From: cvs2svn Date: Thu, 18 Sep 2008 10:24:23 +0000 (+0000) Subject: This commit was manufactured by cvs2svn to create branch X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=7c16594cd17fc36d3e397ca55ed47c8a64400f03;p=jra1mw.git This commit was manufactured by cvs2svn to create branch 'unlabeled-1.140.2.4.1'. Sprout from gridsite-core_branch_1_1_0_ETICS 2008-09-18 10:24:22 UTC ekenny 'Changed version to match the ETICS configuration' Delete: org.gridsite.core/.cvsignore org.gridsite.core/CHANGES org.gridsite.core/INSTALL org.gridsite.core/LICENSE org.gridsite.core/README org.gridsite.core/VERSION org.gridsite.core/build.xml org.gridsite.core/doc/README.htcp-bin org.gridsite.core/doc/build-apache2.sh org.gridsite.core/doc/delegation-1.wsdl org.gridsite.core/doc/findproxyfile.1 org.gridsite.core/doc/gsexec.8 org.gridsite.core/doc/htcp.1 org.gridsite.core/doc/htfind.1 org.gridsite.core/doc/htll.1 org.gridsite.core/doc/htls.1 org.gridsite.core/doc/htmkdir.1 org.gridsite.core/doc/htmv.1 org.gridsite.core/doc/htping.1 org.gridsite.core/doc/htrm.1 org.gridsite.core/doc/httpd-fileserver.conf org.gridsite.core/doc/httpd-webserver.conf org.gridsite.core/doc/index.html org.gridsite.core/doc/mod_gridsite.8 org.gridsite.core/doc/urlencode.1 org.gridsite.core/interface/gridsite-gacl.h org.gridsite.core/interface/gridsite.h org.gridsite.core/project/build.number org.gridsite.core/project/build.properties org.gridsite.core/project/configure.properties.xml org.gridsite.core/project/dependencies.properties org.gridsite.core/project/gridsite.core.csf.xml org.gridsite.core/project/properties.xml org.gridsite.core/project/taskdefs.xml org.gridsite.core/src/Doxyfile org.gridsite.core/src/Makefile org.gridsite.core/src/delegation.h org.gridsite.core/src/doxygen.css org.gridsite.core/src/doxyheader.html org.gridsite.core/src/findproxyfile.c org.gridsite.core/src/gaclexample.c org.gridsite.core/src/gridsite-copy.c org.gridsite.core/src/gridsite.spec org.gridsite.core/src/grst-delegation.c org.gridsite.core/src/grst_admin.h org.gridsite.core/src/grst_admin_file.c org.gridsite.core/src/grst_admin_gacl.c org.gridsite.core/src/grst_admin_main.c org.gridsite.core/src/grst_asn1.c org.gridsite.core/src/grst_gacl.c org.gridsite.core/src/grst_htcp.c org.gridsite.core/src/grst_http.c org.gridsite.core/src/grst_x509.c org.gridsite.core/src/grst_xacml.c org.gridsite.core/src/gsexec.c org.gridsite.core/src/gsexec.h org.gridsite.core/src/htcp.c org.gridsite.core/src/htproxyput.c org.gridsite.core/src/mod_gridsite.c org.gridsite.core/src/mod_ssl-private.h org.gridsite.core/src/roffit org.gridsite.core/src/showx509exts.c org.gridsite.core/src/urlencode.c org.gridsite.core/src/xacmlexample.c --- diff --git a/org.gridsite.core/.cvsignore b/org.gridsite.core/.cvsignore deleted file mode 100644 index e970233..0000000 --- a/org.gridsite.core/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -.project \ No newline at end of file diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES deleted file mode 100644 index 506673b..0000000 --- a/org.gridsite.core/CHANGES +++ /dev/null @@ -1,329 +0,0 @@ -* Thu Sep 18 2008 -- Changed makefile and spec file to include platform - independent use of lib/lib64. -* Mon Apr 24 2006 Andrew McNab -- Merge delegation functions from before 1.1.18 with - fixes and mod_gridsite improvements from 1.1.18 -- Reworked SSL session caching: passcodes directory now - because /var/www/sessions by default, and also used - to cache credentials according to SSL Session ID. -- Patch from Alberto di Meglio - to allow use of relocated httpd include files. -- Use dist for building tar balls -* Mon Apr 24 2006 Andrew McNab -- ==== GridSite version 1.1.18.1 ==== -* Fri Mar 31 2006 Andrew McNab -- Final tidy up for gLite 3.1 -* Fri Mar 31 2006 Andrew McNab -- ==== GridSite version 1.1.18 ==== -* Wed Mar 29 2006 Andrew McNab -- New proxy destroy and time functions. -* Tue Mar 28 2006 Shiv Kaushal -- Fixed bug in GACL admin interface that would cause - internal server erorr sometimes when adding new - entries to and ACL. -* Sat Mar 25 2006 Shiv Kaushal -- Change delegation header to Proxy-Delegation-Service - instead of Grst- -* Wed Mar 22 2006 Andrew McNab -- Add GRSTx509MakeDelegationID() to grst_x509.c -- Include code for new style delegation proxy storage -* Fri Mar 17 2006 Andrew McNab -- Associate ldconfig %post in spec with -shared RPM -* Thu Mar 16 2006 Andrew McNab -- Fixes for 200/201 error pages produced by Apache -- Fixes for onetime passcode non-removal if HTTPS -- Include new multi-RPM spec file: gridsite-shared, - gridsite-devel, gridsite-apache, gridsite-commands - (replacing htcp) and gridsite-gsexec -* Fri Mar 03 2006 Shiv Kaushal -- Modify GridSiteDelegationURI directive to insert HTTP - headers instead of modifying HTML -* Mon Feb 6 2006 Shiv Kaushal -- Add GridSiteDelegationURI directive to mod_gridsite - to allow Firefox extension to locate delegation service -* ==== GridSite version 1.1.17 ==== -* Thu Jan 12 2005 Andrew McNab -- Add 5 minute window for VOMS attributes valid slightly - in the future. -- Include Content-Range PUT support in mod_gridsite, - adapted from mod_dav by David O Callaghan -- Return 201 Created when PUT creates a file -* Mon Dec 5 2005 Andrew McNab -- Change GRIDHTTP_ONETIME to GRIDHTTP_PASSCODE -- Remove onetime=yes default from mod_gridsite -- Update gridsite.spec and Makefile for gridsite-copy.cgi -* Wed Nov 16 2005 Andrew McNab -- ==== GridSite version 1.1.16 ==== -* Wed Nov 16 2005 Andrew McNab -- Add -fPIC option to Makefile for IA64, as suggested - by Andreas Unterkircher. -* Wed Oct 12 2005 Andrew McNab -- ==== GridSite version 1.1.15 ==== -* Wed Oct 12 2005 Andrew McNab -- Fix for older OpenSSL to grst_x509.c from - Zoltan.Farkas -* Wed Oct 12 2005 Andrew McNab -- ==== GridSite version 1.1.14 ==== -* Tue Oct 11 2005 Andrew McNab -- Modify VOMS AC parsing to handle multiple ACs inside - the same X.509 AC extension. -* Mon Oct 10 2005 Andrew McNab -- ==== GridSite version 1.1.13 ==== -* Mon Oct 10 2005 Andrew McNab -- Add target_gname patch to gsexec from - Gerben Venekamp -* Thu Oct 6 2005 Andrew McNab -- Fix session reuse with Shared-Memory SSL Session - Cache bug #8856 in mod_gridsite. -- Add SiteCast support to file copying in htcp. -* Tue Oct 4 2005 Andrew McNab -- Move User, Config, Admin and Install guides from - doc directory into GridSite Wiki. -- Create/update man pages for htcp, mod_gridsite and - gsexec to be distributed with source/binaries. -* Mon Oct 3 2005 Andrew McNab -- Fix to gsexec GRST_CRED_0/SSL_CLIENT_S_DN bug found - by Ian Stokes-Rees -* Fri Sep 30 2005 Andrew McNab -- Add SiteCast ping (NOP) support to htcp -* Thu Sep 29 2005 Andrew McNab -- Add SiteCast support to mod_gridsite (file location - discovery via UDP multicast of HTCP messages.) -* Wed Sep 21 2005 Andrew McNab -- Add ports 777 and 488 to example httpd.conf files in - docs. See http://www.gridsite.org/wiki/IP_Ports -* Tue Sep 13 2005 Andrew McNab -- ==== GridSite version 1.1.12 ==== -* Tue Sep 13 2005 Andrew McNab -- Fix bug #10031 submitted by Fabrizio Pacini - (invalid free in - GRSTgaclAclLoadFile if ACL format not valid.) -* Mon Sep 12 2005 Andrew McNab -- Accept GRIDHTTP_ONETIME when passed in HTTP query - (still overridden by a GRIDHTTP_ONETIME in a cookie.) -* Sat Sep 10 2005 Andrew McNab -- Fix problem with attempted upgrades to GridHTTP when - already on the HTTP virtual server. -* Fri Sep 9 2005 Andrew McNab -- GRST_DESTINATION_TRANSLATED and GRST_DESTINATION_PERM - environment variables, for use with CGI-based COPY. -- Rework GridHTTP (ex-Downgrade) code to store method - and URI with permission, rather than credentials. -- Restrict use of GridSiteOnetimesDir to main server. -* Fri Aug 26 2005 Andrew McNab -- Fix for HTTP PUT lack-of-truncation bug found by - Mike Jones, and support for HTTP/WebDAV MOVE. -- Add MOVE support to htcp and update htcp manpage. -- Unset CURLOPT_SSL_VERIFYPEER in htcp etc when using - --noverify option. -* Fri Jun 10 2005 Andrew McNab -- ==== GridSite version 1.1.11 ==== -* Fri Jun 10 2005 Andrew McNab -- Tidy up gsexec vs GridSiteDiskMode -* Fri Jun 10 2005 Andrew McNab -- ==== GridSite version 1.1.10 ==== -* Wed Jun 8 2005 Andrew McNab -- Add GridSiteDiskMode Apache directive to set file - permissions. -- Add GridSiteExecMethod and GridSiteUserGroup to - configure suexec or extended gsexec functionality. -* Thu Jun 2 2005 Andrew McNab -- HTML improvements for Bug #4083 -- Note that GridSite currently doesn't work with SHM - SSL session cache, in httpd-*.conf and config guide. -- Add GridSiteExecMethod for use with gsexec -* Thu May 26 2005 Andrew McNab -- Include gsexec, a drop-in replacement for suexec, - which can do suexec execution of CGI programs or - pool-account mapping based on client DN. -* Tue May 24 2005 Shiv Kaushal -- Add XACML support to GACL code in libgridsite. -* Tue May 24 2005 Andrew McNab -- ==== GridSite version 1.1.9 ==== -* Mon Apr 25 2005 Andrew McNab -- Avoid build problems when using pre-0.9.7 OpenSSL - (ie with Globus compatibility.) -* Mon Apr 25 2005 Andrew McNab -- ==== GridSite version 1.1.8 ==== -* Mon Feb 28 2005 Andrew McNab -- Fix to GRSTgaclUndenyPerm in gridsite.h (bug #7135) - from Marco Sottilaro -* Mon Feb 28 2005 Andrew McNab -- ==== GridSite version 1.1.7 ==== -* Thu Feb 24 2005 Andrew McNab -- Add more sanity checking (signatures, dates, issuer,) - holder) to VOMS attribute parser. -* Mon Feb 21 2005 Andrew McNab -- Add bugfix for Bug #6357 from Fabrizio Pacini - to fix delegation proxy - cache names in OpenSSL 0.9.7. -* Sun Feb 20 2005 Andrew McNab -- Add basic VOMS support (signature checking not yet - in) for X.509 Attribute Certificates. -* Tue Feb 8 2005 Andrew McNab -- ==== GridSite version 1.1.6 ==== -* Tue Feb 8 2005 Andrew McNab -- Include GRSTx509MakeProxyFileName() and - GRSTx509StringToChain() (code to used hashes in cached - proxy file names.) Bug #6357 -- Change ordering of output proxy file produced by - GRSTx509CacheProxy so proxy private key is the 2nd PEM - encoded block (rather than at the end.) Bug #6365 -- Add libgridsite_globus[.so|.a] in preparation for - separate Globus OpenSSL and system OpenSSL versions -* Tue Feb 8 2005 Andrew McNab -- ==== GridSite version 1.1.5 ==== -* Tue Dec 14 2004 Andrew McNab -- Patch from Daniel Kouril to allow - switching Globus vs system OpenSSL libraries/headers. -* Tue Dec 14 2004 Andrew McNab -- ==== GridSite version 1.1.4 ==== -* Mon Nov 15 2004 Andrew McNab -- Back out of (most of) redone VOMS support for committing - to JRA1 CVS. -* Thu Oct 19 2004 Andrew McNab -- ==== GridSite version 1.1.3 ==== -* Thu Oct 19 2004 Andrew McNab -- Fix Bug #5203 from Martijn Steenbakkers - by fixing GACLparseEntry in gridsite-gacl.h -- Change to C style comments (mostly) in gridsite.h and - gridsite-gacl.h (fixes part of Bug #4222 from - ) -- Fix Bug #4225 from in - GRSTgaclCredsFree() -- Add GRSTx509CachedProxyFind() and findproxyfile - command to allow proxies to be found in proxy cache -- Change GRSTx509StoreProxy() to GRSTx509CacheProxy() for - consistency with this and GRSTx509CachedProxyKeyFind() -* Wed Oct 18 2004 Andrew McNab -- ==== GridSite version 1.1.2 ==== -* Tue Oct 19 2004 Andrew McNab -- Copy code from delegation prototype into grst_x509.c - and include htproxyput.c and grst-delegation.c - optional targets (which depend on gSOAP.) -* Wed Oct 13 2004 Andrew McNab -- Include per-file patch to GRSTgaclFileFindAclname: - .gacl:FILENAME controls FILENAME if it exists. -* Tue Jul 27 2004 Andrew McNab -- ==== GridSite version 1.1.1 ==== -* Tue Jul 27 2004 Andrew McNab -- Include HTTP Downgrade support in htcp -* Sat Jul 24 2004 Andrew McNab -- Include HTTP Downgrade support in mod_gridsite. -* Thu Jul 22 2004 Andrew McNab -- Begin development version 1.1.x -* Thu Jul 22 2004 Andrew McNab -- ==== GridSite version 1.1.0 ==== -* Mon Jul 19 2004 Andrew McNab -- Changes in line with EGEE SCM - most importantly - the top level directory becomes org.gridsite.core -* Mon Jul 19 2004 Andrew McNab -- ==== GridSite version 1.0.3 ==== -* Mon Jun 28 2004 Andrew McNab -- In GRSTx509CheckChain() and GRSTx509CompactCreds() - we now accept the first cert in a chain as a CA - even if it is X509v3 but without the CA bits set. - (On the basis that the first chain is from the - administrator-installed CA files store.) -* Sun Jun 27 2004 Andrew McNab -- ==== GridSite version 1.0.2 ==== -* Sun Jun 27 2004 Andrew McNab -- Fix for Bug #2860 (so can now read DN Lists over - HTTPS when have no user certificate if relevant - .gacl gives permission but not ) -- Include gridsite-gacl.h mods from Daniel Kouril - to fix faulty definitions - of GACLnewEntry() and GACLnewAcl() and to make - a legacy non-static GACLparseEntry() wrapper. -* Thu Jun 17 2004 Andrew McNab -- Changes to mod_gridsite.h for Fedora Core 2 / - Apache 2.0.49+ mod_ssl changes (mod_ssl-private.h) -* Wed Jun 9 2004 Andrew McNab -- Incorporate EGEE CVS layout changes in production - branch. -* Wed Jun 9 2004 Andrew McNab -- ==== GridSite version 1.0.1 ==== -* Sun Dec 14 2003 Andrew McNab -- 1.0.0 is first full production release - (development now in 1.1.x branch) -* Sun Dec 14 2003 Andrew McNab -- ==== GridSite version 1.0.0 ==== -* Sat Dec 13 2003 Andrew McNab -- Remove need for modified mod_ssl-gridsite: now - mod_gridsite intercepts callbacks with wrappers. -- Add GRSTx509NameCmp() which compares string reps of - DNs across OpenSSL version changes (ie Email=) -* Fri Dec 12 2003 Andrew McNab -- ==== GridSite version 0.9.11 ==== -* Thu Dec 11 2003 Andrew McNab -- Simplify checking of cert/proxy chain in - mod_ssl-gridsite: rely on mod_ssl/OpenSSL more. -* Wed Dec 2 2003 Andrew McNab -- ==== GridSite version 0.9.10 ==== -* Tue Dec 1 2003 Andrew McNab -- GACL ignores leading/trailing spaces in values. -* Sat Nov 29 2003 Andrew McNab -- Better directory listing in htcp. -- htcp now built as separate binary RPM. -- gridsite-admin.cgi upload now redirects to same - directory after upload (Bug #1939); allows - optional new name for file (Request / Bug #1940); - and has better checking of ../dir/file attacks. -* Sat Nov 29 2003 Andrew McNab -- ==== GridSite version 0.9.8 ==== -* Thu Nov 27 2003 Andrew McNab -- Shiv's updated GACL editor, with redirects. -* Wed Nov 26 2003 Andrew McNab -- Include Daniel Stenberg's roffit script to make - HTML man pages for htcp and urlencode. -- Various fixes found when installing GridPP WWW. -* Wed Nov 26 2003 Andrew McNab -- ==== GridSite version 0.9.7 ==== -* Thu Nov 20 2003 Andrew McNab -- Major updates to htcp (htrm/htls/htll) -- GACL now recurses subdirectories when examining - the DN List directories path. -* Sat Nov 15 2003 Andrew McNab -- ==== GridSite version 0.9.6 ==== -* Fri Nov 14 2003 Andrew McNab -- Function call fixes in grst-admin.cgi -* Thu Nov 13 2003 Andrew McNab -- Add htcp (curl-url-get reborn) -* Thu Nov 13 2003 Andrew McNab -- ==== GridSite version 0.9.5 ==== -* Thu Nov 13 2003 Andrew McNab -- More grst-admin.cgi GACL updates from Shiv. -- .gacl security improvements to grst-admin.cgi from - Shiv Kaushal and Peter Moore. -* Tue Nov 11 2003 Andrew McNab -- One RPM instead of three, with version from VERSION -- Textarea for HTML/Text editing now 80 columns -* Mon Nov 10 2003 Andrew McNab -- Add delegation level and GridSiteGSIProxyLimit - support. -- Add GridSiteAdminList handling to mod_gridsite - and real-gridsite-admin.cgi -* Sun Nov 9 2003 Andrew McNab -- Add directory create/delete, and file/dir rename. -- Add ZIP listing/unzipping via external unzip - utility from http://www.info-zip.org/pub/infozip/ -* Mon Nov 3 2003 Andrew McNab -- Include next version of Shiv's GACL editor. -- Add rpm-usr target to Makefile, to make RPMs - out-of-the-box compatible with RH9 and its Apache2 -- Use REMOTE_DOUBLE_REV for GACL hostname creds in - mod_gridsite.c/mod_gridsite_perm_handler() -* Sun Oct 26 2003 Andrew McNab -- Include GACL editor in real-gridsite-admin.cgi - from Shiv Kaushal -* Sun Oct 26 2003 Andrew McNab -- Reorganise into a single build tree, including - Apache 2.0 .h files to remove circular dependency. -* Sun Oct 26 2003 Andrew McNab -- ==== GridSite version 0.9.4 ==== -* Sun Oct 19 2003 Andrew McNab -- Include many pieces of GridSite code from 0.3.x (CGI) - fileGridSite and mod_gridsite 0.9.0 -* Sun Oct 19 2003 Andrew McNab -- ==== GridSite version 0.9.3 ==== diff --git a/org.gridsite.core/INSTALL b/org.gridsite.core/INSTALL deleted file mode 100644 index 4943047..0000000 --- a/org.gridsite.core/INSTALL +++ /dev/null @@ -1,37 +0,0 @@ -BUILDING/INSTALLING GRIDSITE -============================ - -For more detailed instructions, see the Installation and Build -pages in the GridSite Wiki http://www.gridsite.org/wiki/ - -GridSite is currently only supported on Linux, but should be -trivially portable to other Unix platforms where the GNU build -tools are available. - -When building from source, two routes are available: building -with Make or with RPM. - -BUILDING WITH MAKE -================== - -make -make install - -will build all components and install them all under the default -locations of /usr/local/[lib|bin|include|sbin] The default prefix -/usr/local is set by the prefix variable in the top level Makefile - -BUILDING WITH RPM -================= - -For RedHat Linux and derivatives, building with RPM is recommended. -The command - -make rpm - -will build the gridsite and htcp binary RPMs in the directory -../RPMTMP/RPMS/i386 relative to the working directory. A SRPM is -put into ../RPMTMP/SRPMS - -Building with RPM uses the default prefix /usr, although the -resulting RPMs are relocatable to other hierarchies. diff --git a/org.gridsite.core/LICENSE b/org.gridsite.core/LICENSE deleted file mode 100644 index befd74b..0000000 --- a/org.gridsite.core/LICENSE +++ /dev/null @@ -1,47 +0,0 @@ -Copyright (c) 2002-5, Andrew McNab and Shiv Kaushal, -University of Manchester. All rights reserved. - -Redistribution and use in source and binary forms, with or -without modification, are permitted provided that the following -conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - - -Clearly marked portions of the published GridSite source code -are derived from Apache httpd or its modules, and are covered -by the Apache Software License: - -Copyright 2001-2005 The Apache Software Foundation - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/org.gridsite.core/README b/org.gridsite.core/README deleted file mode 100644 index df81f32..0000000 --- a/org.gridsite.core/README +++ /dev/null @@ -1,6 +0,0 @@ -See INSTALL for build and installation instructions, and the -man pages for reference information. - -The GridSite Wiki at http://www.gridsite.org/wiki/ has guides -( http://www.gridsite.org/wiki/Category:Guides ) and cookbook -examples ( http://www.gridsite.org/wiki/Category:Cookbooks ) diff --git a/org.gridsite.core/VERSION b/org.gridsite.core/VERSION deleted file mode 100644 index 788cbe5..0000000 --- a/org.gridsite.core/VERSION +++ /dev/null @@ -1,4 +0,0 @@ -MAJOR_VERSION=1 -MINOR_VERSION=1.1 -PATCH_VERSION=1.1.18.1 -VERSION=$(PATCH_VERSION) diff --git a/org.gridsite.core/build.xml b/org.gridsite.core/build.xml deleted file mode 100644 index 7d92f11..0000000 --- a/org.gridsite.core/build.xml +++ /dev/null @@ -1,274 +0,0 @@ - - - - - - - Ant build file to build the Gridsite Core Component - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ${global.prefix} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - New tag is ${cvs.label} - - - - - - - - - - - - - - - - - - New tag is ${cvs.label} - - - - - - - - - - - - - - - - - - diff --git a/org.gridsite.core/doc/README.htcp-bin b/org.gridsite.core/doc/README.htcp-bin deleted file mode 100644 index ac546fc..0000000 --- a/org.gridsite.core/doc/README.htcp-bin +++ /dev/null @@ -1,13 +0,0 @@ -Binaries (and links) are in ./bin; man pages are in ./man/man1 - -Install by copying binaries/links onto your path, or by copying htcp -and making symbolic links to htcp from htls, htll, htrm and htmkdir. - -All the .1 man pages should be copied to a suitable ./man/man1 -directory on your man path. - -If you just want to install htcp in /usr/local, then unpacking this -tgz file in /usr/local should do the trick. (Delete this README when -you're finished!) - -For more about htcp see http://www.gridsite.org/ diff --git a/org.gridsite.core/doc/build-apache2.sh b/org.gridsite.core/doc/build-apache2.sh deleted file mode 100644 index 507be31..0000000 --- a/org.gridsite.core/doc/build-apache2.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2002-3, Andrew McNab, University of Manchester -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# o Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# o Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# -#--------------------------------------------------------------- -# For more information about GridSite: http://www.gridsite.org/ -#--------------------------------------------------------------- -# -# This script takes an Apache .tar.gz as the single command line argument, -# unpacks the file, modifies the httpd.spec it contains to work without -# the "-C" option to configure (which RedHat 7.3 doesnt like) and -# outputs source and binary RPMs in SRPMS and RPMS/i386 - -if [ "$1" = "" ] ; then - echo Must give a tar.gz file name - exit -fi - -export MYTOPDIR=`pwd` - -if [ -x /usr/bin/rpmbuild ] ; then - export RPMCMD=rpmbuild -else - export RPMCMD=rpm -fi - -echo "$1" | grep '\.tar\.gz$' >/dev/null 2>&1 -if [ $? = 0 ] ; then # a gzipped source tar ball - - rm -Rf $MYTOPDIR/BUILD $MYTOPDIR/BUILDROOT $MYTOPDIR/SOURCES - mkdir -p $MYTOPDIR/SOURCES $MYTOPDIR/SPECS $MYTOPDIR/BUILD \ - $MYTOPDIR/SRPMS $MYTOPDIR/RPMS/i386 $MYTOPDIR/BUILDROOT - - shortname=`echo $1 | sed 's:^.*/::' | sed 's:\.tar\.gz$::'` - - cp -f $1 SOURCES - - tar zxvf SOURCES/$shortname.tar.gz $shortname/httpd.spec - cp -f $shortname/httpd.spec SPECS - - sed -e 's/configure -C /configure /' \ - SPECS/httpd.spec >SPECS/httpd-2.spec - - $RPMCMD --define "_topdir $MYTOPDIR" \ - -ba --buildroot $MYTOPDIR/BUILDROOT SPECS/httpd-2.spec - - exit -fi - -echo I dont recognise the file type (must be .tar.gz) - -exit diff --git a/org.gridsite.core/doc/delegation-1.wsdl b/org.gridsite.core/doc/delegation-1.wsdl deleted file mode 100644 index 35c46ef..0000000 --- a/org.gridsite.core/doc/delegation-1.wsdl +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Starts the delegation procedure by asking for a certificate - signing request from the server. The server answers with a - certificate signing request which includes the public key - for the new delegated credentials. Uses PEM encoding. - - - - - - - - - Finishes the delegation procedure by sending the signed - proxy certificate to the server. Uses PEM encoding. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/org.gridsite.core/doc/findproxyfile.1 b/org.gridsite.core/doc/findproxyfile.1 deleted file mode 100644 index 9de4d47..0000000 --- a/org.gridsite.core/doc/findproxyfile.1 +++ /dev/null @@ -1,63 +0,0 @@ -.TH findproxyfile 1 "October 2004" "findproxyfile" "GridSite Manual" -.SH NAME -.B findproxyfile -\- returns full path to GSI Proxy file -.SH SYNOPSIS -.B findproxyfile -[--proxycache=PATH] [--delegation-id=ID] [--user-dn=DN] [--outsidecache] -.SH DESCRIPTION -.B findproxyfile -returns full path to a GSI Proxy file, either in the proxy cache maintained -by the GridSite G-HTTPS and delegation portType functions, or in other -standard places. - -If a User DN is given -.B findproxyfile -uses the value of the -.B --proxycache -argument, the GRST_PROXY_PATH or the -compile time default to detemine the location of the proxy cache directory. -The directory is searched for a proxy having the given User DN and -Delegation ID. (If no Delegation ID is specificed, then the default value is -used.) - -If -.B findproxyfile -does not find a proxy or if a User DN is not given, but -.B --outsidecache -was given, then the environment variable X509_USER_PROXY and the standard -location /tmp/x509up_uUID are searched as well. - -.SH OPTIONS - -.IP "--proxycache=PATH" -Give the path of the proxy cache directory explicitly, overriding the -default and the GRST_PROXY_PATH environment variable if present. - -.IP "--delegation-id=ID" -The optional delegation ID is search for in the proxy cache in addition to -the User DN. If absent, the default Delegation ID value is searched for. - -.IP "--user-dn=DN" -The DN of the full user certificate associated with the proxy to be searched -for in the proxy cache. (This is not the DN of any proxy earlier in the -chain: it is a the DN of a certificate issued by a recognised CA.) - -.IP "--outsidecache" -If a User DN is not given, or a proxy not found in the cache, then search -for a proxy using X509_USER_PROXY environment variable and file name of -form /tmp/x509up_uUID as well. - -.SH RETURN VALUE -If a proxy is found, its full path is output on standard out. - -.SH EXIT CODES -0 is returned on succcess. Non-zero otherwise. - -.SH BUGS -In this version, no attempt is made to verify or validate the proxies. - -.SH AUTHOR -Andrew McNab - -findproxyfile is part of GridSite: http://www.gridsite.org/ diff --git a/org.gridsite.core/doc/gsexec.8 b/org.gridsite.core/doc/gsexec.8 deleted file mode 100644 index e229663..0000000 --- a/org.gridsite.core/doc/gsexec.8 +++ /dev/null @@ -1,134 +0,0 @@ -.TH GSEXEC 8 "October 2005" "gsexec" "GridSite Manual" -.SH NAME -.B gsexec -\- Switch user before executing external programs - -.SH "SYNOPSIS" - -.BR gsexec -[-V] - -.SH "SUMMARY" - -gsexec is used by the Apache HTTP Server to switch to another user before -executing CGI programs\&. In order to achieve this, it must run as root\&. -Since the HTTP daemon normally doesn't run as root, the gsexec executable -needs the setuid bit set and must be owned by root\&. It should never be -writable for any other person than root\&. - -gsexec is based on Apache's suexec, and its behaviour is controlled with -the Apache configuration file directives -.BR GridSiteExecMethod -and -.BR GridSiteUserGroup -added to Apache by -.BR mod_gridsite(8) -Four execution methods are supported: nosetuid, suexec, X509DN and directory, -and these may be set on a per-directory basis within the Apache configuration -file. - -.SH "NOSETUID METHOD" - -This is the default behaviour, but can also be produced by giving -.BR "GridSiteExecMethod nosetuid" - -CGI programs will then be executed without using gsexec, and will -run as the Unix user given by the User and Group Apache directives (normally -apache.apache on Red Hat derived systems.) - -.SH "SUEXEC METHOD" - -If -.BR "GridSiteExecMethod suexec" -is given for this virtual host or directory, then CGI programs will be -executed using the user and group given by the -.BR "GridSiteUserGroup user group" -directive, which may also be set on a per-directory basis (unlike suexec's -.BR SuexecUserGroup -which is per-server only.) The CGI program must either be owned by root, -the Apache user -and group specified at gsexec build-time (normally apache.apache) or by -the user and group given with the -.BR GridSiteUserGroup -directive. - -.SH "X509DN METHOD" - -If -.BR "GridSiteExecMethod X509DN" -is given, then the CGI program runs as a pool user, detemined using lock -files in the exec mapping directory chosen as build time of gsexec. -The pool user is chosen according -to the client's full certificate X.509 DN (ie with any trailing GSI proxy -name components stripped off.) Subsequent requests by the same X.509 -identity will be mapped to the same pool user. The CGI program must either be -owned by root, the Apache user -and group specified at gsexec build-time (normally apache.apache) or by -the pool user selected. - -.SH "DIRECTORY METHOD" - -If -.BR "GridSiteExecMethod directory" -is given, then the CGI program runs as a pool user chosen according -to the directory in which the CGI is located: all CGIs in that directory -run as the same pool user. The CGI program must either be -owned by root, the Apache user -and group specified at gsexec build-time (normally apache.apache) or by -the pool user selected. - - -.SH "EXECMAPDIR" - -The default exec mapping directory is /var/www/execmapdir and this is fixed -when the gsexec executable is built. The exec mapping directory and all -of its lock files must be owned and only writable by root. To initialise the -lock files, create an empty lock file for each pool user, with the pool -username as the filename (eg user0001, user0002, ...) As the pool users are -leased to X.509 identities or directories, they will become hard linked to -lock files with the URL-encoded X.509 DN or full directory path. - -You can recycle pool users by removing the corresponding URL-encoded -hard link. -.BR stat(1) -and -.BR "ls(1)" -with option -.BR "-i" -can be used to print the inodes of lock files to match up the hard links. - -.BR "However, you must ensure that all files and processes owned by the pool" -.BR "user are deleted before recycling!" - -.SH "OPTIONS" - -.TP --V -If you are root, this option displays the compile options of gsexec\&. -For security reasons all configuration options are changeable only at -compile time\&. - -.SH "MORE INFORMATION" -For further information about the concepts and the security model of -the original Apache suexec -please refer to the suexec documentation: - -http://httpd\&.apache\&.org/docs-2\&.0/suexec\&.html - -For examples using the gsexec extensions, please see the GridSite gsexec -page: - -http://www.gridsite.org/wiki/Gsexec - -.SH AUTHORS - -Apache project, for original suexec - -Andrew McNab for gsexec modifications. - -gsexec is part of GridSite: http://www.gridsite.org/ - -.SH "SEE ALSO" -.BR httpd(8), -.BR suexec(8), -.BR mod_gridsite(8) diff --git a/org.gridsite.core/doc/htcp.1 b/org.gridsite.core/doc/htcp.1 deleted file mode 100644 index 39e20f5..0000000 --- a/org.gridsite.core/doc/htcp.1 +++ /dev/null @@ -1,200 +0,0 @@ -.TH HTCP 1 "October 2005" "htcp" "GridSite Manual" -.SH NAME -.B htcp, htmv, htrm, htls, htll, htmkdir, htfind, htping -\- file transfers and queries via HTTP/HTTPS/SiteCast -.SH SYNOPSIS -.B htcp, htmv -[options] Source-URL[s] Destination-URL - -.B htrm, htls, htll, htmkir, htfind -[options] Target-URL[s] - -.B htping -[options] -.SH DESCRIPTION -.B htcp -is a client to fetch files or directory listings from remote servers using -HTTP or HTTPS, or to put or delete files or directories onto remote servers -using HTTPS. htcp is similar to scp(1), but uses HTTP/HTTPS rather than ssh -as its transfer protocol. htcp can also use the HTCP protocol to query -HTTP(S) fileservers via SiteCast. - -When talking to a fileserver with HTTPS, htcp can run "anonymously", with a -standard X.509 user certificate and key, or with a GSI Proxy. This makes -htcp very useful in Grid environments where many users have certificates -and where jobs and users have access to GSI proxies. - -.SH URLs -htcp supports the file:, http: and https: URL schemes as sources and -destinations. If no scheme is given, the URL scheme is assumed to be file: -and relative to the current directory if not an absolute path. - -If multiple sources are given during a copy, they will be used in turn and -the destination must be a directory (directories are indicated by a trailing -/) However, source and destination cannot both refer to remote servers. - -.SH OPTIONS -.IP "-v/--verbose" -Turn on debugging information. Used once, this option will enable htcp's -messages to stderr. Used twice, will also enable the underlying libcurl -messages. - -.IP "--delete" -Instead of copying files, delete all the URLs given on the command line. -Calling the program as htrm has the same effect. - -.IP "--list" -Instead of copying files, output lists of files located in the URL-directories -given on the command line. Calling the program as htls has the same effect. - -.IP "--long-list" -Instead of copying files, output long listings of files located in the -URL-directories given on the command line. If available, the size in bytes -and modification time of each file is given. Calling the program as -htll has the same effect. - -.IP "--mkdir" -Instead of copying files, attempt to create a directory on a remote server -with HTTP PUT. The server must support the convention that PUT to a URL with -a trailing slash means create a directory. No file body is sent. Calling the -program as htmkdir has the same effect. - -.IP "--move" -Move/rename files on a single remote server, given the two, absolute URLs -of the remote file names. Server must support HTTP/WebDAV MOVE. Calling the -program as htmv has the same effect. - -.IP "--ping" -Query specified multicast groups with the HTCP NOP ("No Operation") code. -SiteCast enabled servers will respond immediately with a NOP reply, and all -of the responses will be listed, with the round trip time in milliseconds. -Any waiting times specified in the --groups option will be ignored. Calling -the program as htping has the same effect. -(--groups must be used for this option to work.) - -.IP "--find" -Query specified multicast groups with the HTCP TST code. SiteCast enabled -servers will respond with TST replies if they have the files corresponding -to the given SiteCast target URL(s). All of the transfer URLs returned -will be listed. Waiting times specified in the --groups option will be used -to space out the multicast queries, but the program listens for responses -continuously. Calling the program as htfind has the same effect. -(--groups must be used for this option to work.) - -.IP "--groups " -IP multicast groups to use for SiteCast queries. IP Groups is a comma -separated list of groups, in the format: nnn.nnn.nnn.nnn:port[:ttl[:seconds]] -The IP number and port must be specified. The IP time-to-live, ttl, controls -how many networks the multicast packets may pass through - the default, 1, -limits packets to the local network. Multiple groups may be specified, -separated by commas. If multiple groups are specified, then seconds is the -time to wait before making the next multicast - 1 second is the default. - -.IP "--timeout " -A request timeout used for multicast ping. - -.IP "--anon" -Do not attempt to use X.509 user certificates or GSI proxies to authenticate -to the remote HTTPS server. This means you are "anonymous", but the server's -identity may still be verified and the connection is still encrypted. - -.IP "--cert and --key " -Path to the PEM-encoded -X.509 or GSI Proxy user certificate and key to use for HTTPS -connections, intead of "anonymous mode." If only one of --key or --cert -is given, then that will be tried for both. If neither is given, then the -following order of precedence is used: -the file name held by the variable X509_USER_PROXY; the file -/tmp/x509up_uID (with Unix UID equal to ID); the file names held by -X509_USER_CERT / X509_USER_KEY; the files ~/.globus/usercert.pem and -~/.globus/userkey.pem (where ~/ is the home directory of the user.) - -.IP "--capath " -Path to the PEM-encoded CA root certificates to use when -verifying remote servers' host certificates in HTTPS connections. Ideally -this should be a directory of hash.0 files as described in the OpenSSL -verify(1) man page, but a file may be used instead. If --capath is not -given, the value of the environment variable X509_CERT_DIR will be tried. -If this is not valid, then /etc/grid-security/certificates will be used. - -.IP "--no-verify" -Do not use CA root certificates to verify remote servers' host certificates. -This is useful for testing sites before their certificate is set up properly, -but leaves you vulnerable to "man in the middle" attacks by hostile servers -masquerading as your target. - -.IP "--grid-http" -Try to use GridHTTP redirection for HTTPS URLs. Compatible servers will perform -authentication and authorization on the HTTPS connection and then redirect -to HTTP for the GET or PUT file transfer. htcp makes the HTTP request using -the GRID_AUTH_ONETIME single-use passcode obtained via HTTPS. The --grid-http -option will be ignored for directory operations or HTTP URLs. If a redirected -transfer isn't possible, a normal HTTPS data transfer will be attempted. - -.IP "--sitecast" -Try to use SiteCast to locate remote files which are to be copied (currently -only for the -.BR fetching -of remote files.) If no location is found via SiteCast, then a direct request -for the given URL is tried. (--groups must be used for this option to work.) - -.IP "--domain " -Try to use SiteCast to locate remote files which are to be copied (currently -only for the -.BR fetching -of remote files) -.BR "if the domain component of the URL matches" -the SiteCast domain given. -If no location is found via SiteCast, then a direct request -for the given URL is tried. (--groups must be used for this option to work.) - -.SH FILES -.IP /tmp/x509up_uID -Default GSI Proxy file for Unix UID equal to ID. - -.IP /etc/grid-security/certificates -Default location for trusted Certification Authority root certificates to use -when checking server certificates. - -.IP /tmp/.ca-roots-XXXXXX -Prior to 7.9.8, the underlying curl library did not support the CA root -certificates directory. -If built with an old version of libcurl, htcp will concatenate the -certificates in the CA roots directory into a unique temporary file and use -that. - -.SH ENVIRONMENT - -.IP X509_CERT_DIR -Holds directory to search for Certification Authority root certificates when -verifying server certificates. (Tried if --capath is not given on the -command line.) - -.IP X509_USER_PROXY -Holds file name of a GSI Proxy to use as user certificate. (Tried if --cert or ---key are not given on the command line.) - -.IP "X509_USER_CERT and X509_USER_KEY" -Holds file name of X.509 user certificate and key. (Tried if X509_USER_PROXY -is not valid.) - -.SH EXIT CODES -0 is returned on complete success. Curl error codes are returned when -reported by the underlying curl library, and CURLE_HTTP_RETURNED_ERROR (22) -is returned when the HTTP(S) server returns a code outside the range 200-299. -The manpage libcurl-errors(3) lists all the curl error codes. - -.SH TO DO -Recursive copying. Server-side wildcards. Parallel streams. Better error -recovery. - -.SH AUTHOR -Andrew McNab - -htcp is part of GridSite: http://www.gridsite.org/ -.SH "SEE ALSO" -.BR scp(1), -.BR curl(1), -.BR wget(1), -.BR verify(1), -.BR libcurl-errors(3) diff --git a/org.gridsite.core/doc/htfind.1 b/org.gridsite.core/doc/htfind.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htfind.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htll.1 b/org.gridsite.core/doc/htll.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htll.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htls.1 b/org.gridsite.core/doc/htls.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htls.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htmkdir.1 b/org.gridsite.core/doc/htmkdir.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htmkdir.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htmv.1 b/org.gridsite.core/doc/htmv.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htmv.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htping.1 b/org.gridsite.core/doc/htping.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htping.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/htrm.1 b/org.gridsite.core/doc/htrm.1 deleted file mode 100644 index 11a60d1..0000000 --- a/org.gridsite.core/doc/htrm.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/htcp.1 diff --git a/org.gridsite.core/doc/httpd-fileserver.conf b/org.gridsite.core/doc/httpd-fileserver.conf deleted file mode 100644 index 301a8ee..0000000 --- a/org.gridsite.core/doc/httpd-fileserver.conf +++ /dev/null @@ -1,155 +0,0 @@ -############################################################################## -## GridSite httpd-fileserver.conf - Andrew McNab -## -## For GridSite documentation, see http://www.gridsite.org/ -## -## Example configuration file for GridSite as an HTTP(S) fileserver, -## listening on ports 80/777 (HTTP) and 443/488 (HTTPS) -## -## (777/488 is to allow firewalls to distinguish between Grid and -## Web HTTP(S) traffic. See http://www.gridsite.org/wiki/IP_Ports ) -## -## This file should be renamed /etc/httpd/conf/httpd.conf and Apache -## restarted to use Apache2/GridSite as a simple HTTP(S) fileserver. -## -## You do not need to install the GridSite mod_ssl.so module if you -## do not wish to use Globus Proxies or VOMS attributes, but you must -## have the mod_gridsite.so in /usr/lib/httpd/modules -## -## We're assuming you have (a) the host's hostcert.pem and hostkey.pem -## in /etc/grid-security/ and (b) the Certification Authorities' you -## trust have their root certs in /etc/grid-security/certificates -## -## (You can get RPMs for many European and North American Grid CAs -## from https://datagrid.in2p3.fr/distribution/datagrid/security/ ) -## -## If you want to use DN Lists in ACLs, they should be placed/downloaded -## in /etc/grid-security/dn-lists/ -## -## To start serving files, make a directory /var/www/htdocs owned by -## apache.apache, including the file .gacl containing: -## -## -## -## -## -## -## -## -## To enable writing, add DN List, Person or VOMS entries to the GACL -## (see the GridSite GACL document for the syntax.) For example: -## -## -## -## -## -## -## -## -## /C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab -## -## -## -## -## -## and add the following directive to the HTTPS section: -## -## GridSiteMethods GET PUT DELETE MOVE -## -## If you wish to accept Globus GSI Proxies as well as full X.509 user -## certificates, set GridSiteGSIProxyLimit to the depth of proxy you -## wish to accept. -## -## (As a _rough_ guide: 0=No Proxies; 1=Proxy on user's machine; 2=Proxy -## owned by running Globus job; 3=Proxy delegated by a Globus job.) -## -## With this done and Apache restarted, you can upload a file with: -## -## curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem \ -## --capath /etc/grid-security/certificates --upload-file /tmp/tmp.txt \ -## https://INSERT.HOSTNAME.HERE/tmp.txt -## -## (or with --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` to use -## a Globus GSI Proxy created with grid-proxy-init.) -## -############################################################################## - -ServerRoot "/etc/httpd" - -PidFile logs/httpd.pid - -Timeout 300 -KeepAlive On -MaxKeepAliveRequests 100 -KeepAliveTimeout 15 - -LoadModule log_config_module /usr/lib/httpd/modules/mod_log_config.so -LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so -LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so -LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so -LoadModule dir_module /usr/lib/httpd/modules/mod_dir.so - -TypesConfig /etc/mime.types - -# User and group who will own files created by Apache -User apache -Group apache - -DocumentRoot "/var/www/htdocs" - - - AllowOverride None - - -LogLevel debug -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - -CustomLog logs/httpd-gridsite-access combined -ErrorLog logs/httpd-gridsite-errors - -HostnameLookups On - -###################################################################### -# Plain unauthenticated HTTP on ports 80 and 777 -###################################################################### - -Listen 80 -Listen 777 - - - - GridSiteIndexes on - GridSiteAuth on - GridSiteDNlists /etc/grid-security/dn-lists/ - - - - -###################################################################### -# Secured and possibly authenticated HTTPS on ports 443 and 488 -###################################################################### -Listen 443 -Listen 488 -SSLSessionCacheTimeout 300 -SSLSessionCache shm:/var/cache/mod_ssl/shm_cache - - - -SSLEngine on -SSLCertificateFile /etc/grid-security/hostcert.pem -SSLCertificateKeyFile /etc/grid-security/hostkey.pem -SSLCACertificatePath /etc/grid-security/certificates -#SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE -SSLVerifyClient optional -SSLVerifyDepth 10 -SSLOptions +ExportCertData +StdEnvVars - - - GridSiteIndexes on - GridSiteAuth on - GridSiteDNlists /etc/grid-security/dn-lists/ - GridSiteGSIProxyLimit 0 -# GridSiteMethods GET PUT DELETE MOVE - - - diff --git a/org.gridsite.core/doc/httpd-webserver.conf b/org.gridsite.core/doc/httpd-webserver.conf deleted file mode 100644 index dfb3edb..0000000 --- a/org.gridsite.core/doc/httpd-webserver.conf +++ /dev/null @@ -1,226 +0,0 @@ -############################################################################## -## GridSite httpd-webserver.conf - Andrew McNab -## -## For GridSite documentation, see http://www.gridsite.org/ -## -## Example configuration file for GridSite as a Web Server -## (that is, primarily for interactive use with a browser.) -## Listening is on ports 80/777 (HTTP) and 443/488 (HTTPS). -## -## (777/488 is to allow firewalls to distinguish between Grid and -## Web HTTP(S) traffic. See http://www.gridsite.org/wiki/IP_Ports ) -## -## This file should be renamed /etc/httpd/conf/httpd.conf and Apache -## restarted to use Apache2/GridSite as a webserver. -## -## You do not need to install the GridSite mod_ssl.so module if you -## do not wish to use Globus Proxies or VOMS attributes, but you must -## have the mod_gridsite.so in /usr/lib/httpd/modules -## -## We're assuming you have (a) the host's hostcert.pem and hostkey.pem -## in /etc/grid-security/ and (b) the Certification Authorities' you -## trust have their root certs in /etc/grid-security/certificates -## -## (You can get RPMs for many European and North American Grid CAs -## from https://datagrid.in2p3.fr/distribution/datagrid/security/ ) -## -## If you want to use DN Lists in ACLs, they should be placed/downloaded -## in /etc/grid-security/dn-lists/ or /var/www/htdocs/dn-lists/ -## (Lists in /etc/grid-security/dn-lists/ override lists elsewhere.) -## -## To start serving files, make a directory /var/www/htdocs owned by -## apache.apache, including the file .gacl containing: -## -## -## -## -## -## -## -## -## To enable writing, add DN List, Person or VOMS entries to the GACL -## (see the GridSite GACL document for the syntax.) For example: -## -## -## -## -## -## -## -## -## /C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab -## -## -## -## -## -## and add the following directive to the HTTPS section: -## -## GridSiteMethods GET PUT DELETE MOVE -## -## If you wish to accept Globus GSI Proxies as well as full X.509 user -## certificates, set GridSiteGSIProxyLimit to the depth of proxy you -## wish to accept. -## -## (As a _rough_ guide: 0=No Proxies; 1=Proxy on user's machine; 2=Proxy -## owned by running Globus job; 3=Proxy delegated by a Globus job.) -## -## With this done and Apache restarted, you can upload a file with: -## -## curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem \ -## --capath /etc/grid-security/certificates --upload-file /tmp/tmp.txt \ -## https://INSERT.HOSTNAME.HERE/tmp.txt -## -## (or with --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` to use -## a Globus GSI Proxy created with grid-proxy-init.) -############################################################################## - -ServerRoot "/etc/httpd" - -## You MUST put your server's fully qualified domain name here -## This, the DOMAIN part of the https://DOMAIN/... URLs you want -ServerName FULL.SERVER.NAME - -PidFile logs/httpd.pid - -Timeout 300 -KeepAlive On -MaxKeepAliveRequests 100 -KeepAliveTimeout 15 - -LoadModule log_config_module /usr/lib/httpd/modules/mod_log_config.so -LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so -LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so -LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so -LoadModule dir_module /usr/lib/httpd/modules/mod_dir.so -LoadModule alias_module /usr/lib/httpd/modules/mod_alias.so -LoadModule cgi_module /usr/lib/httpd/modules/mod_cgi.so - -TypesConfig /etc/mime.types - -# User and group who will own files created by Apache -User apache -Group apache - -DocumentRoot "/var/www/htdocs" - - - AllowOverride None - - -LogLevel debug -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - -CustomLog logs/httpd-gridsite-access combined -ErrorLog logs/httpd-gridsite-errors - -HostnameLookups On - -###################################################################### -# Plain unauthenticated HTTP on ports 80 and 777 -###################################################################### - -Listen 80 -Listen 777 - - -## This is used to serve the Manage Directory links in footers, -## and to allow you to edit files and ACLs via your browser. -ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi - - - ## This sets up GACL authorization for this server. - GridSiteAuth on - - ## This exports various bits of info into the CGI environment - ## variables (and is needed for gridsite-admin.cgi to work.) - GridSiteEnvs on - - ## Nice GridSite directory listings (without truncating file names!) - GridSiteIndexes on - - ## If this is on, GridSite will look for gridsitehead.txt and - ## gridsitefoot.txt in the current directory or its parents, and - ## use them to replace the and tags in .html files. - GridSiteHtmlFormat on - - ## These directives (and the ScriptAlias above) allow authorized - ## people to manage files, ACLs and DN Lists through their web - ## browsers. Via HTTP, this just means extended directory listings - ## and History pages. - GridSiteAdminURI /real-gridsite-admin.cgi - GridSiteAdminFile gridsite-admin.cgi - - - - -###################################################################### -# Secured and possibly authenticated HTTPS on ports 443 and 488 -###################################################################### -Listen 443 -Listen 488 -SSLSessionCacheTimeout 300 -SSLSessionCache shm:/var/cache/mod_ssl/shm_cache - - - -SSLEngine on -SSLCertificateFile /etc/grid-security/hostcert.pem -SSLCertificateKeyFile /etc/grid-security/hostkey.pem -SSLCACertificatePath /etc/grid-security/certificates -#SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE -SSLVerifyClient optional -SSLVerifyDepth 10 -SSLOptions +ExportCertData +StdEnvVars - -## This is used to serve the Manage Directory links in footers, -## and to allow you to edit files and ACLs via your browser. -ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi - - - ## This sets up GACL authorization for this server. - GridSiteAuth on - - ## This exports various bits of info into the CGI environment - ## variables (and is needed for gridsite-admin.cgi to work.) - GridSiteEnvs on - - ## Nice GridSite directory listings (without truncating file names!) - GridSiteIndexes on - - ## If this is on, GridSite will look for gridsitehead.txt and - ## gridsitefoot.txt in the current directory or its parents, and - ## use them to replace the and tags in .html files. - GridSiteHtmlFormat on - - ## This is the path of directories (and all their subdirectories) for - ## GACL to search when it encounters a dn-list credential. The DN List - ## files are plain text, one DN per line, and must have the full url - ## as the file name, but URL Encoded - eg with urlencode(1) - GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/htdocs/dn-lists/ - - ## This is used to form the URL at which DN Lists "owned" by this - ## server are exported. https://FULL.SERVER.NAME/dn-lists/file - ## ALL FILES WITH URLs ON THIS SERVER WILL BE EXPORTED IRRESPECTIVE - ## OF WHERE THEY ARE FOUND ON THE DN-LISTS PATH!! - GridSiteDNlistsURI /dn-lists/ - - ## If this is greater than zero, we will accept GSI Proxies for clients - ## (full client certificates - eg inside web browsers - are always ok) - GridSiteGSIProxyLimit 0 - - ## This directive allows authorized people to write/delete files - ## from non-browser clients - eg with htcp(1) - GridSiteMethods GET PUT DELETE MOVE - - ## These directives (and the ScriptAlias above) allow authorized - ## people to manage files, ACLs and DN Lists through their web - ## browsers via HTTPS. The value of GridSiteAdminFile appears to - ## exist in every directory, but is internally redirected by - ## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias - ## then maps that onto the real-gridsite-admin.cgi executable.) - GridSiteAdminURI /real-gridsite-admin.cgi - GridSiteAdminFile gridsite-admin.cgi - - - diff --git a/org.gridsite.core/doc/index.html b/org.gridsite.core/doc/index.html deleted file mode 100644 index 2f6acf9..0000000 --- a/org.gridsite.core/doc/index.html +++ /dev/null @@ -1,82 +0,0 @@ -GridSite 1.1.x Documentation - -

