From: Andrew McNab Date: Wed, 29 Mar 2006 11:56:34 +0000 (+0000) Subject: More org.gridsite.ws tidying X-Git-Tag: glite-security-proxyrenewal_R_1_3_0~12 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=2ce77c0eb0841a162d94e4058a5656348099c0d1;p=jra1mw.git More org.gridsite.ws tidying --- diff --git a/org.gridsite.core/interface/gridsite.h b/org.gridsite.core/interface/gridsite.h index a20c473..caa3a14 100644 --- a/org.gridsite.core/interface/gridsite.h +++ b/org.gridsite.core/interface/gridsite.h @@ -289,6 +289,8 @@ char *GRSTx509CachedProxyFind(char *, char *, char *); char *GRSTx509FindProxyFileName(void); int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int); char *GRSTx509CachedProxyKeyFind(char *, char *, char *); +int GRSTx509ProxyDestroy(char *, char *, char *); +int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *); int GRSTx509MakeProxyRequest(char **, char *, char *, char *); int GRSTx509StringToChain(STACK_OF(X509) **, char *); char *GRSTx509MakeDelegationID(void); diff --git a/org.gridsite.core/src/Makefile b/org.gridsite.core/src/Makefile index 9708068..7cd43f6 100644 --- a/org.gridsite.core/src/Makefile +++ b/org.gridsite.core/src/Makefile @@ -59,7 +59,7 @@ endif build: apidoc \ libgridsite.so.$(VERSION) libgridsite.a htcp mod_gridsite.so \ urlencode findproxyfile real-gridsite-admin.cgi gsexec \ - gridsite-copy.cgi # gridsite-delegation.cgi # htproxyput + gridsite-copy.cgi build: libgridsite_globus.so.$(VERSION) libgridsite_globus.a @@ -218,52 +218,6 @@ xacmlexample: xacmlexample.c libgridsite.a -I/usr/kerberos/include -lgridsite \ -lssl -lcrypto -lxml2 -lz -lm -# -# Delegation machinery, including SOAP delegation portType. To build this -# you need to install gSOAP and set GSOAPDIR to the directory containing -# soapcpp2 and stdsoap2.h (unless GSOAPDIR is set already) -# - -ifndef GSOAPDIR -export GSOAPDIR=/usr/local/ -endif - -delegation.wsdl: delegation.h - ls -lR $(GSOAPDIR) - $(GSOAPDIR)/bin/soapcpp2 -c delegation.h - -libstdsoap2.a: $(GSOAPDIR)/stdsoap2.c - gcc -g -c -DWITH_OPENSSL $(GSOAPDIR)/stdsoap2.c - ar src libstdsoap2.a stdsoap2.o - -gridsite-delegation.cgi: grst-delegation.c delegation.h delegation.wsdl \ - soapC.c soapServer.c - gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o gridsite-delegation.cgi \ - grst-delegation.c \ - -I/usr/kerberos/include -I$(GSOAPDIR)/include \ - -DVERSION=\"$(VERSION)\" -L$(GSOAPDIR)/lib \ - soapC.c soapServer.c -lgsoap \ - -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm - -htproxyput: htproxyput.c delegation.h delegation.wsdl \ - soapC.c soapServer.c - gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o htproxyput \ - htproxyput.c \ - -I/usr/kerberos/include \ - -g -DVERSION=\"$(VERSION)\" \ - -I$(GSOAPDIR)/include -DWITH_OPENSSL -L$(GSOAPDIR)/lib \ - soapC.c soapClient.c -lgsoap \ - -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm - -proxyput-example: proxyput-example.c delegation.h delegation.wsdl \ - soapC.c soapServer.c - gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o proxyput-example \ - proxyput-example.c \ - -I/usr/kerberos/include \ - -g -DVERSION=\"$(VERSION)\" \ - -I$(GSOAPDIR) -DWITH_OPENSSL \ - soapC.c soapClient.c libstdsoap2.a \ - -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm clean: @@ -332,9 +286,9 @@ dist: ../gridsite-$(PATCH_VERSION)/interface cp -f ../VERSION ../README ../LICENSE ../CHANGES ../INSTALL \ ../gridsite-$(PATCH_VERSION) - cp -f Makefile grst*.c htproxyput.c proxyput-example.c htcp.c \ + cp -f Makefile grst*.c htcp.c \ urlencode.c findproxyfile.c gaclexample.c mod_gridsite.c \ - delegation.h grst_admin.h mod_ssl-private.h \ + grst_admin.h mod_ssl-private.h \ gsexec.c gsexec.h gridsite-copy.c \ roffit gridsite.spec \ Doxyfile doxygen.css doxyheader.html \ diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index 796314b..a41f248 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -814,7 +814,7 @@ static void mpcerror(FILE *debugfp, char *msg) */ int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp, - char *reqtxt, char *cert, char *key, int minutes) + char *reqtxt, char *cert, char *key, int minutes) { char *ptr, *certchain; int i, subjAltName_pos, ncerts; @@ -1310,6 +1310,110 @@ int GRSTx509MakeProxyRequest(char **reqtxt, char *proxydir, return 0; } +/// Destroy stored GSI