbuf.st_size + 1);
- read(fd, buf, statbuf.st_size);
- buf[statbuf.st_size] = '\0';
-
- ap_rputs(buf, r);
-
- close(fd);
-
- return OK;
- }
-
- return HTTP_NOT_FOUND;
-}
-
-static void *create_gridsite_srv_config(apr_pool_t *p, server_rec *s)
-{
- int i;
-
- if (!(s->is_virtual))
- {
- gridhttpport = GRST_HTTP_PORT;
-
- sessionsdir = apr_pstrdup(p, GRST_SESSIONS_DIR);
- /* GridSiteSessionsDir dir-path */
-
- sitecastdnlists = NULL;
-
- sitecastgroups[0].quad1 = 0;
- sitecastgroups[0].quad2 = 0;
- sitecastgroups[0].quad3 = 0;
- sitecastgroups[0].quad4 = 0;
- sitecastgroups[0].port = GRST_HTCP_PORT;
- /* GridSiteCastUniPort udp-port */
-
- for (i=1; i <= GRST_SITECAST_GROUPS; ++i)
- sitecastgroups[i].port = 0;
- /* GridSiteCastGroup mcast-list */
-
- for (i=1; i <= GRST_SITECAST_ALIASES; ++i)
- {
- sitecastaliases[i].sitecast_url = NULL;
- sitecastaliases[i].local_path = NULL;
- sitecastaliases[i].server = NULL;
- } /* GridSiteCastAlias url path */
- }
-
- return NULL;
-}
-
-static void *create_gridsite_dir_config(apr_pool_t *p, char *path)
-{
- mod_gridsite_dir_cfg *conf = apr_palloc(p, sizeof(*conf));
-
- if (path == NULL) /* set up document root defaults */
- {
- conf->auth = 0; /* GridSiteAuth on/off */
- conf->envs = 1; /* GridSiteEnvs on/off */
- conf->format = 0; /* GridSiteHtmlFormat on/off */
- conf->indexes = 0; /* GridSiteIndexes on/off */
- conf->indexheader = NULL; /* GridSiteIndexHeader File-value */
- conf->gridsitelink = 1; /* GridSiteLink on/off */
- conf->adminfile = apr_pstrdup(p, GRST_ADMIN_FILE);
- /* GridSiteAdminFile File-value */
- conf->adminuri = NULL; /* GridSiteAdminURI URI-value */
- conf->helpuri = NULL; /* GridSiteHelpURI URI-value */
- conf->dnlists = NULL; /* GridSiteDNlists Search-path */
- conf->dnlistsuri = NULL; /* GridSiteDNlistsURI URI-value */
- conf->adminlist = NULL; /* GridSiteAdminList URI-value */
- conf->gsiproxylimit = 1; /* GridSiteGSIProxyLimit number */
- conf->unzip = NULL; /* GridSiteUnzip file-path */
-
- conf->methods = apr_pstrdup(p, " GET ");
- /* GridSiteMethods methods */
-
- conf->editable = apr_pstrdup(p, " txt shtml html htm css js php jsp ");
- /* GridSiteEditable types */
-
- conf->headfile = apr_pstrdup(p, GRST_HEADFILE);
- conf->footfile = apr_pstrdup(p, GRST_FOOTFILE);
- /* GridSiteHeadFile and GridSiteFootFile file name */
-
- conf->gridhttp = 0; /* GridSiteGridHTTP on/off */
- conf->aclformat = apr_pstrdup(p, "GACL");
- /* GridSiteACLFormat gacl/xacml */
- conf->delegationuri = NULL; /* GridSiteDelegationURI URI-value */
- conf->execmethod = NULL;
- /* GridSiteExecMethod nosetuid/suexec/X509DN/directory */
-
- conf->execugid.uid = 0; /* GridSiteUserGroup User Group */
- conf->execugid.gid = 0; /* ditto */
- conf->execugid.userdir = 0; /* ditto */
-
- conf->diskmode = APR_UREAD | APR_UWRITE;
- /* GridSiteDiskMode group-mode world-mode
- GroupNone | GroupRead | GroupWrite WorldNone | WorldRead */
- }
- else
- {
- conf->auth = UNSET; /* GridSiteAuth on/off */
- conf->envs = UNSET; /* GridSiteEnvs on/off */
- conf->format = UNSET; /* GridSiteHtmlFormat on/off */
- conf->indexes = UNSET; /* GridSiteIndexes on/off */
- conf->indexheader = NULL; /* GridSiteIndexHeader File-value */
- conf->gridsitelink = UNSET; /* GridSiteLink on/off */
- conf->adminfile = NULL; /* GridSiteAdminFile File-value */
- conf->adminuri = NULL; /* GridSiteAdminURI URI-value */
- conf->helpuri = NULL; /* GridSiteHelpURI URI-value */
- conf->dnlists = NULL; /* GridSiteDNlists Search-path */
- conf->dnlistsuri = NULL; /* GridSiteDNlistsURI URI-value */
- conf->adminlist = NULL; /* GridSiteAdminList URI-value */
- conf->gsiproxylimit = UNSET; /* GridSiteGSIProxyLimit number */
- conf->unzip = NULL; /* GridSiteUnzip file-path */
- conf->methods = NULL; /* GridSiteMethods methods */
- conf->editable = NULL; /* GridSiteEditable types */
- conf->headfile = NULL; /* GridSiteHeadFile file name */
- conf->footfile = NULL; /* GridSiteFootFile file name */
- conf->gridhttp = UNSET; /* GridSiteGridHTTP on/off */
- conf->aclformat = NULL; /* GridSiteACLFormat gacl/xacml */
- conf->delegationuri = NULL; /* GridSiteDelegationURI URI-value */
- conf->execmethod = NULL; /* GridSiteExecMethod */
- conf->execugid.uid = UNSET; /* GridSiteUserGroup User Group */
- conf->execugid.gid = UNSET; /* ditto */
- conf->execugid.userdir = UNSET; /* ditto */
- conf->diskmode = UNSET; /* GridSiteDiskMode group world */
- }
-
- return conf;
-}
-
-static void *merge_gridsite_dir_config(apr_pool_t *p, void *vserver,
- void *vdirect)
-/* merge directory with server-wide directory configs */
-{
- mod_gridsite_dir_cfg *conf, *server, *direct;
-
- server = (mod_gridsite_dir_cfg *) vserver;
- direct = (mod_gridsite_dir_cfg *) vdirect;
- conf = apr_palloc(p, sizeof(*conf));
-
- if (direct->auth != UNSET) conf->auth = direct->auth;
- else conf->auth = server->auth;
-
- if (direct->envs != UNSET) conf->envs = direct->envs;
- else conf->envs = server->envs;
-
- if (direct->format != UNSET) conf->format = direct->format;
- else conf->format = server->format;
-
- if (direct->indexes != UNSET) conf->indexes = direct->indexes;
- else conf->indexes = server->indexes;
-
- if (direct->gridsitelink != UNSET) conf->gridsitelink=direct->gridsitelink;
- else conf->gridsitelink=server->gridsitelink;
-
- if (direct->indexheader != NULL) conf->indexheader = direct->indexheader;
- else conf->indexheader = server->indexheader;
-
- if (direct->adminfile != NULL) conf->adminfile = direct->adminfile;
- else conf->adminfile = server->adminfile;
-
- if (direct->adminuri != NULL) conf->adminuri = direct->adminuri;
- else conf->adminuri = server->adminuri;
-
- if (direct->helpuri != NULL) conf->helpuri = direct->helpuri;
- else conf->helpuri = server->helpuri;
-
- if (direct->dnlists != NULL) conf->dnlists = direct->dnlists;
- else conf->dnlists = server->dnlists;
-
- if (direct->dnlistsuri != NULL) conf->dnlistsuri = direct->dnlistsuri;
- else conf->dnlistsuri = server->dnlistsuri;
-
- if (direct->adminlist != NULL) conf->adminlist = direct->adminlist;
- else conf->adminlist = server->adminlist;
-
- if (direct->gsiproxylimit != UNSET)
- conf->gsiproxylimit = direct->gsiproxylimit;
- else conf->gsiproxylimit = server->gsiproxylimit;
-
- if (direct->unzip != NULL) conf->unzip = direct->unzip;
- else conf->unzip = server->unzip;
-
- if (direct->methods != NULL) conf->methods = direct->methods;
- else conf->methods = server->methods;
-
- if (direct->editable != NULL) conf->editable = direct->editable;
- else conf->editable = server->editable;
-
- if (direct->headfile != NULL) conf->headfile = direct->headfile;
- else conf->headfile = server->headfile;
-
- if (direct->footfile != NULL) conf->footfile = direct->footfile;
- else conf->footfile = server->footfile;
-
- if (direct->gridhttp != UNSET) conf->gridhttp = direct->gridhttp;
- else conf->gridhttp = server->gridhttp;
-
- if (direct->aclformat != NULL) conf->aclformat = direct->aclformat;
- else conf->aclformat = server->aclformat;
-
- if (direct->delegationuri != NULL) conf->delegationuri = direct->delegationuri;
- else conf->delegationuri = server->delegationuri;
-
- if (direct->execmethod != NULL) conf->execmethod = direct->execmethod;
- else conf->execmethod = server->execmethod;
-
- if (direct->execugid.uid != UNSET)
- { conf->execugid.uid = direct->execugid.uid;
- conf->execugid.gid = direct->execugid.gid;
- conf->execugid.userdir = direct->execugid.userdir; }
- else
- { conf->execugid.uid = server->execugid.uid;
- conf->execugid.gid = server->execugid.gid;
- conf->execugid.userdir = server->execugid.userdir; }
-
- if (direct->diskmode != UNSET) conf->diskmode = direct->diskmode;
- else conf->diskmode = server->diskmode;
-
- return conf;
-}
-
-static const char *mod_gridsite_take1_cmds(cmd_parms *a, void *cfg,
- const char *parm)
-{
- int n, i;
- char *p;
-
- if (strcasecmp(a->cmd->name, "GridSiteSessionsDir") == 0)
- {
- if (a->server->is_virtual)
- return "GridSiteSessionsDir cannot be used inside a virtual server";
-
- sessionsdir = apr_pstrdup(a->pool, parm);
- }
-/* GridSiteOnetimesDir is deprecated in favour of GridSiteSessionsDir */
- else if (strcasecmp(a->cmd->name, "GridSiteOnetimesDir") == 0)
- {
- if (a->server->is_virtual)
- return "GridSiteOnetimesDir cannot be used inside a virtual server";
-
- sessionsdir = apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteGridHTTPport") == 0)
- {
- gridhttpport = atoi(parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteCastDNlists") == 0)
- {
- if (a->server->is_virtual)
- return "GridSiteDNlists cannot be used inside a virtual server";
-
- sitecastdnlists = apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteCastUniPort") == 0)
- {
- if (a->server->is_virtual)
- return "GridSiteCastUniPort cannot be used inside a virtual server";
-
- if (sscanf(parm, "%d", &(sitecastgroups[0].port)) != 1)
- return "Failed parsing GridSiteCastUniPort numeric value";
- }
- else if (strcasecmp(a->cmd->name, "GridSiteCastGroup") == 0)
- {
- if (a->server->is_virtual)
- return "GridSiteCastGroup cannot be used inside a virtual server";
-
- for (i=1; i <= GRST_SITECAST_GROUPS; ++i)
- {
- if (sitecastgroups[i].port == 0) /* a free slot */
- {
- sitecastgroups[i].port = GRST_HTCP_PORT;
-
- if (sscanf(parm, "%d.%d.%d.%d:%d",
- &(sitecastgroups[i].quad1),
- &(sitecastgroups[i].quad2),
- &(sitecastgroups[i].quad3),
- &(sitecastgroups[i].quad4),
- &(sitecastgroups[i].port)) < 4)
- return "Failed parsing GridSiteCastGroup nnn.nnn.nnn.nnn[:port]";
-
- break;
- }
- }
-
- if (i > GRST_SITECAST_GROUPS)
- return "Maximum GridSiteCastGroup groups reached";
- }
- else if (strcasecmp(a->cmd->name, "GridSiteAdminFile") == 0)
- {
- if (index(parm, '/') != NULL)
- return "/ not permitted in GridSiteAdminFile";
-
- ((mod_gridsite_dir_cfg *) cfg)->adminfile =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteAdminURI") == 0)
- {
- if (*parm != '/') return "GridSiteAdminURI must begin with /";
-
- ((mod_gridsite_dir_cfg *) cfg)->adminuri =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteHelpURI") == 0)
- {
- if (*parm != '/') return "GridSiteHelpURI must begin with /";
-
- ((mod_gridsite_dir_cfg *) cfg)->helpuri =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteDNlists") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->dnlists =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteDNlistsURI") == 0)
- {
- if (*parm != '/') return "GridSiteDNlistsURI must begin with /";
-
- if ((*parm != '\0') && (parm[strlen(parm) - 1] == '/'))
- ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri =
- apr_pstrdup(a->pool, parm);
- else
- ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri =
- apr_pstrcat(a->pool, parm, "/", NULL);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteAdminList") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->adminlist =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteGSIProxyLimit") == 0)
- {
- n = -1;
-
- if ((sscanf(parm, "%d", &n) == 1) && (n >= 0))
- ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit = n;
