From: Daniel KouĊ™il Date: Tue, 5 Oct 2004 13:10:17 +0000 (+0000) Subject: Removed dependecies on (obsolete) third-party library sslutils. Use routines offered... X-Git-Tag: glite-lb-common_R_0_2_0~152 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=7a464eb6d10f27b4bb71658946fdfa352b55ff51;p=jra1mw.git Removed dependecies on (obsolete) third-party library sslutils. Use routines offered by Globus instead. --- diff --git a/org.glite.security.proxyrenewal/Makefile b/org.glite.security.proxyrenewal/Makefile index f57916e..8d30d90 100644 --- a/org.glite.security.proxyrenewal/Makefile +++ b/org.glite.security.proxyrenewal/Makefile @@ -67,7 +67,6 @@ GLOBUS_LIBS:=-L${globus_prefix}/lib \ -lglobus_common_${nothrflavour} \ -lssl_${nothrflavour} -SSL_UTILS_LIB:=-L${glite_location}/lib -lglobus_ssl_utils MYPROXY_LIB:=-L${myproxy_prefix}/lib -lmyproxy_${nothrflavour} JOBIDLIB:=-L${glite_location}/lib -lglite_wmsutils_cjobid @@ -94,14 +93,14 @@ default: all compile all: ${LIB} ${THRLIB} ${DAEMON} ${CLIENT} ${LIB}: ${LIBOBJ} - ${LINK} -o $@ ${LIBLOBJ} -rpath ${glite_location}/lib ${JOBIDLIB} ${SSL_UTILS_LIB} + ${LINK} -o $@ ${LIBLOBJ} -rpath ${glite_location}/lib ${JOBIDLIB} ${THRLIB}: ${THRLIBOBJ} - ${LINK} -o $@ ${THRLIBLOBJ} -rpath ${glite_location}/lib ${SSL_UTILS_LIB} + ${LINK} -o $@ ${THRLIBLOBJ} -rpath ${glite_location}/lib ${DAEMON}: ${DAEMONOBJ} - ${LINK} -o $@ ${DAEMONOBJ} ${JOBIDLIB} ${SSL_UTILS_LIB} ${MYPROXY_LIB} -lglobus_gss_assist_${nothrflavour} ${GLOBUS_LIBS} + ${LINK} -o $@ ${DAEMONOBJ} ${JOBIDLIB} ${MYPROXY_LIB} -lglobus_gss_assist_${nothrflavour} ${GLOBUS_LIBS} ${CLIENT}: ${CLIENTOBJ} ${LIB} ${LINK} -o $@ ${CLIENTOBJ} ${LIB} ${GLOBUS_LIBS} diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c index ba566d0..fc6235e 100644 --- a/org.glite.security.proxyrenewal/src/commands.c +++ b/org.glite.security.proxyrenewal/src/commands.c @@ -97,39 +97,15 @@ strmd5(const char *s, unsigned char *digest) static int get_base_filename(char *proxy_file, char **basefilename) { - FILE *cert_file = NULL; - X509 *cert = NULL; - X509_NAME *s = NULL; char *subject = NULL; char file[FILENAME_MAX]; int ret; assert(basefilename != NULL); - cert_file = fopen(proxy_file, "r"); - if (cert_file == NULL) { - edg_wlpr_Log(LOG_ERR, "Cannot open file %s (%s)", - proxy_file, strerror(errno)); - return errno; - } - - cert = PEM_read_X509(cert_file, NULL, NULL, NULL); - if (cert == NULL) { - edg_wlpr_Log(LOG_ERR, "Cannot read certificate from %s", proxy_file); - ret = EDG_WLPR_ERROR_SSL; /* XXX */ - goto end; - } - - s = X509_NAME_dup(X509_get_subject_name(cert)); - proxy_get_base_name(s); - subject = X509_NAME_oneline(s, NULL, 0); - X509_NAME_free(s); - X509_free(cert); - if (subject == NULL) { - edg_wlpr_Log(LOG_ERR, "Cannot read subject name from %s", proxy_file); - ret = EDG_WLPR_ERROR_SSL; /* XXX */ + ret = get_proxy_base_name(proxy_file, &subject); + if (ret) goto end; - } snprintf(file, sizeof(file), "%s/%s", repository, strmd5(subject, NULL)); *basefilename = strdup(file); /* XXX test ENOMEM */ @@ -138,7 +114,6 @@ get_base_filename(char *proxy_file, char **basefilename) end: if (subject) free(subject); - fclose(cert_file); return ret; } @@ -236,8 +211,8 @@ get_times(char *proxy_file, proxy_record *record) asn1_time = ASN1_UTCTIME_new(); X509_gmtime_adj(asn1_time,0); - end_time = ASN1_UTCTIME_mktime(X509_get_notAfter(cert)); - start_time = ASN1_UTCTIME_mktime(X509_get_notBefore(cert)); + globus_gsi_cert_utils_make_time(X509_get_notAfter(cert), &end_time); + globus_gsi_cert_utils_make_time(X509_get_notBefore(cert), &start_time); current_time = time(NULL); ASN1_UTCTIME_free(asn1_time); /* if (end_time - RENEWAL_CLOCK_SKEW < current_time) { Too short proxy } */ @@ -266,7 +241,7 @@ get_times(char *proxy_file, proxy_record *record) ret = -1; /* XXX SSL_ERROR */ goto end; } - tmp_end = ASN1_UTCTIME_mktime(X509_get_notAfter(cert)); + globus_gsi_cert_utils_make_time(X509_get_notAfter(cert), &tmp_end); if (tmp_end + RENEWAL_CLOCK_SKEW < current_time) { edg_wlpr_Log(LOG_ERR, "Expired proxy in %s", proxy_file); ret = EDG_WLPR_PROXY_EXPIRED; diff --git a/org.glite.security.proxyrenewal/src/renew.c b/org.glite.security.proxyrenewal/src/renew.c index d74c517..6c6e577 100644 --- a/org.glite.security.proxyrenewal/src/renew.c +++ b/org.glite.security.proxyrenewal/src/renew.c @@ -843,11 +843,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy) char tmp_proxy[FILENAME_MAX]; int tmp_fd; char repository_file[FILENAME_MAX]; - FILE *fd = NULL; int ret = -1; char *p; - X509 *cert = NULL; - X509_NAME *subject = NULL; char *server = NULL; myproxy_socket_attrs_t *socket_attrs; myproxy_request_t *client_request; @@ -863,6 +860,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy) server_response = malloc(sizeof(*server_response)); memset(server_response, 0, sizeof(*server_response)); + myproxy_set_delegation_defaults(socket_attrs, client_request); + edg_wlpr_Log(LOG_DEBUG, "Trying to renew proxy in %s.%d", basename, record->suffix); @@ -875,39 +874,13 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy) return errno; } - myproxy_set_delegation_defaults(socket_attrs, client_request); - snprintf(repository_file, sizeof(repository_file),"%s.%d", basename, record->suffix); - fd = fopen(repository_file, "r"); - if (fd == NULL) { - edg_wlpr_Log(LOG_ERR, "Cannot open proxy %s for renewal (%s)", - repository_file, strerror(errno)); - ret = errno; - goto end; /* XXX */ - } - - cert = PEM_read_X509(fd, NULL, NULL, NULL); - fclose(fd); - if (cert == NULL) { - edg_wlpr_Log(LOG_ERR, "SSL routines failed to read proxy %s for renewal", - repository_file); - ret = EDG_WLPR_ERROR_SSL; - goto end; - } - subject = X509_NAME_dup(X509_get_subject_name(cert)); - proxy_get_base_name(subject); - client_request->username = X509_NAME_oneline(subject, NULL, 0); - X509_NAME_free(subject); - X509_free(cert); - if (client_request->username == NULL) { - edg_wlpr_Log(LOG_ERR, "Cannot read subject name from %s", repository_file); - ret = EINVAL; + ret = get_proxy_base_name(repository_file, &client_request->username); + if (ret) goto end; - } - /* XXX support VERY_SHORT_LIFETIME ? */ client_request->proxy_lifetime = 60 * 60 * DGPR_RETRIEVE_DEFAULT_HOURS; client_request->authzcreds = repository_file; diff --git a/org.glite.security.proxyrenewal/src/renewd.c b/org.glite.security.proxyrenewal/src/renewd.c index 94c39d1..adebb09 100644 --- a/org.glite.security.proxyrenewal/src/renewd.c +++ b/org.glite.security.proxyrenewal/src/renewd.c @@ -604,6 +604,8 @@ int main(int argc, char *argv[]) exit(1); } + globus_module_activate(GLOBUS_GSI_CERT_UTILS_MODULE); + if (!debug) for (fd = 3; fd < OPEN_MAX; fd++) close(fd); @@ -664,3 +666,44 @@ int main(int argc, char *argv[]) close(sock); return ret; } + +int +get_proxy_base_name(char *file, char **name) +{ + X509 *cert = NULL; + EVP_PKEY *key = NULL; + STACK_OF(X509) *chain = NULL; + X509_NAME *subject = NULL; + int ret; + + ret = load_proxy(file, &cert, &key, &chain); + if (ret) + return ret; + + subject = X509_NAME_dup(X509_get_subject_name(cert)); + + sk_X509_insert(chain, cert, 0); + cert = NULL; + + ret = globus_gsi_cert_utils_get_base_name(subject, chain); + if (ret) { + edg_wlpr_Log(LOG_ERR, "Cannot get subject name from proxy %s", file); + ret = EDG_WLPR_ERROR_SSL; /* XXX ??? */ + goto end; + } + + *name = X509_NAME_oneline(subject, NULL, 0); + ret = 0; + +end: + if (cert) + X509_free(cert); + if (key) + EVP_PKEY_free(key); + if (chain) + sk_X509_pop_free(chain, X509_free); + if (subject) + X509_NAME_free(subject); + + return ret; +} diff --git a/org.glite.security.proxyrenewal/src/renewd_locl.h b/org.glite.security.proxyrenewal/src/renewd_locl.h index ec023c3..426c2ee 100644 --- a/org.glite.security.proxyrenewal/src/renewd_locl.h +++ b/org.glite.security.proxyrenewal/src/renewd_locl.h @@ -5,8 +5,8 @@ #include #include +#include -#include "glite/wmsutils/thirdparty/globus_ssl_utils/sslutils.h" #include "renewal.h" #ifdef HAVE_DMALLOC_H @@ -80,4 +80,7 @@ int load_proxy(const char *filename, X509 **cert, EVP_PKEY **privkey, STACK_OF(X509) **chain); +int +get_proxy_base_name(char *file, char **subject); + #endif /* RENEWALD_LOCL_H */