proxy files +/** + * Returns GRST_RET_OK on success, non-zero otherwise. + * (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain + * were not found.) + */ + +int GRSTx509ProxyDestroy(char *proxydir, char *delegation_id, char *user_dn) +{ + int ret = GRST_RET_OK; + char *docroot, *filename, *user_dn_enc; + + if (strcmp(user_dn, "cache") == 0) return GRST_RET_FAILED; + + user_dn_enc = GRSThttpUrlEncode(user_dn); + + /* private key */ + + asprintf(&filename, "%s/%s/%s/userkey.pem", + proxydir, user_dn_enc, delegation_id); + + if (filename == NULL) + { + free(user_dn_enc); + return GRST_RET_FAILED; + } + + if (unlink(filename) != 0) ret = GRST_RET_NO_SUCH_FILE; + free(filename); + + /* cert chain */ + + asprintf(&filename, "%s/%s/%s/usercert.pem", + proxydir, user_dn_enc, delegation_id); + + if (filename == NULL) + { + free(user_dn_enc); + return GRST_RET_FAILED; + } + + if (unlink(filename) != 0) ret = GRST_RET_NO_SUCH_FILE; + free(filename); + + /* voms file */ + + asprintf(&filename, "%s/%s/%s/voms.attributes", + proxydir, user_dn_enc, delegation_id); + + if (filename == NULL) + { + free(user_dn_enc); + return GRST_RET_FAILED; + } + + unlink(filename); + free(filename); + + return ret; +} + +/// Get start and finish validity times of stored GSI proxy file +/** + * Returns GRST_RET_OK on success, non-zero otherwise. + * (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.) + */ + +int GRSTx509ProxyGetTimes(char *proxydir, char *delegation_id, char *user_dn, + time_t *start, time_t *finish) +{ + char *docroot, *filename, *user_dn_enc; + FILE *fp; + X509 *cert; + + if (strcmp(user_dn, "cache") == 0) return GRST_RET_FAILED; + + user_dn_enc = GRSThttpUrlEncode(user_dn); + + /* cert chain */ + + asprintf(&filename, "%s/%s/%s/usercert.pem", + proxydir, user_dn_enc, delegation_id); + + free(user_dn_enc); + + if (filename == NULL) return GRST_RET_FAILED; + + fp = fopen(filename, "r"); + free(filename); + + if (fp == NULL) return GRST_RET_NO_SUCH_FILE; + + cert = PEM_read_X509(fp, NULL, NULL, NULL); + + fclose(fp); + + *start = GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0); + *finish = GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0); + + X509_free(cert); + + return GRST_RET_OK; +} + /// Create a stack of X509 certificate from a PEM-encoded string /** * Creates a dynamically allocated stack of X509 certificate objects diff --git a/org.gridsite.core/src/proxyput-example.c b/org.gridsite.core/src/proxyput-example.c deleted file mode 100644 index f0fe834..0000000 --- a/org.gridsite.core/src/proxyput-example.c +++ /dev/null @@ -1,131 +0,0 @@ -/* - Copyright (c) 2002-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - Change the hard-coded defaults below to your set up. -*/ - -#define LOCALPROXY "/tmp/x509up" -#define DELEGATIONURL "https://testing.hep.man.ac.uk/gridsite-delegation.cgi" -#define CAPATH "/etc/grid-security/certificates" -#define DELEGATIONID "1234567890" -#define EXPIREMINUTES 60 - -#ifndef VERSION -#define VERSION "0.0.0" -#endif - -#define _GNU_SOURCE - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "gridsite.h" - -#include "soapH.h" -#include "delegation.nsmap" - -int main(int argc, char *argv[]) -{ - char *reqtxt, *certtxt; - struct ns__putProxyResponse *unused; - struct soap soap_get, soap_put; - - ERR_load_crypto_strings (); - OpenSSL_add_all_algorithms(); - - soap_init(&soap_get); - - if (soap_ssl_client_context(&soap_get, - SOAP_SSL_DEFAULT, - LOCALPROXY, - "", - NULL, - CAPATH, - NULL)) - { - soap_print_fault(&soap_get, stderr); - return 1; - } - - soap_call_ns__getProxyReq(&soap_get, - DELEGATIONURL, /* HTTPS url of service */ - "", /* no password on proxy */ - DELEGATIONID, - &reqtxt); - - if (soap_get.error) - { - soap_print_fault(&soap_get, stderr); - return 1; - } - - if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt, - LOCALPROXY, LOCALPROXY, EXPIREMINUTES) - != GRST_RET_OK) - { - return 1; - } - - soap_init(&soap_put); - - if (soap_ssl_client_context(&soap_put, - SOAP_SSL_DEFAULT, - LOCALPROXY, - "", - NULL, - CAPATH, - NULL)) - { - soap_print_fault(&soap_put, stderr); - return 1; - } - - soap_call_ns__putProxy(&soap_put, DELEGATIONURL, "", DELEGATIONID, - certtxt, unused); - if (soap_put.error) - { - soap_print_fault(&soap_put, stderr); - return 1; - } - - return 0; -} -