- else return "GridSiteGSIProxyLimit must be a number >= 0";
- }
- else if (strcasecmp(a->cmd->name, "GridSiteUnzip") == 0)
- {
- if (*parm != '/') return "GridSiteUnzip must begin with /";
-
- ((mod_gridsite_dir_cfg *) cfg)->unzip =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteMethods") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->methods =
- apr_psprintf(a->pool, " %s ", parm);
-
- for (p = ((mod_gridsite_dir_cfg *) cfg)->methods;
- *p != '\0';
- ++p) if (*p == '\t') *p = ' ';
- }
- else if (strcasecmp(a->cmd->name, "GridSiteEditable") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->editable =
- apr_psprintf(a->pool, " %s ", parm);
-
- for (p = ((mod_gridsite_dir_cfg *) cfg)->editable;
- *p != '\0';
- ++p) if (*p == '\t') *p = ' ';
- }
- else if (strcasecmp(a->cmd->name, "GridSiteHeadFile") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->headfile =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteFootFile") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->footfile =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteIndexHeader") == 0)
- {
- if (index(parm, '/') != NULL)
- return "/ not permitted in GridSiteIndexHeader";
-
- ((mod_gridsite_dir_cfg *) cfg)->indexheader =
- apr_pstrdup(a->pool, parm);
- }
- else if (strcasecmp(a->cmd->name, "GridSiteACLFormat") == 0)
- {
- if ((strcasecmp(parm,"GACL") != 0) &&
- (strcasecmp(parm,"XACML") != 0))
- return "GridsiteACLFormat must be either GACL or XACML";
-
- ((mod_gridsite_dir_cfg *) cfg)->aclformat = apr_pstrdup(a->pool, parm);
- }
-
- else if (strcasecmp(a->cmd->name, "GridSiteDelegationURI") == 0)
- {
- if (*parm != '/') return "GridSiteDelegationURI must begin with /";
-
- if (*parm != '\0')
- ((mod_gridsite_dir_cfg *) cfg)->delegationuri =
- apr_pstrdup(a->pool, parm);
-
- }
- else if (strcasecmp(a->cmd->name, "GridSiteExecMethod") == 0)
- {
- if (strcasecmp(parm, "nosetuid") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->execmethod = NULL;
- return NULL;
- }
-
- if ((strcasecmp(parm, "suexec") != 0) &&
- (strcasecmp(parm, "X509DN") != 0) &&
- (strcasecmp(parm, "directory") != 0))
- return "GridsiteExecMethod must be nosetuid, suexec, X509DN or directory";
-
- ((mod_gridsite_dir_cfg *) cfg)->execmethod = apr_pstrdup(a->pool, parm);
- }
-
- return NULL;
-}
-
-static const char *mod_gridsite_take2_cmds(cmd_parms *a, void *cfg,
- const char *parm1, const char *parm2)
-{
- int i;
-
- if (strcasecmp(a->cmd->name, "GridSiteUserGroup") == 0)
- {
- if (!(unixd_config.suexec_enabled))
- return "Using GridSiteUserGroup will "
- "require rebuilding Apache with suexec support!";
-
- /* NB ap_uname2id/ap_gname2id are NOT thread safe - but OK
- as long as not used in .htaccess, just at server start time */
-
- ((mod_gridsite_dir_cfg *) cfg)->execugid.uid = ap_uname2id(parm1);
- ((mod_gridsite_dir_cfg *) cfg)->execugid.gid = ap_gname2id(parm2);
- ((mod_gridsite_dir_cfg *) cfg)->execugid.userdir = 0;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteDiskMode") == 0)
- {
- if ((strcasecmp(parm1, "GroupNone" ) != 0) &&
- (strcasecmp(parm1, "GroupRead" ) != 0) &&
- (strcasecmp(parm1, "GroupWrite") != 0))
- return "First parameter of GridSiteDiskMode must be "
- "GroupNone, GroupRead or GroupWrite!";
-
- if ((strcasecmp(parm2, "WorldNone" ) != 0) &&
- (strcasecmp(parm2, "WorldRead" ) != 0))
- return "Second parameter of GridSiteDiskMode must be "
- "WorldNone or WorldRead!";
-
- ((mod_gridsite_dir_cfg *) cfg)->diskmode =
- APR_UREAD | APR_UWRITE
- | ( APR_GREAD * (strcasecmp(parm1, "GroupRead") == 0))
- | ((APR_GREAD | APR_GWRITE) * (strcasecmp(parm1, "GroupWrite") == 0))
- | ((APR_GREAD | APR_WREAD) * (strcasecmp(parm2, "WorldRead") == 0));
- }
- else if (strcasecmp(a->cmd->name, "GridSiteCastAlias") == 0)
- {
- for (i=0; i < GRST_SITECAST_ALIASES; ++i) /* look for free slot */
- {
- if (sitecastaliases[i].sitecast_url == NULL)
- {
- sitecastaliases[i].sitecast_url = parm1;
- sitecastaliases[i].local_path = parm2;
- sitecastaliases[i].server = a->server;
- break;
- }
- }
- }
-
- return NULL;
-}
-
-static const char *mod_gridsite_flag_cmds(cmd_parms *a, void *cfg,
- int flag)
-{
- if (strcasecmp(a->cmd->name, "GridSiteAuth") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->auth = flag;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteEnvs") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->envs = flag;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteHtmlFormat") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->format = flag;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteIndexes") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->indexes = flag;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteLink") == 0)
- {
- ((mod_gridsite_dir_cfg *) cfg)->gridsitelink = flag;
- }
- else if (strcasecmp(a->cmd->name, "GridSiteGridHTTP") == 0)
- {
-// TODO: return error if try this on non-HTTPS virtual server
-
- ((mod_gridsite_dir_cfg *) cfg)->gridhttp = flag;
- }
-
- return NULL;
-}
-
-static const command_rec mod_gridsite_cmds[] =
-{
-// TODO: need to check and document valid contexts for each command!
-
- AP_INIT_FLAG("GridSiteAuth", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
- AP_INIT_FLAG("GridSiteEnvs", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
- AP_INIT_FLAG("GridSiteHtmlFormat", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
- AP_INIT_FLAG("GridSiteIndexes", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
- AP_INIT_FLAG("GridSiteLink", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
-
- AP_INIT_TAKE1("GridSiteAdminFile", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "Ghost per-directory admin CGI"),
- AP_INIT_TAKE1("GridSiteAdminURI", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "URI of real gridsite-admin.cgi"),
- AP_INIT_TAKE1("GridSiteHelpURI", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "URI of Website Help pages"),
- AP_INIT_TAKE1("GridSiteDNlists", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "DN Lists directories search path"),
- AP_INIT_TAKE1("GridSiteDNlistsURI", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "URI of published DN lists"),
- AP_INIT_TAKE1("GridSiteAdminList", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "URI of admin DN List"),
- AP_INIT_TAKE1("GridSiteGSIProxyLimit", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "Max level of GSI proxy validity"),
- AP_INIT_TAKE1("GridSiteUnzip", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "Absolute path to unzip command"),
-
- AP_INIT_RAW_ARGS("GridSiteMethods", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "permitted HTTP methods"),
- AP_INIT_RAW_ARGS("GridSiteEditable", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "editable file extensions"),
- AP_INIT_TAKE1("GridSiteHeadFile", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "filename of HTML header"),
- AP_INIT_TAKE1("GridSiteFootFile", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "filename of HTML footer"),
- AP_INIT_TAKE1("GridSiteIndexHeader", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "filename of directory header"),
-
- AP_INIT_FLAG("GridSiteGridHTTP", mod_gridsite_flag_cmds,
- NULL, OR_FILEINFO, "on or off"),
- AP_INIT_TAKE1("GridSiteGridHTTPport", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "GridHTTP port"),
- AP_INIT_TAKE1("GridSiteSessionsDir", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "directory with GridHTTP passcodes and SSL session creds"),
-/* GridSiteOnetimesDir is deprecated in favour of GridSiteSessionsDir */
- AP_INIT_TAKE1("GridSiteOnetimesDir", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "directory with GridHTTP passcodes"),
-
- AP_INIT_TAKE1("GridSiteCastDNlists", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "DN Lists directories search path for SiteCast"),
- AP_INIT_TAKE1("GridSiteCastUniPort", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "UDP port for unicast/replies"),
- AP_INIT_TAKE1("GridSiteCastGroup", mod_gridsite_take1_cmds,
- NULL, RSRC_CONF, "multicast group[:port] to listen for HTCP on"),
- AP_INIT_TAKE2("GridSiteCastAlias", mod_gridsite_take2_cmds,
- NULL, RSRC_CONF, "URL and local path mapping"),
-
- AP_INIT_TAKE1("GridSiteACLFormat", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "format to save access control lists in"),
-
- AP_INIT_TAKE1("GridSiteDelegationURI", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "URI of the delegation service CGI"),
-
- AP_INIT_TAKE1("GridSiteExecMethod", mod_gridsite_take1_cmds,
- NULL, OR_FILEINFO, "execution strategy used by gsexec"),
-
- AP_INIT_TAKE2("GridSiteUserGroup", mod_gridsite_take2_cmds,
- NULL, OR_FILEINFO,
- "user and group of gsexec processes in suexec mode"),
-
- AP_INIT_TAKE2("GridSiteDiskMode", mod_gridsite_take2_cmds,
- NULL, OR_FILEINFO,
- "group and world file modes for new files/directories"),
-
- {NULL}
-};
-
-static int mod_gridsite_first_fixups(request_rec *r)
-{
- mod_gridsite_dir_cfg *conf;
-
- if (r->finfo.filetype != APR_DIR) return DECLINED;
-
- conf = (mod_gridsite_dir_cfg *)
- ap_get_module_config(r->per_dir_config, &gridsite_module);
-
- /* we handle DN Lists as regular files, even if they also match
- directory names */
-
- if ((conf != NULL) &&
- (conf->dnlistsuri != NULL) &&
- (strncmp(r->uri, conf->dnlistsuri, strlen(conf->dnlistsuri)) == 0) &&
- (strcmp(r->uri, conf->dnlistsuri) != 0))
- {
- r->finfo.filetype = APR_REG;
- }
-
- return DECLINED;
-}
-
-
-int GRST_get_session_id(SSL *ssl, char *session_id, size_t len)
-{
- int i;
- SSL_SESSION *session;
-
- if (((session = SSL_get_session(ssl)) == NULL) ||
- (session->session_id_length == 0)) return GRST_RET_FAILED;
-
- if (2 * session->session_id_length + 1 > len) return GRST_RET_FAILED;
-
- for (i=0; i < (int) session->session_id_length; ++i)
- sprintf(&(session_id[i*2]), "%02X", (unsigned char) session->session_id[i]);
-
- session_id[i*2] = '\0';
-
- return GRST_RET_OK;
-}
-
-int GRST_load_ssl_creds(SSL *ssl, conn_rec *conn)
-{
- char session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2], *sessionfile = NULL,
- line[512], *p;
- apr_file_t *fp = NULL;
- int i;
-
- if (GRST_get_session_id(ssl, session_id, sizeof(session_id)) != GRST_RET_OK)
- return GRST_RET_FAILED;
-
- sessionfile = apr_psprintf(conn->pool, "%s/sslcreds-%s",
- ap_server_root_relative(conn->pool, sessionsdir),
- session_id);
-
- if (apr_file_open(&fp, sessionfile, APR_READ, 0, conn->pool) != APR_SUCCESS)
- return GRST_RET_FAILED;
-
- while (apr_file_gets(line, sizeof(line), fp) == APR_SUCCESS)
- {
- if (sscanf(line, "GRST_CRED_%d=", &i) == 1)
- {
- p = index(line, '=');
-
- apr_table_setn(conn->notes,
- apr_psprintf(conn->pool, "GRST_CRED_%d", i),
- apr_pstrdup(conn->pool, &p[1]));
- }
- }
-
- apr_file_close(fp);
-
- /* connection notes created by GRST_save_ssl_creds() are now reloaded */
- apr_table_set(conn->notes, "GRST_save_ssl_creds", "yes");
-
- return GRST_RET_OK;
-}
-
-/*
- Save result of GRSTx509CompactCreds() into connection notes, and
- write out in an SSL session creds file.
