if ( cadir ) setenv("X509_CERT_DIR", cadir, 1);
edg_wll_gss_watch_creds(server_cert, &cert_mtime);
- if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &mysubj, &gss_code))
+ if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &gss_code)) {
+ mysubj = strdup(mycred->name);
fprintf(stderr,"Server idenity: %s\n",mysubj);
+ }
else fputs("WARNING: Running unauthenticated\n",stderr);
/* XXX: daemonise */
switch (edg_wll_gss_watch_creds(server_cert,&cert_mtime)) {
case 0: break;
case 1: if (!edg_wll_gss_acquire_cred_gsi(server_cert,server_key,
- &newcred,NULL,&gss_code))
+ &newcred,&gss_code))
{
printf("[%d] reloading credentials\n",getpid()); /* XXX: log */
if (server_key || server_cert) {
edg_wll_GssCred cred;
- ret = edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &cred, NULL, NULL);
+ ret = edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &cred, NULL);
glite_gsplugin_set_credential(plugin_ctx, cred);
}
if ( edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? : ctx->p_cert_filename,
ctx->p_proxy_filename ? : ctx->p_key_filename,
- NULL, &user_dn, &gss_stat) ) {
+ NULL, &gss_stat) ) {
fprintf(stderr, "failed to load GSI credentials\n");
retrun 1;
}
free(ctx->connections->connPool[index].peerName); // should be empty; just to be sure
ctx->connections->connPool[index].peerName = strdup(name);
ctx->connections->connPool[index].peerPort = port;
- ctx->connections->connPool[index].gsiCred = GSS_C_NO_CREDENTIAL; // initial value
+ ctx->connections->connPool[index].gsiCred = NULL; // initial value
ctx->connections->connPool[index].certfile = NULL;
ctx->connections->connOpened++;
{
int index;
edg_wll_GssStatus gss_stat;
- OM_uint32 lifetime = 0;
+ time_t lifetime = 0;
struct stat statinfo;
int acquire_cred = 0;
// Check if credentials exist. If so, check validity
if (ctx->connections->connPool[index].gsiCred) {
- gss_inquire_cred(ctx->connections->connPool[index].gsiCred, NULL, &lifetime, NULL, NULL, NULL);
+ lifetime = ctx->connections->connPool[index].gsiCred->lifetime;
#ifdef EDG_WLL_CONNPOOL_DEBUG
printf ("Credential exists, lifetime: %d\n", lifetime);
#endif
if (edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &ctx->connections->connPool[index].gsiCred, NULL, &gss_stat)) {
+ &ctx->connections->connPool[index].gsiCred, &gss_stat)) {
edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat);
goto err;
}
if ( !lbproxy_user ) {
edg_wll_GssCred gss_cred = NULL;
edg_wll_GssStatus gss_stat;
- if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &gss_cred, &lbproxy_user, &gss_stat) )
+ if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &gss_cred, &gss_stat) )
lbproxy_user = "anonymous";
+ else
+ lbproxy_user = strdup(gss_cred->name);
if ( gss_cred != NULL ) edg_wll_gss_release_cred(&gss_cred, NULL);
}
if ( lbproxy_store_sock )
ret = edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &ctx->connections->connPool[index].gsiCred, &my_subject_name, &gss_stat);
+ &ctx->connections->connPool[index].gsiCred, &gss_stat);
/* give up if unable to acquire prescribed credentials, otherwise go on anonymously */
if (ret && ctx->p_proxy_filename) {
edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat);
goto edg_wll_log_connect_err;
}
+ my_subject_name = ctx->connections->connPool[index].gsiCred->name;
+
#ifdef EDG_WLL_LOG_STUB
if (my_subject_name != NULL) {
fprintf(stderr,"edg_wll_log_connect: using certificate: %s\n",my_subject_name);
ret = edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &ctx->connections->connPool[index].gsiCred, &my_subject_name, &gss_stat);
+ &ctx->connections->connPool[index].gsiCred, &gss_stat);
/* give up if unable to acquire prescribed credentials, otherwise go on anonymously */
if (ret && ctx->p_proxy_filename) {
edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat);
goto edg_wll_log_connect_err;
}
+ my_subject_name = ctx->connections->connPool[index].gsiCred->name;
+
#ifdef EDG_WLL_LOG_STUB
if (my_subject_name != NULL) {