GridSite 1.1.x Documentation

- -

-GridSite -is a set of extensions to the Apache 2.0 webserver, which support -Grid security based on X.509 certificates. Since GridSite applies access -control within Apache itself, via mod_gridsite, Grid authorization and -the associated verified credentials are available to all technologies -supported by Apache, including static file serving, SSI, CGI, PHP, JSP and -mod_perl. - -

-The GridSite Wiki includes -guides and cookbook examples about using GridSite, along with up to date -information about the APIs. - -

Reference

- -

-The following reference documents and man pages are put in -/usr/share/doc/gridsite-VERSION when GridSite is installed. - -

-

- -
htcp(1) -
A command line tool for copying files to or from HTTP(S) servers. -

- -

mod_gridsite(8) -
An Apache 2.0 module which enforces access control via Grid Access - Control Lists, and X.509, GSI or VOMS credentials. mod_gridsite also - gives Apache built-in support for the HTTP PUT and DELETE methods, and - formatting of HTML pages with standard headers and footers. -

- -

gsexec(8) -
A modified version of suexec(8), for use with mod_gridsite(8). gsexec - allows CGI programs to be run as pool users, depending on the client's - X.509 identity or the directory in which the CGI is located. -

- -

httpd-fileserver.conf and - httpd-webserver.conf -
Example configuration files for simple HTTP(S) fileservers and - webservers, with explanatory comments. -

- -

urlencode(1) -
A command for URL-encoding strings. -

- -

findproxyfile(1) -
The finxproxyfile command returns full path to a GSI Proxy file, - either in the proxy cache maintained by the GridSite G-HTTPS and - delegation portType functions, or in other standard places. -

- -

delegation-1.wsdl -
A WSDL description of a delegation Web Service including the Delegation - portType. -

- - - -

gridsite.h API reference -
A detailed description of the C API provided by libgridsite, generated - from the sources by doxygen. -

- -

- - diff --git a/org.gridsite.core/doc/mod_gridsite.8 b/org.gridsite.core/doc/mod_gridsite.8 deleted file mode 100644 index cfbea3f..0000000 --- a/org.gridsite.core/doc/mod_gridsite.8 +++ /dev/null @@ -1,313 +0,0 @@ -.TH MOD_GRIDSITE 8 "October 2005" "mod_gridsite" "GridSite Manual" -.SH NAME -.B mod_gridsite -\- Grid extensions to Apache httpd -.SH SYNOPSIS -.B LoadModule gridsite_module mod_gridsite.so -.SH DESCRIPTION -.B mod_gridsite -is an Apache 2.0 module which enforces access control via Grid -Access Control Lists, and X.509, GSI or VOMS credentials. mod_gridsite also -gives Apache built-in support for the HTTP PUT and DELETE methods, and -formatting of HTML pages with standard headers and footers. - -Since mod_gridsite access -control within Apache itself, Grid authorization and -the associated verified credentials are available to all technologies -supported by Apache, including static file serving, SSI, CGI, PHP, mod_perl -and Java servlets via a connector to Tomcat. - -Operation of mod_gridsite can be configured using runtime directives -in Apache's standard httpd.conf configuration file. The module must first be -loaded with a LoadModule directive: - -LoadModule gridsite_module /PATH/TO/MODULES/mod_gridsite.so - -The module's behaviour is then controlled by GridSite... directives within -Apache sections, allowing different directories to use -GridSite features in different ways. - -.SH DIRECTIVES - -.IP "GridSiteIndexes on|off" -Determines whether GridSite generates HTML directory listings. These -have some advantages over standard Apache directory listings (eg the -displayed filenames are never truncated) and will include standard -headers and footers if GridSiteHtmlFormat is on. -(Default: GridSiteIndexes off) - -.IP "GridSiteIndexHeader file" -If the named file is found in the directory being listed, the file -is included verbatim at the top of the listing and excluded from -the file-by-file listing. The file can either be HTML or plain text (in -which case browsers will be treat it as one HTML paragraph.) -(Default: none) - -.IP "GridSiteHtmlFormat on|off" -Determines where HTML pages receive additional formatting before being -sent to the client. This includes the "Last modified", -"View page history", "Switch to HTTP(S)", -"Print View" and "Built with GridSite" footer -elements. If header and footer files are found, they will be used too. -(Default: GridSiteHtmlFormat off) - -.IP "GridSiteHeadFile file" -.IP "GridSiteFootFile file" -Set the filenames to be searched for as standard headers and footers -for HTML pages. For each HTML page, the directory of that page is tried -first, and then parent directories in ascending order until a header / -footer file is found. Header files are inserted in place of HTML - tags; footer files in place of . (These -standard files should each include the appropriate body tag as a -replacement.) -(Defaults: GridSiteHeadFile gridsitehead.txt, -GridSiteFootFile gridsitefoot.txt) - -.IP "GridSiteAuth on|off" -Enables GridSite access control features, using -GACL files. The files are named .gacl and are -per-directory. The current directory is tried and then parent -directories in ascending order until a .gacl file is found. -(Default: GridSiteAuth off) - -.IP "GridSiteAdminList uri" -All members of the DN List with name "uri" receive the full set -of permissions, irrespective of per-directory .gacl files. People in -this group have full control over the whole site. -(Default: none) - -.IP "GridSiteGSIProxyLimit limit" -When using GSI Proxy credentials, -proxies with delegation depth greater than "limit" will -be ignored by mod_gridsite authorization decisions. A limit of zero -implies only full X.509 -certificates (and no proxies) will be accepted. A limit of 1 implies -that only the initial proxy, usually created on the user's own machine, -is acceptable. Higher levels lead to proxies on remote machines, eg -used by running jobs, being accepted. -(Default: GridSiteGSIProxyLimit 1) - -.IP "GridSiteMethods [GET] [PUT] [DELETE] [MOVE]" -Specifies which HTTP methods are supported by GridSite. GET (and HEAD) -are always supported. PUT and DELETE support is turned on by this -directive, subject to a positive statement that write permission is -allowed for the directory in question, by a GACL file. -(Default: GridSite GET) - -.IP "GridSiteDNlists directory1[:directory2[:directory3]...]" -Sets up the DN List path used by GACL for -evaluating credentials. If this directive is not used, -then GACL will use the GRST_DN_LISTS variable from Apache's own -environment. If that is not set either, then /etc/grid-security/dn-lists -is searched. -(Default: none) - -.IP "GridSiteDNlistsURI uri" -If GridSiteDNlistsURI is used, then the URI given appears to be -populated with all the DN lists on the current DN lists path which -match the current server. That is, for server https://example.org/ -with DN lists URI /dn-lists/, all DN lists with URLs starting -https://example.org/dn-lists/ will appear to be present in /dn-lists/, -irrespective of where in the path they are stored. -(Default: none) -