-*/
-
-void GRST_save_ssl_creds(conn_rec *conn,
- STACK_OF(X509) *certstack, X509 *peercert)
-{
- int i, lastcred;
- const int maxcreds = 99;
- const size_t credlen = 1024;
- char creds[maxcreds][credlen+1], envname[14], *tempfile = NULL,
- *sessionfile, session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
- apr_file_t *fp = NULL;
- SSL *ssl;
- SSLConnRec *sslconn;
-
- /* check if already done */
-
- if ((certstack != NULL) && (conn->notes != NULL) &&
- (apr_table_get(conn->notes, "GRST_save_ssl_creds") != NULL)) return;
-
- /* we at least need to say we've been run */
-
- apr_table_set(conn->notes, "GRST_save_ssl_creds", "yes");
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server,
- "set GRST_save_ssl_creds");
-
- sslconn = (SSLConnRec *)ap_get_module_config(conn->conn_config,&ssl_module);
-
- if ((sslconn != NULL) &&
- ((ssl = sslconn->ssl) != NULL) &&
- (GRST_get_session_id(ssl,session_id,sizeof(session_id)) == GRST_RET_OK))
- {
- sessionfile = apr_psprintf(conn->pool, "%s/sslcreds-%s",
- ap_server_root_relative(conn->pool, sessionsdir),
- session_id);
-
- tempfile = apr_pstrcat(conn->pool,
- ap_server_root_relative(conn->pool, sessionsdir),
- "/tmp-XXXXXX", NULL);
-
- if ((tempfile != NULL) && (tempfile[0] != '\0'))
- apr_file_mktemp(&fp, tempfile,
- APR_CREATE | APR_WRITE | APR_EXCL, conn->pool);
- }
-
- if (GRSTx509CompactCreds(&lastcred, maxcreds, credlen, (char *) creds,
- certstack, GRST_VOMS_DIR, peercert) == GRST_RET_OK)
- {
- for (i=0; i <= lastcred; ++i)
- {
- apr_table_setn(conn->notes,
- apr_psprintf(conn->pool, "GRST_CRED_%d", i),
- apr_pstrdup(conn->pool, creds[i]));
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server,
- "store GRST_CRED_%d=%s", i, creds[i]);
-
- if (fp != NULL) apr_file_printf(fp, "GRST_CRED_%d=%s\n",
- i, creds[i]);
- }
-
- /* free remaining dup'd certs? */
- }
-
- if (fp != NULL)
- {
- apr_file_close(fp);
- apr_file_rename(tempfile, sessionfile, conn->pool);
- }
-}
-
-static int mod_gridsite_perm_handler(request_rec *r)
-/*
- Do authentication/authorization here rather than in the normal module
- auth functions since the results of mod_ssl are available.
-
- We also publish environment variables here if requested by GridSiteEnv.
-*/
-{
- int retcode = DECLINED, i, n, file_is_acl = 0,
- destination_is_acl = 0, proxylevel, ishttps = 0;
- char *dn, *p, envname[14], *grst_cred_0 = NULL, *dir_path,
- *remotehost, s[99], *grst_cred_i, *cookies, *file, *https,
- *gridauthpasscode = NULL, *cookiefile, oneline[1025], *key_i,
- *destination = NULL, *destination_uri = NULL, *querytmp,
- *destination_prefix = NULL, *destination_translated = NULL;
- const char *content_type;
- time_t now, notbefore, notafter;
- apr_table_t *env;
- apr_finfo_t cookiefile_info;
- apr_file_t *fp;
- request_rec *destreq;
- GRSTgaclCred *cred = NULL, *cred_0 = NULL;
- GRSTgaclUser *user = NULL;
- GRSTgaclPerm perm = GRST_PERM_NONE, destination_perm = GRST_PERM_NONE;
- GRSTgaclAcl *acl = NULL;
- mod_gridsite_dir_cfg *cfg;
- SSLConnRec *sslconn;
- STACK_OF(X509) *certstack;
- X509 *peercert;
-
- cfg = (mod_gridsite_dir_cfg *)
- ap_get_module_config(r->per_dir_config, &gridsite_module);
-
- if (cfg == NULL) return DECLINED;
-
- if ((cfg->auth == 0) &&
- (cfg->envs == 0))
- return DECLINED; /* if not turned on, look invisible */
-
- env = r->subprocess_env;
-
- p = (char *) apr_table_get(r->subprocess_env, "HTTPS");
- if ((p != NULL) && (strcmp(p, "on") == 0)) ishttps = 1;
-
- /* reload per-connection (SSL) cred variables? */
-
- sslconn = (SSLConnRec *) ap_get_module_config(r->connection->conn_config,
- &ssl_module);
- if ((sslconn != NULL) &&
- (sslconn->ssl != NULL) &&
- (sslconn->ssl->session != NULL) &&
- (r->connection->notes != NULL) &&
- (apr_table_get(r->connection->notes, "GRST_save_ssl_creds") == NULL))
- {
- if (GRST_load_ssl_creds(sslconn->ssl, r->connection) == GRST_RET_OK)
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Restored SSL session data from session cache file");
- }
-
- proxylevel = ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit + 1;
-
- if ((user == NULL) &&
- (r->connection->notes != NULL) &&
- ((grst_cred_0 = (char *)
- apr_table_get(r->connection->notes, "GRST_CRED_0")) != NULL) &&
- (sscanf(grst_cred_0, "X509USER %*d %*d %d ", &proxylevel) == 1) &&
- (proxylevel <= ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit))
- {
- apr_table_setn(env, "GRST_CRED_0", grst_cred_0);
-
- cred_0 = GRSTx509CompactToCred(grst_cred_0);
- if (cred_0 != NULL)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Using identity %s from SSL/TLS", grst_cred_0);
-
- user = GRSTgaclUserNew(cred_0);
-
- /* check for VOMS GRST_CRED_i too */
-
- for (i=1; ; ++i)
- {
- snprintf(envname, sizeof(envname), "GRST_CRED_%d", i);
- if (grst_cred_i = (char *)
- apr_table_get(r->connection->notes,envname))
- {
- if (((mod_gridsite_dir_cfg *) cfg)->envs)
- apr_table_setn(env,
- apr_pstrdup(r->pool, envname),
- grst_cred_i);
-
- if (cred = GRSTx509CompactToCred(grst_cred_i))
- GRSTgaclUserAddCred(user, cred);
- }
- else break; /* GRST_CRED_i are numbered consecutively */
- }
- }
- }
-
- if ((user != NULL) && ((mod_gridsite_dir_cfg *) cfg)->dnlists)
- GRSTgaclUserSetDNlists(user, ((mod_gridsite_dir_cfg *) cfg)->dnlists);
-
- /* add DNS credential */
-
- remotehost = (char *) ap_get_remote_host(r->connection,
- r->per_dir_config, REMOTE_DOUBLE_REV, NULL);
- if ((remotehost != NULL) && (*remotehost != '\0'))
- {
- cred = GRSTgaclCredNew("dns");
- GRSTgaclCredAddValue(cred, "hostname", remotehost);
-
- if (user == NULL) user = GRSTgaclUserNew(cred);
- else GRSTgaclUserAddCred(user, cred);
- }
-
- /* check for Destination: header and evaluate if present */
-
- if ((destination = (char *) apr_table_get(r->headers_in,
- "Destination")) != NULL)
- {
- destination_prefix = apr_psprintf(r->pool, "https://%s:%d/",
- r->server->server_hostname, (int) r->server->port);
-
- if (strncmp(destination_prefix, destination,
- strlen(destination_prefix)) == 0)
- destination_uri = &destination[strlen(destination_prefix)-1];
- else if ((int) r->server->port == 443)
- {
- destination_prefix = apr_psprintf(r->pool, "https://%s/",
- r->server->server_hostname);
-
- if (strncmp(destination_prefix, destination,
- strlen(destination_prefix)) == 0)
- destination_uri = &destination[strlen(destination_prefix)-1];
- }
-
- if (destination_uri != NULL)
- {
- destreq = ap_sub_req_method_uri("GET", destination_uri, r, NULL);
-
- if ((destreq != NULL) && (destreq->filename != NULL)
- && (destreq->path_info != NULL))
- {
- destination_translated = apr_pstrcat(r->pool,
- destreq->filename, destreq->path_info, NULL);
-
- apr_table_setn(r->notes, "GRST_DESTINATION_TRANSLATED",
- destination_translated);
-
- if (((mod_gridsite_dir_cfg *) cfg)->envs)
- apr_table_setn(env, "GRST_DESTINATION_TRANSLATED",
- destination_translated);
-
- p = rindex(destination_translated, '/');
- if ((p != NULL) && (strcmp(&p[1], GRST_ACL_FILE) == 0))
- destination_is_acl = 1;
- }
- }
- }
-
- /* this checks for NULL arguments itself */
- if (GRSTgaclDNlistHasUser(((mod_gridsite_dir_cfg *) cfg)->adminlist, user))
- {
- perm = GRST_PERM_ALL;
- if (destination_translated != NULL) destination_perm = GRST_PERM_ALL;
- }
- else
- {
- acl = GRSTgaclAclLoadforFile(r->filename);
- if (acl != NULL) perm = GRSTgaclAclTestUser(acl, user);
- GRSTgaclAclFree(acl);
-
- if (destination_translated != NULL)
- {
- acl = GRSTgaclAclLoadforFile(destination_translated);
- if (acl != NULL) destination_perm = GRSTgaclAclTestUser(acl, user);
- GRSTgaclAclFree(acl);
-
- apr_table_setn(r->notes, "GRST_DESTINATION_PERM",
- apr_psprintf(r->pool, "%d", destination_perm));
-
- if (((mod_gridsite_dir_cfg *) cfg)->envs)
- apr_table_setn(env, "GRST_DESTINATION_PERM",
- apr_psprintf(r->pool, "%d", destination_perm));
- }
- }
-
- /* first look for GRIDHTTP_PASSCODE cookie */
-
- if ((p = (char *) apr_table_get(r->headers_in, "Cookie")) != NULL)
- {
- cookies = apr_pstrcat(r->pool, " ", p, NULL);
- gridauthpasscode = strstr(cookies, " GRIDHTTP_PASSCODE=");
-
- if (gridauthpasscode != NULL)
- {
- gridauthpasscode = &gridauthpasscode[19];
-
- for (p = gridauthpasscode;
- (*p != '\0') && (*p != ';'); ++p)
- if (!isalnum(*p)) *p = '\0';
- }
- }
-
- /* then look for GRIDHTTP_PASSCODE in QUERY_STRING ie after ? */
-
- if (gridauthpasscode == NULL)
- {
- if ((r->parsed_uri.query != NULL) && (r->parsed_uri.query[0] != '\0'))
- {
- querytmp = apr_pstrcat(r->pool,"&",r->parsed_uri.query,"&",NULL);
-
- gridauthpasscode = strstr(querytmp, "&GRIDHTTP_PASSCODE=");
-
- if (gridauthpasscode != NULL)
- {
- gridauthpasscode = &gridauthpasscode[19];
-
- for (p = gridauthpasscode;
- (*p != '\0') && (*p != '&'); ++p)
- if (!isalnum(*p)) *p = '\0';
- }
- }
- }
-
- if ((gridauthpasscode != NULL) && (gridauthpasscode[0] != '\0'))
- {
- cookiefile = apr_psprintf(r->pool, "%s/passcode-%s",
- ap_server_root_relative(r->pool,
