Sync

diff --git a/org.gridsite.core/interface/gridsite.h b/org.gridsite.core/interface/gridsite.h
index f2d054c..0581ef8 100644 (file)
--- a/org.gridsite.core/interface/gridsite.h
+++ b/org.gridsite.core/interface/gridsite.h
@@ -252,7 +252,7 @@ int        GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *);
 /*  #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */
 int        GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *);
 
-int       GRSTgaclCredCmp(GRSTgaclCred *, GRSTgaclCred *);
+int       GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *);
 
 /*  #define GACLnewEntry(x)            GRSTgaclEntryNew((x)) */
 GRSTgaclEntry *GRSTgaclEntryNew(void);

diff --git a/org.gridsite.core/src/grst_gacl.c b/org.gridsite.core/src/grst_gacl.c
index f46d0c5..e6239c3 100644 (file)
--- a/org.gridsite.core/src/grst_gacl.c
+++ b/org.gridsite.core/src/grst_gacl.c
@@ -339,7 +339,7 @@ int GRSTgaclCredPrint(GRSTgaclCred *cred, FILE *fp)
   return 0;
 }
 
-int GRSTgaclCredCmp(GRSTgaclCred *cred1, GRSTgaclCred *cred2)
+int GRSTgaclCredCmpAuri(GRSTgaclCred *cred1, GRSTgaclCred *cred2)
 /*
     GRSTgaclCredCmp - compare two credentials for exact match in AURI values
                       (this means a string match, not just any-user=DN etc)

diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c
index ca82492..8208324 100644 (file)
--- a/org.gridsite.core/src/grst_x509.c
+++ b/org.gridsite.core/src/grst_x509.c
@@ -1110,7 +1110,7 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred)
 /// Returns pointer to created GRSTgaclCred or NULL or failure.
 {
    int       delegation;
-   char     *p;
+   char     *p, *encoded;
    time_t    now, notbefore, notafter;
    GRSTgaclCred *cred = NULL;
 
@@ -1129,7 +1129,9 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred)
             && (p = index(++p, ' '))
             && (p = index(++p, ' ')))
          {
-           cred = GRSTgaclCredCreate("dn:", &p[1]);
+           encoded = GRSThttpUrlMildencode(&p[1]);
+           cred = GRSTgaclCredCreate("dn:", encoded);
+           free(encoded);
            GRSTgaclCredSetDelegation(cred, delegation);
          }
 
@@ -1151,7 +1153,9 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred)
 
            if (p[1] != '/') return NULL; /* must begin with / */
 
-           cred = GRSTgaclCredCreate("fqan:", &p[1]);
+           encoded = GRSThttpUrlMildencode(&p[1]);
+           cred = GRSTgaclCredCreate("fqan:", encoded);
+           free(encoded);
            GRSTgaclCredSetDelegation(cred, delegation);
          }
 

diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c
index 6fa3d52..e551943 100644 (file)
--- a/org.gridsite.core/src/mod_gridsite.c
+++ b/org.gridsite.core/src/mod_gridsite.c
@@ -319,8 +319,12 @@ char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf,
     if ((grst_cred_auri_0 != NULL) && 
         (strncmp(grst_cred_auri_0, "dn:", 3) == 0))
       {
-         dn = &grst_cred_auri_0[3];
-         if (dn[0] == '\0') dn = NULL;         
+         dn = GRSThttpUrlDecode(&grst_cred_auri_0[3]);
+         if (dn[0] == '\0') 
+           {
+             free(dn);
+             dn = NULL;
+           }         
       }
   
     if (dn != NULL) 
@@ -360,6 +364,8 @@ char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf,
                 out = apr_pstrcat(r->pool, out, temp, NULL);
               }                 
           }
+          
+        free(dn);
       }
     
     if ((https != NULL) && (strcasecmp(https, "on") == 0))
@@ -2353,7 +2359,7 @@ int GRST_load_ssl_creds(SSL *ssl, conn_rec *conn)
 void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain)
 {
    int          i, lastcred, lowest_voms_delegation = 65535;
-   char         envname[14], *tempfile = NULL,
+   char         envname[14], *tempfile = NULL, *encoded,
                *sessionfile, session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
    apr_file_t  *fp = NULL;
    SSL         *ssl;
@@ -2405,12 +2411,14 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain)
         else if ((grst_cert->type == GRST_CERT_TYPE_EEC) ||
                  (grst_cert->type == GRST_CERT_TYPE_PROXY))
           {
+            encoded = GRSThttpUrlMildencode(grst_cert->dn);
+          
             apr_table_setn(conn->notes,
                    apr_psprintf(conn->pool, "GRST_CRED_AURI_%d", i),
-                   apr_pstrcat(conn->pool, "dn:", grst_cert->dn, NULL));
+                   apr_pstrcat(conn->pool, "dn:", encoded, NULL));
 
             if (fp != NULL) apr_file_printf(fp, "GRST_CRED_AURI_%d=dn:%s\n",
-                                                i, grst_cert->dn);
+                                                i, encoded);
 
             apr_table_setn(conn->notes,
                    apr_psprintf(conn->pool, "GRST_CRED_VALID_%d", i),
@@ -2427,7 +2435,9 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain)
                                                grst_cert->delegation, 0);
 