- -.IP "GridSiteAdminURI uri" -GridSiteAdminURI gives the absolute URI on the server of the GridSite -Admin CGI program, which is used for file management, HTML and GACL -editing. This should be used in conjunction with the standard Apache -directive ScriptAlias to map that URI to the real-gridsite-admin.cgi -executable. For example: - -ScriptAlias /real-gridsite-admin.cgi /PATH/TO/real-gridsite-admin.cgi - -This URI is always reached by an internal redirection from the value -set by GridSiteAdminFile, and is never visible to users. -(Default: none) - -.IP "GridSiteAdminFile cgifilename" -If GridSiteAdminURI is set, then the cgifilename of GridSiteAdminFile -appears to be present in all directories when explicitly -requested (it does not appear in directory listings.) Requests for these -ghost CGI URIs are internally redirected to the value set by -GridSiteAdminURI. (Default: GridSiteAdminFile gridsite-admin.cgi) - -.IP "GridSiteEnvs on|off" -This makes mod_gridsite export several variables into the environment -of CGI programs and other dynamic content systems. The variable names -are listed below. For gridsite-admin.cgi mechanism to work, this switch -must be left in its default state of on. -(Default: GridSiteEnvs on) - -.IP "GridSiteEditable [ext1 [ext2 [ext3] ...]]]" -A space-separated list of file extensions which can safely be edited -by the GridSite Text/HTML editor. The extensions are given without the -initial dot. -(Default: GridSiteEditable txt shtml html htm css js php jsp) - -.IP "GridSiteHelpURI uri" -If set, gives the URI to use for "Website Help" links in HTML -page footers. (Default: none) - -.IP "GridSiteLink on|off" -Turns off the link in the HTML page footers which gives credit to GridSite. -(Default: GridSiteLink on) - -.IP "GridSiteUnzip path" -If "path" is set by this directive, then real-gridsite-admin.cgi -will offer to list the contents of .zip archives on the server. -Users with write access are able to unpack the contents into the same -directory as the .zip file. The value of "path" must point -to the location of the unzip binary. (Default: none) - -.IP "GridSiteGridHTTP on|off" -Enable GridHTTP for this server, virtual server or directory: -HTTPS requests made with the header -.BR "Upgrade: GridHTTP/1.0" -will be redirected to an HTTP version of the file. (Default: off) - -.IP "GridSiteGridHTTPport port" -Sets the port to use for the unencrypted HTTP component of GridHTTP -HTTPS->HTTP transfers. The same setting will be used for all virtual hosts -which support GridHTTP. (Default: 777) - -.IP "GridSiteSessionsDir path" -Location of authentication cookies and SSL session credentials directory, -relative to ServerRoot. Used by GridHTTP to record the credentials obtained -via HTTPS, and available to the corresponding HTTP request or subsequent -HTTPS requests following a session restart. -(Default: /var/www/sessions) - -.IP "GridSiteACLFormat GACL|XACML" -Format to use when writing .gacl files. (Both formats are automatically -recognised when reading.) (Default: GACL) - -.IP "GridSiteExecMethod nosetuid|suexec|X509DN|directory" -Execution strategy for CGI scripts and executables. For options other -than nosetuid, suexec (or gsexec renamed suexec) must installed. For -X509DN and directory, gsexec must be installed, as suexec. See -.BR "gsexec(8)" -for an explanation of the different execution strategies. -(Default: nosetuid) - -.IP "GridSiteUserGroup user group" -Unix user and group when using suexec (or gsexec as suexec.) This -is equivalent to the suexec SuexecUserGroup directive, but can be -specified on a per-directory basis. (Default: none) - -.IP "GridSiteDiskMode GroupNone|GroupRead|GroupWrite WorldNone|WorldRead" -The file creation permissions mode, taking two arguments to specify -the group and other permissions. The mode always includes read and write -permission for the CGI user itself. -(Default: GroupNone WorldNone) - -.IP "GridSiteCastUniPort port" -The -.BR UDP -unicast port to listen on for HTCP queries, and from which to -send replies to HTCP unicast and multicast queries. Ideally, this should be -a privileged port below 1024. This directive may not appear within a virtual -server. (Default: 777) - -.IP "GridSiteCastGroup group[:port]" -A UDP multicast group on which to listen for HTCP queries, plus an optional -port. If no port is given, then 777 is used. Multiple GridSiteCastGroup -directives can be given to cause the UDP responder to listen to more than -one multicast group. This directive may not appear within a virtual server. - -.IP "GridSiteCastAlias URL-prefix path-prefix" -Maps SiteCast generic URLs to the local filesystem. When processing -HTCP queries, matching SiteCast URLs will have URL-prefix stripped off -and the remaining portion of the URL added to path-prefix to construct a -local path and filename. If a file is found with that name, a SiteCast HTCP -response will be returned to the querying host. Otherwise the queries are -ignored. -This directive may appear within virtual servers, and the virtual server's -servername and first port will determine the host and port name used to -construct the transfer URL. - -.SH ENVIRONMENT - -The following variables are present in the environment of CGI programs and -other dynamic content systems if the -.BR "GridSiteEnvs on" -directive is in effect. - -.IP GRST_PERM -Numerical value of the permission bit-map obtained by comparing the -user with the GACL in force. (These should be tested using the -GRSTgaclPermHasXXXX functions from GACL.) - -.IP GRST_ADMIN_LIST -URI of the DN List, listing people with full admin and write access -to the whole site. - -.IP GRST_GSIPROXY_LIMIT -Maximum valid delegation level for GSI Proxies. - -.IP GRST_DIR_PATH -Absolute path in the local filesystem to the directory holding the -file being requested. - -.IP GRST_DESTINATION_TRANSLATED -Present if a WebDAV -.BR "Destination:" -header was given in the request with a local URL. Contains the translation of -the URL given into an absolute path in the local filesystem. - -.IP GRST_HELP_URI -URI of website help pages set by GridSiteHelpURI directive. - -.IP GRST_ADMIN_FILE -Filename of per-directory ghost gridsite-admin.cgi program. (This is -used by real-gridsite-admin.cgi to construct links in its pages.) - -.IP GRST_EDITABLE -Space-separated list of extensions which can safely be edited with a -Text/HTML editor. - -.IP "GRST_HEAD_FILE and GRST_FOOT_FILE" -Filenames of standard header and footer files. - -.IP GRST_DN_LISTS -DN lists search path. - -.IP GRST_DN_LISTS_URI -Directory of virtual URIs used to publish this site's DN Lists. - -.IP GRST_UNZIP -Full path to the -.BR "unzip(1)" -binary, used to list and unpack .zip files. - -.IP GRST_NO_LINK -If set, do not include credit links to GridSite in page footers. - -.IP GRST_ACL_FORMAT -Format to use when writing .gacl files: either GACL or XACML. - -.IP GRST_EXEC_METHOD -Specified by -.BR GridSiteExecMethod -either suexec, X509DN or directory. - -.IP GRST_EXEC_DIRECTORY -The directory containing the CGI script or executable (used by gsexec -to determine which pool account to use in directory mapping mode.) - -.IP GRST_DISK_MODE -The -.BR Apache -disk permission modes bit pattern, in hexadecimal, starting with 0x. -(Similar to the Unix bit pattern, except with hexadecimal rather than -octal values: eg 0x600 [Apache] vs 0600 [Unix] -are both read/write for user only.) - -.SH AUTHOR -Andrew McNab - -mod_gridsite is part of GridSite: http://www.gridsite.org/ -.SH "SEE ALSO" -.BR htcp(1), -.BR httpd(8), -.BR gsexec(8) diff --git a/org.gridsite.core/doc/urlencode.1 b/org.gridsite.core/doc/urlencode.1 deleted file mode 100644 index 7cdfbc3..0000000 --- a/org.gridsite.core/doc/urlencode.1 +++ /dev/null @@ -1,43 +0,0 @@ -.TH URLENCODE 1 "November 2003" "urlencode" "GridSite Manual" -.SH NAME -.B urlencode -\- convert strings to or from URL-encoded form -.SH SYNOPSIS -.B urlencode -[-m|-d] -.I string [string ...] -.SH DESCRIPTION -.B urlencode -encodes strings according to RFC 1738. - -That is, characters A-Z a-z 0-9 . _ -and - are passed through unmodified, but all other characters are -represented as %HH, where HH is their two-digit upper-case hexadecimal ASCII -representation. -For example, the URL http://www.gridpp.ac.uk/ becomes -http%3A%2F%2Fwww.gridpp.ac.uk%2F - -.B urlencode -converts each character in all the strings given on the command line. If -multiple strings are given, they are concatenated with separating spaces -before conversion. - -.SH OPTIONS -.IP "-m" -Instead of full conversion, do GridSite "mild URL encoding" in which A-Z a-z -0-9 . = - _ @ and / are passed through unmodified. This results in slightly -more human-readable strings but the application must be prepared to create -or simulate the directories implied by any slashes. - -.IP "-d" -Do URL-decoding rather than encoding, according to RFC 1738. %HH and %hh -strings are converted and other characters are passed through unmodified, -with the exception that + is converted to space. - -.SH EXIT CODES -0 is always returned. - -.SH AUTHOR -Andrew McNab - -urlencode is part of GridSite: http://www.gridsite.org/ diff --git a/org.gridsite.core/interface/gridsite-gacl.h b/org.gridsite.core/interface/gridsite-gacl.h deleted file mode 100644 index f739c00..0000000 --- a/org.gridsite.core/interface/gridsite-gacl.h +++ /dev/null @@ -1,188 +0,0 @@ -/* - Copyright (c) 2002-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*---------------------------------------------------------------* - * For more about GridSite: http://www.gridsite.org/ * - *---------------------------------------------------------------*/ - -#ifndef HEADER_GACL_H -#define HEADER_GACL_H -#endif - -#ifndef GACL_LIB_VERSION -#define GACL_LIB_VERSION "x.x.x" -#endif - -typedef GRSTgaclCred GACLcred; - -typedef int GACLaction; -typedef unsigned int GACLperm; - -typedef GRSTgaclEntry GACLentry; - -typedef GRSTgaclAcl GACLacl; - -typedef GRSTgaclUser GACLuser; - -extern char *gacl_perm_syms[]; -extern GACLperm gacl_perm_vals[]; - -#define GACL_PERM_NONE GRST_PERM_NONE -#define GACL_PERM_READ GRST_PERM_READ -#define GACL_PERM_LIST GRST_PERM_LIST -#define GACL_PERM_WRITE GRST_PERM_WRITE -#define GACL_PERM_ADMIN GRST_PERM_ADMIN - -#define GACLhasNone(perm) (perm == 0) -#define GACLhasRead(perm) ((perm & GRST_PERM_READ) != 0) -#define GACLhasList(perm) ((perm & GRST_PERM_LIST) != 0) -#define GACLhasWrite(perm) ((perm & GRST_PERM_WRITE) != 0) -#define GACLhasAdmin(perm) ((perm & GRST_PERM_ADMIN) != 0) - -#define GACL_ACTION_ALLOW GRST_ACTION_ALLOW -#define GACL_ACTION_DENY GRST_ACTION_DENY - -#define GACL_ACL_FILE GRST_ACL_FILE -#define GACL_DN_LISTS GRST_DN_LISTS - -#define GACLinit() GRSTgaclInit() - -#define GACLnewCred(x) GRSTgaclCredNew((x)) -/* GACLcred *GACLnewCred(char *); */ - -#define GACLaddToCred(x,y,z) GRSTgaclCredAddValue((x),(y),(z)) -/* int GACLaddToCred(GACLcred *, char *, char *); */ - -#define GACLfreeCred(x) GRSTgaclCredFree((x)) -/* int GACLfreeCred(GACLcred *); */ - -#define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) -/* int GACLaddCred(GACLentry *, GACLcred *); */ - -#define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) -/* int GACLdelCred(GACLentry *, GACLcred *); */ - -#define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) -/* int GACLprintCred(GACLcred *, FILE *); */ - - -#define GACLnewEntry() GRSTgaclEntryNew() -/* GACLentry *GACLnewEntry(void); */ - -#define GACLfreeEntry(x) GRSTgaclEntryFree((x)) -/* int GACLfreeEntry(GACLentry *); */ - -#define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) -/* int GACLaddEntry(GACLacl *, GACLentry *); */ - -#define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) -/* int GACLprintEntry(GACLentry *, FILE *); */ - - -#define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) -/* int GACLprintPerm(GACLperm, FILE *); */ - -#define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) -/* int GACLallowPerm(GACLentry *, GACLperm); */ - -#define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) -/* int GACLunallowPerm(GACLentry *, GACLperm); */ - -#define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) -/* int GACLdenyPerm(GACLentry *, GACLperm); */ - -#define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) -/* int GACLundenyPerm(GACLentry *, GACLperm); */ - -#define GACLpermToChar(x) GRSTgaclPermToChar((x)) -/* char *GACLpermToChar(GACLperm); */ - -#define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) -/* GACLperm GACLcharToPerm(char *); */ - -#define GACLnewAcl() GRSTgaclAclNew() -/* GACLacl *GACLnewAcl(void); */ - -#define GACLfreeAcl(x) GRSTgaclAclFree((x)) -/* int GACLfreeAcl(GACLacl *); */ - -#define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) -/* int GACLprintAcl(GACLacl *, FILE *); */ - -#define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) -/* int GACLsaveAcl(char *, GACLacl *); */ - -#define GACLloadAcl(x) GRSTgaclAclLoadFile((x)) -/* GACLacl *GACLloadAcl(char *); */ - -#define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) -/* char *GACLfindAclForFile(char *); */ - -#define GACLloadAclForFile(x) GRSTgaclAclLoadforFile((x)) -/* GACLacl *GACLloadAclForFile(char *); */ - -#define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) -/* int GACLisAclFile(char *); */ - - -#define GACLnewUser(x) GRSTgaclUserNew((x)) -/* GACLuser *GACLnewUser(GACLcred *); */ - -#define GACLfreeUser(x) GRSTgaclUserFree((x)) -/* int GACLfreeUser(GACLuser *); */ - -#define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) -/* int GACLuserAddCred(GACLuser *, GACLcred *); */ - -#define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) -/* int GACLuserHasCred(GACLuser *, GACLcred *); */ - -#define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) -/* GACLcred *GACLuserFindCredType(GACLuser *, char *); */ - -#define GACLtestDnList(x,y) GRSTgaclDNlistHasUser((x),(y)) -/* int GACLtestDnList(char *, GACLuser *); */ - -#define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) -/* GACLperm GACLtestUserAcl(GACLacl *, GACLuser *); */ - -#define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) -/* GACLperm GACLtestExclAcl(GACLacl *, GACLuser *); */ - - -#define GACLurlEncode(x) GRSThttpUrlEncode((x)) -/* char *GACLurlEncode(char *); */ - -#define GACLmildUrlEncode(x) GRSThttpUrlMildencode((x)) -/* char *GACLmildUrlEncode(char *); */ - -GACLentry *GRSTgaclEntryParse(xmlNodePtr cur); -/* special function for legacy EDG LB service */ diff --git a/org.gridsite.core/interface/gridsite.h b/org.gridsite.core/interface/gridsite.h deleted file mode 100644 index d9473a8..0000000 --- a/org.gridsite.core/interface/gridsite.h +++ /dev/null @@ -1,326 +0,0 @@ -/* - Copyright (c) 2002-5, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*---------------------------------------------------------------* - * For more about GridSite: http://www.gridsite.org/ * - *---------------------------------------------------------------*/ - -#ifndef HEADER_SSL_H -#include -#endif - -#ifndef HEADER_CRYPTO_H -#include -#endif - -#ifndef FALSE -#define FALSE (0) -#endif -#ifndef TRUE -#define TRUE (!FALSE) -#endif - -/// Everything ok (= OpenSSL X509_V_OK) -#define GRST_RET_OK 0 - -/// Failed for unspecified reason -#define GRST_RET_FAILED 1000 - -/// Failed to find certificate in some cert store / directory -#define GRST_RET_CERT_NOT_FOUND 1001 - -/// Bad signature -#define GRST_RET_BAD_SIGNATURE 1002 - -/// No such file or directory -#define GRST_RET_NO_SUCH_FILE 1003 - -typedef struct { char *name; - char *value; - void *next; } GRSTgaclNamevalue; - -typedef struct { char *type; - int delegation; - GRSTgaclNamevalue *firstname; - void *next; } GRSTgaclCred; - -typedef int GRSTgaclAction; -typedef unsigned int GRSTgaclPerm; - -typedef struct { GRSTgaclCred *firstcred; - GRSTgaclPerm allowed; - GRSTgaclPerm denied; - void *next; } GRSTgaclEntry; - -typedef struct { GRSTgaclEntry *firstentry; } GRSTgaclAcl; - -typedef struct { GRSTgaclCred *firstcred; - char *dnlists; } GRSTgaclUser; - -#define GRST_PERM_NONE 0 -#define GRST_PERM_READ 1 -#define GRST_PERM_EXEC 2 -#define GRST_PERM_LIST 4 -#define GRST_PERM_WRITE 8 -#define GRST_PERM_ADMIN 16 -#define GRST_PERM_ALL 31 - -/* DO NOT USE PermIsNone!! */ -#define GRSTgaclPermIsNone(perm) (perm == 0) - -#define GRSTgaclPermHasNone(perm) (perm == 0) -#define GRSTgaclPermHasRead(perm) ((perm & GRST_PERM_READ ) != 0) -#define GRSTgaclPermHasExec(perm) ((perm & GRST_PERM_EXEC ) != 0) -#define GRSTgaclPermHasList(perm) ((perm & GRST_PERM_LIST ) != 0) -#define GRSTgaclPermHasWrite(perm) ((perm & GRST_PERM_WRITE) != 0) -#define GRSTgaclPermHasAdmin(perm) ((perm & GRST_PERM_ADMIN) != 0) - -#define GRST_ACTION_ALLOW 0 -#define GRST_ACTION_DENY 1 - -#define GRST_HIST_PREFIX ".grsthist" -#define GRST_ACL_FILE ".gacl" -#define GRST_DN_LISTS "/etc/grid-security/dn-lists" -#define GRST_RECURS_LIMIT 9 - -#define GRST_PROXYCERTINFO_OID "1.3.6.1.4.1.3536.1.222" -#define GRST_VOMS_OID "1.3.6.1.4.1.8005.100.100.5" -#define GRST_VOMS_DIR "/etc/grid-security/vomsdir" - -#define GRST_ASN1_MAXCOORDLEN 50 -#define GRST_ASN1_MAXTAGS 500 - -struct GRSTasn1TagList { char treecoords[GRST_ASN1_MAXCOORDLEN+1]; - int start; - int headerlength; - int length; - int tag; } ; - -#define GRST_HTTP_PORT 777 -#define GRST_HTTPS_PORT 488 -#define GRST_HTCP_PORT 777 - -#define GRSThtcpNOPop 0 -#define GRSThtcpTSTop 1 - -typedef struct { unsigned char length_msb; - unsigned char length_lsb; - char text[1]; } GRSThtcpCountstr; - -#define GRSThtcpCountstrLen(string) (256*((string)->length_msb) + (string)->length_lsb) - -typedef struct { unsigned char total_length_msb; - unsigned char total_length_lsb; - unsigned char version_msb; - unsigned char version_lsb; - unsigned char data_length_msb; - unsigned char data_length_lsb; - unsigned int response : 4; - unsigned int opcode : 4; - unsigned int rr : 1; - unsigned int f1 : 1; - unsigned int reserved : 6; - unsigned int trans_id; /* must be 4 bytes */ - GRSThtcpCountstr *method; - GRSThtcpCountstr *uri; - GRSThtcpCountstr *version; - GRSThtcpCountstr *req_hdrs; - GRSThtcpCountstr *resp_hdrs; - GRSThtcpCountstr *entity_hdrs; - GRSThtcpCountstr *cache_hdrs; } GRSThtcpMessage; - -int GRSTgaclInit(void); - -/* #define GACLnewCred(x) GRSTgaclCredNew((x)) */ -GRSTgaclCred *GRSTgaclCredNew(char *); - -/* #define GACLaddToCred(x,y,z) GRSTgaclCredAddValue((x),(y),(z)) */ -int GRSTgaclCredAddValue(GRSTgaclCred *, char *, char *); - -#define GRSTgaclCredSetDelegation(cred, level) ((cred)->delegation = (level)) -#define GRSTgaclCredGetDelegation(cred) ((cred)->delegation) - -/* #define GACLfreeCred(x) GRSTgaclCredFree((x)) */ -int GRSTgaclCredFree(GRSTgaclCred *); - -/* #define GACLaddCred(x,y) GRSTgaclEntryAddCred((x),(y)) */ -int GRSTgaclEntryAddCred(GRSTgaclEntry *, GRSTgaclCred *); - -/* #define GACLdelCred(x,y) GRSTgaclEntryDelCred((x),(y)) */ -int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *); - -/* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */ -int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *); - - -/* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */ -GRSTgaclEntry *GRSTgaclEntryNew(void); - -/* #define GACLfreeEntry(x) GRSTgaclEntryFree((x)) */ -int GRSTgaclEntryFree(GRSTgaclEntry *); - -/* #define GACLaddEntry(x,y) GRSTgaclAclAddEntry((x),(y)) */ -int GRSTgaclAclAddEntry(GRSTgaclAcl *, GRSTgaclEntry *); - -/* #define GACLprintEntry(x,y) GRSTgaclEntryPrint((x),(y)) */ -int GRSTgaclEntryPrint(GRSTgaclEntry *, FILE *); - - -/* #define GACLprintPerm(x,y) GRSTgaclPermPrint((x),(y)) */ -int GRSTgaclPermPrint(GRSTgaclPerm, FILE *); - -/* #define GACLallowPerm(x,y) GRSTgaclEntryAllowPerm((x),(y)) */ -int GRSTgaclEntryAllowPerm(GRSTgaclEntry *, GRSTgaclPerm); - -/* #define GACLunallowPerm(x,y) GRSTgaclEntryUnallowPerm((x),(y)) */ -int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *, GRSTgaclPerm); - -/* #define GACLdenyPerm(x,y) GRSTgaclEntryDenyPerm((x),(y)) */ -int GRSTgaclEntryDenyPerm(GRSTgaclEntry *, GRSTgaclPerm); - -/* #define GACLundenyPerm(x,y) GRSTgaclEntryUndenyPerm((x),(y)) */ -int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *, GRSTgaclPerm); - -/* #define GACLpermToChar(x) GRSTgaclPermToChar((x)) */ -char *GRSTgaclPermToChar(GRSTgaclPerm); - -/* #define GACLcharToPerm(x) GRSTgaclPermFromChar((x)) */ -GRSTgaclPerm GRSTgaclPermFromChar(char *); - -/* #define GACLnewAcl(x) GRSTgaclAclNew((x)) */ -GRSTgaclAcl *GRSTgaclAclNew(void); - -/* #define GACLfreeAcl(x) GRSTgaclAclFree((x)) */ -int GRSTgaclAclFree(GRSTgaclAcl *); - -/* #define GACLprintAcl(x,y) GRSTgaclAclPrint((x),(y)) */ -int GRSTgaclAclPrint(GRSTgaclAcl *, FILE *); - -/* #define GACLsaveAcl(x,y) GRSTgaclAclSave((y),(x)) */ -int GRSTgaclAclSave(GRSTgaclAcl *, char *); - -/* #define GACLloadAcl(x) GRSTgaclFileLoadAcl((x)) */ -GRSTgaclAcl *GRSTgaclAclLoadFile(char *); - -/* #define GACLfindAclForFile(x) GRSTgaclFileFindAclname((x)) */ -char *GRSTgaclFileFindAclname(char *); - -/* #define GACLloadAclForFile(x) GRSTgaclFileLoadAcl((x)) */ -GRSTgaclAcl *GRSTgaclAclLoadforFile(char *); - -/* #define GACLisAclFile(x) GRSTgaclFileIsAcl((x)) */ -int GRSTgaclFileIsAcl(char *); - - -/* #define GACLnewUser(x) GRSTgaclUserNew((x)) */ -GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *); - -/* #define GACLfreeUser(x) GRSTgaclUserFree((x)) */ -int GRSTgaclUserFree(GRSTgaclUser *); - -/* #define GACLuserAddCred(x,y) GRSTgaclUserAddCred((x),(y)) */ -int GRSTgaclUserAddCred(GRSTgaclUser *, GRSTgaclCred *); - -/* #define GACLuserHasCred(x,y) GRSTgaclUserHasCred((x),(y)) */ -int GRSTgaclUserHasCred(GRSTgaclUser *, GRSTgaclCred *); - -int GRSTgaclUserSetDNlists(GRSTgaclUser *, char *); - -/* #define GACLuserFindCredType(x,y) GRSTgaclUserFindCredtype((x),(y)) */ -GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *, char *); - -/* #define GACLtestDnList(x,y) GRSTgaclDNlistHasUser((x),(y)) */ -int GRSTgaclDNlistHasUser(char *, GRSTgaclUser *); - -/* #define GACLtestUserAcl(x,y) GRSTgaclAclTestUser((x),(y)) */ -GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *, GRSTgaclUser *); - -/* #define GACLtestExclAcl(x,y) GRSTgaclAclTestexclUser((x),(y)) */ -GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *, GRSTgaclUser *); - -char *GRSThttpUrlDecode(char *); - -/* #define GACLurlEncode(x) GRSThttpUrlEncode((x)) */ -char *GRSThttpUrlEncode(char *); - -/* #define GACLmildUrlEncode(x) GRSThttpMildUrlEncode((x)) */ -char *GRSThttpUrlMildencode(char *); - -int GRSTx509NameCmp(char *, char *); - -int GRSTx509KnownCriticalExts(X509 *); - -int GRSTx509IsCA(X509 *); -int GRSTx509CheckChain(int *, X509_STORE_CTX *); -int GRSTx509VerifyCallback(int, X509_STORE_CTX *); - -int GRSTx509GetVomsCreds(int *, int, size_t, char *, X509 *, STACK_OF(X509) *, char *); -GRSTgaclCred *GRSTx509CompactToCred(char *); -int GRSTx509CompactCreds(int *, int, size_t, char *, STACK_OF(X509) *, char *, X509 *); -char *GRSTx509CachedProxyFind(char *, char *, char *); -char *GRSTx509FindProxyFileName(void); -int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int); -char *GRSTx509CachedProxyKeyFind(char *, char *, char *); -int GRSTx509MakeProxyRequest(char **, char *, char *, char *); -int GRSTx509StringToChain(STACK_OF(X509) **, char *); -char *GRSTx509MakeProxyFileName(char *, STACK_OF(X509) *); -int GRSTx509CacheProxy(char *, char *, char *, char *); - -#define GRST_HEADFILE "gridsitehead.txt" -#define GRST_FOOTFILE "gridsitefoot.txt" -#define GRST_ADMIN_FILE "gridsite-admin.cgi" - -typedef struct { char *text; - void *next; } GRSThttpCharsList; - -typedef struct { size_t size; - GRSThttpCharsList *first; - GRSThttpCharsList *last; } GRSThttpBody; - -void GRSThttpBodyInit(GRSThttpBody *); -void GRSThttpPrintf(GRSThttpBody *, char *, ...); -int GRSThttpCopy(GRSThttpBody *, char *); -void GRSThttpWriteOut(GRSThttpBody *); -int GRSThttpPrintHeaderFooter(GRSThttpBody *, char *, char *); -char *GRSThttpGetCGI(char *); - -time_t GRSTasn1TimeToTimeT(char *, size_t); -int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], int, char *); -int GRSTasn1ParseDump(BIO *, unsigned char *, long, - struct GRSTasn1TagList taglist[], int, int *); -int GRSTasn1GetX509Name(char *, int, char *, char *, - struct GRSTasn1TagList taglist[], int); - -int GRSThtcpNOPrequestMake(char **, int *, unsigned int); -int GRSThtcpNOPresponseMake(char **, int *, unsigned int); -int GRSThtcpTSTrequestMake(char **, int *, unsigned int, char *, char *, char *); -int GRSThtcpTSTresponseMake(char **, int *, unsigned int, char *, char *, char *); -int GRSThtcpMessageParse(GRSThtcpMessage *, char *, int); diff --git a/org.gridsite.core/project/build.number b/org.gridsite.core/project/build.number deleted file mode 100644 index e3c0104..0000000 --- a/org.gridsite.core/project/build.number +++ /dev/null @@ -1,2 +0,0 @@ -#Wed Feb 23 03:19:54 CET 2005 -module.build=141 diff --git a/org.gridsite.core/project/build.properties b/org.gridsite.core/project/build.properties deleted file mode 100644 index e69de29..0000000 diff --git a/org.gridsite.core/project/configure.properties.xml b/org.gridsite.core/project/configure.properties.xml deleted file mode 100644 index 8baac92..0000000 --- a/org.gridsite.core/project/configure.properties.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - diff --git a/org.gridsite.core/project/dependencies.properties b/org.gridsite.core/project/dependencies.properties deleted file mode 100644 index 2a7383b..0000000 --- a/org.gridsite.core/project/dependencies.properties +++ /dev/null @@ -1,9 +0,0 @@ -################################################################### -# System dependencies -################################################################### - -org.glite.version = HEAD -org.glite.core.version = HEAD - -# Component dependencies tag = do not remove this line = - diff --git a/org.gridsite.core/project/gridsite.core.csf.xml b/org.gridsite.core/project/gridsite.core.csf.xml deleted file mode 100644 index 7ca38dc..0000000 --- a/org.gridsite.core/project/gridsite.core.csf.xml +++ /dev/null @@ -1,221 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The org.glite and org.gridsite.core modules have been updated, please rerun the configuration file - - - - The org.glite and org.gridsite.core modules have been updated, please rerun the configuration file - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/org.gridsite.core/project/properties.xml b/org.gridsite.core/project/properties.xml deleted file mode 100644 index 74f88dc..0000000 --- a/org.gridsite.core/project/properties.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/org.gridsite.core/project/taskdefs.xml b/org.gridsite.core/project/taskdefs.xml deleted file mode 100644 index 9c35cef..0000000 --- a/org.gridsite.core/project/taskdefs.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/org.gridsite.core/src/Doxyfile b/org.gridsite.core/src/Doxyfile deleted file mode 100644 index 14f88e0..0000000 --- a/org.gridsite.core/src/Doxyfile +++ /dev/null @@ -1,993 +0,0 @@ -# Doxyfile 1.2.18 - -# This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project -# -# All text after a hash (#) is considered a comment and will be ignored -# The format is: -# TAG = value [value, ...] -# For lists items can also be appended using: -# TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") - -#--------------------------------------------------------------------------- -# General configuration options -#--------------------------------------------------------------------------- - -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. - -PROJECT_NAME = - -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or -# if some version control system is used. - -PROJECT_NUMBER = - -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location -# where doxygen was started. If left blank the current directory will be used. - -OUTPUT_DIRECTORY = - -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch, -# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en -# (Japanese with english messages), Korean, Norwegian, Polish, Portuguese, -# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish and Ukrainian. - -OUTPUT_LANGUAGE = English - -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless -# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES - -EXTRACT_ALL = YES - -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class -# will be included in the documentation. - -EXTRACT_PRIVATE = NO - -# If the EXTRACT_STATIC tag is set to YES all static members of a file -# will be included in the documentation. - -EXTRACT_STATIC = NO - -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. -# If set to NO only classes defined in header files are included. - -EXTRACT_LOCAL_CLASSES = NO - -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. -# This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_MEMBERS = NO - -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these class will be included in the various -# overviews. This option has no effect if EXTRACT_ALL is enabled. - -HIDE_UNDOC_CLASSES = NO - -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the -# documentation. - -HIDE_FRIEND_COMPOUNDS = NO - -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). -# Set to NO to disable this. - -BRIEF_MEMBER_DESC = YES - -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the -# brief descriptions will be completely suppressed. - -REPEAT_BRIEF = YES - -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief -# description. - -ALWAYS_DETAILED_SEC = NO - -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all inherited -# members of a class in the documentation of that class as if those members were -# ordinary class members. Constructors, destructors and assignment operators of -# the base classes will not be shown. - -INLINE_INHERITED_MEMB = NO - -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set -# to NO the shortest path that makes the file name unique will be used. - -FULL_PATH_NAMES = NO - -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. It is allowed to use relative paths in the argument list. - -STRIP_FROM_PATH = - -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. -# Set it to YES to include the internal documentation. - -INTERNAL_DOCS = NO - -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. - -STRIP_CODE_COMMENTS = YES - -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower case letters. If set to YES upper case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# users are adviced to set this option to NO. - -CASE_SENSE_NAMES = YES - -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems -# doesn't support long names like on DOS, Mac, or CD-ROM. - -SHORT_NAMES = NO - -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the -# documentation. If set to YES the scope will be hidden. - -HIDE_SCOPE_NAMES = NO - -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for -# which an include is specified. Set to NO to disable this. - -VERBATIM_HEADERS = YES - -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put list of the files that are included by a file in the documentation -# of that file. - -SHOW_INCLUDE_FILES = NO - -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like the Qt-style comments (thus requiring an -# explict @brief command for a brief description. - -JAVADOC_AUTOBRIEF = NO - -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed -# description. Set this tag to YES if you prefer the old behaviour instead. - -MULTILINE_CPP_IS_BRIEF = NO - -# If the DETAILS_AT_TOP tag is set to YES then Doxygen -# will output the detailed description near the top, like JavaDoc. -# If set to NO, the detailed description appears after the member -# documentation. - -DETAILS_AT_TOP = NO - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it -# reimplements. - -INHERIT_DOCS = YES - -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] -# is inserted in the documentation for inline members. - -INLINE_INFO = YES - -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in -# declaration order. - -SORT_MEMBER_DOCS = YES - -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default -# all members of a group must be documented explicitly. - -DISTRIBUTE_GROUP_DOC = NO - -# The TAB_SIZE tag can be used to set the number of spaces in a tab. -# Doxygen uses this value to replace tabs by spaces in code fragments. - -TAB_SIZE = 8 - -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo -# commands in the documentation. - -GENERATE_TODOLIST = YES - -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test -# commands in the documentation. - -GENERATE_TESTLIST = YES - -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug -# commands in the documentation. - -GENERATE_BUGLIST = YES - -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting \deprecated commands in the documentation. - -GENERATE_DEPRECATEDLIST= YES - -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user defined paragraph with heading "Side Effects:". -# You can put \n's in the value part of an alias to insert newlines. - -ALIASES = - -# The ENABLED_SECTIONS tag can be used to enable conditional -# documentation sections, marked by \if sectionname ... \endif. - -ENABLED_SECTIONS = - -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consist of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer -# command in the documentation regardless of this setting. - -MAX_INITIALIZER_LINES = 30 - -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources -# only. Doxygen will then generate output that is more tailored for C. -# For instance some of the names that are used will be different. The list -# of all members will be omitted, etc. - -OPTIMIZE_OUTPUT_FOR_C = YES - -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources -# only. Doxygen will then generate output that is more tailored for Java. -# For instance namespaces will be presented as packages, qualified scopes -# will look different, etc. - -OPTIMIZE_OUTPUT_JAVA = NO - -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the -# list will mention the files that were used to generate the documentation. - -SHOW_USED_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to warning and progress messages -#--------------------------------------------------------------------------- - -# The QUIET tag can be used to turn on/off the messages that are generated -# by doxygen. Possible values are YES and NO. If left blank NO is used. - -QUIET = NO - -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank -# NO is used. - -WARNINGS = YES - -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will -# automatically be disabled. - -WARN_IF_UNDOCUMENTED = YES - -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. - -WARN_FORMAT = "$file:$line: $text" - -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written -# to stderr. - -WARN_LOGFILE = - -#--------------------------------------------------------------------------- -# configuration options related to the input files -#--------------------------------------------------------------------------- - -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories -# with spaces. - -INPUT = . ../interface - -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp -# *.h++ *.idl *.odl - -FILE_PATTERNS = - -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. -# If left blank NO is used. - -RECURSIVE = NO - -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a -# subdirectory from a directory tree whose root is specified with the INPUT tag. - -EXCLUDE = - -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories -# that are symbolic links (a Unix filesystem feature) are excluded from the input. - -EXCLUDE_SYMLINKS = NO - -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. - -EXCLUDE_PATTERNS = - -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see -# the \include command). - -EXAMPLE_PATH = - -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank all files are included. - -EXAMPLE_PATTERNS = - -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. -# Possible values are YES and NO. If left blank NO is used. - -EXAMPLE_RECURSIVE = NO - -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see -# the \image command). - -IMAGE_PATH = - -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command , where -# is the value of the INPUT_FILTER tag, and is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. - -INPUT_FILTER = - -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source -# files to browse (i.e. when SOURCE_BROWSER is set to YES). - -FILTER_SOURCE_FILES = NO - -#--------------------------------------------------------------------------- -# configuration options related to source browsing -#--------------------------------------------------------------------------- - -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. - -SOURCE_BROWSER = NO - -# Setting the INLINE_SOURCES tag to YES will include the body -# of functions and classes directly in the documentation. - -INLINE_SOURCES = NO - -# If the REFERENCED_BY_RELATION tag is set to YES (the default) -# then for each documented function all documented -# functions referencing it will be listed. - -REFERENCED_BY_RELATION = NO - -# If the REFERENCES_RELATION tag is set to YES (the default) -# then for each documented function all documented entities -# called/used by that function will be listed. - -REFERENCES_RELATION = NO - -#--------------------------------------------------------------------------- -# configuration options related to the alphabetical class index -#--------------------------------------------------------------------------- - -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project -# contains a lot of classes, structs, unions or interfaces. - -ALPHABETICAL_INDEX = YES - -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns -# in which this list will be split (can be a number in the range [1..20]) - -COLS_IN_ALPHA_INDEX = 5 - -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that -# should be ignored while generating the index headers. - -IGNORE_PREFIX = - -#--------------------------------------------------------------------------- -# configuration options related to the HTML output -#--------------------------------------------------------------------------- - -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will -# generate HTML output. - -GENERATE_HTML = YES - -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `html' will be used as the default path. - -HTML_OUTPUT = doxygen - -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank -# doxygen will generate files with .html extension. - -HTML_FILE_EXTENSION = .html - -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a -# standard header. - -HTML_HEADER = - -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a -# standard footer. - -HTML_FOOTER = - -# The HTML_STYLESHEET tag can be used to specify a user defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet - -HTML_STYLESHEET = doxygen.css - -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -HTML_ALIGN_MEMBERS = YES - -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) -# of the generated HTML documentation. - -GENERATE_HTMLHELP = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be -# written to the html output dir. - -CHM_FILE = - -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non empty doxygen will try to run -# the html help compiler on the generated index.hhp. - -HHC_LOCATION = - -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that -# it should be included in the master .chm file (NO). - -GENERATE_CHI = NO - -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a -# normal table of contents (NO) in the .chm file. - -BINARY_TOC = NO - -# The TOC_EXPAND flag can be set to YES to add extra items for group members -# to the contents of the Html help documentation and to the tree view. - -TOC_EXPAND = NO - -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. - -DISABLE_INDEX = YES - -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - -# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be -# generated containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript and frames is required (for instance Mozilla, Netscape 4.0+, -# or Internet explorer 4.0+). Note that for large projects the tree generation -# can take a very long time. In such cases it is better to disable this feature. -# Windows users are probably better off using the HTML help feature. - -GENERATE_TREEVIEW = NO - -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree -# is shown. - -TREEVIEW_WIDTH = 250 - -#--------------------------------------------------------------------------- -# configuration options related to the LaTeX output -#--------------------------------------------------------------------------- - -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will -# generate Latex output. - -GENERATE_LATEX = NO - -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `latex' will be used as the default path. - -LATEX_OUTPUT = latex - -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be invoked. If left blank `latex' will be used as the default command name. - -LATEX_CMD_NAME = latex - -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the -# default command name. - -MAKEINDEX_CMD_NAME = makeindex - -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_LATEX = NO - -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and -# executive. If left blank a4wide will be used. - -PAPER_TYPE = a4wide - -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX -# packages that should be included in the LaTeX output. - -EXTRA_PACKAGES = - -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a -# standard header. Notice: only use this tag if you know what you are doing! - -LATEX_HEADER = - -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references -# This makes the output suitable for online browsing using a pdf viewer. - -PDF_HYPERLINKS = NO - -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a -# higher quality PDF documentation. - -USE_PDFLATEX = NO - -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. -# This option is also used when generating formulas in HTML. - -LATEX_BATCHMODE = NO - -#--------------------------------------------------------------------------- -# configuration options related to the RTF output -#--------------------------------------------------------------------------- - -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimised for Word 97 and may not look very pretty with -# other RTF readers or editors. - -GENERATE_RTF = NO - -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `rtf' will be used as the default path. - -RTF_OUTPUT = rtf - -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to -# save some trees in general. - -COMPACT_RTF = NO - -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. -# Note: wordpad (write) and others do not support links. - -RTF_HYPERLINKS = NO - -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assigments. You only have to provide -# replacements, missing definitions are set to their default value. - -RTF_STYLESHEET_FILE = - -# Set optional variables used in the generation of an rtf document. -# Syntax is similar to doxygen's config file. - -RTF_EXTENSIONS_FILE = - -#--------------------------------------------------------------------------- -# configuration options related to the man page output -#--------------------------------------------------------------------------- - -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will -# generate man pages - -GENERATE_MAN = NO - -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be -# put in front of it. If left blank `man' will be used as the default path. - -MAN_OUTPUT = man - -# The MAN_EXTENSION tag determines the extension that is added to -# the generated man pages (default is the subroutine's section .3) - -MAN_EXTENSION = .3 - -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command -# would be unable to find the correct page. The default is NO. - -MAN_LINKS = NO - -#--------------------------------------------------------------------------- -# configuration options related to the XML output -#--------------------------------------------------------------------------- - -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the -# moment. - -GENERATE_XML = NO - -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_SCHEMA = - -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the -# syntax of the XML files. - -XML_DTD = - -#--------------------------------------------------------------------------- -# configuration options for the AutoGen Definitions output -#--------------------------------------------------------------------------- - -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental -# and incomplete at the moment. - -GENERATE_AUTOGEN_DEF = NO - -#--------------------------------------------------------------------------- -# Configuration options related to the preprocessor -#--------------------------------------------------------------------------- - -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include -# files. - -ENABLE_PREPROCESSING = NO - -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled -# way by setting EXPAND_ONLY_PREDEF to YES. - -MACRO_EXPANSION = NO - -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the -# PREDEFINED and EXPAND_AS_PREDEFINED tags. - -EXPAND_ONLY_PREDEF = NO - -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. - -SEARCH_INCLUDES = YES - -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by -# the preprocessor. - -INCLUDE_PATH = - -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will -# be used. - -INCLUDE_FILE_PATTERNS = - -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. - -PREDEFINED = - -# If the MACRO_EXPANSION and EXPAND_PREDEF_ONLY tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. - -EXPAND_AS_DEFINED = - -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse the -# parser if not removed. - -SKIP_FUNCTION_MACROS = YES - -#--------------------------------------------------------------------------- -# Configuration::addtions related to external references -#--------------------------------------------------------------------------- - -# The TAGFILES tag can be used to specify one or more tagfiles. - -TAGFILES = - -# When a file name is specified after GENERATE_TAGFILE, doxygen will create -# a tag file that is based on the input files it reads. - -GENERATE_TAGFILE = - -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes -# will be listed. - -ALLEXTERNALS = NO - -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will -# be listed. - -EXTERNAL_GROUPS = YES - -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of `which perl'). - -PERL_PATH = /usr/bin/perl - -#--------------------------------------------------------------------------- -# Configuration options related to the dot tool -#--------------------------------------------------------------------------- - -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in Html, RTF and LaTeX) for classes with base or -# super classes. Setting the tag to NO turns the diagrams off. Note that this -# option is superceded by the HAVE_DOT option below. This is only a fallback. It is -# recommended to install and use dot, since it yield more powerful graphs. - -CLASS_DIAGRAMS = YES - -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented -# or is not a class. - -HIDE_UNDOC_RELATIONS = YES - -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section -# have no effect if this option is set to NO (the default) - -HAVE_DOT = NO - -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. - -CLASS_GRAPH = YES - -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and -# class references variables) of the class with other documented classes. - -COLLABORATION_GRAPH = YES - -# If set to YES, the inheritance and collaboration graphs will show the -# relations between templates and their instances. - -TEMPLATE_RELATIONS = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with -# other documented files. - -INCLUDE_GRAPH = YES - -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or -# indirectly include this file. - -INCLUDED_BY_GRAPH = YES - -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. - -GRAPHICAL_HIERARCHY = YES - -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. - -DOT_IMAGE_FORMAT = png - -# The tag DOT_PATH can be used to specify the path where the dot tool can be -# found. If left blank, it is assumed the dot tool can be found on the path. - -DOT_PATH = - -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the -# \dotfile command). - -DOTFILE_DIRS = - -# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width -# (in pixels) of the graphs generated by dot. If a graph becomes larger than -# this value, doxygen will try to truncate the graph, so that it fits within -# the specified constraint. Beware that most browsers cannot cope with very -# large images. - -MAX_DOT_GRAPH_WIDTH = 1024 - -# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height -# (in pixels) of the graphs generated by dot. If a graph becomes larger than -# this value, doxygen will try to truncate the graph, so that it fits within -# the specified constraint. Beware that most browsers cannot cope with very -# large images. - -MAX_DOT_GRAPH_HEIGHT = 1024 - -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and -# arrows in the dot generated graphs. - -GENERATE_LEGEND = YES - -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermedate dot files that are used to generate -# the various graphs. - -DOT_CLEANUP = YES - -#--------------------------------------------------------------------------- -# Configuration::addtions related to the search engine -#--------------------------------------------------------------------------- - -# The SEARCHENGINE tag specifies whether or not a search engine should be -# used. If set to NO the values of all tags below this one will be ignored. - -SEARCHENGINE = NO - -# The CGI_NAME tag should be the name of the CGI script that -# starts the search engine (doxysearch) with the correct parameters. -# A script with this name will be generated by doxygen. - -CGI_NAME = search.cgi - -# The CGI_URL tag should be the absolute URL to the directory where the -# cgi binaries are located. See the documentation of your http daemon for -# details. - -CGI_URL = - -# The DOC_URL tag should be the absolute URL to the directory where the -# documentation is located. If left blank the absolute path to the -# documentation, with file:// prepended to it, will be used. - -DOC_URL = - -# The DOC_ABSPATH tag should be the absolute path to the directory where the -# documentation is located. If left blank the directory on the local machine -# will be used. - -DOC_ABSPATH = - -# The BIN_ABSPATH tag must point to the directory where the doxysearch binary -# is installed. - -BIN_ABSPATH = /usr/local/bin/ - -# The EXT_DOC_PATHS tag can be used to specify one or more paths to -# documentation generated for other projects. This allows doxysearch to search -# the documentation for these projects as well. - -EXT_DOC_PATHS = diff --git a/org.gridsite.core/src/Makefile b/org.gridsite.core/src/Makefile deleted file mode 100644 index 9e2c67a..0000000 --- a/org.gridsite.core/src/Makefile +++ /dev/null @@ -1,342 +0,0 @@ -# -# Andrew McNab and Shiv Kaushal, University of Manchester. -# Copyright (c) 2002-6. All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# o Redistributions of source code must retain the above -# copyright notice, this list of conditions and the following -# disclaimer. -# o Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# -#--------------------------------------------------------------- -# For more information about GridSite: http://www.gridsite.org/ -#--------------------------------------------------------------- - -include ../VERSION - -RPMCMD=$(shell if [ -x /usr/bin/rpmbuild ] ; then echo /usr/bin/rpmbuild; else echo rpm; fi) - -ifndef MYRPMDIR -export MYRPMDIR=$(shell pwd)/../RPMTMP -endif - -ifndef prefix -export prefix=/usr/local -endif - -ifndef MYCFLAGS -export MYCFLAGS=-I. -I../interface $(HTTPD_FLAGS) -I/usr/include/httpd -I/usr/include/apr-0 -I/opt/glite/include -fPIC -endif - -ifndef MYLDFLAGS -export MYLDFLAGS=-L. -endif - -# -# Build -# - -build: apidoc \ - libgridsite.so.$(VERSION) libgridsite.a htcp mod_gridsite.so \ - urlencode findproxyfile real-gridsite-admin.cgi gsexec \ - gridsite-copy.cgi - -build: libgridsite_globus.so.$(VERSION) libgridsite_globus.a - -# First, normal versions using system OpenSSL rather than Globus OpenSSL - -libgridsite.so.$(VERSION): grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o - gcc -shared -Wl,-soname,libgridsite.so.$(MINOR_VERSION) \ - -o libgridsite.so.$(PATCH_VERSION) grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o - -libgridsite.a: grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o - ar src libgridsite.a grst_x509.o grst_gacl.o grst_xacml.o grst_http.o grst_asn1.o grst_htcp.o - -grst_x509.o: grst_x509.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include -c grst_x509.c - -grst_gacl.o: grst_gacl.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include `xml2-config --cflags` -c grst_gacl.c - -grst_xacml.o: grst_xacml.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include `xml2-config --cflags` -c grst_xacml.c - -grst_http.o: grst_http.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include -c grst_http.c - -grst_asn1.o: grst_asn1.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include -c grst_asn1.c - -grst_htcp.o: grst_htcp.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) \ - -I/usr/kerberos/include -c grst_htcp.c - -# Then build versions using Globus OpenSSL if configured - -ifdef OPENSSL_GLOBUS_LIBS - -libgridsite_globus.so.$(VERSION): \ - grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o \ - grst_asn1_globus.o grst_xacml_globus.o grst_htcp_globus.o - gcc -shared -Wl,-soname,libgridsite_globus.so.$(MINOR_VERSION) \ - -o libgridsite_globus.so.$(PATCH_VERSION) \ - grst_x509_globus.o grst_gacl_globus.o grst_xacml_globus.o grst_http_globus.o grst_asn1_globus.o - -libgridsite_globus.a: grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o grst_asn1_globus.o - ar src libgridsite_globus.a \ - grst_x509_globus.o grst_gacl_globus.o grst_http_globus.o grst_asn1_globus.o - -grst_x509_globus.o: grst_x509.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include -c grst_x509.c \ - -o grst_x509_globus.o - -grst_gacl_globus.o: grst_gacl.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include `xml2-config --cflags` -c grst_gacl.c \ - -o grst_gacl_globus.o - -grst_xacml_globus.o: grst_xacml.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include `xml2-config --cflags` -c grst_xacml.c \ - -o grst_xacml_globus.o - -grst_http_globus.o: grst_http.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include -c grst_http.c \ - -o grst_http_globus.o - -grst_asn1_globus.o: grst_asn1.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include -c grst_asn1.c \ - -o grst_asn1_globus.o - -grst_htcp_globus.o: grst_htcp.c ../interface/gridsite.h - gcc -g $(MYCFLAGS) $(OPENSSL_GLOBUS_FLAGS) \ - -I/usr/kerberos/include -c grst_htcp.c \ - -o grst_htcp_globus.o - -else - -libgridsite_globus.so.$(VERSION): libgridsite.so.$(VERSION) - cp -f libgridsite.so.$(VERSION) libgridsite_globus.so.$(VERSION) - -libgridsite_globus.a: libgridsite.a - cp -f libgridsite.a libgridsite_globus.a - -endif - -gsexec: gsexec.c gsexec.h - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \ - -o gsexec gsexec.c - -urlencode: urlencode.c libgridsite.a - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \ - -o urlencode urlencode.c -L. \ - -I/usr/kerberos/include -lgridsite - -htcp: htcp.c libgridsite.a - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \ - -o htcp htcp.c -L. \ - -I/usr/kerberos/include \ - `curl-config --cflags` `curl-config --libs` -lgridsite - -gridsite-copy.cgi: gridsite-copy.c libgridsite.a - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) \ - -o gridsite-copy.cgi gridsite-copy.c -L. \ - -I/usr/kerberos/include \ - `curl-config --cflags` `curl-config --libs` -lgridsite - -mod_gridsite.so: mod_gridsite.c mod_ssl-private.h libgridsite.a - gcc -g $(MYCFLAGS) -shared -Wl,-soname=gridsite_module \ - -I/usr/kerberos/include \ - -I/usr/include/libxml2 \ - -DVERSION=\"$(VERSION)\" -o mod_gridsite.so \ - mod_gridsite.c $(MYLDFLAGS) -lxml2 -lm -lz -lgridsite - -real-gridsite-admin.cgi: grst_admin_main.c grst_admin_gacl.c \ - grst_admin_file.c grst_admin.h - gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o real-gridsite-admin.cgi \ - grst_admin_main.c \ - grst_admin_gacl.c \ - grst_admin_file.c \ - -I/usr/kerberos/include \ - -DVERSION=\"$(VERSION)\" -lgridsite -lssl -lcrypto -lxml2 -lz -lm - -findproxyfile: findproxyfile.c libgridsite.a - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) $(MYLDFLAGS) \ - -o findproxyfile findproxyfile.c -L. \ - -I/usr/kerberos/include -lgridsite \ - -lssl -lcrypto -lxml2 -lz -lm - -showx509exts: showx509exts.c libgridsite.a - gcc -g -DVERSION=\"$(PATCH_VERSION)\" $(MYCFLAGS) $(MYLDFLAGS) \ - -o showx509exts showx509exts.c -L. \ - -I/usr/kerberos/include \ - -lgridsite \ - -lssl -lcrypto -lxml2 -lz -lm - -apidoc: - date - doxygen Doxyfile - mkdir -p ../doc/doxygen - cp -f doxygen/*.html doxygen/*.css doxygen/*.png ../doc/doxygen - cd ../doc ; for i in *.1 *.8 ; do ../src/roffit < $$i \ - > $$i.html ; done - -gaclexample: gaclexample.c libgridsite.a - gcc -g -o gaclexample gaclexample.c -I. -L. \ - -I/usr/kerberos/include -lgridsite \ - -lssl -lcrypto -lxml2 -lz -lm - -xacmlexample: xacmlexample.c libgridsite.a - gcc -g -o xacmlexample xacmlexample.c -I. -L. \ - -I/usr/kerberos/include -lgridsite \ - -lssl -lcrypto -lxml2 -lz -lm - - -clean: - -# -# Install -# - -install: apidoc - mkdir -p $(prefix)/include \ - $(prefix)/$(libdir) \ - $(prefix)/bin \ - $(prefix)/sbin \ - $(prefix)/share/man/man1 \ - $(prefix)/share/man/man8 \ - $(prefix)/$(libdir)/httpd/modules \ - $(prefix)/share/doc/gridsite-$(PATCH_VERSION) - cp -f ../interface/gridsite.h $(prefix)/include - cp -f ../interface/gridsite-gacl.h $(prefix)/include - cp -f urlencode $(prefix)/bin - cp -f findproxyfile $(prefix)/bin - cp -f real-gridsite-admin.cgi $(prefix)/sbin - cp -f gridsite-copy.cgi $(prefix)/sbin - cp -f libgridsite.a $(prefix)/$(libdir) - cp -f libgridsite.so.$(PATCH_VERSION) $(prefix)/$(libdir) - ln -sf libgridsite.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite.so - ln -sf libgridsite.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite.so.$(MAJOR_VERSION) - ln -sf libgridsite.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite.so.$(MINOR_VERSION) - cp -f libgridsite_globus.a $(prefix)/$(libdir) - cp -f libgridsite_globus.so.$(PATCH_VERSION) $(prefix)/$(libdir) - ln -sf libgridsite_globus.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite_globus.so - ln -sf libgridsite_globus.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite_globus.so.$(MAJOR_VERSION) - ln -sf libgridsite_globus.so.$(PATCH_VERSION) \ - $(prefix)/$(libdir)/libgridsite_globus.so.$(MINOR_VERSION) - cp -f ../CHANGES ../README ../INSTALL ../LICENSE ../VERSION \ - $(prefix)/share/doc/gridsite-$(PATCH_VERSION) - cp -f ../doc/*.html ../doc/*.conf ../doc/*.1 ../doc/*.8 ../doc/*.sh \ - ../doc/*.wsdl $(prefix)/share/doc/gridsite-$(VERSION) - cp -f ../doc/*.1 $(prefix)/share/man/man1 - cp -f ../doc/*.8 $(prefix)/share/man/man8 - gzip -f $(prefix)/share/man/man1/*.1 - gzip -f $(prefix)/share/man/man8/*.8 - cp -f htcp $(prefix)/bin - ln -sf htcp $(prefix)/bin/htls - ln -sf htcp $(prefix)/bin/htll - ln -sf htcp $(prefix)/bin/htrm - ln -sf htcp $(prefix)/bin/htmkdir - ln -sf htcp $(prefix)/bin/htmv - ln -sf htcp $(prefix)/bin/htping - ln -sf htcp $(prefix)/bin/htfind - cp -f gsexec $(prefix)/sbin - cp -f mod_gridsite.so $(prefix)/$(libdir)/httpd/modules - -# -# Distributions -# - -# source files tarball -dist: - mkdir -p ../dist/gridsite-$(PATCH_VERSION)/src \ - ../dist/gridsite-$(PATCH_VERSION)/doc \ - ../dist/gridsite-$(PATCH_VERSION)/interface - cp -f ../VERSION ../README ../LICENSE ../CHANGES ../INSTALL \ - ../dist/gridsite-$(PATCH_VERSION) - cp -f Makefile grst*.c htcp.c \ - urlencode.c findproxyfile.c gaclexample.c mod_gridsite.c \ - grst_admin.h mod_ssl-private.h \ - gsexec.c gsexec.h gridsite-copy.c \ - roffit gridsite.spec \ - Doxyfile doxygen.css doxyheader.html \ - ../dist/gridsite-$(PATCH_VERSION)/src - cp -f ../doc/*.html ../doc/*.1 ../doc/*.8 ../doc/*.conf ../doc/*.sh \ - ../doc/*.wsdl ../dist/gridsite-$(PATCH_VERSION)/doc - cp -f ../interface/*.h \ - ../dist/gridsite-$(PATCH_VERSION)/interface - cd ../dist ; tar zcvf ../gridsite-$(PATCH_VERSION).src.tar.gz \ - gridsite-$(PATCH_VERSION) - rm -Rf ../dist/gridsite-$(PATCH_VERSION) - - -# binary tarball distribution for htcp users -htcp-bin: htcp - mkdir -p ../htcp-bin-$(PATCH_VERSION)/bin \ - ../htcp-bin-$(PATCH_VERSION)/man/man1 - cp -f ../doc/README.htcp-bin ../htcp-bin-$(PATCH_VERSION) - cp -f htcp ../htcp-bin-$(PATCH_VERSION)/bin - cp -f ../doc/htcp.1 ../doc/htrm.1 ../doc/htls.1 ../doc/htmkdir.1 \ - ../doc/htll.1 ../doc/htmv.1 ../doc/htping.1 ../doc/htfind.1 \ - ../htcp-bin-$(PATCH_VERSION)/man/man1 - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htls - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htll - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htrm - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htmkdir - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htmv - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htping - ln -sf htcp ../htcp-bin-$(PATCH_VERSION)/bin/htfind - cd ../htcp-bin-$(VERSION) ; tar zcvf ../htcp-$(VERSION).bin.tar.gz . - rm -Rf ../htcp-bin-$(PATCH_VERSION) - -# RPM targets: build and RPMs go into subdirectories of ../RPMTMP/ -rpm: dist gridsite.spec - rm -Rf $(MYRPMDIR)/BUILDROOT $(MYRPMDIR)/BUILD - mkdir -p $(MYRPMDIR)/SOURCES $(MYRPMDIR)/SPECS $(MYRPMDIR)/BUILD \ - $(MYRPMDIR)/SRPMS $(MYRPMDIR)/RPMS/i386 $(MYRPMDIR)/BUILDROOT - cp -f ../gridsite-$(PATCH_VERSION).src.tar.gz $(MYRPMDIR)/SOURCES - cp -f gridsite.spec $(MYRPMDIR)/SPECS - export MYPREFIX=/usr ; export MYVERSION=$(PATCH_VERSION) ; \ - $(RPMCMD) --define "_topdir $(MYRPMDIR)" \ - -ba --buildroot $(MYRPMDIR)/BUILDROOT gridsite.spec - - -wtf: - pwd - printenv - ls -l - ls -lR /usr/local/ - ls -lR $(GSOAPDIR) diff --git a/org.gridsite.core/src/delegation.h b/org.gridsite.core/src/delegation.h deleted file mode 100644 index e612498..0000000 --- a/org.gridsite.core/src/delegation.h +++ /dev/null @@ -1,12 +0,0 @@ -//gsoap ns service name: delegation -//gsoap ns service style: rpc -//gsoap ns service encoding: encoded -//gsoap ns service namespace: http://www.gridsite.org/ns/delegation.wsdl -//gsoap ns service location: http://localhost/delegserver.cgi - -struct ns__putProxyResponse { } ; - -//gsoap ns schema namespace: urn:delegation -int ns__getProxyReq(char *delegationID, char **request); -int ns__putProxy(char *delegationID, char *proxy, - struct ns__putProxyResponse *unused); diff --git a/org.gridsite.core/src/doxygen.css b/org.gridsite.core/src/doxygen.css deleted file mode 100644 index 97ebc25..0000000 --- a/org.gridsite.core/src/doxygen.css +++ /dev/null @@ -1,49 +0,0 @@ -H1 { text-align: center; } -CAPTION { font-weight: bold } -A.qindex {} -A.qindexRef {} -A.el { text-decoration: none; font-weight: bold } -A.elRef { font-weight: bold } -A.code { text-decoration: none; font-weight: normal; color: #4444ee } -A.codeRef { font-weight: normal; color: #4444ee } -A:hover { text-decoration: none; background-color: #f2f2ff } -DL.el { margin-left: -1cm } -DIV.fragment { width: 100%; border: none; background-color: #eeeeee } -DIV.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px } -TD.md { background-color: #f2f2ff; font-weight: bold; } -TD.mdname1 { background-color: #f2f2ff; font-weight: bold; color: #602020; } -TD.mdname { background-color: #f2f2ff; font-weight: bold; color: #602020; width: 600px; } -DIV.groupHeader { margin-left: 16px; margin-top: 12px; margin-bottom: 6px; font-weight: bold } -DIV.groupText { margin-left: 16px; font-style: italic; font-size: smaller } -XXBODY { background: white } -TD.indexkey { - background-color: #eeeeff; - font-weight: bold; - padding-right : 10px; - padding-top : 2px; - padding-left : 10px; - padding-bottom : 2px; - margin-left : 0px; - margin-right : 0px; - margin-top : 2px; - margin-bottom : 2px -} -TD.indexvalue { - background-color: #eeeeff; - font-style: italic; - padding-right : 10px; - padding-top : 2px; - padding-left : 10px; - padding-bottom : 2px; - margin-left : 0px; - margin-right : 0px; - margin-top : 2px; - margin-bottom : 2px -} -span.keyword { color: #008000 } -span.keywordtype { color: #604020 } -span.keywordflow { color: #e08000 } -span.comment { color: #800000 } -span.preprocessor { color: #806020 } -span.stringliteral { color: #002080 } -span.charliteral { color: #008080 } diff --git a/org.gridsite.core/src/doxyheader.html b/org.gridsite.core/src/doxyheader.html deleted file mode 100644 index af78b52..0000000 --- a/org.gridsite.core/src/doxyheader.html +++ /dev/null @@ -1 +0,0 @@ -