- sessionsdir),
- gridauthpasscode);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Opening GridHTTP passcode file %s", cookiefile);
-
- if ((apr_stat(&cookiefile_info, cookiefile,
- APR_FINFO_TYPE, r->pool) == APR_SUCCESS) &&
- (cookiefile_info.filetype == APR_REG) &&
- (apr_file_open(&fp, cookiefile, APR_READ, 0, r->pool)
- == APR_SUCCESS))
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Reading GridHTTP passcode file %s", cookiefile);
-
- while (apr_file_gets(oneline,
- sizeof(oneline), fp) == APR_SUCCESS)
- {
- p = index(oneline, '\n');
- if (p != NULL) *p = '\0';
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "%s: %s", cookiefile, oneline);
-
- if ((strncmp(oneline, "expires=", 8) == 0) &&
- (apr_time_from_sec(atoll(&oneline[8])) <
- apr_time_now()))
- break;
- else if ((strncmp(oneline, "domain=", 7) == 0) &&
- (strcmp(&oneline[7], r->hostname) != 0))
- break; /* exact needed in the version */
- else if ((strncmp(oneline, "path=", 5) == 0) &&
- (strcmp(&oneline[5], r->uri) != 0))
- break;
- else if ((strncmp(oneline, "onetime=yes", 11) == 0)
- && !ishttps)
- apr_file_remove(cookiefile, r->pool);
- else if (strncmp(oneline, "method=PUT", 10) == 0)
- perm |= GRST_PERM_WRITE;
- else if (strncmp(oneline, "method=GET", 10) == 0)
- perm |= GRST_PERM_READ;
- }
-
- apr_file_close(fp);
- }
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "After GACL/Onetime evaluation, GRST_PERM=%d", perm);
-
- /* set permission and GACL environment variables */
-
- apr_table_setn(r->notes, "GRST_PERM", apr_psprintf(r->pool, "%d", perm));
-
- if (((mod_gridsite_dir_cfg *) cfg)->envs)
- {
- apr_table_setn(env, "GRST_PERM", apr_psprintf(r->pool, "%d", perm));
-
- if (((dir_path = apr_pstrdup(r->pool, r->filename)) != NULL) &&
- ((p = rindex(dir_path, '/')) != NULL))
- {
- *p = '\0';
- apr_table_setn(env, "GRST_DIR_PATH", dir_path);
- }
-
- if (((mod_gridsite_dir_cfg *) cfg)->helpuri != NULL)
- apr_table_setn(env, "GRST_HELP_URI",
- ((mod_gridsite_dir_cfg *) cfg)->helpuri);
-
- if (((mod_gridsite_dir_cfg *) cfg)->adminfile != NULL)
- apr_table_setn(env, "GRST_ADMIN_FILE",
- ((mod_gridsite_dir_cfg *) cfg)->adminfile);
-
- if (((mod_gridsite_dir_cfg *) cfg)->editable != NULL)
- apr_table_setn(env, "GRST_EDITABLE",
- ((mod_gridsite_dir_cfg *) cfg)->editable);
-
- if (((mod_gridsite_dir_cfg *) cfg)->headfile != NULL)
- apr_table_setn(env, "GRST_HEAD_FILE",
- ((mod_gridsite_dir_cfg *) cfg)->headfile);
-
- if (((mod_gridsite_dir_cfg *) cfg)->footfile != NULL)
- apr_table_setn(env, "GRST_FOOT_FILE",
- ((mod_gridsite_dir_cfg *) cfg)->footfile);
-
- if (((mod_gridsite_dir_cfg *) cfg)->dnlists != NULL)
- apr_table_setn(env, "GRST_DN_LISTS",
- ((mod_gridsite_dir_cfg *) cfg)->dnlists);
-
- if (((mod_gridsite_dir_cfg *) cfg)->dnlistsuri != NULL)
- apr_table_setn(env, "GRST_DN_LISTS_URI",
- ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri);
-
- if (((mod_gridsite_dir_cfg *) cfg)->adminlist != NULL)
- apr_table_setn(env, "GRST_ADMIN_LIST",
- ((mod_gridsite_dir_cfg *) cfg)->adminlist);
-
- apr_table_setn(env, "GRST_GSIPROXY_LIMIT",
- apr_psprintf(r->pool, "%d",
- ((mod_gridsite_dir_cfg *)cfg)->gsiproxylimit));
-
- if (((mod_gridsite_dir_cfg *) cfg)->unzip != NULL)
- apr_table_setn(env, "GRST_UNZIP",
- ((mod_gridsite_dir_cfg *) cfg)->unzip);
-
- if (!(((mod_gridsite_dir_cfg *) cfg)->gridsitelink))
- apr_table_setn(env, "GRST_NO_LINK", "1");
-
- if (((mod_gridsite_dir_cfg *) cfg)->aclformat != NULL)
- apr_table_setn(env, "GRST_ACL_FORMAT",
- ((mod_gridsite_dir_cfg *) cfg)->aclformat);
-
- if (((mod_gridsite_dir_cfg *) cfg)->delegationuri != NULL)
- apr_table_setn(env, "GRST_DELEGATION_URI",
- ((mod_gridsite_dir_cfg *) cfg)->delegationuri);
-
-
- if (((mod_gridsite_dir_cfg *) cfg)->execmethod != NULL)
- {
- apr_table_setn(env, "GRST_EXEC_METHOD",
- ((mod_gridsite_dir_cfg *) cfg)->execmethod);
-
- if ((strcasecmp(((mod_gridsite_dir_cfg *) cfg)->execmethod,
- "directory") == 0) && (r->filename != NULL))
- {
- if ((r->content_type != NULL) &&
- (strcmp(r->content_type, DIR_MAGIC_TYPE) == 0))
- apr_table_setn(env, "GRST_EXEC_DIRECTORY", r->filename);
- else
- {
- file = apr_pstrdup(r->pool, r->filename);
- p = rindex(file, '/');
- if (p != NULL)
- {
- *p = '\0';
- apr_table_setn(env, "GRST_EXEC_DIRECTORY", file);
- }
- }
- }
- }
-
- apr_table_setn(env, "GRST_DISK_MODE",
- apr_psprintf(r->pool, "0x%04x",
- ((mod_gridsite_dir_cfg *)cfg)->diskmode));
- }
-
- if (((mod_gridsite_dir_cfg *) cfg)->auth)
- {
- /* *** Check HTTP method to decide which perm bits to check *** */
-
- if ((r->filename != NULL) &&
- ((p = rindex(r->filename, '/')) != NULL) &&
- (strcmp(&p[1], GRST_ACL_FILE) == 0)) file_is_acl = 1;
-
- content_type = r->content_type;
- if ((content_type != NULL) &&
- (strcmp(content_type, DIR_MAGIC_TYPE) == 0) &&
- (((mod_gridsite_dir_cfg *) cfg)->dnlistsuri != NULL) &&
- (strncmp(r->uri,
- ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri,
- strlen(((mod_gridsite_dir_cfg *) cfg)->dnlistsuri)) == 0) &&
- (strlen(r->uri) > strlen(((mod_gridsite_dir_cfg *) cfg)->dnlistsuri)))
- content_type = "text/html";
-
- if ( GRSTgaclPermHasNone(perm) ||
-
- /* first two M_GET conditions make the subtle distinction
- between .../ that maps to .../index.html (governed by
- Read perm) or to dir list (governed by List perm);
- third M_GET condition deals with typeless CGI requests */
-
- ((r->method_number == M_GET) &&
- !GRSTgaclPermHasRead(perm) &&
- (content_type != NULL) &&
- (strcmp(content_type, DIR_MAGIC_TYPE) != 0)) ||
-
- ((r->method_number == M_GET) &&
- !GRSTgaclPermHasList(perm) &&
- (content_type != NULL) &&
- (strcmp(content_type, DIR_MAGIC_TYPE) == 0)) ||
-
- ((r->method_number == M_GET) &&
- !GRSTgaclPermHasRead(perm) &&
- (content_type == NULL)) ||
-
- ((r->method_number == M_POST) && !GRSTgaclPermHasRead(perm) ) ||
-
- (((r->method_number == M_PUT) ||
- (r->method_number == M_DELETE)) &&
- !GRSTgaclPermHasWrite(perm) && !file_is_acl) ||
-
- ((r->method_number == M_MOVE) &&
- ((!GRSTgaclPermHasWrite(perm) && !file_is_acl) ||
- (!GRSTgaclPermHasAdmin(perm) && file_is_acl) ||
- (!GRSTgaclPermHasWrite(destination_perm)
- && !destination_is_acl) ||
- (!GRSTgaclPermHasAdmin(destination_perm)
- && destination_is_acl)) ) ||
-
- (((r->method_number == M_PUT) ||
- (r->method_number == M_DELETE)) &&
- !GRSTgaclPermHasAdmin(perm) && file_is_acl)
-
- ) retcode = HTTP_FORBIDDEN;
- }
-
- return retcode;
-}
-
-int GRST_X509_check_issued_wrapper(X509_STORE_CTX *ctx,X509 *x,X509 *issuer)
-/* We change the default callback to use our wrapper and discard errors
- due to GSI proxy chains (ie where users certs act as CAs) */
-{
- int ret;
- ret = X509_check_issued(issuer, x);
- if (ret == X509_V_OK)
- return 1;
-
- /* Non self-signed certs without signing are ok if they passed
- the other checks inside X509_check_issued. Is this enough? */
- if ((ret == X509_V_ERR_KEYUSAGE_NO_CERTSIGN) &&
- (X509_NAME_cmp(X509_get_subject_name(issuer),
- X509_get_subject_name(x)) != 0)) return 1;
-
- /* If we haven't asked for issuer errors don't set ctx */
- if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) return 0;
-
- ctx->error = ret;
- ctx->current_cert = x;
- ctx->current_issuer = issuer;
- return ctx->verify_cb(0, ctx);
-}
-
-/* Later OpenSSL versions add a second pointer ... */
-int GRST_verify_cert_wrapper(X509_STORE_CTX *ctx, void *p)
-
-/* Earlier ones have a single argument ... */
-// int GRST_verify_cert_wrapper(X509_STORE_CTX *ctx)
-
-/* Before 0.9.7 we cannot change the check_issued callback directly in
- the X509_STORE, so we must insert it in another callback that gets
- called early enough */
-{
- ctx->check_issued = GRST_X509_check_issued_wrapper;
-
- return X509_verify_cert(ctx);
-}
-
-int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx)
-{
- SSL *ssl = (SSL *) X509_STORE_CTX_get_app_data(ctx);
- conn_rec *conn = (conn_rec *) SSL_get_app_data(ssl);
- server_rec *s = conn->base_server;
- SSLConnRec *sslconn =
- (SSLConnRec *) ap_get_module_config(conn->conn_config, &ssl_module);
- int errnum = X509_STORE_CTX_get_error(ctx);
- int errdepth = X509_STORE_CTX_get_error_depth(ctx);
- int returned_ok;
- int first_non_ca;
- STACK_OF(X509) *certstack;
-
- /*
- * GSI Proxy user-cert-as-CA handling:
- * we skip Invalid CA errors at this stage, since we will check this
- * again at errdepth=0 for the full chain using GRSTx509CheckChain
- */
- if (errnum == X509_V_ERR_INVALID_CA)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Skip Invalid CA error in case a GSI Proxy");
-
- sslconn->verify_error = NULL;
- ok = TRUE;
- errnum = X509_V_OK;
- X509_STORE_CTX_set_error(ctx, errnum);
- }
-
- /*
- * New style GSI Proxy handling, with critical ProxyCertInfo
- * extension: we use GRSTx509KnownCriticalExts() to check this
- */
-#ifndef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
-#endif