fprintf(stderr,"edg_wll_log_connect: using certificate: %s\n",my_subject_name);
edg_wll_log_connect_end:
if (index >= 0) edg_wll_connectionTryLock(ctx, index);
- if (my_subject_name) free(my_subject_name);
edg_wll_poolUnlock();
ret = edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &cred, &my_subject_name, &gss_stat);
+ &cred, &gss_stat);
/* give up if unable to acquire prescribed credentials, otherwise go on anonymously */
if (ret && ctx->p_proxy_filename) {
edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat);
goto edg_wll_log_direct_connect_end;
}
+ my_subject_name = cred->name;
#ifdef EDG_WLL_LOG_STUB
if (my_subject_name) {
/* TODO: merge - shouldn't be probably ctx->p_user_lbproxy but some new parameter, eg. ctx->p_user
#endif
if (cred != NULL)
edg_wll_gss_release_cred(&cred, NULL);
- if (my_subject_name) free(my_subject_name);
if (host) free(host);
return answer;
/* add user credentials to context */
{
- char *my_subject_name = NULL;
edg_wll_GssStatus gss_stat;
edg_wll_GssCred cred = NULL;
err = edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &cred, &my_subject_name, &gss_stat);
+ &cred, &gss_stat);
/* give up if unable to acquire prescribed credentials */
if (err && ctx->p_proxy_filename) {
edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat);
edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, EDG_WLL_LOG_USER_DEFAULT);
} else {
- edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, my_subject_name);
+ edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, cred->name);
}
if (cred != NULL)
edg_wll_gss_release_cred(&cred, NULL);
- if (my_subject_name) free(my_subject_name);
}
return edg_wll_Error(ctx,NULL,NULL);
if (user) {
edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, user);
} else {
- char *my_subject_name = NULL;
edg_wll_GssStatus gss_stat;
edg_wll_GssCred cred = NULL;
err = edg_wll_gss_acquire_cred_gsi(
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
- &cred, &my_subject_name, &gss_stat);
+ &cred, &gss_stat);
/* give up if unable to acquire prescribed credentials */
if (err && ctx->p_proxy_filename) {
edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat);
edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, EDG_WLL_LOG_USER_DEFAULT);
} else {
- edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, my_subject_name);
+ edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, cred->name);
}
if (cred != NULL)
edg_wll_gss_release_cred(&cred, NULL);
- if (my_subject_name) free(my_subject_name);
}
/* query LBProxyServer for sequence code if not user-suplied */
setenv("X509_CERT_DIR", CAcert_dir, 1);
edg_wll_gss_watch_creds(cert_file,&cert_mtime);
- ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred_handle, NULL, &gss_stat);
+ ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred_handle, &gss_stat);
if (ret) {
char *gss_err = NULL;
char *str;
struct sockaddr_in client_addr;
int client_addr_len;
- char *my_subject_name = NULL;
-
time_t cert_mtime = 0, key_mtime = 0;
edg_wll_GssStatus gss_stat;
edg_wll_GssCred cred = NULL;
edg_wll_gss_watch_creds(cert_file,&cert_mtime);
/* XXX DK: support noAuth */
- ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred, &my_subject_name,
- &gss_stat);
+ ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred, &gss_stat);
if (ret) {
/* XXX DK: call edg_wll_gss_get_error() */
edg_wll_ll_log(LOG_CRIT,"Failed to get GSI credentials. Exiting.\n");
exit(1);
}
- if (my_subject_name!=NULL) {
- edg_wll_ll_log(LOG_INFO,"Server running with certificate: %s\n",my_subject_name);
- free(my_subject_name);
+ if (cred->name!=NULL) {
+ edg_wll_ll_log(LOG_INFO,"Server running with certificate: %s\n",cred->name);
} else if (noAuth) {
edg_wll_ll_log(LOG_INFO,"Server running without certificate\n");
-#if 0
- /* XXX DK: */
- } else {
- edg_wll_ll_log(LOG_CRIT,"No server credential found. Exiting.\n");
- exit(1);
-#endif
}
/* do listen */
edg_wll_GssCred newcred;
case 0: break;
case 1:
- ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file,&newcred,NULL,&gss_stat);
+ ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file,&newcred,&gss_stat);
if (ret) {
edg_wll_ll_log(LOG_WARNING,"Reloading credentials failed, continue with older\n");
} else {
int ret;
ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file,
- &new_cred_handle, NULL, NULL);
+ &new_cred_handle, NULL);
if (new_cred_handle != NULL) {
edg_wll_gss_release_cred(&cred_handle, NULL);
cred_handle = new_cred_handle;
int fd, i;
int dtablesize;
struct sockaddr_in a;
- char *mysubj = NULL;
int opt;
char pidfile[PATH_MAX] = EDG_BKSERVERD_PIDFILE,
*name;
if ( cadir ) setenv("X509_CERT_DIR", cadir, 1);
edg_wll_gss_watch_creds(server_cert, &cert_mtime);
- if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &mysubj, &gss_code) )
+ if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &gss_code) )
{
int i;
- dprintf(("Server identity: %s\n",mysubj));
- server_subject = strdup(mysubj);
+ dprintf(("Server identity: %s\n",mycred->name));
+ server_subject = strdup(mycred->name);
for ( i = 0; super_users && super_users[i]; i++ ) ;
super_users = realloc(super_users, (i+2)*sizeof(*super_users));
- super_users[i] = mysubj;
+ super_users[i] = mycred->name;
super_users[i+1] = NULL;
}
else {
switch ( edg_wll_gss_watch_creds(server_cert, &cert_mtime) ) {
case 0: break;
case 1:
- if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &newcred, NULL, &gss_code) ) {
+ if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &newcred, &gss_code) ) {
dprintf(("[%d] reloading credentials successful\n", getpid()));
edg_wll_gss_release_cred(&mycred, NULL);
mycred = newcred;
if ( cert || key ) {
if ( glite_gsplugin_init_context(&ctx) ) { perror("init context"); exit(1); }
- if (edg_wll_gss_acquire_cred_gsi(cert, key, &cred, NULL, NULL) != 0) {
+ if (edg_wll_gss_acquire_cred_gsi(cert, key, &cred, NULL) != 0) {
fprintf (stderr, "Failed to set credentials\n");
exit(1);
}
struct sockaddr_in a;
int alen;
char *name, *msg;
- char *subject = NULL;
int opt,
port = 19999;
char *cert_filename = NULL, *key_filename = NULL;
}
}
- if ( edg_wll_gss_acquire_cred_gsi(cert_filename, key_filename, &ctx->cred, &subject, &gss_code) ) {
+ if ( edg_wll_gss_acquire_cred_gsi(cert_filename, key_filename, &ctx->cred, &gss_code) ) {
edg_wll_gss_get_error(&gss_code, "Failed to read credential", &msg);
fprintf(stderr, "%s\n", msg);
free(msg);
exit(1);
}
- if (subject) {
- printf("server running with certificate: %s\n", subject);
- free(subject);
+ if (ctx->cred->name) {
+ printf("server running with certificate: %s\n", ctx->cred->name);
}
soap_init(&soap);
edg_wll_GssStatus gss_code;
int ret;
- ret = edg_wll_gss_acquire_cred_gsi(cert, key, &ctx->cred, NULL, &gss_code);
+ ret = edg_wll_gss_acquire_cred_gsi(cert, key, &ctx->cred, &gss_code);
if (ret) {
/* XXX propagate error description */
return EINVAL;
}
else {
edg_wll_GssStatus gss_code;
- char *subject = NULL;
pdprintf(("GSLITE_GSPLUGIN: Creating default context\n"));
if ( glite_gsplugin_init_context((glite_gsplugin_Context*)&(pdata->ctx)) ) {
free(pdata);
return ENOMEM;
}
- if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &pdata->ctx->cred, &subject, &gss_code) ) {
+ if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &pdata->ctx->cred, &gss_code) ) {
/* XXX: Let user know, that cred. load failed. Somehow...
*/
glite_gsplugin_free_context(pdata->ctx);
return EINVAL;
}
pdata->ctx->internal_credentials = 1;
- pdprintf(("GSLITE_GSPLUGIN: server running with certificate: %s\n", subject));
- free(subject);
+ pdprintf(("GSLITE_GSPLUGIN: server running with certificate: %s\n",
+ pdata->ctx->cred->name));
pdata->def = 1;
}
if ( ctx->cred == NULL ) {
pdprintf(("GSLITE_GSPLUGIN: loading default credentials\n"));
ret = edg_wll_gss_acquire_cred_gsi(NULL, NULL,
- &ctx->cred, NULL, &gss_stat);
+ &ctx->cred, &gss_stat);
if ( ret ) {
edg_wll_gss_get_error(&gss_stat, "failed to load GSI credentials",
&ctx->error_msg);
git://scientific.zcu.cz / jra1mw.git / commitdiff