GridSite Version 1.1.x diff --git a/org.gridsite.core/src/findproxyfile.c b/org.gridsite.core/src/findproxyfile.c deleted file mode 100644 index 4485cc5..0000000 --- a/org.gridsite.core/src/findproxyfile.c +++ /dev/null @@ -1,122 +0,0 @@ -/* - Copyright (c) 2002-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef VERSION -#define VERSION "0.0.0" -#endif - -#define _GNU_SOURCE - -#include -#include -#include -#include - -#include - -#include "gridsite.h" - -void printsyntax(char *argv0) -{ - char *p; - - p = rindex(argv0, '/'); - if (p != NULL) ++p; - else p = argv0; - - fprintf(stderr, "%s [--outsidecache] [--proxycache=PATH] " - "[--delegation-id=DELEGATION-ID] [--user-dn=USER-DN]\n" - "(Version: %s)\n", p, VERSION); -} - -#define GRST_PROXY_CACHE "/var/www/proxycache" - -int main(int argc, char *argv[]) -{ - char *delegation_id = "_", *proxycache = "", *user_dn = "", - *proxyfile = NULL; - int c, outsidecache = 0, verbose = 0, option_index; - struct option long_options[] = { {"verbose", 0, 0, 'v'}, - {"outsidecache", 0, 0, 0}, - {"proxycache", 1, 0, 0}, - {"delegation-id", 1, 0, 0}, - {"user-dn", 1, 0, 0}, - {0, 0, 0, 0} }; - - if (argc == 1) - { - printsyntax(argv[0]); - return 0; - } - - while (1) - { - option_index = 0; - - c = getopt_long(argc, argv, "v", long_options, &option_index); - - if (c == -1) break; - else if (c == 0) - { - if (option_index == 1) outsidecache = 1; - else if (option_index == 2) proxycache = optarg; - else if (option_index == 3) delegation_id = optarg; - else if (option_index == 4) user_dn = optarg; - } - else if (c == 'v') ++verbose; - } - - if (*user_dn != '\0') /* try to find in proxy cache */ - { - if ((proxycache == NULL) || (*proxycache == '\0')) - proxycache = getenv("GRST_PROXY_CACHE"); - - if ((proxycache == NULL) || (*proxycache == '\0')) - proxycache = GRST_PROXY_CACHE; - - proxyfile = GRSTx509CachedProxyFind(proxycache, delegation_id, user_dn); - } - - if (((proxyfile == NULL) || (*proxyfile == '\0')) && outsidecache) - { - proxyfile = GRSTx509FindProxyFileName(); - } - - if ((proxyfile != NULL) && (*proxyfile != '\0')) - { - puts(proxyfile); - return 0; - } - - fputs("No proxy file found\n", stderr); - - return 1; -} diff --git a/org.gridsite.core/src/gaclexample.c b/org.gridsite.core/src/gaclexample.c deleted file mode 100644 index 5ad29b7..0000000 --- a/org.gridsite.core/src/gaclexample.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - Copyright (c) 2002-3, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*---------------------------------------------------------------* - * For more about GridSite: http://www.gridsite.org/ * - *---------------------------------------------------------------*/ - -/* - Example program using GACL - - Build with: - - gcc -o gaclexample gaclexample.c -L. -I. -lgridsite -lxml2 -lz -lm -*/ - -#include -#include -#include -#include - -int main() -{ - GRSTgaclCred *cred, *usercred; - GRSTgaclEntry *entry; - GRSTgaclAcl *acl1, *acl2; - GRSTgaclUser *user; - GRSTgaclPerm perm0, perm1, perm2; - FILE *fp; - - /* must initialise GACL before using it */ - - GRSTgaclInit(); - - /* build up an ACL, starting with a credential */ - - cred = GRSTgaclCredNew("person"); - - GRSTgaclCredAddValue(cred, "dn", "/O=Grid/CN=Mr Grid Person"); - - /* create an entry to put it in */ - - entry = GRSTgaclEntryNew(); - - /* add the credential to it */ - - GRSTgaclEntryAddCred(entry, cred); - - /* add another credential */ - - cred = GRSTgaclCredNew("dn-list"); - GRSTgaclCredAddValue(cred, "url", "example-dn-list"); - GRSTgaclEntryAddCred(entry, cred); - - fp = fopen("example-dn-list", "w"); - fputs("/O=Grid/CN=Mr Grid Person\n", fp); - fclose(fp); - - /* associate some permissions and denials to the credential */ - - GRSTgaclEntryAllowPerm( entry, GRST_PERM_READ); - GRSTgaclEntryAllowPerm( entry, GRST_PERM_WRITE); - GRSTgaclEntryAllowPerm( entry, GRST_PERM_ADMIN); - GRSTgaclEntryDenyPerm( entry, GRST_PERM_ADMIN); - GRSTgaclEntryDenyPerm( entry, GRST_PERM_LIST); - - perm0 = GRST_PERM_READ | GRST_PERM_WRITE; - - printf("test perm should be %d\n", perm0); - - /* create a new ACL and add the entry to it */ - - acl1 = GRSTgaclAclNew(); - - GRSTgaclAclAddEntry(acl1, entry); - - /* create a GRSTgaclUser to compare with the ACL */ - - usercred = GRSTgaclCredNew("person"); - - GRSTgaclCredAddValue(usercred, "dn", "/O=Grid/CN=Mr Grid Person"); - - user = GRSTgaclUserNew(usercred); - - GRSTgaclUserSetDNlists(user, getcwd(NULL, 0)); - printf("DN Lists dir %s\n", getcwd(NULL, 0)); - -// putenv("GRST_DN_LISTS=."); - - perm1 = GRSTgaclAclTestUser(acl1, user); - - printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm1); - - /* print and save the whole ACL */ - - GRSTgaclAclPrint(acl1, stdout); - - GRSTgaclAclSave(acl1, "example.gacl"); - - puts("gridacl.out saved"); - - puts(""); - - /* load the ACL back off the disk, print and test it */ - - acl2 = GRSTgaclAclLoadFile("example.gacl"); - - puts("gridacl.out loaded"); - - if (acl2 != NULL) GRSTgaclAclPrint(acl2, stdout); else puts("acl2 is NULL"); - - perm2 = GRSTgaclAclTestUser(acl2, user); - - printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm2); - - if (perm1 != perm0) return 1; - if (perm2 != perm0) return 2; - - return 0; -} diff --git a/org.gridsite.core/src/gridsite-copy.c b/org.gridsite.core/src/gridsite-copy.c deleted file mode 100644 index d59231f..0000000 --- a/org.gridsite.core/src/gridsite-copy.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - Copyright (c) 2005, Yibiao Li, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/////////////////////////////////////////////////////////////////// -// -// compile: gcc -lcurl gridsite-copy.c -o gridsite-copy.cgi -// usage: cp gridsite-copy.cgi to the cgi-bin directory -// and map the COPY method to gridsite-copy.cgi -// by adding a line in httpd.conf: -// script COPY /cgi-bin/gridsite-copy.cgi -// -/////////////////////////////////////////////////////////////////// -#include -#include -#include -#include -#include -#include -#include - -extern char **environ; - -size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream) -{ - int written = fwrite(ptr, size, nmemb, (FILE *)stream); - return written; -} - -int main( int argn, char **argv ) -{ - char *getenv(); - - CURL *curl; - CURLcode res; - struct tms s_time, e_time; - FILE *fout; - - char *requestURI; - int grstPerm, srcsecure; - char passcode[100]; - char destination[500], destDir[400], destName[100]; - char *ptr, *ptr1; - - times(&s_time); - passcode[0]='\0'; - char *capath="/etc/grid-security/certificates"; - - printf("Content-type: text/html\n\n"); - printf("HTTP COPY\n"); - printf("