- if (errnum == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
- {
- if (GRSTx509KnownCriticalExts(X509_STORE_CTX_get_current_cert(ctx))
- == GRST_RET_OK)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "GRSTx509KnownCriticalExts() accepts previously "
- "Unhandled Critical Extension (GSI Proxy?)");
-
- sslconn->verify_error = NULL;
- ok = TRUE;
- errnum = X509_V_OK;
- X509_STORE_CTX_set_error(ctx, errnum);
- }
- }
-
- returned_ok = ssl_callback_SSLVerify(ok, ctx);
-
- /* in case ssl_callback_SSLVerify changed it */
- errnum = X509_STORE_CTX_get_error(ctx);
-
- if ((errdepth == 0) && (errnum == X509_V_OK))
- /*
- * We've now got the last certificate - the identity being used for
- * this connection. At this point we check the whole chain for valid
- * CAs or, failing that, GSI-proxy validity using GRSTx509CheckChain.
- */
- {
- errnum = GRSTx509CheckChain(&first_non_ca, ctx);
-
- if (errnum != X509_V_OK)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Invalid certificate chain reported by "
- "GRSTx509CheckChain()");
-
- sslconn->verify_error = X509_verify_cert_error_string(errnum);
- ok = FALSE;
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Valid certificate"
- " chain reported by GRSTx509CheckChain()");
-
- /* Put result of GRSTx509CompactCreds() into connection notes */
- if ((certstack =
- (STACK_OF(X509) *) X509_STORE_CTX_get_chain(ctx)) != NULL)
- GRST_save_ssl_creds(conn, certstack, NULL);
- }
- }
-
- return returned_ok;
-}
-
-void sitecast_handle_NOP_request(server_rec *main_server,
- GRSThtcpMessage *htcp_mesg, int igroup,
- struct sockaddr_in *client_addr_ptr)
-{
- int outbuf_len;
- char *outbuf;
-
- if (GRSThtcpNOPresponseMake(&outbuf, &outbuf_len,
- htcp_mesg->trans_id) == GRST_RET_OK)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast sends NOP response from port %d to %s:%d",
- sitecastgroups[0].port, inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
-
- sendto(sitecastgroups[0].socket, outbuf, outbuf_len, 0,
- client_addr_ptr, sizeof(struct sockaddr_in));
-
- free(outbuf);
- }
-}
-
-void sitecast_handle_TST_GET(server_rec *main_server,
- GRSThtcpMessage *htcp_mesg, int igroup,
- struct sockaddr_in *client_addr_ptr)
-{
- int i, outbuf_len, ialias, port;
- char *filename, *outbuf, *location, *local_uri = NULL;
- struct stat statbuf;
- SSLSrvConfigRec *ssl_srv;
-
- /* check sanity of requested uri */
-
- if (strncmp(htcp_mesg->uri->text, "http://", 7) == 0)
- {
- for (i=7; i < GRSThtcpCountstrLen(htcp_mesg->uri); ++i)
- if (htcp_mesg->uri->text[i] == '/')
- {
- local_uri = &(htcp_mesg->uri->text[i]);
- break;
- }
- }
- else if (strncmp(htcp_mesg->uri->text, "https://", 8) == 0)
- {
- for (i=8; i < GRSThtcpCountstrLen(htcp_mesg->uri); ++i)
- if (htcp_mesg->uri->text[i] == '/')
- {
- local_uri = &(htcp_mesg->uri->text[i]);
- break;
- }
- }
-
- if (local_uri == NULL)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast responder only handles http(s):// (%*s requested by %s:%d)",
- GRSThtcpCountstrLen(htcp_mesg->uri),
- htcp_mesg->uri->text,
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
- return;
- }
-
- /* find if any GridSiteCastAlias lines match */
-
- for (ialias=0; ialias < GRST_SITECAST_ALIASES ; ++ialias)
- {
- if (sitecastaliases[ialias].sitecast_url == NULL) return; /* no match */
-
- if ((strlen(sitecastaliases[ialias].sitecast_url)
- <= GRSThtcpCountstrLen(htcp_mesg->uri)) &&
- (strncmp(sitecastaliases[ialias].sitecast_url,
- htcp_mesg->uri->text,
- strlen(sitecastaliases[ialias].sitecast_url))==0)) break;
- }
-
- if (ialias == GRST_SITECAST_ALIASES)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast responder does not handle %*s requested by %s:%d",
- GRSThtcpCountstrLen(htcp_mesg->uri),
- htcp_mesg->uri->text,
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
-
- return; /* no match */
- }
-
- /* convert URL to filename, using alias mapping */
-
- asprintf(&filename, "%s%*s",
- sitecastaliases[ialias].local_path,
- GRSThtcpCountstrLen(htcp_mesg->uri)
- - strlen(sitecastaliases[ialias].sitecast_url),
- &(htcp_mesg->uri->text[strlen(sitecastaliases[ialias].sitecast_url)]) );
-
- if (stat(filename, &statbuf) == 0) /* found file */
- {
- ssl_srv = (SSLSrvConfigRec *)
- ap_get_module_config(sitecastaliases[ialias].server->module_config,
- &ssl_module);
-
- port = sitecastaliases[ialias].server->addrs->host_port;
- if (port == 0) port = ((ssl_srv != NULL) && (ssl_srv->enabled))
- ? GRST_HTTPS_PORT : GRST_HTTP_PORT;
-
- asprintf(&location, "Location: http%s://%s:%d%s\r\n",
- ((ssl_srv != NULL) && (ssl_srv->enabled)) ? "s" : "",
- sitecastaliases[ialias].server->server_hostname, port,
- local_uri);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast finds %*s at %s, redirects with %s",
- GRSThtcpCountstrLen(htcp_mesg->uri),
- htcp_mesg->uri->text, filename, location);
-
- if (GRSThtcpTSTresponseMake(&outbuf, &outbuf_len,
- htcp_mesg->trans_id,
- location, "", "") == GRST_RET_OK)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast sends TST response from port %d to %s:%d",
- sitecastgroups[0].port, inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
-
- sendto(sitecastgroups[0].socket, outbuf, outbuf_len, 0,
- client_addr_ptr, sizeof(struct sockaddr_in));
-
- free(outbuf);
- }
-
- free(location);
- }
-
- free(filename);
-}
-
-void sitecast_handle_request(server_rec *main_server,
- char *reqbuf, int reqbuf_len, int igroup,
- struct sockaddr_in *client_addr_ptr)
-{
- GRSThtcpMessage htcp_mesg;
-
- if (GRSThtcpMessageParse(&htcp_mesg,reqbuf,reqbuf_len) != GRST_RET_OK)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast responder rejects format of UDP message from %s:%d",
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
- return;
- }
-
- if (htcp_mesg.rr != 0) /* ignore HTCP responses: we just do requests */
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast responder ignores HTCP response from %s:%d",
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
- return;
- }
-
- if (htcp_mesg.opcode == GRSThtcpNOPop)
- {
- sitecast_handle_NOP_request(main_server, &htcp_mesg,
- igroup, client_addr_ptr);
- return;
- }
-
- if (htcp_mesg.opcode == GRSThtcpTSTop)
- {
- if (((GRSThtcpCountstrLen(htcp_mesg.method) == 3) &&
- (strncmp(htcp_mesg.method->text, "GET", 3) == 0)) ||
- ((GRSThtcpCountstrLen(htcp_mesg.method) == 4) &&
- (strncmp(htcp_mesg.method->text, "HEAD", 4) == 0)))
- {
- sitecast_handle_TST_GET(main_server, &htcp_mesg,
- igroup, client_addr_ptr);
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast responder rejects method %*s in TST message from %s:%d",
- GRSThtcpCountstrLen(htcp_mesg.method), htcp_mesg.method->text,
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast does not implement HTCP op-code %d in message from %s:%d",
- htcp_mesg.opcode,
- inet_ntoa(client_addr_ptr->sin_addr),
- ntohs(client_addr_ptr->sin_port));
-}
-
-void sitecast_responder(server_rec *main_server)
-{
-#define GRST_SITECAST_MAXBUF 8192
- char reqbuf[GRST_SITECAST_MAXBUF], *p;
- int n, reqbuf_len, i, j, igroup,
- quad1, quad2, quad3, quad4, port, retval, client_addr_len;
- struct sockaddr_in srv, client_addr;
- struct ip_mreq mreq;
- fd_set readsckts;
- struct hostent *server_hostent;
-
- strcpy((char *) main_server->process->argv[0], "GridSiteCast UDP responder");
-
- /* initialise unicast/replies socket first */
-
- bzero(&srv, sizeof(srv));
- srv.sin_family = AF_INET;
- srv.sin_port = htons(sitecastgroups[0].port);
-
- if ((server_hostent = gethostbyname(main_server->server_hostname)) == NULL)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast UDP Responder fails to look up servername %s",
- main_server->server_hostname);
- return;
- }
-
- srv.sin_addr.s_addr = (u_int32_t) (server_hostent->h_addr_list[0][0]);
-
- if (((sitecastgroups[0].socket
- = socket(AF_INET, SOCK_DGRAM, 0)) < 0) ||
- (bind(sitecastgroups[0].socket,
- (struct sockaddr *) &srv, sizeof(srv)) < 0))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "mod_gridsite: sitecast responder fails on unicast bind (%s)",
- strerror(errno));
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast UDP unicast/replies on %d.%d.%d.%d:%d",
- server_hostent->h_addr_list[0][0],
- server_hostent->h_addr_list[0][1],
- server_hostent->h_addr_list[0][2],
- server_hostent->h_addr_list[0][3],
- sitecastgroups[0].port);
-
- /* initialise multicast listener sockets next */
-
- for (i=1; (i <= GRST_SITECAST_GROUPS) &&
- (sitecastgroups[i].port != 0); ++i)
- {
- bzero(&srv, sizeof(srv));
- srv.sin_family = AF_INET;
- srv.sin_port = htons(sitecastgroups[i].port);
- srv.sin_addr.s_addr = htonl(sitecastgroups[i].quad1*0x1000000
- + sitecastgroups[i].quad2*0x10000
- + sitecastgroups[i].quad3*0x100
- + sitecastgroups[i].quad4);
-
- if (((sitecastgroups[i].socket
- = socket(AF_INET, SOCK_DGRAM, 0)) < 0) ||
- (bind(sitecastgroups[i].socket,
- (struct sockaddr *) &srv, sizeof(srv)) < 0))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast UDP Responder fails on multicast bind (%s)",