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server,
-                      "store GRST_CRED_AURI_%d=dn:%s", i, grst_cert->dn);
+                      "store GRST_CRED_AURI_%d=dn:%s", i, encoded);
+
+            free(encoded);
 
             ++i;
           }
@@ -2440,13 +2450,15 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain)
             (grst_cert->delegation == lowest_voms_delegation))
           {
             /* only export attributes from the last proxy to contain them */
+
+            encoded = GRSThttpUrlMildencode(grst_cert->value);
           
             apr_table_setn(conn->notes,
                    apr_psprintf(conn->pool, "GRST_CRED_AURI_%d", i),
-                   apr_pstrcat(conn->pool, "fqan:", grst_cert->value, NULL));
+                   apr_pstrcat(conn->pool, "fqan:", encoded, NULL));
 
             if (fp != NULL) apr_file_printf(fp, "GRST_CRED_AURI_%d=fqan:%s\n",
-                                                i, grst_cert->value);
+                                                i, encoded);
 
             apr_table_setn(conn->notes,
                    apr_psprintf(conn->pool, "GRST_CRED_VALID_%d", i),
@@ -2463,7 +2475,9 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain)
                                                grst_cert->delegation, 0);
 
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server,
-                      "store GRST_CRED_AURI_%d=fqan:%s", i, grst_cert->value);
+                      "store GRST_CRED_AURI_%d=fqan:%s", i, encoded);
+
+            free(encoded);
 
             ++i;
           }
@@ -2605,7 +2619,7 @@ static int mod_gridsite_perm_handler(request_rec *r)
     char        *dn, *p, *q, envname1[30], envname2[30], 
                 *grst_cred_auri_0 = NULL, *dir_path,
                 *remotehost, s[99], *grst_cred_auri_i, *cookies, *file, *https,
-                *cookiefile, oneline[1025], *key_i,
+                *cookiefile, oneline[1025], *key_i, *decoded,
                 *destination = NULL, *destination_uri = NULL, *querytmp, 
                 *destination_prefix = NULL, *destination_translated = NULL,
                 *aclpath = NULL, *grst_cred_valid_0 = NULL, *grst_cred_valid_i,
@@ -2999,6 +3013,7 @@ static int mod_gridsite_perm_handler(request_rec *r)
              {                                    
                if (strncmp(cred->auri, "dn:", 3) == 0)
                  {
+                   decoded = GRSThttpUrlDecode(&(cred->auri[3]));
                    apr_table_setn(env, 
                                   apr_psprintf(r->pool, "GRST_CRED_%d", i),
                                   apr_psprintf(r->pool, 
@@ -3007,16 +3022,19 @@ static int mod_gridsite_perm_handler(request_rec *r)
                                                cred->notbefore,
                                                cred->notafter,
                                                cc_delegation, 
-                                               &(cred->auri[3])));
+                                               decoded));
+                   free(decoded);
                  }
                else if (strncmp(cred->auri, "fqan:", 5) == 0)
                  {
+                   decoded = GRSThttpUrlDecode(&(cred->auri[5]));
                    apr_table_setn(env, 
                                   apr_psprintf(r->pool, "GRST_CRED_%d", i),
                                   apr_psprintf(r->pool, 
                                                   "VOMS %ld %ld 0 %s",
                                                   notbefore, notafter, 
-                                                  &(cred->auri[5])));
+                                                  decoded));
+                   free(decoded);
                  }
 
                apr_table_setn(env,

diff --git a/org.gridsite.core/src/slashgrid.c b/org.gridsite.core/src/slashgrid.c
index 33d2413..e008699 100644 (file)
--- a/org.gridsite.core/src/slashgrid.c
+++ b/org.gridsite.core/src/slashgrid.c
@@ -1198,7 +1198,7 @@ GRSTgaclPerm get_gaclPerm(struct fuse_context *fuse_ctx, char *path)
   GRSTgaclCred *cred;
   GRSTgaclUser *user = NULL;
   GRSTgaclAcl  *acl;
-  char *dn = NULL;
+  char *dn = NULL, *encoded_dn;
 
 // eventually want a UID cache here...
 
@@ -1216,9 +1216,12 @@ GRSTgaclPerm get_gaclPerm(struct fuse_context *fuse_ctx, char *path)
   
   if (dn != NULL)
     {
-      cred = GRSTgaclCredCreate("dn:", dn);
+      encoded_dn = GRSThttpMildUrlEncode(dn);
+    
+      cred = GRSTgaclCredCreate("dn:", encoded_dn);
       user = GRSTgaclUserNew(cred);
       free(dn);
+      free(encoded_dn);
     }   
   
   acl  = GRSTgaclAclLoadforFile(path);