HTTP FILE COPY

\n"); - - curl = curl_easy_init(); - printf("Server: Initialized!\n"); - if(curl) { - //get the request URI - requestURI = curl_getenv("REQUEST_URI"); - if( strncmp( requestURI, "https://", 8 )==0 )srcsecure=1; - else srcsecure=0; - printf("The request URL is %s\n", requestURI); - - //get the destination directory and file name - strcpy(destination, getenv("HTTP_DESTINATION")); - ptr=destination; - ptr1 = strrchr(ptr, '/'); - ptr1+=1; - strcpy( destName, ptr1 ); - *ptr1 = '\0'; - strcpy( destDir, ptr ); - - // get the one time passcode from cookie string. - // the segmenty of code is tested on 19th sep. 2005 - if( (ptr=curl_getenv("HTTP_COOKIE")) != NULL) - { - ptr += 17; - strcpy( passcode, ptr ); - } - - //get permision attributes - grstPerm = atoi(curl_getenv("GRST_DESTINATION_PERM")); - - if( grstPerm & 8 ) // write right - { - curl_easy_setopt(curl, CURLOPT_VERBOSE, 0); - - if( srcsecure == 1 ) - { - curl_easy_setopt(curl, CURLOPT_COOKIE, passcode ); - curl_easy_setopt(curl, CURLOPT_CAPATH, capath ); - } - - curl_easy_setopt(curl, CURLOPT_URL, requestURI ); - - strcpy( destination, getenv("GRST_DESTINATION_TRANSLATED")); - fout = fopen( destination, "w" ); - if( fout == NULL ){ - printf("cannot open file to write,"); - printf(" maybe you have no right to write in the directory.\n"); - exit(-1); - } - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, fout ); - res = curl_easy_perform(curl); - if( res!=0 ) - { - printf("Server: There are some things wrong with OPT parameters.%d \n", res); - } - else printf("Server: The file has been successfully copied.\n"); - fclose(fout); - } - else - { - printf("You have no permission to write in the destination directory.\n"); - } - - curl_easy_cleanup(curl); - } - else{ - printf("Server: cannot initialize CURL!\n"); - } - - curl_global_cleanup(); - - times(&e_time); - printf("Server: copying time %ld seconds\n", e_time.tms_utime-s_time.tms_utime); - printf("\n"); - return 0; -} diff --git a/org.gridsite.core/src/gridsite.spec b/org.gridsite.core/src/gridsite.spec deleted file mode 100644 index 65b8e00..0000000 --- a/org.gridsite.core/src/gridsite.spec +++ /dev/null @@ -1,134 +0,0 @@ -Name: gridsite -Version: %(echo ${MYVERSION:-1.1.x}) -Release: 1 -Summary: GridSite -License: Modified BSD -Group: System Environment/Daemons -Source: %{name}-%{version}.src.tar.gz -Prefix: %(echo ${MYPREFIX:-/usr}) -URL: http://www.gridsite.org/ -Vendor: GridPP -Requires: libxml2 -#Buildrequires: libxml2-devel,curl-ssl-devel,httpd-devel -Packager: Andrew McNab - -%description -GridSite adds GSI, VOMS and GACL support to Apache 2.0 (mod_gridsite), -a library for manipulating these technologies (libgridsite), and CGI -programs for interactive management of HTTP(S) servers (gridsite-admin.cgi) - -See %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version} and -http://www.gridsite.org/ for details. - -%package shared -Group: Development/Libraries -Summary: GridSite shared library and core documentation - -%description shared -GridSite shared library and core documentation - -%package devel -Group: Development/Libraries -Summary: GridSite .a libraries and .h headers - -%description devel -GridSite development libraries - -%package apache -Group: System Environment/Daemons -Summary: GridSite mod_gridsite module for Apache httpd -Requires: gridsite-shared - -%description apache -GridSite Apache module and CGI binaries - -%package commands -Group: Applications/Internet -Summary: HTTP(S) read/write client and other GridSite commands -Requires: curl, gridsite-shared - -%description commands -htcp is a client to fetch files or directory listings from remote -servers using HTTP or HTTPS, or to put or delete files or directories -onto remote servers using HTTPS. htcp is similar to scp(1), but uses -HTTP/HTTPS rather than ssh as its transfer protocol. - -%package gsexec -Group: Applications/Internet -Summary: gsexec binary for the Apache HTTP server - -%description gsexec -This package includes the /usr/sbin/gsexec binary which can be installed -to allow the Apache HTTP server to run CGI programs (and any programs -executed by SSI pages) as a user other than the 'apache' user. gsexec -is a drop-in replacement for suexec, with extended functionality for use -with GridSite and Grid Security credentials. - -%prep - -%setup - -%build -cd src -make prefix=$RPM_BUILD_ROOT/%(echo ${MYPREFIX:-/usr}) \ -GSOAPDIR=$GSOAPDIR OPENSSL_FLAGS=$OPENSSL_FLAGS \ -OPENSSL_LIBS=$OPENSSL_LIBS FLAVOR_EXT=$FLAVOR_EXT - -%install -cd src -make install prefix=$RPM_BUILD_ROOT/%(echo ${MYPREFIX:-/usr}) \ -GSOAPDIR=$GSOAPDIR OPENSSL_FLAGS=$OPENSSL_FLAGS \ -OPENSSL_LIBS=$OPENSSL_LIBS FLAVOR_EXT=$FLAVOR_EXT - -%post shared -/sbin/ldconfig -ln -sf %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version} \ - %(echo ${MYPREFIX:-/usr})/share/doc/gridsite - -#%postun -rm -f %(echo ${MYPREFIX:-/usr})/share/doc/gridsite - -%files shared -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.so.%{version} -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.so -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.so.%{version} -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.so -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/doc/gridsite-%{version} - -%files devel -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/include/gridsite.h -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/include/gridsite-gacl.h -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite.a -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/libgridsite_globus.a - -%files apache -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man8/mod_gridsite.8.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/%{_lib}/httpd/modules/mod_gridsite.so -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/sbin/real-gridsite-admin.cgi -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/sbin/gridsite-copy.cgi - -%files commands -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htcp -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htls -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htll -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htrm -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htmkdir -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htmv -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htping -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/htfind -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/urlencode -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/bin/findproxyfile -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htcp.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htrm.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htls.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htll.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htmkdir.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htmv.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htping.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htfind.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/urlencode.1.gz -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/findproxyfile.1.gz - -%files gsexec -%attr(4510, root, apache) %(echo ${MYPREFIX:-/usr})/sbin/gsexec -%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man8/gsexec.8.gz diff --git a/org.gridsite.core/src/grst-delegation.c b/org.gridsite.core/src/grst-delegation.c deleted file mode 100644 index c8f8185..0000000 --- a/org.gridsite.core/src/grst-delegation.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - Copyright (c) 2002-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*---------------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridpp.ac.uk/authz/gridsite/ * - *---------------------------------------------------------------------------*/ - -#ifndef VERSION -#define VERSION "0.0.1" -#endif - -#define _GNU_SOURCE -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -/* #include */ - -#include "gridsite.h" - -#include "soapH.h" -#include "delegation.nsmap" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#define GRST_KEYSIZE 512 -#define GRST_PROXYCACHE "/../proxycache/" -#define GRST_SUPPORT_G_HTTPS - -#ifdef GRST_SUPPORT_G_HTTPS -void GRSThttpError(char *status) -{ - printf("Status: %s\n", status); - printf("Server-CGI: GridSite %s\n", VERSION); - printf("Content-Length: %d\n", 2 * strlen(status) + 58); - puts("Content-Type: text/html\n"); - - printf("%s\n", status); - printf("

%s

\n", status); - - exit(0); -} - -int GRSTmethodPutProxy(char *delegation_id, char *user_dn) -/* return 0 on success; non-zero on error */ -{ - int c, len = 0, i; - char *docroot, *contentlen, *contenttype, *proxychain, *proxydir; - FILE *fp; - - if (((contenttype = getenv("CONTENT_TYPE")) == NULL) || - (strcmp(contenttype, "application/x-x509-user-cert-chain") != 0)) - return 2; - - contentlen = getenv("CONTENT_LENGTH"); - if (contentlen == NULL) return 2; - len = atoi(contentlen); - - if ((delegation_id == NULL) || (*delegation_id == '\0')) - delegation_id = "_"; - - docroot = getenv("DOCUMENT_ROOT"); - asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE); - - if ((user_dn == NULL) || (user_dn[0] == '\0') || - (GRSTx509CacheProxy(proxydir, delegation_id, user_dn, proxychain) - != GRST_RET_OK)) - { - return GRST_RET_FAILED; - } - - free(proxydir); - - return GRST_RET_OK; -} -#endif - -int main(int argn, char *argv[]) -{ - char *docroot, *method, *request, *p, *client_dn, *user_dn, - *delegation_id, *reqtxt, *proxydir; - struct soap soap; - -chdir("/var/tmp"); - - method = getenv("REQUEST_METHOD"); - if (strcmp(method, "POST") == 0) - { - soap_init(&soap); - soap_serve(&soap); /* CGI application */ - return 0; - } - -#ifdef GRST_SUPPORT_G_HTTPS - docroot = getenv("DOCUMENT_ROOT"); - - request = strdup(getenv("REQUEST_URI")); - p = index(request, '?'); - if (p != NULL) *p = '\0'; - - - /* non HTTP POST methods - ie special G-HTTPS methods */ - - delegation_id = getenv("HTTP_DELEGATION_ID"); - if ((delegation_id == NULL) || (*delegation_id == '\0')) delegation_id = "_"; - - user_dn = NULL; - client_dn = getenv("SSL_CLIENT_S_DN"); - if (client_dn != NULL) - { - user_dn = strdup(client_dn); - - /* we assume here that mod_ssl has verified proxy chain already ... */ - - p = strstr(user_dn, "/CN=proxy"); - if (p != NULL) *p = '\0'; - - p = strstr(user_dn, "/CN=limited proxy"); - if (p != NULL) *p = '\0'; - } - - if (user_dn == NULL) /* all methods require client auth */ - { - GRSThttpError("403 Forbidden"); - } - else if (strcmp(method, "GET-PROXY-REQ") == 0) - { - docroot = getenv("DOCUMENT_ROOT"); - asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE); - - if (GRSTx509MakeProxyRequest(&reqtxt, proxydir, - delegation_id, user_dn) == 0) - { - puts("Status: 200 OK"); - puts("Content-Type: application/x-x509-cert-request"); - printf("Content-Length: %d\n\n", strlen(reqtxt)); - fputs(reqtxt, stdout); - free(proxydir); - return 0; - } - - puts("Status: 500 Internal Server Error\n"); - free(proxydir); - return 0; - } - else if (strcmp(method, "PUT-PROXY-CERT") == 0) - { - if (GRSTmethodPutProxy(delegation_id, user_dn) == 0) - { - puts("Status: 200 OK\n"); - return 0; - } - - puts("Status: 500 Internal Server Error\n"); - return 0; - } - else - { - GRSThttpError("501 Method Not Implemented"); - } -#endif -} - -int ns__getProxyReq(struct soap *soap, char *delegation_id, - char **request) -{ - char *p, *client_dn, *user_dn, *docroot, *proxydir; - - user_dn = NULL; - client_dn = getenv("SSL_CLIENT_S_DN"); - if (client_dn != NULL) - { - user_dn = strdup(client_dn); - - /* we assume here that mod_ssl has verified proxy chain already ... */ - - p = strstr(user_dn, "/CN=proxy"); - if (p != NULL) *p = '\0'; - - p = strstr(user_dn, "/CN=limited proxy"); - if (p != NULL) *p = '\0'; - } - - if ((delegation_id == NULL) || (*delegation_id == '\0')) delegation_id = "_"; - - docroot = getenv("DOCUMENT_ROOT"); - asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE); - - if ((user_dn != NULL) && (user_dn[0] != '\0') && - (GRSTx509MakeProxyRequest(request, proxydir, - delegation_id, user_dn) == 0)) - { - return SOAP_OK; - } - - return SOAP_ERR; -} - -int ns__putProxy(struct soap *soap, char *delegation_id, - char *proxy, - struct ns__putProxyResponse *unused) -{ - int fd, c, len = 0, i; - char *docroot, *proxydir, *p, *client_dn, *user_dn; - - user_dn = NULL; - client_dn = getenv("SSL_CLIENT_S_DN"); - if (client_dn != NULL) - { - user_dn = strdup(client_dn); - - /* we assume here that mod_ssl has verified proxy chain already ... */ - - p = strstr(user_dn, "/CN=proxy"); - if (p != NULL) *p = '\0'; - - p = strstr(user_dn, "/CN=limited proxy"); - if (p != NULL) *p = '\0'; - } - - if ((delegation_id == NULL) || (*delegation_id == '\0')) - delegation_id = "_"; - - docroot = getenv("DOCUMENT_ROOT"); - asprintf(&proxydir, "%s/%s", docroot, GRST_PROXYCACHE); - - if ((user_dn == NULL) || (user_dn[0] == '\0') || - (GRSTx509CacheProxy(proxydir, delegation_id, user_dn, proxy) - != GRST_RET_OK)) - { - return SOAP_ERR; - } - - return SOAP_OK; -} - diff --git a/org.gridsite.core/src/grst_admin.h b/org.gridsite.core/src/grst_admin.h deleted file mode 100644 index cddc415..0000000 --- a/org.gridsite.core/src/grst_admin.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - Copyright (c) 2002-3, Andrew McNab and Shiv Kaushal, - University of Manchester. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridsite.org/ * - *------------------------------------------------------------------*/ - -void GRSThttpError(char *); -void adminfooter(GRSThttpBody *, char *, char *, char *, char *); -int GRSTstrCmpShort(char *, char *); -char *makevfilename(char *, size_t, char *); - -/*CGI GACL - Edit interface functions*/ -void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); - -/*Functions producing messages*/ -//void error(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp); - diff --git a/org.gridsite.core/src/grst_admin_file.c b/org.gridsite.core/src/grst_admin_file.c deleted file mode 100644 index b4d47f5..0000000 --- a/org.gridsite.core/src/grst_admin_file.c +++ /dev/null @@ -1,1571 +0,0 @@ -/* - Copyright (c) 2002-3, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridsite.org/ * - *------------------------------------------------------------------*/ - -#ifndef VERSION -#define VERSION "x.x.x" -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -// when porting: remember that sendfile() is very OS-specific! -#include - -#include - -#include "grst_admin.h" - -char *storeuploadfile(char *boundary, int *bufferused) -{ -// rewrite this to copy whole POSTed stdin HTTP body to disk then -// mmap() and pick apart? How to deal with 100MB uploaded files, say? - - char *filebuffer = NULL; - int bufferlen = 0, c, boundarylen; - - *bufferused = 0; - boundarylen = strlen(boundary); - - while ((c = getchar()) != EOF) - { - if (*bufferused > 1024*1024*100) return NULL; - - ++(*bufferused); - - if (*bufferused > bufferlen) - { - bufferlen = bufferlen + 1000; - filebuffer = realloc(filebuffer, (size_t) bufferlen); - } - - filebuffer[*bufferused - 1] = c; - - if ( (*bufferused >= boundarylen + 4) && - (boundary[boundarylen-1] == c) && - (boundary[boundarylen-2] == filebuffer[*bufferused - 2]) && - (strncmp(boundary, &filebuffer[*bufferused - boundarylen], - boundarylen) == 0)) - { - *bufferused = *bufferused - boundarylen - 4; - - if (filebuffer == NULL) return strdup(""); - else return filebuffer; - } - } - - return NULL; -} - -void uploadfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *dir_uri, char *admin_file) -{ - char *boundary, *p, oneline[200], *filename = NULL, - tmpfilename[256], *filebuffer = NULL, *filepath, - *vfile, *dir_path_vfile; - int mimestate, bufferused = 0, itworked = 0; - FILE *fp; - GRSThttpBody bp; - -#define MIMESTUNKNOWN 1 -#define MIMESTUPLOAD 2 -#define MIMESTFILENM 3 - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - p = getenv("CONTENT_TYPE"); - boundary = &p[30]; - - mimestate = MIMESTUNKNOWN; - - while (fgets(oneline, sizeof(oneline), stdin) != NULL) - { - if (*oneline == 13) // MIME has CR/LF line breaks, CR=13 - { - if (mimestate == MIMESTUPLOAD) - { - filebuffer = storeuploadfile(boundary, &bufferused); - mimestate = MIMESTUNKNOWN; - } - else if (mimestate == MIMESTFILENM) - { - fgets(tmpfilename, sizeof(tmpfilename), stdin); - if (*tmpfilename != 13) - { - p = index(tmpfilename, 13); - *p = '\0'; - filename = strdup(tmpfilename); - } - mimestate = MIMESTUNKNOWN; - } - } - else if (GRSTstrCmpShort(oneline, - "Content-Disposition: form-data; name=\"uploadfile\"; filename=\"") - == 0) - { - mimestate = MIMESTUPLOAD; - if (filename == NULL) - { - filename = strdup(&oneline[61]); - - p = rindex(&oneline[61], '\\'); - if (p != NULL) { ++p ; filename = p; } - - p = rindex(&oneline[61], '/'); - if (p != NULL) { ++p ; filename = p; } - - p = index(filename, '"'); - if (p != NULL) *p = '\0'; - } - } - else if (GRSTstrCmpShort(oneline, - "Content-Disposition: form-data; name=\"file\"") == 0) - { - mimestate = MIMESTFILENM; - } - } - - if ((filebuffer != NULL) && (bufferused >= 0)) - { - if (filename == NULL) GRSThttpError("403 Forbidden"); - else if ((index(filename, '/') != NULL) || - (strcmp(filename, GRST_ACL_FILE) == 0)) - { - puts("Status: 403 Forbidden filename\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Forbidden filename %s\n", filename); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Forbidden filename %s

\n", - filename); - - GRSThttpPrintf(&bp, - "

New file names cannot include slashes " - "or use the reserved ACL name, %s\n", GRST_ACL_FILE); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); - return; - } - else - { - vfile = makevfilename(filename, bufferused, dn); - asprintf(&dir_path_vfile, "%s/%s", dir_path, vfile); - - fp = fopen(dir_path_vfile, "w"); - if (fp != NULL) - { - if ((fwrite(filebuffer, - sizeof(char), bufferused, fp) == bufferused) && - (fclose(fp) == 0)) - { - asprintf(&filepath, "%s/%s", dir_path, filename); - - unlink(filepath); /* this can fail ok */ - - itworked = (link(dir_path_vfile, filepath) == 0); - } - } - } - - free((void *) filebuffer); - } - - if (itworked) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - return; - } - - puts("Status: 500 Failed trying to upload\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Failed to upload\n"); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Failed to upload

\n"); - - GRSThttpPrintf(&bp, "

GridSite considers you are authorized " - "to upload the file, but the upload failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void deletefileaction(char *dn, GRSTgaclPerm perm, char *help_uri, - char *dir_path, char *file, char *dir_uri, - char *admin_file) -{ - int fd, numfiles; - char *dir_path_file, *dir_path_vfile, *p, *vfile, *dnlistsuri, - *fulluri, *server_name, *realfile; - struct stat statbuf; - GRSThttpBody bp; - struct dirent *subdirfile_ent; - DIR *subDIR; - - if (((strcmp(file, GRST_ACL_FILE) != 0) && !GRSTgaclPermHasWrite(perm)) || - ((strcmp(file, GRST_ACL_FILE) == 0) && !GRSTgaclPermHasAdmin(perm))) - GRSThttpError("403 Forbidden"); - - dnlistsuri = getenv("GRST_DN_LISTS_URI"); - if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI"); - - if ((dnlistsuri != NULL) && - (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0)) - realfile = GRSThttpUrlEncode(file); - else if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - else realfile = file; - - dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2); - - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, realfile); - - if ((stat(dir_path_file, &statbuf) == 0) && S_ISDIR(statbuf.st_mode)) - { - subDIR = opendir(dir_path_file); - if (subDIR == NULL) numfiles = 99; /* stop deletion */ - else - { - numfiles = 0; - while ((subdirfile_ent = readdir(subDIR)) != NULL) - if (subdirfile_ent->d_name[0] != '.') ++numfiles; - else if (strncmp(subdirfile_ent->d_name, - GRST_ACL_FILE, - sizeof(GRST_ACL_FILE)) == 0) ++numfiles; - closedir(subDIR); - } - - if (numfiles == 0) - { - vfile = makevfilename(file, 0, dn); - dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2); - strcpy(dir_path_vfile, dir_path); - strcat(dir_path_vfile, "/"); - strcat(dir_path_vfile, vfile); - - if (rename(dir_path_file, dir_path_vfile) == 0) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - return; - } - } - } - else if (unlink(dir_path_file) == 0) - { - if (strcmp(file, GRST_ACL_FILE) != 0) - { - vfile = makevfilename(file, 0, dn); - dir_path_file = malloc(strlen(dir_path) + strlen(vfile) + 2); - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, vfile); - - fd = open(dir_path_file, O_WRONLY | O_CREAT); - if (fd != -1) close(fd); - } - - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - - return; - } - - puts("Status: 500 Failed trying to delete\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Error deleting %s%s\n", dir_uri, file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error deleting %s%s

\n", - dir_uri, file); - - GRSThttpPrintf(&bp, "

GridSite considers you are authorized " - "to delete %s, but the delete failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator.", - file); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void deletefileform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Delete %s\n", file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Delete %s

\n", file); - - GRSThttpPrintf(&bp,"
\n",dir_uri,admin_file); - GRSThttpPrintf(&bp,"

Do you really want to delete %s?", file); - GRSThttpPrintf(&bp,"

\n", file); - GRSThttpPrintf(&bp,"\n", file); - GRSThttpPrintf(&bp,"\n"); - GRSThttpPrintf(&bp,"
\n"); - - GRSThttpPrintf(&bp,"

Or " - "return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void renameform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Rename %s\n", file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Rename %s%s

\n", dir_uri, file); - - GRSThttpPrintf(&bp,"
\n",dir_uri,admin_file); - GRSThttpPrintf(&bp,"

What do you want to rename %s to?

", file); - GRSThttpPrintf(&bp,"\n", file); - GRSThttpPrintf(&bp,"

New name: \n", file); - GRSThttpPrintf(&bp,"\n"); - GRSThttpPrintf(&bp,"\n"); - GRSThttpPrintf(&bp,"

\n"); - - GRSThttpPrintf(&bp,"

Or " - "return to " - "directory listing\n", dir_uri, admin_file, dir_uri); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void editfileaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - char *pagetext, *dir_path_file, *vfile, *dir_path_vfile, - *dnlistsuri, *server_name, *fulluri, *realfile; - FILE *fp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0)) - GRSThttpError("403 Forbidden"); - - dnlistsuri = getenv("GRST_DN_LISTS_URI"); - if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI"); - - if ((dnlistsuri != NULL) && - (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0)) - { - realfile = GRSThttpUrlEncode(file); - - if (realfile[0] == '.') GRSThttpError("403 Forbidden"); - } - else if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - else realfile = file; - - asprintf(&dir_path_file, "%s/%s", dir_path, realfile); - - pagetext = GRSThttpGetCGI("pagetext"); - vfile = makevfilename(file, strlen(pagetext), dn); - asprintf(&dir_path_vfile, "%s/%s", dir_path, vfile); - - fp = fopen(dir_path_vfile, "w"); - if (fp == NULL) - { - puts("Status: 500 Failed trying to write\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error writing %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error writing %s%s

\n", - dir_uri, file); - - GRSThttpPrintf(&bp, - "

GridSite considers you are authorized " - "to write the file, but the write failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); - return; - } - - fwrite(pagetext, strlen(pagetext), sizeof(char), fp); - - fclose(fp); - - unlink(dir_path_file); - - if (link(dir_path_vfile,dir_path_file) != 0) GRSThttpError("403 Forbidden"); - - if ((strlen(file) > 7) && (strcmp(&file[strlen(file) - 5], ".html") == 0)) - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s\n\n", dir_uri, file); - else printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); -} - -void create_acl(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int fd; - char *tmpgacl, *newgacl; - GRSTgaclAcl *acl; - FILE *fp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError("403 Forbidden"); - - asprintf(&tmpgacl, "%s/.tmp.XXXXXX", dir_path); - asprintf(&newgacl, "%s/%s", dir_path, GRST_ACL_FILE); - - if (((acl = GRSTgaclAclLoadforFile(dir_path)) != NULL) && - ((fd = mkstemp(tmpgacl)) != -1) && - ((fp = fdopen(fd, "w+")) != NULL) && - GRSTgaclAclPrint(acl, fp) && - (fclose(fp) == 0) && - (rename(tmpgacl, newgacl) == 0)) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - - free(tmpgacl); - free(newgacl); - return; - } - - puts("Status: 500 Failed trying to create\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error creating %s%s\n", dir_uri, - GRST_ACL_FILE); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error creating %s%s

\n", - dir_uri, GRST_ACL_FILE); - - GRSThttpPrintf(&bp, "

GridSite considers you are authorized " - "to create it, but the create failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); - - free(tmpgacl); - free(newgacl); -} - -void renameaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int len; - char *dir_path_file, *vfile, *dir_path_vfile, - *dnlistsuri, *newfile, *dir_path_newfile; - struct stat statbuf; - FILE *fp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0)) - GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2); - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, file); - - if (stat(dir_path_file, &statbuf) != 0) GRSThttpError("404 Not Found"); - - newfile = GRSThttpGetCGI("newfile"); - - if ((strcmp(newfile, GRST_ACL_FILE) == 0) || - (strcmp(newfile, file) == 0)) GRSThttpError("403 Forbidden"); - - dir_path_newfile = malloc(strlen(dir_path) + strlen(newfile) + 2); - strcpy(dir_path_newfile, dir_path); - strcat(dir_path_newfile, "/"); - strcat(dir_path_newfile, newfile); - - vfile = makevfilename(newfile, statbuf.st_size, dn); - dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2); - strcpy(dir_path_vfile, dir_path); - strcat(dir_path_vfile, "/"); - strcat(dir_path_vfile, vfile); - - unlink(dir_path_newfile); /* just in case */ - - if ((link(dir_path_file, dir_path_vfile ) == 0) && - (link(dir_path_file, dir_path_newfile) == 0) && - (unlink(dir_path_file) == 0)) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s\n\n", dir_uri); - return; - } - - puts("Status: 500 Failed trying to rename\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error renaming %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error renaming %s%s

\n", - dir_uri, file); - - GRSThttpPrintf(&bp, "

GridSite considers you are authorized " - "to rename it, but the rename failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void newdirectory(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int len; - char *dir_path_file, *vfile, *dir_path_vfile, *filedup; - FILE *fp; - GRSThttpBody bp; - - if ((file[0] == '\0') || - !GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0)) - GRSThttpError("403 Forbidden"); - - filedup = strdup(file); - if (filedup[strlen(filedup)-1] == '/') filedup[strlen(filedup)-1] = '\0'; - if (index(filedup, '/') != NULL) GRSThttpError("403 Forbidden"); - - dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2); - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, file); - - if (mkdir(dir_path_file, 0751) == 0) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - return; - } - - puts("Status: 500 Failed trying to create\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error create %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error creating directory %s%s