- strerror(errno));
- return;
- }
-
- bzero(&mreq, sizeof(mreq));
- mreq.imr_multiaddr.s_addr = srv.sin_addr.s_addr;
- mreq.imr_interface.s_addr = htonl(INADDR_ANY);
-
- if (setsockopt(sitecastgroups[i].socket, IPPROTO_IP,
- IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
- "SiteCast UDP Responder fails on setting multicast");
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast UDP Responder listening on %d.%d.%d.%d:%d",
- sitecastgroups[i].quad1, sitecastgroups[i].quad2,
- sitecastgroups[i].quad3, sitecastgroups[i].quad4, sitecastgroups[i].port);
- }
-
- while (1) /* **** main listening loop **** */
- {
- /* set up bitmasks for select */
-
- FD_ZERO(&readsckts);
-
- n = 0;
- for (i=0; (i <= GRST_SITECAST_GROUPS) &&
- (sitecastgroups[i].port != 0); ++i) /* reset bitmask */
- {
- FD_SET(sitecastgroups[i].socket, &readsckts);
- if (sitecastgroups[i].socket > n) n = sitecastgroups[i].socket;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast UDP Responder waiting for requests");
-
- if ((retval = select(n + 1, &readsckts, NULL, NULL, NULL)) < 1)
- continue; /* < 1 on timeout or error */
-
- for (igroup=0; (igroup <= GRST_SITECAST_GROUPS) &&
- (sitecastgroups[igroup].port != 0); ++igroup)
- {
- if (FD_ISSET(sitecastgroups[igroup].socket, &readsckts))
- {
- client_addr_len = sizeof(client_addr);
-
- if ((reqbuf_len = recvfrom(sitecastgroups[igroup].socket,
- reqbuf, GRST_SITECAST_MAXBUF, 0,
- (struct sockaddr *) &client_addr, &client_addr_len)) >= 0)
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "SiteCast receives UDP message from %s:%d "
- "to %d.%d.%d.%d:%d",
- inet_ntoa(client_addr.sin_addr),
- ntohs(client_addr.sin_port),
- sitecastgroups[igroup].quad1,
- sitecastgroups[igroup].quad2,
- sitecastgroups[igroup].quad3,
- sitecastgroups[igroup].quad4,
- sitecastgroups[igroup].port);
-
- sitecast_handle_request(main_server, reqbuf,
- reqbuf_len, igroup,
- &client_addr);
- }
- }
- }
-
- } /* **** end of main listening loop **** */
-}
-
-static int mod_gridsite_server_post_config(apr_pool_t *pPool,
- apr_pool_t *pLog, apr_pool_t *pTemp, server_rec *main_server)
-{
- SSL_CTX *ctx;
- SSLSrvConfigRec *sc;
- server_rec *this_server;
- apr_proc_t *procnew = NULL;
- apr_status_t status;
- char *path;
- const char *userdata_key = "sitecast_init";
-
- apr_pool_userdata_get((void **) &procnew, userdata_key,
- main_server->process->pool);
-
- /* we only fork responder if one not already forked and we have at
- least one GridSiteCastAlias defined. This means it is possible
- to run a responder with no groups - listening on unicast only! */
-
- if ((procnew == NULL) &&
- (sitecastaliases[0].sitecast_url != NULL))
- {
- /* UDP multicast responder required but not yet started */
-
- procnew = apr_pcalloc(main_server->process->pool, sizeof(*procnew));
- apr_pool_userdata_set((const void *) procnew, userdata_key,
- apr_pool_cleanup_null, main_server->process->pool);
-
- status = apr_proc_fork(procnew, pPool);
-
- if (status < 0)
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, status, main_server,
- "mod_gridsite: Failed to spawn SiteCast responder process");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- else if (status == APR_INCHILD)
- {
- ap_log_error(APLOG_MARK, APLOG_NOTICE, status, main_server,
- "mod_gridsite: Spawning SiteCast responder process");
- sitecast_responder(main_server);
- exit(-1);
- }
-
- apr_pool_note_subprocess(main_server->process->pool,
- procnew, APR_KILL_AFTER_TIMEOUT);
- }
-
- /* continue with normal HTTP/HTTPS servers */
-
- ap_add_version_component(pPool,
- apr_psprintf(pPool, "mod_gridsite/%s", VERSION));
-
- for (this_server = main_server;
- this_server != NULL;
- this_server = this_server->next)
- {
- /* we do some GridSite OpenSSL magic for HTTPS servers */
-
- sc = ap_get_module_config(this_server->module_config, &ssl_module);
-
- if ((sc != NULL) &&
- (sc->enabled) &&
- (sc->server != NULL) &&
- (sc->server->ssl_ctx != NULL))
- {
- ctx = sc->server->ssl_ctx;
-
- /* in 0.9.7 we could set the issuer-checking callback directly */
-// ctx->cert_store->check_issued = GRST_X509_check_issued_wrapper;
-
- /* but in case 0.9.6 we do it indirectly with another wrapper */
- SSL_CTX_set_cert_verify_callback(ctx,
- GRST_verify_cert_wrapper,
- (void *) NULL);
-
- /* whatever version, we can set the SSLVerify wrapper properly */
- SSL_CTX_set_verify(ctx, ctx->verify_mode,
- GRST_callback_SSLVerify_wrapper);
-
- if (main_server->loglevel >= APLOG_DEBUG)
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server,
- "Set mod_ssl verify callbacks to GridSite wrappers");
- }
- }
-
- /* create sessions directory if necessary */
-
- path = ap_server_root_relative(pPool, sessionsdir);
- apr_dir_make_recursive(path, APR_UREAD | APR_UWRITE | APR_UEXECUTE, pPool);
- chown(path, unixd_config.user_id, unixd_config.group_id);
-
- return OK;
-}
-
-static void mod_gridsite_child_init(apr_pool_t *pPool, server_rec *pServer)
-{
- apr_time_t cutoff_time;
- apr_dir_t *dir;
- char *filename;
- apr_finfo_t finfo;
- SSLSrvConfigRec *sc = ap_get_module_config(pServer->module_config,
- &ssl_module);
- GRSTgaclInit();
-
- /* expire old ssl creds files */
-
- if (sc != NULL) // && sc->enabled)
- {
- cutoff_time = apr_time_now()
- - apr_time_from_sec(sc->session_cache_timeout);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServer,
- "Cutoff time for ssl creds cache: %ld",
- (long) apr_time_sec(cutoff_time));
-
- if (apr_dir_open(&dir,
- ap_server_root_relative(pPool, sessionsdir), pPool) == APR_SUCCESS)
- {
- while (apr_dir_read(&finfo,
- APR_FINFO_CTIME | APR_FINFO_NAME, dir) == APR_SUCCESS)
- {
- if ((finfo.ctime < cutoff_time) &&
- (strncmp(finfo.name, "sslcreds-", 9) == 0))
- {
- filename = apr_pstrcat(pPool,
- ap_server_root_relative(pPool, sessionsdir),
- "/", finfo.name, NULL);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServer,
- "Remove %s from ssl creds cache", filename);
-
- apr_file_remove(filename, pPool);
- }
- }
-
- apr_dir_close(dir);
- }
- }
-}
-
-static int mod_gridsite_handler(request_rec *r)
-{
- mod_gridsite_dir_cfg *conf;
-
- conf = (mod_gridsite_dir_cfg *)
- ap_get_module_config(r->per_dir_config, &gridsite_module);
-
- if ((conf->dnlistsuri != NULL) &&
- (strncmp(r->uri, conf->dnlistsuri, strlen(conf->dnlistsuri)) == 0))
- {
- if (strcmp(r->uri, conf->dnlistsuri) == 0)
- return mod_gridsite_dnlistsuri_dir_handler(r, conf);
-
- return mod_gridsite_dnlistsuri_handler(r, conf);
- }
-
- if (strcmp(r->handler, DIR_MAGIC_TYPE) == 0)
- return mod_gridsite_dir_handler(r, conf);
-
- return mod_gridsite_nondir_handler(r, conf);
-}
-
-static ap_unix_identity_t *mod_gridsite_get_suexec_id_doer(const request_rec *r)
-{
- mod_gridsite_dir_cfg *conf;
-
- conf = (mod_gridsite_dir_cfg *)
- ap_get_module_config(r->per_dir_config, &gridsite_module);
-
- if ((conf->execugid.uid != UNSET) &&
- (conf->execmethod != NULL))
- {
-
- /* also push GRST_EXEC_DIRECTORY into request environment here too */
-
- return &(conf->execugid);
- }
-
- return NULL;
-}
-
-static void register_hooks(apr_pool_t *p)
-{
- /* config and handler stuff */
-
- ap_hook_post_config(mod_gridsite_server_post_config, NULL, NULL,
- APR_HOOK_LAST);
- ap_hook_child_init(mod_gridsite_child_init, NULL, NULL, APR_HOOK_MIDDLE);
-
- ap_hook_fixups(mod_gridsite_first_fixups,NULL,NULL,APR_HOOK_FIRST);
-
- ap_hook_fixups(mod_gridsite_perm_handler,NULL,NULL,APR_HOOK_REALLY_LAST);
-
- ap_hook_handler(mod_gridsite_handler, NULL, NULL, APR_HOOK_FIRST);
-
- ap_hook_get_suexec_identity(mod_gridsite_get_suexec_id_doer,
- NULL, NULL, APR_HOOK_MIDDLE);
-}
-
-module AP_MODULE_DECLARE_DATA gridsite_module =
-{
- STANDARD20_MODULE_STUFF,
- create_gridsite_dir_config, /* dir config creater */
- merge_gridsite_dir_config, /* dir merger */
- create_gridsite_srv_config, /* create server config */
- NULL, /* merge server config */
- mod_gridsite_cmds, /* command apr_table_t */
- register_hooks /* register hooks */
-};
+++ /dev/null
-/*
- Copyright (c) 2003-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*
-
- Portions of this code are derived from Apache mod_ssl, and are covered
- by the Apache Software License:
-
- * Copyright 2001-2004 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*------------------------------------------------------------------*
- * This program is part of GridSite: http://www.gridsite.org/ *
- *------------------------------------------------------------------*/
-
-
-/*
- * After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined
- * in ssl_private.h, which is not installed along with httpd-devel (eg in
- * the FC2 RPM.) This include file provides SIMPLIFIED structures for use
- * by mod_gridsite: for example, pointers to unused structures are replaced
- * by void * and some of the structures are truncated when only the early
- * members are used.