\n", - dir_uri, file); - - GRSThttpPrintf(&bp, - "

GridSite considers you are authorized " - "to create the directory, but the creation failed. This " - "is probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "parent directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -void editdnlistaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int numdn = 0, ifd, ofd, numdnlines = 0, i, found; - char *dir_path_file, *dir_path_tmpfile, *realfile, - *dnlistsuri, *server_name, *fulldiruri, *p, oneline[513], - **dnlines, name[81], *add; - FILE *ofp; - struct stat statbuf; - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - dnlistsuri = getenv("GRST_DN_LISTS_URI"); - if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI"); - - server_name = getenv("SERVER_NAME"); - - if ((server_name == NULL) || - (dnlistsuri == NULL) || - (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) != 0)) - GRSThttpError("403 Forbidden"); - - asprintf(&fulldiruri, "https://%s%s", server_name, dir_uri); - - if ((strncmp(fulldiruri, file, strlen(fulldiruri)) != 0) && - ((strncmp(fulldiruri, file, strlen(fulldiruri) - 1) != 0) || - (strlen(fulldiruri) - 1 != strlen(file)))) - { - puts("Status: 403 Forbidden\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error writing %s\n", file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error writing %s to %s

\n", - file, dir_uri); - - GRSThttpPrintf(&bp, "

You cannot create a DN List " - "with that prefix in this directory. Please see the " - "the GridSite User's Guide for an explanation."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); - return; - } - - p = GRSThttpGetCGI("numdn"); - if ((p == NULL) || (sscanf(p, "%d", &numdn) != 1)) - GRSThttpError("500 No number of DNs"); - - if (numdn > 0) - { - dnlines = malloc(sizeof(char *) * numdn); - - for (i=1; i <= numdn; ++i) - { - sprintf(name, "dn%d", i); - p = GRSThttpGetCGI(name); - - if (*p != '\0') - { - dnlines[numdnlines] = p; - ++numdnlines; - } - } - } - - add = GRSThttpGetCGI("add"); - - realfile = GRSThttpUrlEncode(file); - - dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2); - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, realfile); - - dir_path_tmpfile = malloc(strlen(dir_path) + 13); - strcpy(dir_path_tmpfile, dir_path); - strcat(dir_path_tmpfile, "/.tmp.XXXXXX"); - - if (((ofd = mkstemp(dir_path_tmpfile)) != -1) && - ((ofp = fdopen(ofd, "w")) != NULL)) - { - if (*add != '\0') - { - fputs(add, ofp); - fputc('\n', ofp); - } - - for (i=0; i < numdnlines; ++i) - { - fputs(dnlines[i], ofp); - fputc('\n', ofp); - } - - if ((fclose(ofp) == 0) && - ((stat(dir_path_file, &statbuf) != 0) || - (unlink(dir_path_file) == 0)) && - (rename(dir_path_tmpfile, dir_path_file) == 0)) - { - printf("Status: 302 Moved Temporarily\nContent-Length: 0\n" - "Location: %s%s?cmd=managedir\n\n", dir_uri, admin_file); - return; - } - } - - puts("Status: 500 Failed trying to write\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Error writing %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Error writing %s%s

\n", - dir_uri, file); - - GRSThttpPrintf(&bp, "

GridSite considers you are authorized " - "to write the file, but the write failed. This is " - "probably a web server or operating system level " - "misconfiguration. Consult the site administrator."); - - GRSThttpPrintf(&bp,"

" - "Return to " - "directory listing\n", dir_uri, admin_file); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); - - /* try to clean up */ - if (stat(dir_path_tmpfile, &statbuf) == 0) unlink(dir_path_tmpfile); -} - -void printfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int fd; - char *dir_path_file; - struct stat statbuf; - - if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2); - - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, file); - - fd = open(dir_path_file, O_RDONLY); - if (fd == -1) GRSThttpError("500 Internal server error"); - - if ((fstat(fd, &statbuf) != 0) || - !S_ISREG(statbuf.st_mode)) GRSThttpError("403 Forbidden"); - - printf("Status: 200 OK\nContent-Type: text/html\nContent-Length: %d\n\n", - statbuf.st_size); - - fflush(stdout); - - sendfile(1, fd, 0, statbuf.st_size); -} - -void filehistory(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int fd, n, i, j, enclen, num = 0; - char *encodedfile, *p, *dndecoded, modified[99], *vfile, *q, - *encdn; - time_t file_time; - size_t file_size; - struct stat statbuf; - struct dirent **namelist; - struct tm file_tm; - GRSThttpBody bp; - - if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - GRSThttpPrintf(&bp, "History of %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - GRSThttpPrintf(&bp, - "

History of %s%s

\n", - dir_uri, file, dir_uri, file); - - asprintf(&vfile, "%s/%s", dir_path, file); - if (stat(vfile, &statbuf) == 0) - { - localtime_r((const time_t *) &(statbuf.st_mtime), &file_tm); - strftime(modified, sizeof(modified), - "%a %e %b %Y %k:%M", &file_tm); - - GRSThttpPrintf(&bp, "

Last modified: %s\n", modified); - } - free(vfile); - - encodedfile = GRSThttpUrlEncode(file); - for (p=encodedfile; *p != '\0'; ++p) if (*p == '%') *p = '='; - enclen = strlen(encodedfile); - - n = scandir(dir_path, &namelist, 0, alphasort); - - if (n > 0) - { - for (i = n - 1; i >= 0; --i) - { - if ((strncmp(namelist[i]->d_name, GRST_HIST_PREFIX, - sizeof(GRST_HIST_PREFIX) - 1) == 0) && - ((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX) - 1] == ':') && - (strncmp(&((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX)]), - encodedfile, enclen) == 0) && - ((namelist[i]->d_name)[sizeof(GRST_HIST_PREFIX)+enclen] == ':')) - { - if (num == 0) GRSThttpPrintf(&bp, - "

\n" - "" - "\n"); - - ++num; - - p = index(namelist[i]->d_name, ':'); - p = index(&p[1], ':'); - sscanf(&p[1], "%X:", &file_time); - p = index(&p[1], ':'); /* skip over microseconds time */ - p = index(&p[1], ':'); - sscanf(&p[1], "%X:", &file_size); - p = index(&p[1], ':'); - - encdn = strdup(&p[1]); - q = index(encdn, ':'); - if (q != NULL) *q = '\0'; - - for (q=encdn; *q != '\0'; ++q) if (*q == '=') *q = '%'; - dndecoded = GRSThttpUrlDecode(encdn); - - localtime_r((const time_t *) &file_time, &file_tm); - strftime(modified, sizeof(modified), - "%a %e %b %Y %k:%M", &file_tm); - - GRSThttpPrintf(&bp, - "\n", - modified, file_size, dndecoded); - - free(dndecoded); - - asprintf(&vfile, "%s/%s", dir_path, namelist[i]->d_name); - if ((stat(vfile, &statbuf) == 0) && (statbuf.st_size > 0)) - { - GRSThttpPrintf(&bp, "\n", - dir_uri, admin_file, dir_uri, namelist[i]->d_name); - else GRSThttpPrintf(&bp, "%s%s\">View\n", - dir_uri, namelist[i]->d_name); - } - else GRSThttpPrintf(&bp, ""); - - free(vfile); - } - } - } - - if (num > 0) GRSThttpPrintf(&bp, "
DateSize afterChanged by
%s%d%sView
 
\n"); - else GRSThttpPrintf(&bp, "

No history for this file\n"); - - if (GRSTgaclPermHasList(perm)) - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - else adminfooter(&bp, dn, help_uri, dir_uri, NULL); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - -void ziplist(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - char *shellcmd, *unzip, oneline[129]; - FILE *fp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasRead(perm)) GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - GRSThttpPrintf(&bp, "Contents of %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - GRSThttpPrintf(&bp, - "

Contents of ZIP file %s%s

\n", - dir_uri, file, dir_uri, file); - - unzip = getenv("GRST_UNZIP"); - if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP"); - - if (unzip != NULL) - { - GRSThttpPrintf(&bp, "
\n");
-      asprintf(&shellcmd, "cd %s ; %s -Z %s", dir_path, unzip, file);
-      fp = popen(shellcmd, "r");
-  
-      while (fgets(oneline, sizeof(oneline), fp) != NULL)           
-                          GRSThttpPrintf(&bp, "%s", oneline);         
-      pclose(fp);
-      GRSThttpPrintf(&bp, "
\n"); - - if (GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, - "

" - " in %s" - "" - "
" - "

(All files are placed in the same directory and files " - "beginning with "." are ignored.)

\n", - dir_uri, admin_file, dir_uri, file); - } - else GRSThttpPrintf(&bp, "

unzip path not defined!\n"); - - if (GRSTgaclPermHasList(perm)) - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - else adminfooter(&bp, dn, help_uri, dir_uri, NULL); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - -void unzipfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - char *shellcmd, *unzip, oneline[129]; - FILE *fp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - GRSThttpPrintf(&bp, "Unzipping %s%s\n", dir_uri, file); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - GRSThttpPrintf(&bp, - "

Unzipping %s%s

\n", - dir_uri, file, dir_uri, file); - - unzip = getenv("GRST_UNZIP"); - if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP"); - - if (unzip != NULL) - { - GRSThttpPrintf(&bp, "
\n");
-      asprintf(&shellcmd, "cd %s ; %s -jo %s -x '.*'", dir_path, unzip, file);
-      fp = popen(shellcmd, "r");
-  
-      while (fgets(oneline, sizeof(oneline), fp) != NULL)           
-                          GRSThttpPrintf(&bp, "%s", oneline);         
-      pclose(fp);
-      GRSThttpPrintf(&bp, "
\n"); - - if (GRSTgaclPermHasList(perm)) - GRSThttpPrintf(&bp, "

" - "Back to " - "directory", dir_uri, admin_file); - } - else GRSThttpPrintf(&bp, "

unzip path not defined!\n"); - - if (GRSTgaclPermHasList(perm)) - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - else adminfooter(&bp, dn, help_uri, dir_uri, NULL); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - -void editfileform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int fd, rawpagesize, i, c; - char *dir_path_file, *rawpage, *p; - FILE *fp = NULL; - struct stat statbuf; - GRSThttpBody bp; - - if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); - - if (index(file, '/') != NULL) GRSThttpError("403 Forbidden"); - - dir_path_file = malloc(strlen(dir_path) + strlen(file) + 2); - - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, file); - - fd = open(dir_path_file, O_RDONLY); - if (fd != -1) - { - fp = fdopen(fd, "r"); - if (fp == NULL) GRSThttpError("500 File open failed!"); - - if ((fstat(fd, &statbuf) != 0) || - !S_ISREG(statbuf.st_mode)) GRSThttpError("500 Not a regular file!"); - } - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Edit file %s\n", file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Edit file %s

\n", file); - - GRSThttpPrintf(&bp,"
\n",dir_uri,admin_file); - GRSThttpPrintf(&bp,"

\n"); - GRSThttpPrintf(&bp,"

File name: \n", file); - GRSThttpPrintf(&bp,"\n"); - GRSThttpPrintf(&bp,"

\n"); - GRSThttpPrintf(&bp, "

\n"); - GRSThttpPrintf(&bp, "

\n"); - - if (fp != NULL) fclose(fp); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - -void editdnlistform(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *file, char *dir_uri, char *admin_file) -{ - int fd, i, c, numdn = 0; - char *dir_path_file, *rawpage, *p, *dnlistsuri, *server_name, *fulluri, - *realfile, oneline[513]; - FILE *fp = NULL; - struct stat statbuf; - GRSThttpBody bp; - - dnlistsuri = getenv("GRST_DN_LISTS_URI"); - if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI"); - - if (!GRSTgaclPermHasWrite(perm) || - (dnlistsuri == NULL) || - (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) != 0)) - GRSThttpError("403 Forbidden"); - - realfile = GRSThttpUrlEncode(file); - - dir_path_file = malloc(strlen(dir_path) + strlen(realfile) + 2); - - strcpy(dir_path_file, dir_path); - strcat(dir_path_file, "/"); - strcat(dir_path_file, realfile); - - fd = open(dir_path_file, O_RDONLY); - if (fd != -1) /* we dont mind open failing, but it must work if it doesnt */ - { - fp = fdopen(fd, "r"); - if (fp == NULL) GRSThttpError("500 File open failed!"); - - if ((fstat(fd, &statbuf) != 0) || - !S_ISREG(statbuf.st_mode)) GRSThttpError("500 Not a regular file!"); - } - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp, "Edit DN List %s\n", file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Edit DN List

\n"); - - GRSThttpPrintf(&bp,"
\n",dir_uri,admin_file); - GRSThttpPrintf(&bp,"

\n"); - GRSThttpPrintf(&bp,"

List URL: \n", file, strlen(file)); - GRSThttpPrintf(&bp,"\n"); - - if (fp != NULL) - { - GRSThttpPrintf(&bp, "

\n" - "\n"); - - while (fgets(oneline, sizeof(oneline), fp) != NULL) - { - ++numdn; - - p = rindex(oneline, '\n'); - if (p != NULL) *p = '\0'; - - GRSThttpPrintf(&bp, "" - "\n", numdn, oneline, oneline); - } - - GRSThttpPrintf(&bp,"
Keep?Name
%s
\n"); - } - - GRSThttpPrintf(&bp,"\n", numdn); - - GRSThttpPrintf(&bp, "

Add new DN: \n"); - - GRSThttpPrintf(&bp,"

\n"); - GRSThttpPrintf(&bp, "

\n"); - - if (fp != NULL) fclose(fp); - - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - -void managedir(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *dir_uri, char *admin_file) -{ - int n, is_dnlists_dir = 0, enclen, numfiles, encprefixlen; - char *d_namepath, modified[99], *absaclpath, *editable, *p, *unzip, - *dnlistsuri, *d_name, *server_name, *fulluri, *encfulluri, - *encprefix, *dnlistsprefix; - GRSThttpBody bp; - struct tm mtime_tm; - struct stat statbuf; - struct dirent **namelist, *subdirfile_ent; - DIR *subDIR; - - if (((!GRSTgaclPermHasWrite(perm)) && - (!GRSTgaclPermHasList(perm))) || - (stat(dir_path, &statbuf) != 0) || !S_ISDIR(statbuf.st_mode)) - GRSThttpError("403 Forbidden"); - - editable = getenv("GRST_EDITABLE"); - if (editable == NULL) editable = getenv("REDIRECT_GRST_EDITABLE"); - - unzip = getenv("GRST_UNZIP"); - if (unzip == NULL) unzip = getenv("REDIRECT_GRST_UNZIP"); - - dnlistsuri = getenv("GRST_DN_LISTS_URI"); - if (dnlistsuri == NULL) dnlistsuri = getenv("REDIRECT_GRST_DN_LISTS_URI"); - - if (dnlistsuri && (strncmp(dnlistsuri, dir_uri, strlen(dnlistsuri)) == 0)) - { - is_dnlists_dir = 1; - server_name = getenv("SERVER_NAME"); - - asprintf(&fulluri, "https://%s%s", server_name, dir_uri); - encfulluri = GRSThttpUrlEncode(fulluri); - enclen = strlen(encfulluri); - - asprintf(&dnlistsprefix, "https://%s%s", server_name, dnlistsuri); - encprefix = GRSThttpUrlEncode(dnlistsprefix); - encprefixlen = strlen(encprefix); - } - - printf("Status: 200 OK\nContent-Type: text/html\n"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintf(&bp,"Manage directory %s\n", dir_uri); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpPrintf(&bp, "

Manage directory %s

\n\n", dir_uri); - - if (dir_uri[1] != '\0') - GRSThttpPrintf(&bp, - "\n", admin_file); - - if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasAdmin(perm)) - { - absaclpath = malloc(strlen(dir_path) + sizeof(GRST_ACL_FILE) + 1); - strcpy(absaclpath, dir_path); - strcat(absaclpath, "/"); - strcat(absaclpath, GRST_ACL_FILE); - - if (stat(absaclpath, &statbuf) == 0) /* ACL exists in THIS directory */ - { - localtime_r(&(statbuf.st_mtime), &mtime_tm); - strftime(modified, sizeof(modified), - "", - &mtime_tm); - - if (!is_dnlists_dir) - { - GRSThttpPrintf(&bp, - "" - "%s\n", - GRST_ACL_FILE, - GRST_ACL_FILE, - statbuf.st_size, modified); - - GRSThttpPrintf(&bp, - "", - dir_uri, admin_file, GRST_ACL_FILE); - } - else GRSThttpPrintf(&bp, - "" - "%s\n", - GRST_ACL_FILE, - statbuf.st_size, modified); - - if (GRSTgaclPermHasAdmin(perm)) - GRSThttpPrintf(&bp, - "" - "", - dir_uri, admin_file, - dir_uri, admin_file, GRST_ACL_FILE); - else if (GRSTgaclPermHasRead(perm)) - GRSThttpPrintf(&bp, - "" - "", dir_uri, admin_file); - else GRSThttpPrintf(&bp, "\n"); - - GRSThttpPrintf(&bp, "\n"); - } - else if (GRSTgaclPermHasAdmin(perm)) - GRSThttpPrintf(&bp, "\n" - "\n" - "\n", - dir_uri, admin_file); - } - - if (GRSTgaclPermHasList(perm)) - { - n = scandir(dir_path, &namelist, 0, alphasort); - while (n--) - { - if (namelist[n]->d_name[0] != '.') - { - d_namepath = malloc(strlen(dir_path) + - strlen(namelist[n]->d_name) + 2); - strcpy(d_namepath, dir_path); - strcat(d_namepath, "/"); - strcat(d_namepath, namelist[n]->d_name); - stat(d_namepath, &statbuf); - - if (S_ISDIR(statbuf.st_mode)) - { - subDIR = opendir(d_namepath); - - if (subDIR == NULL) numfiles = 99; /* stop deletion */ - else - { - numfiles = 0; - while ((subdirfile_ent = readdir(subDIR)) != NULL) - if (subdirfile_ent->d_name[0] != '.') ++numfiles; - else if (strncmp(subdirfile_ent->d_name, - GRST_ACL_FILE, - sizeof(GRST_ACL_FILE)) == 0) ++numfiles; - - closedir(subDIR); - } - } - - free(d_namepath); - - localtime_r(&(statbuf.st_mtime), &mtime_tm); - strftime(modified, sizeof(modified), - "", - &mtime_tm); - - if (S_ISDIR(statbuf.st_mode)) - { - GRSThttpPrintf(&bp, - "" - "%s\n", - dir_uri, namelist[n]->d_name, admin_file, - namelist[n]->d_name, - statbuf.st_size, modified); - - if (numfiles == 0) - GRSThttpPrintf(&bp, - "\n", - dir_uri, admin_file, namelist[n]->d_name); - else GRSThttpPrintf(&bp, "\n"); - - GRSThttpPrintf(&bp, "\n"); - } - else if (is_dnlists_dir) - { - if ((strlen(namelist[n]->d_name) <= encprefixlen) || - (strncmp(namelist[n]->d_name, encprefix, - encprefixlen) != 0)) continue; - - d_name = GRSThttpUrlDecode(namelist[n]->d_name); - - GRSThttpPrintf(&bp, "" - "%s" - "", - d_name, d_name, - statbuf.st_size, modified); - - if (GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, "" - "" - "" - "" - "\n", - dir_uri, admin_file, d_name); - else GRSThttpPrintf(&bp, "\n"); - - if (GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, "" - "" - "" - "" - "\n", - dir_uri, admin_file, d_name); - else GRSThttpPrintf(&bp, "\n"); - - GRSThttpPrintf(&bp, ""); - } - else /* regular directory, not DN Lists */ - { - d_name = namelist[n]->d_name; - - GRSThttpPrintf(&bp, - "" - "%s", - dir_uri, d_name, - d_name, - statbuf.st_size, modified); - - GRSThttpPrintf(&bp, - "", - dir_uri, admin_file, d_name); - - p = rindex(namelist[n]->d_name, '.'); - - if ((unzip != NULL) && - (p != NULL) && - (strcasecmp(&p[1], "zip") == 0) && - GRSTgaclPermHasRead(perm)) - GRSThttpPrintf(&bp, - "\n", - dir_uri, admin_file, d_name); - else if ((p != NULL) && - (strstr(editable, &p[1]) != NULL) && - GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, - "\n", - dir_uri, admin_file, d_name); - else GRSThttpPrintf(&bp, ""); - - if (GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, - "\n", dir_uri, admin_file, d_name); - else - GRSThttpPrintf(&bp, "\n"); - - if (GRSTgaclPermHasWrite(perm)) - GRSThttpPrintf(&bp, - "\n", dir_uri, admin_file, d_name); - else - GRSThttpPrintf(&bp, ""); - } - } - - free(namelist[n]); - } - - free(namelist); - } - - if (GRSTgaclPermHasWrite(perm)) - { - if (is_dnlists_dir) - { - GRSThttpPrintf(&bp, "\n" - "" - "\n" - "\n", - dir_uri, admin_file, fulluri, strlen(fulluri)+8); - - GRSThttpPrintf(&bp, "\n" - "\n" - "\n", - dir_uri, admin_file); - } - else - { - GRSThttpPrintf(&bp, "\n" - "\n" - "" - "\n" - "\n" - "\n", - dir_uri, admin_file); - - GRSThttpPrintf(&bp, - "\n" - "\n" - "" - "" - "\n" - "" - "\n" - "\n", dir_uri, admin_file); - } - } - - GRSThttpPrintf(&bp, "
[Parent " - "directory]
%R%e %b %y
%s%ld" - "History
%s%ldEditDeleteView    
%R%e %b %y
" - "%s/%ld " - "Delete  
%s%ld 
 
  
%s%ld" - "History" - "List" - "Edit " - "Delete " - "Rename
 
New list name: " - "\n" - "
New directory: " - "\n" - "
New name:\n" - "
Upload file:New name: " - "
Local name:
\n"); - - if (!is_dnlists_dir) adminfooter(&bp, dn, help_uri, dir_uri, NULL); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); -} - diff --git a/org.gridsite.core/src/grst_admin_gacl.c b/org.gridsite.core/src/grst_admin_gacl.c deleted file mode 100644 index bdcccbd..0000000 --- a/org.gridsite.core/src/grst_admin_gacl.c +++ /dev/null @@ -1,981 +0,0 @@ -/* - Copyright (c) 2003-5, Shiv Kaushal, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*-----------------------------------------------------------* -* This program is part of GridSite: http://www.gridsite.org/ * -*------------------------------------------------------------*/ - -#include -#include -#include -#include -#include -#include - -extern char *grst_perm_syms[]; -extern int grst_perm_vals[]; - -#include "grst_admin.h" - -// CGI GACL Editor interface functions -void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp); - -// Functions for producing HTML output -void StartHTML(GRSThttpBody *bp, char *dir_uri, char* dir_path); -void StartForm(GRSThttpBody *bp, char* dir_uri, char* dir_path, char* admin_file, int timestamp, char* target_function); -void EndForm(GRSThttpBody *bp); -void GRSTgaclCredTableStart(GRSThttpBody *bp); -void GRSTgaclCredTableAdd(GRSTgaclUser *user, GRSTgaclEntry *entry, GRSTgaclCred *cred, GRSTgaclNamevalue *namevalue, int cred_no, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); -void GRSTgaclCredTableEnd(GRSTgaclEntry* entry, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); - -// ACL Manipulation functions -int GACLentriesInAcl(GRSTgaclAcl *acl); -int GRSTgaclCredsInEntry(GRSTgaclEntry *entry); -void check_acl_save(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSTgaclUser* user, GRSTgaclAcl *acl, GRSThttpBody *bp); -void GACLeditGetPerms(GRSTgaclEntry *entry); -GRSTgaclEntry *GACLreturnEntry(GRSTgaclAcl *acl, int entry_no); -GRSTgaclCred *GACLreturnCred(GRSTgaclEntry *entry, int cred_no); - -void StringHTMLEncode (char* string, GRSThttpBody *bp); - -void revert_acl(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file); - -/*****************************************/ -/********** FUNCTIONS FOLLOW *************/ -/*****************************************/ - -void show_acl(int admin, GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Shows the contents of the ACL. Gives edit 'buttons' if (int admin) == 1 - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclNamevalue *namevalue; - int entry_no, cred_no, allow, deny,timestamp; - GRSThttpBody bp; - char* AclFilename; - struct stat file_info; - int history_mode=0; - - if (admin==2){ - history_mode=1; - admin=0; - } - - /*double-check access permision*/ - if (!GRSTgaclPermHasAdmin(perm)) admin=0; - - StartHTML(&bp, dir_uri, dir_path); - - /* Load ACL from file and get timestamp*/ - if (history_mode==1) { - AclFilename=malloc(strlen(dir_path)+strlen(file)+2); - strcpy(AclFilename, dir_path); - strcat(AclFilename, "/"); - strcat(AclFilename, file); - } - else AclFilename=GRSTgaclFileFindAclname(dir_path); - - if (AclFilename==NULL){ - GRSThttpPrintf ( &bp,"The ACL was not found !!!
\n"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; - } - - stat(GRSTgaclFileFindAclname(dir_path), &file_info); - timestamp=file_info.st_mtime; - acl = GRSTgaclAclLoadFile(AclFilename); - - if (acl==NULL){ - GRSThttpPrintf ( &bp,"The ACL was found but could not be loaded - it could be incorrectly formatted
\n"); - adminfooter(&bp, dn, help_uri, dir_uri, NULL); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(&bp); - return; - } - - if (admin) GRSThttpPrintf (&bp,"New Entry
\n", dir_uri, admin_file, dir_uri, timestamp ); - - // Start with the first entry in the list and work through - entry=acl->firstentry; - entry_no=1; - while (entry!=NULL){ - - GRSThttpPrintf (&bp,"
Entry %d:\n", entry_no); - if (admin){ - GRSThttpPrintf (&bp,"Edit Entry ", dir_uri, admin_file, entry_no, dir_uri, timestamp ); - GRSThttpPrintf (&bp,"Delete Entry ",dir_uri, admin_file, entry_no, dir_uri, timestamp ); - GRSThttpPrintf (&bp,"