- *
- * CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!!
- */
-
-#include <openssl/ssl.h>
-
-typedef enum {
- SSL_SHUTDOWN_TYPE_UNSET,
- SSL_SHUTDOWN_TYPE_STANDARD,
- SSL_SHUTDOWN_TYPE_UNCLEAN,
- SSL_SHUTDOWN_TYPE_ACCURATE
-} ssl_shutdown_type_e;
-
-typedef struct {
- SSL *ssl;
- const char *client_dn;
- X509 *client_cert;
- ssl_shutdown_type_e shutdown_type;
- const char *verify_info;
- const char *verify_error;
- int verify_depth;
- int is_proxy;
- int disabled;
- int non_ssl_request;
-} SSLConnRec;
-
-typedef struct {
- void *sc; /* pointer back to server config */
- SSL_CTX *ssl_ctx;
-} modssl_ctx_t;
-
-typedef struct {
- void *mc;
- unsigned int enabled;
- unsigned int proxy_enabled;
- const char *vhost_id;
- int vhost_id_len;
- int session_cache_timeout;
- modssl_ctx_t *server;
- modssl_ctx_t *proxy;
-} SSLSrvConfigRec;
-
-extern module AP_MODULE_DECLARE_DATA ssl_module;
+++ /dev/null
-#!/usr/bin/env perl
-#
-# roffit: convert man page source files to HTML
-#
-# Read an nroff file. Output a HTML file.
-#
-# This is a very simple script, but I use it on very simple man pages and I've
-# found no other script that makes beautiful web pages.
-#
-my $version = "0.3"; # (14 November 2003)
-# Author: Daniel Stenberg <daniel@haxx.se>
-# Please email me improvements.
-#
-# You're free to do whatever you want with this script.
-#
-# Changes:
-#
-# 0.3 - Daniel Fandrich brought:
-# o deal with .lp lines
-# o .TH needs no section portion anymore
-# o added generator meta tag in the header
-#
-# 0.2 - fixed the <a name> name for the SH section
-# - added <a href> links from all words within \fIthis\fP or \fBthis\fP
-# that has the same text as a .SH or .IP.
-#
-
-use strict;
-#use warnings;
-
-my $InFH = \*STDIN;
-my $OutFH = \*STDOUT;
-my $debugFH = \*STDERR;
-
-my %manpage;
-my @out;
-
-my $indentlevel=0; # logical levels, not columns
-my @p;
-my $within_tp;
-my $standalone=1; # by default we make stand-alone HTML pages
-my $pre;
-my %anchor; # hash with all anchors
-
-while($ARGV[0]) {
- if($ARGV[0] eq "--bare") {
- # don't include headers and stuff
- $standalone=0;
- shift @ARGV;
- }
- else {
- printf $debugFH "unknown option: %s\n", $ARGV[0] if($ARGV[0] ne "-h");
- print $debugFH "Usage: roffit [options] < infile > outfile\n",
- "Options:\n",
- " --bare Do not put in HTML, HEAD, BODY tags\n";
- exit;
- }
-}
-
-sub showp {
- my @p = @_;
- push @out, "\n<p class=\"level$indentlevel\">", @p;
-}
-
-sub defaultcss {
- print $OutFH <<ENDOFCSS
-<STYLE type="text/css">
-P.level0 {
- padding-left: 2em;
-}
-
-P.level1 {
- padding-left: 4em;
-}
-
-P.level2 {
- padding-left: 6em;
-}
-
-span.emphasis {
- font-style: italic;
-}
-
-span.bold {
- font-weight: bold;
-}
-
-span.manpage {
- font-weight: bold;
-}
-
-h2.nroffsh {
- background-color: #e0e0e0;
-}
-
-span.nroffip {
- font-weight: bold;
- font-size: 120%;
- font-family: monospace;
-}
-
-p.roffit {
- text-align: center;
- font-size: 80%;
-}
-</STYLE>
-ENDOFCSS
- ;
-}
-
-sub text2name {
- my ($text) = @_;
- $text =~ s/^ *([^ ]*).*/$1/g;
- $text =~ s/[^a-zA-Z0-9-]//g;
- return $text;
-}
-
-# scan through the file and check for <span> sections we should convert
-# to proper links
-sub linkfile {
- my @new;
- for(@out) {
- my $line=$_;
- my $l;
- while($line =~ s/<span class=\"(emphasis|bold)\">([^<]*)<\/span>/[]/) {
- my ($style, $name)=($1, $2);
-
- $l = text2name($name);
-
- #printf $debugFH "$style - $name - %s - %d\n",
- #$l, $anchor{$l};
-
- my $link;
- if($anchor{$l}) {
- $link="<a class=\"$style\" href=\"#$l\">$name</a>";
- }
- else {
- $link="<span Class=\"$style\">$name</span>";
- }
- $line =~ s/\[\]/$link/;
- }
- push @new, $line;
- }
- return @new;
-}
-
-sub parsefile {
-
- while(<$InFH>) {
- my $in = $_;
- my $out;
- # print $debugFH "DEBUG IN: $_";
-
- $in =~ s/[\r\n]//g if(!$pre); # tear off newlines
-
- if($in =~ /^\.([^ \n]*)(.*)/) {
- # this is a line starting with a dot, that means it is special
- my ($keyword, $rest) = ($1, $2);
- $out = "";
-
- # cut off initial spaces
- $rest =~ s/^ +//g;
-
- if($keyword eq "\\\"") {
- # this is a comment, skip this line
- }
- elsif($keyword =~ /^TH$/i) {
- # man page header:
- # curl 1 "22 Oct 2003" "Curl 7.10.8" "Curl Manual"
- # NAME SECTION DATE VERSION MANUAL
- if($rest =~ /([^ ]*) (\d+) \"([^\"]*)\" \"([^\"]*)\"(\"([^\"]*)\")?/) {
- # strict matching only so far
- $manpage{'name'} = $1;
- $manpage{'section'} = $2;
- $manpage{'date'} = $3;
- $manpage{'version'} = $4;
- $manpage{'manual'} = $6;
- }
- }
- elsif($keyword =~ /^SH$/i) {
- # Section Header
- showp(@p);
- @p="";
- if($pre) {
- push @out, "</pre>\n";
- $pre = 0;
- }
-
- my $name = text2name($rest);
- $anchor{$name}=1;
-
- $rest =~ s/\"//g; # cut off quotes
- $rest =~ s/</</g;
- $rest =~ s/>/>/g;
- $out = "<a name=\"$name\"></a><h2 class=\"nroffsh\">$rest</h2>";
- $indentlevel=0;
- $within_tp=0;
- }
- elsif(($keyword =~ /^B$/i) || ($keyword =~ /^BI$/i)) {
- # Make B and BI the same for simplicity
- $rest =~ s/\"//g; # cut off quotes
- $rest =~ s/</</g;
- $rest =~ s/>/>/g;
- push @p, "<span class=\"bold\">$rest</span> ";
- }
- elsif($keyword =~ /^I$/i) {
- $rest =~ s/\"//g; # cut off quotes
- $rest =~ s/</</g;
- $rest =~ s/>/>/g;
- push @p, "<span class=\"emphasis\">$rest</span> ";
- }
- elsif($keyword =~ /^RS$/i) {
- # the start of another indent-level. for inlined tables
- # within an "IP"
- showp(@p);
- @p="";
- $indentlevel++;
- }
- elsif($keyword =~ /^RE$/i) {
- # end of the RS section
- showp(@p);
- @p="";
- $indentlevel--;
- }
- elsif($keyword =~ /^NF$/i) {
- # We let nf start a <pre> section
- showp(@p);
- @p="";
- push @out, "<pre>\n";
- $pre=1
- }
- elsif($keyword =~ /^TP$/i) {
- # Used within an "RS" section to make a new line. The first
- # TP as a column indicator, but we decide to do that
- # controlling in the CSS instead.
- $within_tp=1;
- showp(@p);
- @p="";
- }
- elsif($keyword =~ /^IP$/i) {
- # start of a new paragraph coming up
- showp(@p);
- @p="";
-
- my $name= text2name($rest);
- $anchor{$name}=1;
-
- $rest =~ s/\"//g; # cut off quotes
- $rest =~ s/</</g;
- $rest =~ s/>/>/g;
-
- $indentlevel-- if ($indentlevel);
- push @p, "<a name=\"$name\"></a><span class=\"nroffip\">$rest</span> ";
- # make this a single-line title
- showp(@p);
- @p="";
- $indentlevel++;
- $within_tp=0;
- }
- elsif($keyword =~ /^ad$/i) {
- showp(@p);
- @p="";
- }
- elsif($keyword =~ /^sp$/i) {
- showp(@p);
- @p="";
- }
- elsif($keyword =~ /^lp$/i) {
- # marks end of a paragraph
- showp(@p);
- @p="";
- }
- elsif($keyword =~ /^pp$/i) {
- # PP ends a TP section, but some TP sections don't use it
- $within_tp=0;
- }
- elsif($keyword =~ /^so$/i) {
- # This keyword refers to a different man page, named in the
- # $rest.
- # We don't support this
- push @out, "See the $rest man page.\n";
- }
- elsif($keyword =~ /^BR$/i) {
- # I'm not sure what this does exactly, but this is commonly
- # used to include pointers to other man pages. Let's assume
- # it only does that for now.
- # blabla (3)
- # or "blabla (3)"
- # or strcmp "(3), " strcasecmp "(3)"
- # etc
-
- $rest =~ s/\"//g; # cut off quotes
- my @all = split /,/, $rest;
- for(@all) {
- if(/([^ ]*) *\((\d+)\)/) {
- # TODO: this looks like a man page, check if there's a
- # HTML file for it and if so make a link to it
- }
-
- push @p, "<span class=\"manpage\">$_</span> ";
- }
- }
- else {
- showp(@p);
- print $debugFH "ALERT: unknown keyword \"$keyword\"\n";
- }
- }
- else {
- # text line, decode \-stuff
- my $txt = $in;
-
- $txt =~ s/</</g;
- $txt =~ s/>/>/g;
- $txt =~ s/\\&//g; # cut off \&
- $txt =~ s/\\fI/<span class=\"emphasis\">/g;
- $txt =~ s/\\fB/<span class=\"bold\">/g;
- $txt =~ s/\\fP/<\/span>/g;
- $txt =~ s/\\//g;
-
- if($txt =~ /^[ \t\r\n]*$/) {
- # no contents, marks end of a paragraph
- showp(@p);
- @p="";
- }
- else {
- $txt =~ s/^ /\ \;/g;
- push @p, "$txt ";
- }
- $out ="";
- }
-
- if($out) {
- push @out, $out;
- # print $debugFH "DEBUG OUT: $out\n";
- }
- else {
- # print $debugFH "DEBUG OUT: [withheld]\n";
- }
- }
- showp(@p);
-}
-
-parsefile();
-
-my @conv = linkfile();
-
-my $title=sprintf("%s man page",
- $manpage{'name'}?$manpage{'name'}:"secret");
-
-if($standalone) {
- print $OutFH <<MOO
-<html><head>
-<title>$title</title>
-<meta name="generator" content="roffit $version">
-MOO
- ;
- defaultcss();
- print "</head><body>\n";
-}
-
-print $OutFH @conv;
-print $OutFH <<ROFFIT
-<p class="roffit">
- This HTML page was made with <a href="http://daniel.haxx.se/projects/roffit/">roffit</a>.
-ROFFIT
- ;
-
-if($standalone) {
- print "</body></html>\n";
-}
+++ /dev/null
-
-#include <stdio.h>
-#include <openssl/x509.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/bio.h>
-
-#include "gridsite.h"
-
-#define MAXTAG 500
-
-main()
-{
- X509 *cert, *tmpcert;
- STACK_OF(X509) *certstack = sk_X509_new_null();
- FILE *fp;
- struct vomsdata *vd;
- int i, j, vomserror, i1, i2, j1, j2, lastobject;
- X509_EXTENSION *ex;
- ASN1_OBJECT *asnobject;
- char s[80], *t;
- ASN1_OCTET_STRING *asndata;
- BIO *out;
- unsigned char *p, *op, *tot, *p1, *p2, *q, *oq;
- long len1, length1, len2, length2;
- int tag,xclass,ret=0;
- struct GRSTasn1TagList taglist[MAXTAG+1];
- int lasttag=-1, itag;
-
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-// seed_prng();
-
-// fp = fopen("proxy-with-voms", "r");
- fp = fopen("/tmp/x509up_u300", "r");
-
- cert = PEM_read_X509(fp, NULL, NULL, NULL);
-
- fclose(fp);
-
- out=BIO_new(BIO_s_file());
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-
- for (i = 0; i < X509_get_ext_count(cert); ++i)
- {
- lasttag=-1;
-
- ex = X509_get_ext(cert, i);
-
- OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1);
- printf("%d OID=%s\n", i, s);
-
- asnobject = X509_EXTENSION_get_object(ex);
- asndata = X509_EXTENSION_get_data(ex);
-
- p1 = ASN1_STRING_data(asndata);
- p = p1;
- length1 = ASN1_STRING_length(asndata);
-
- GRSTasn1ParseDump(out, p1, length1, taglist, MAXTAG, &lasttag);
-
-{
- int n, tag, xclass;
- unsigned char *q, buf[100];
- const unsigned char *dn, hash[EVP_MAX_MD_SIZE];
- ASN1_OBJECT *obj = NULL;
- const EVP_MD *m;
- EVP_MD_CTX ctx;
- char creds[501][101];
- int lastcred = -1;
-
- itag = GRSTasn1SearchTaglist(taglist, lasttag,
- "-1-1-1-1-2-1-1-1-1-1-1-1");
-
- X509_NAME *xname;
-
- q = &p[taglist[itag].start];
-
- d2i_ASN1_OBJECT(&obj, &q, taglist[itag].length +
- taglist[itag].headerlength);
-
- n = OBJ_obj2nid(obj);
- dn = OBJ_nid2sn(n);
-
-// dn = X509_NAME_oneline(xname,NULL,0);
-
- printf("n=%d dn=%s obj2txt=%s\n", n, dn, OBJ_obj2txt(NULL,0,obj,1));
-
- GRSTasn1GetX509Name(buf, 99, "-1-1-1-1-2-1-1-1-1-%d-1-%d",
- p1, taglist, lasttag);
- printf("%s\n", buf);
- GRSTasn1GetX509Name(buf, 99, "-1-1-1-1-3-1-1-1-%d-1-%d",
- p1, taglist, lasttag);
- printf("%s\n", buf);
-
- lastcred = -1;
- ret = GRSTx509ParseVomsExt(&lastcred, 500, 100, creds, 0, 2000040861,
- ex,
- "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab",
- "/etc/grid-security/vomsdir");
-
-
- printf("GRSTx509ParseVomsExt() returns %d, %d\n", ret, lastcred);
-
- for (j=0; j <= lastcred; ++j)
- printf("cred=%d %s\n", j, creds[j]);
-
-/*
- m = EVP_md5();
- EVP_DigestInit(&ctx, m);
- EVP_DigestUpdate(&ctx, delegation_id, strlen(delegation_id));
- EVP_DigestFinal(&ctx, hash, &delegation_id_len);
- */
-}
-
-/*
- itag = GRSTasn1SearchTaglist(taglist, &lasttag,
- "1-1-1-1-1-7-1-2-1-2-1");
-
- printf("tag=%d %s %d %.*s\n",
- itag, taglist[itag].treecoords, taglist[itag].tag,
- taglist[itag].length,
- &p[taglist[itag].start+taglist[itag].headerlength]);
-*/
- }
-}
+++ /dev/null
-/*
- Copyright (c) 2002-3, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-#include <stdio.h>
-#include <string.h>
-
-#include "gridsite.h"
-
-int main(int argn, char *argv[])
-{
- int i;
-
- if (argn == 1)
- {
- puts("urlencode [-m|-d] string-to-encode-or-decode");
- return 0;
- }
-
- if (strcmp(argv[1], "-d") == 0) /* decode */
- for (i = 2; i < argn; ++i)
- {
- if (i > 2) fputs(" ", stdout);
- fputs(GRSThttpUrlDecode(argv[i]), stdout);
- }
- else if (strcmp(argv[1], "-m") == 0) /* mild encode */
- for (i = 2; i < argn; ++i)
- {
- if (i > 2) fputs("%20", stdout);
- fputs(GRSThttpUrlMildencode(argv[i]), stdout);
- }
- else /* standard encode */
- for (i = 1; i < argn; ++i)
- {
- if (i > 1) fputs("%20", stdout);
- fputs(GRSThttpUrlEncode(argv[i]), stdout);
- }
-
- puts("");
-
- return 0;
-}
+++ /dev/null
-/*
- Copyright (c) 2005, Andrew McNab and Shiv Kaushal, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/ *
- *---------------------------------------------------------------*/
-
-/*
- Example program using XACML
-
- Build with:
-
- gcc -o xacmlexample xacmlexample.c -L. -I. -lgridsite -lxml2 -lz -lm
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <gridsite.h>
-
-int main()
-{
- GRSTgaclCred *cred, *usercred;
- GRSTgaclEntry *entry;
- GRSTgaclAcl *acl1, *acl2;
- GRSTgaclUser *user;
- GRSTgaclPerm perm0, perm1, perm2;
- FILE *fp;
-
- /* must initialise GACL before using XACML functions */
-
- GRSTgaclInit();
-
- /* build up an ACL, starting with a credential */
-
- cred = GRSTgaclCredNew("person");
-
- GRSTgaclCredAddValue(cred, "dn", "/O=Grid/CN=Mr Grid Person");
-
- /* create an entry to put it in */
-
- entry = GRSTgaclEntryNew();
-
- /* add the credential to it */
-
- GRSTgaclEntryAddCred(entry, cred);
-
- /* add another credential */
-
- cred = GRSTgaclCredNew("dn-list");
- GRSTgaclCredAddValue(cred, "url", "example-dn-list");
- GRSTgaclEntryAddCred(entry, cred);
-
- fp = fopen("example-dn-list", "w");
- fputs("/O=Grid/CN=Mr Grid Person\n", fp);
- fclose(fp);
-
- /* associate some permissions and denials to the credential */
-
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_READ);
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_WRITE);
- GRSTgaclEntryAllowPerm( entry, GRST_PERM_ADMIN);
- GRSTgaclEntryDenyPerm( entry, GRST_PERM_ADMIN);
- GRSTgaclEntryDenyPerm( entry, GRST_PERM_LIST);
-
- perm0 = GRST_PERM_READ | GRST_PERM_WRITE;
-
- printf("test perm should be %d\n", perm0);
-
- /* create a new ACL and add the entry to it */
-
- acl1 = GRSTgaclAclNew();
-
- GRSTgaclAclAddEntry(acl1, entry);
-
- /* create a GRSTgaclUser to compare with the ACL */
-
- usercred = GRSTgaclCredNew("person");
-
- GRSTgaclCredAddValue(usercred, "dn", "/O=Grid/CN=Mr Grid Person");
-
- user = GRSTgaclUserNew(usercred);
-
- GRSTgaclUserSetDNlists(user, getcwd(NULL, 0));
- printf("DN Lists dir %s\n", getcwd(NULL, 0));
-
-// putenv("GRST_DN_LISTS=.");
-
- perm1 = GRSTgaclAclTestUser(acl1, user);
-
- printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm1);
-
- /* print and save the whole ACL */
-
- GRSTgaclAclPrint(acl1, stdout);
-
- GRSTxacmlAclSave(acl1, "example.xacml");
-
- puts("gridacl.out saved");
-
- puts("");
-
- /* load the ACL back off the disk, print and test it */
-
- acl2 = GRSTxacmlAclLoadFile("example.xacml");
-
- puts("gridacl.out loaded");
-
- if (acl2 != NULL) GRSTgaclAclPrint(acl2, stdout); else puts("acl2 is NULL");
-
- perm2 = GRSTgaclAclTestUser(acl2, user);
-
- printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm2);
-
- if (perm1 != perm0) return 1;
- if (perm2 != perm0) return 2;
-
- return 0;
-}
-
git://scientific.zcu.cz / jra1mw.git / commitdiff