\n"); - } - - GRSTgaclCredTableStart(&bp); - - // Start with the first credential in the entry and work through - cred=entry->firstcred; - cred_no=1; - while (cred!=NULL){ - namevalue=cred->firstname; - GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - // Change to next credential - cred=cred->next; - cred_no++; - } - - GRSTgaclCredTableEnd (entry, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - // Change to next entry - entry=entry->next; - entry_no++; - } - - if (!admin && GRSTgaclPermHasAdmin(perm) && !history_mode) //Print a link for admin mode, if not in admin mode but the user has admin permissions - GRSThttpPrintf (&bp,"Admin Mode", dir_uri, admin_file, dir_uri, timestamp ); - if (history_mode==1 && GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user)){ - StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "revert_acl"); -//GRSThttpPrintf (&bp,"Revert to this Version", dir_uri, admin_file, dir_uri, timestamp, file ); - GRSThttpPrintf (&bp, "\n", file); - // Revert Button - GRSThttpPrintf (&bp, "

\n\n"); - } - - adminfooter(&bp, dn, help_uri, dir_uri, NULL); - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); GRSThttpWriteOut(&bp); return; -} - - -void new_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm,char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Presents the user with a form asking for details required to create a new entry - GRSThttpBody bp; - int timestamp=atol(GRSThttpGetCGI("timestamp")); - GRSTgaclCred* cred; - GRSTgaclEntry *entry; - GRSTgaclNamevalue* namevalue; - - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - entry = GRSTgaclEntryNew(); - StartHTML(&bp, dir_uri, dir_path); - StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "new_entry"); - GRSThttpPrintf (&bp, "NEW ENTRY IN ACL FOR %s

\n", dir_uri); - - GRSTgaclCredTableStart(&bp); - GRSTgaclCredTableAdd(user, entry,cred, namevalue, 0, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - GRSTgaclCredTableEnd (entry, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - - /*Submit and reset buttons - submit button sends the data in the form back to the script & new_entry() to be called*/ - EndForm(&bp); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; -} - -void new_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Processes the information entered into the form from new_entry_form() and adds a new entry to the ACL - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - char *type, *value; - GRSThttpBody bp; - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - // Get new credential info and perform checks - type=GRSThttpGetCGI("type"); - value=GRSThttpGetCGI("cred0_value"); - - if (strcmp(type, "not_chosen")==0){ - GRSThttpError ("500 Invalid input - credential type not chosen"); - return; - } - - // Create the credential - cred=GRSTgaclCredNew(type); - if (strcmp(type, "person")==0) GRSTgaclCredAddValue(cred,"dn", value); - else if (strcmp(type, "dn-list")==0) GRSTgaclCredAddValue(cred, "url", value); - else if (strcmp(type, "voms")==0) GRSTgaclCredAddValue(cred, "fqan", value); - else if (strcmp(type, "dns")==0) GRSTgaclCredAddValue(cred, "hostname", value); - else if (strcmp(type, "any-user")==0) {} // namevalue not entered for any-user credential - else{ - GRSThttpError ("500 Invalid input - credential type not valid"); - return; - } - - // Create and empty entry, add the credential and get permissions - entry = GRSTgaclEntryNew(); - GRSTgaclEntryAddCred(entry, cred); - GACLeditGetPerms(entry); - - // Load the ACL, add the entry and save - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); - GRSTgaclAclAddEntry(acl, entry); - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - return; -} - -void del_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Deletes the entry denoted by the GCI variable "entry_no"*/ - int entry_no; - GRSTgaclAcl *acl; - GRSTgaclEntry *previous, *entry; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - // Load the ACL - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); - - // Get the number of the entry to be deleted and check okay to delete - entry_no=atol(GRSThttpGetCGI("entry_no")); - if(GACLentriesInAcl(acl)<=1){ - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, "ERROR: Cannot delete all entries from the ACL
\n"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; - } - - // Get pointer to entry and previous entry - entry = GACLreturnEntry(acl, entry_no); - if (entry_no!=1) previous = GACLreturnEntry(acl, entry_no-1); - - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read entry from ACL file"); - return; - } - - // Perform deletion from the list by changing pointers - if (entry_no==1) acl->firstentry=entry->next; - else if (entry_no==GACLentriesInAcl(acl)) previous->next=NULL; - else previous->next=entry->next; - - // Save ACL and exit - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - - return; -} - - -void edit_entry_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Presents the user with an editable form containing details of entry denoted by CGI variable entry_no*/ - int entry_no, cred_no, i, admin=0, timestamp=atol(GRSThttpGetCGI("timestamp")); - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclNamevalue *namevalue; - // struct _GACLnamevalue *namevalue; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - // Load ACL from file - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); - - // Get pointer to the entry and check okay - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, "EDITING ENTRY %d IN ACL FOR %s

\n", entry_no, dir_uri); - - // Start with first credential in the entry and display them in order*/ - cred=entry->firstcred; - cred_no=1; - StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "edit_entry"); - GRSThttpPrintf (&bp, "\n", entry_no); - - GRSTgaclCredTableStart(&bp); - - while (cred!=NULL){ - // Start with the first namevalue in the credential - namevalue=cred->firstname; - GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - // Change to next credential - cred=cred->next; - cred_no++; - } - GRSTgaclCredTableEnd (entry, entry_no, admin, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - EndForm(&bp); - - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; -} - - -void edit_entry(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - //Processes the information entered into the form from edit_entry_form() and updates the entry corresponding to entry_no*/ - int entry_no, cred_no, i; - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclNamevalue *namevalue; - char variable[30]; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - // Load the ACL - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); - - // Get pointer to the entry and perform checks - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - // Start with the first credential and update each one - cred=entry->firstcred; - cred_no=1; - - while (cred!=NULL){ - if (strcmp(cred->type, "any-user")!=0){ - namevalue=cred->firstname; - sprintf(variable, "cred%d_value", cred_no); - namevalue->value=GRSThttpGetCGI(variable); - } - //Change to next credential*/ - cred=cred->next; - cred_no++; - } - - // Update permissions - GACLeditGetPerms(entry); - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - return; -} - - -void add_cred_form(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Presents the user with a form asking for details required to create a new credential in the entry denoted by entry_no - GRSThttpBody bp; - int timestamp=atol(GRSThttpGetCGI("timestamp")), entry_no=atol(GRSThttpGetCGI("entry_no")); - GRSTgaclAcl *acl; - GRSTgaclEntry* entry; - GRSTgaclCred* cred; - GRSTgaclNamevalue* namevalue; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); // Load the ACL - - //Get pointer to the entry and perform checks - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - - if (strcmp(GRSThttpGetCGI("cmd"), "add_cred_form")==0){ //if not a new entry check to see if cred exists - cred=entry->firstcred; - while (cred!=NULL) { - if (strcmp (cred->type, "any-user")==0) { - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, "ERROR: AND-ing \"any-user\" credential with other credential does not make sense
\n"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; - } - cred=cred->next; - } - } - - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, " NEW CREDENTIAL IN ENTRY %d OF ACL FOR %s

\n", entry_no, dir_uri); - StartForm(&bp, dir_uri, dir_path, admin_file, timestamp, "add_cred"); - - GRSThttpPrintf (&bp, " \n", entry_no); - - GRSTgaclCredTableStart(&bp); - GRSTgaclCredTableAdd(user, entry, cred, namevalue, 0, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - GRSTgaclCredTableEnd (entry, 0, 0, timestamp, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - - EndForm(&bp); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; -} - - -void add_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Processes the information entered into the form [add_cred_form()]and adds a new credential to the entry corresponding to entry_no - int entry_no; - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSThttpBody bp; - char *type, *value; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load the ACL - - // Get pointer to the entry and perform checks - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl)){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - // Create new credential and add it to entry - type=GRSThttpGetCGI("type"); - value=GRSThttpGetCGI("cred0_value"); - cred=GRSTgaclCredNew(type); - if (strcmp(type, "person") ==0) GRSTgaclCredAddValue(cred,"dn", value); - else if (strcmp(type, "dn-list") ==0) GRSTgaclCredAddValue(cred, "url", value); - else if (strcmp(type, "voms") ==0) GRSTgaclCredAddValue(cred, "fqan", value); - else if (strcmp(type, "dns") ==0) GRSTgaclCredAddValue(cred, "hostname", value); - else if (strcmp(type, "any-user")==0) {}// namevalue not entered for any-user credential - else{ - GRSThttpError ("500 Credential type not valid"); - return; - } - GRSTgaclEntryAddCred(entry, cred); - - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - return; -} - - -void del_cred(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Deletes the credential denoted by the GCI variable "cred_no", in the entry denoted by "entry_no" - int entry_no, cred_no; - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *previous, *cred; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path)); - - // Get pointer to the entry and perform checks - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - // Get pointer the the credential and perform checks - cred_no=atol(GRSThttpGetCGI("cred_no")); - cred=GACLreturnCred(entry, cred_no); - if(entry==NULL || entry_no<1 || cred_no>GRSTgaclCredsInEntry(entry)){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - // Get pointer to previous credential - if needed - if (cred_no!=1) previous = GACLreturnCred(entry, cred_no-1); - - // Perform deletion from the list by changing pointers - if (cred_no==1) entry->firstcred=cred->next; - else if (cred_no==GRSTgaclCredsInEntry(entry)) previous->next=NULL; - else previous->next=cred->next; - - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - return; -} - -void admin_continue(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSThttpBody *bp){ - // Single line printed out to forward users back to show_acl in admin mode - // Should ALWAYS called from another function so no HTML header required - // Should ALWAYS be the end of a page - GRSThttpPrintf (bp, "\n
Click Here to return to the editor", dir_uri,admin_file,dir_uri, time(NULL)); - adminfooter(bp, dn, help_uri, dir_uri, NULL); - GRSThttpPrintHeaderFooter(bp, dir_path, GRST_FOOTFILE); - GRSThttpWriteOut(bp); - return; -} - - -void del_entry_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Prints out entry denoted by entry_no and asks if the user really wants to delete it - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclNamevalue *namevalue; - int entry_no, cred_no, allow, deny, i, timestamp; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load ACL from file - - if (acl==NULL){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - // Get pointer to the entry and check okay - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, "

Do you really want to delete the following entry?



\n"); - GRSThttpPrintf (&bp,"
Entry %d:
\n", entry_no); - - // Print the entry out - // Start with the first credential in the entry and work through - cred=entry->firstcred; - cred_no=1; - - GRSTgaclCredTableStart(&bp); - while (cred!=NULL){ - // Start with the first namevalue in the credential - namevalue=cred->firstname; - GRSTgaclCredTableAdd(user, entry, cred, namevalue, cred_no, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - // Change to next credential - cred=cred->next; - cred_no++; - } - - GRSTgaclCredTableEnd (entry, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - - StartForm(&bp, dir_uri, dir_path, admin_file, atol(GRSThttpGetCGI("timestamp")), "del_entry"); - GRSThttpPrintf (&bp, "\n", entry_no); - GRSThttpPrintf (&bp, "

\n\n"); - - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; -} - -void del_cred_sure(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Prints out credential denoted by entry_no/cred_no and asks if the user really wants to delete it - GRSTgaclAcl *acl; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclNamevalue *namevalue; - int entry_no, cred_no, allow, deny, timestamp, i; - GRSThttpBody bp; - - if (!GRSTgaclPermHasAdmin(perm)) GRSThttpError ("403 Forbidden"); - - acl = GRSTgaclAclLoadFile(GRSTgaclFileFindAclname(dir_path));// Load ACL from file - - if (acl==NULL){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - // Get pointer to the entry and check okay - entry_no=atol(GRSThttpGetCGI("entry_no")); - entry = GACLreturnEntry(acl, entry_no); - if(entry==NULL || entry_no<1 || entry_no>GACLentriesInAcl(acl) ){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - // Get pointer to the credential and check okay - cred_no=atol(GRSThttpGetCGI("cred_no")); - cred=GACLreturnCred(entry, cred_no); - if(entry==NULL || entry_no<1 || cred_no>GRSTgaclCredsInEntry(entry)){ - GRSThttpError ("500 Unable to read from ACL file"); - return; - } - - if(GRSTgaclCredsInEntry(entry)<=1){ - del_entry_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - return; - } - - StartHTML(&bp, dir_uri, dir_path); - GRSThttpPrintf (&bp, "

Do you really want to delete the following credential from entry %d?



", entry_no); - - // Print the credential out - GRSTgaclCredTableStart(&bp); - GRSTgaclCredTableAdd(user, entry, cred, cred->firstname, cred_no, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - GRSTgaclCredTableEnd (entry, entry_no, 0, 0, &bp, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - GRSThttpPrintf (&bp,"
\n"); - - // Yes Button - StartForm(&bp, dir_uri, dir_path, admin_file, atol(GRSThttpGetCGI("timestamp")), "del_cred"); - GRSThttpPrintf (&bp, "\n", entry_no); - GRSThttpPrintf (&bp, "\n", cred_no); - GRSThttpPrintf (&bp, "

\n\n"); - - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, &bp); - return; -} - - -int GACLentriesInAcl(GRSTgaclAcl *acl){ - // Returns the number of entries in acl - GRSTgaclEntry *entry; - int number; - - entry=acl->firstentry; - number=0; - - while (entry!=NULL) - { - number++; - entry=entry->next; - } - - return number; -} - -int GRSTgaclCredsInEntry(GRSTgaclEntry *entry){ - // Returns the number of credentials in entry - int number; - GRSTgaclCred *cred; - - cred=entry->firstcred; - number=0; - - while (cred!=NULL) - { - number++; - cred=cred->next; - } - - return number; -} - - -void GACLeditGetPerms(GRSTgaclEntry *entry){ - // Updates the permissions entry using permissions from a form produced using GRSTgaclCredTableEnd - int i; - char buf[30]; - - - for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of allowed permissions*/ - { - sprintf (buf, "allow_%s", grst_perm_syms[i]); // Update allowed - if (strcmp (GRSThttpGetCGI(buf), "ON") == 0 ) GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]); else GRSTgaclEntryUnallowPerm(entry, grst_perm_vals[i]); - - sprintf (buf, "deny_%s", grst_perm_syms[i]); // Update denied - if (strcmp (GRSThttpGetCGI(buf), "ON") == 0 ) GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]); else GRSTgaclEntryUndenyPerm(entry, grst_perm_vals[i]); - - } - - return; -} - -GRSTgaclEntry *GACLreturnEntry(GRSTgaclAcl *acl, int entry_no){ - // Returns a pointer to entry in ACL denoted by entry_no, returns NULL if not found - int number; - GRSTgaclEntry *entry; - - if (acl==NULL) return NULL; - - entry=acl->firstentry; - number=1; - - while (entry!=NULL) - { - if (number==entry_no) return entry; - number++; - entry=entry->next; - } - - return NULL; -} - - -GRSTgaclCred *GACLreturnCred(GRSTgaclEntry *entry, int cred_no){ - // Returns a pointer to credential denoted by cred_no in entry, returns NULL if not found - int number; - GRSTgaclCred *cred; - - if (entry==NULL) return NULL; - - cred=entry->firstcred; - number=1; - - while (cred!=NULL) - { - if (number==cred_no) return cred; - number++; - cred=cred->next; - } - - return NULL; -} -void StartHTML(GRSThttpBody *bp, char *dir_uri, char* dir_path){ - //Start HTML output and insert page title - printf("Status: 200 OK\nContent-Type: text/html\n"); - GRSThttpBodyInit(bp); - GRSThttpPrintf(bp, "Access Control List for %s\n", dir_uri); - GRSThttpPrintHeaderFooter(bp, dir_path, GRST_HEADFILE); - return; -} -void StartForm(GRSThttpBody *bp, char* dir_uri, char* dir_path, char* admin_file, int timestamp, char* target_function){ - // Starts an HTML form with gridsite admin as the target and target_function as the value of cmd. - // Also inputs the dir_uri and the timestamp - GRSThttpPrintf (bp, "
\n", dir_uri, admin_file, dir_uri); - GRSThttpPrintf (bp, " \n", target_function); - GRSThttpPrintf (bp, " \n", timestamp); - return; -} - -void EndForm(GRSThttpBody *bp){ - GRSThttpPrintf (bp, "

\n"); - GRSThttpPrintf (bp, "
\n"); - return; -} - -void GRSTgaclCredTableStart(GRSThttpBody *bp){ - //Starts an HTML table of credentials by setting the column widths and inputting the headings - GRSThttpPrintf (bp,""); - GRSThttpPrintf (bp,""); - return; -} - -void GRSTgaclCredTableAdd(GRSTgaclUser *user, GRSTgaclEntry *entry, GRSTgaclCred *cred, GRSTgaclNamevalue *namevalue, int cred_no, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Adds the credential "cred" to a table started byGRSTgaclCredTableStart allowing the user to edit if appropriate - char* cmd = GRSThttpGetCGI("cmd"); - int edit_values=0, new_cred=0, allow_new_person=1; - int site_admin=GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user); - - if (strcmp(cmd, "new_entry_form")==0 || strcmp(cmd, "add_cred_form")==0) new_cred=1; - if (new_cred || strcmp(cmd, "edit_entry_form")==0) edit_values=1; - - if (new_cred) { /*Print out type and descriptor*/ - if (strcmp(cmd, "add_cred_form")==0){ /*if not a new entry check to see if cred exists.*/ - cred=entry->firstcred; - while (cred!=NULL) {if (strcmp (cred->type, "person")==0) allow_new_person=0; cred=cred->next;} - } - //create dummy credential for the user to edit - cred=GRSTgaclCredNew("new"); - GRSTgaclCredAddValue(cred, "", ""); - namevalue=cred->firstname; - //Drop down list of types - GRSThttpPrintf(bp,""); - GRSThttpPrintf(bp,""); - } - - else { //Print out type and descriptor for existing cred - - GRSThttpPrintf(bp,""); -} - -void GRSTgaclCredTableEnd(GRSTgaclEntry* entry, int entry_no, int admin, int timestamp, GRSThttpBody *bp, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - // Finishes off a table of credentials by inputting "Add Credential" link and a list of premissions in the final row - int i, blank_perms, edit_perms, show_perms; - char* cmd = GRSThttpGetCGI("cmd"); - - if (strcmp(cmd, "add_cred_form")==0 ||strcmp(cmd, "del_cred_sure")==0) show_perms=0; else show_perms=1; - if (strcmp(cmd, "edit_entry_form")==0 || strcmp(cmd, "new_entry_form")==0) edit_perms=1; else edit_perms=0; - if (strcmp(cmd, "new_entry_form")==0) blank_perms=1; else blank_perms=0; - - // If showing the last row is not required then exit - if (show_perms==0){GRSThttpPrintf (bp,"
Credential No.TypeValue
New"); - GRSThttpPrintf (bp, "
%d", cred_no); - if (admin) GRSThttpPrintf (bp,"(Delete)", dir_uri,admin_file,dir_uri, entry_no, cred_no, timestamp); - GRSThttpPrintf(bp, "%s ", cred->type); - } - - if (strcmp(cred->type, "any-user")==0) GRSThttpPrintf (bp, " "); /* Do not print out namevalue for any-user credential*/ - else{ - if (edit_values){ // Place namevalue in an editable box if appropriate - GRSThttpPrintf (bp, "value, bp); - GRSThttpPrintf (bp, "\">"); - } - else if (strcmp(cred->type, "dn-list")==0){ - GRSThttpPrintf(bp, "value, bp); - GRSThttpPrintf(bp, " \">"); - StringHTMLEncode(namevalue->value, bp); - GRSThttpPrintf(bp, ""); - } - else { GRSThttpPrintf(bp, " "); StringHTMLEncode(namevalue->value, bp);} - - } - //Print out warning symbol if cred being printed relates to current user - but NOT for users in site admin list - if (GRSTgaclUserHasCred(user, cred) && !site_admin) GRSThttpPrintf(bp, " <--"); - GRSThttpPrintf(bp, "

\n"); return;} - - GRSThttpPrintf (bp,""); - - if (admin) GRSThttpPrintf (bp,"Add Credential", dir_uri,admin_file,dir_uri, entry_no, timestamp); - - GRSThttpPrintf (bp, "\n "); - - if (blank_perms==1)entry->allowed=entry->denied=GRST_PERM_NONE; - - // Show Permissions - will produce a list or a list of check boxes depending on whether the permissions are to be edited or not - GRSThttpPrintf (bp, "Allowed: "); - for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of allowed permissions*/ - { - if ( entry->allowed & grst_perm_vals[i]){ - if (edit_perms) GRSThttpPrintf (bp, "%s   \n", grst_perm_syms[i],grst_perm_syms[i]); - else GRSThttpPrintf(bp,"%s ", grst_perm_syms[i]); if (strcmp(grst_perm_syms[i], "none")==0) break; - } - else if (strcmp(grst_perm_syms[i], "none")!=0 && edit_perms) GRSThttpPrintf (bp, "%s   \n", grst_perm_syms[i],grst_perm_syms[i]); - } - - if (edit_perms) GRSThttpPrintf (bp, "

"); - GRSThttpPrintf (bp, "Denied: "); - for (i=0; grst_perm_syms[i]!=NULL; i++) /* Print the list of denied permissions*/ - { - if ( entry->denied & grst_perm_vals[i]) - { - if (edit_perms) GRSThttpPrintf (bp, "%s   \n", grst_perm_syms[i],grst_perm_syms[i]); - else GRSThttpPrintf(bp,"%s ", grst_perm_syms[i]); - if (strcmp(grst_perm_syms[i], "none")==0) break; - } - else if (strcmp(grst_perm_syms[i], "none")!=0 && edit_perms) GRSThttpPrintf (bp, "%s   \n", grst_perm_syms[i],grst_perm_syms[i]); - } - - GRSThttpPrintf (bp, ""); - GRSThttpPrintf (bp,"
\n"); - GRSThttpPrintf (bp,"\n"); -} - -void check_acl_save(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file, GRSTgaclUser* user, GRSTgaclAcl *acl, GRSThttpBody *bp){ - // Checks if the acl for the current directory has been changed, check the current user's permissions. - // If all is okay the ACl is saved -> returns 1 else returns 0 - struct stat file_info; - GRSTgaclPerm new_perm; - char *vfile, *dir_path_vfile, *dir_path_file; - FILE *fp; - - - /*Check ACL has not been modified*/ - stat(GRSTgaclFileFindAclname(dir_path), &file_info); - if (atol(GRSThttpGetCGI("timestamp"))!=file_info.st_mtime){ - StartHTML(bp, dir_uri, dir_path); - GRSThttpPrintf (bp, "ERROR: CANNOT SAVE CHANGES

The ACL has been modified since it was last viewed\n

"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp); - return; - } - - // check users permissions in the new ACL - - if (!GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), user)) - { - new_perm = GRSTgaclAclTestUser(acl, user); - if (new_perm != perm){ - StartHTML(bp, dir_uri, dir_path); - if (!GRSTgaclPermHasAdmin(new_perm)){//Check that user still has Admin permissions - if not then exit without saving the new ACL - GRSThttpPrintf (bp, "ERROR: CANNOT SAVE CHANGES\n\n

You cannot deny yourself admin access from within the editor\n"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp); - return; - } - //Functions to inform of other permission changes come next - GRSThttpPrintf (bp, "WARNING: OPERATION CHANGED YOUR PERMISSIONS!\n\n

You still have Admin permissions

\n"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp); - return; - } - } - // ACL not modified, notified of permission changes - can now save - - dir_path_file=GRSTgaclFileFindAclname(dir_path); - vfile=makevfilename(".gacl", file_info.st_size, dn); // Make temporary file name - dir_path_vfile = malloc(strlen(dir_path) + strlen(vfile) + 2); - strcpy(dir_path_vfile, dir_path); - strcat(dir_path_vfile, "/"); - strcat(dir_path_vfile, vfile); - - - // save the new ACL to the temporary file in the correct format using the GridsiteACLFormat directive - - if (strcasecmp(getenv("REDIRECT_GRST_ACL_FORMAT"), "XACML") ==0) GRSTxacmlAclSave(acl, dir_path_vfile); - else if (strcasecmp(getenv("REDIRECT_GRST_ACL_FORMAT"), "GACL") ==0) GRSTgaclAclSave(acl, dir_path_vfile); - else - { - GRSThttpPrintf (bp, "ERROR: ACL type not correctly specified"); - admin_continue(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, bp); - return; - } - - - unlink(dir_path_file); - if (link (dir_path_vfile,dir_path_file)!=0) GRSThttpError("403 Forbidden"); - - printf ("Status: 302 Moved Temporarily\n Content Length: 0\nLocation: %s%s?cmd=admin_acl\n\n", dir_uri, admin_file); - return; -} - -void StringHTMLEncode (char* string, GRSThttpBody *bp){ - - char* current_char; - char* tmp; - int n; - tmp=malloc(2); - - *(tmp+1)='\0'; - current_char=string; - while(*current_char != '\0'){ - - if (*current_char == '<') GRSThttpPrintf (bp,"<"); - else if (*current_char == '>') GRSThttpPrintf (bp,">"); - else if (*current_char == '&') GRSThttpPrintf (bp,"&"); - else if (*current_char == '\'') GRSThttpPrintf (bp,"'"); - else if (*current_char == '"') GRSThttpPrintf (bp,"""); - else{ - *tmp=*current_char; - GRSThttpPrintf(bp, "%s", tmp); - - } - current_char++; - } - return; -} - -void revert_acl(GRSTgaclUser *user, char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *file, char *dir_uri, char *admin_file){ - char *AclFilename; - GRSTgaclAcl *acl; - GRSThttpBody bp; - // Load the old ACL, add the entry and save - AclFilename=malloc(strlen(dir_path)+strlen(file)+2); - strcpy(AclFilename, dir_path); - strcat(AclFilename, "/"); - strcat(AclFilename, file); - - acl = GRSTgaclAclLoadFile(AclFilename); - check_acl_save(dn, perm, help_uri, dir_path, file, dir_uri, admin_file, user, acl, &bp); - return; -} diff --git a/org.gridsite.core/src/grst_admin_main.c b/org.gridsite.core/src/grst_admin_main.c deleted file mode 100644 index a9e9f0e..0000000 --- a/org.gridsite.core/src/grst_admin_main.c +++ /dev/null @@ -1,378 +0,0 @@ -/* - Andrew McNab and Shiv Kaushal, University of Manchester. - Copyright (c) 2002-5. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridsite.org/ * - *------------------------------------------------------------------*/ - -#ifndef VERSION -#define VERSION "x.x.x" -#endif - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -// when porting: remember that sendfile() is very OS-specific! -#include - -#include - -#include "grst_admin.h" - -/* - - GridSite human/interactive management interface. This should produce - a CGI executable, usually ./sbin/real-gridsite-admin.cgi, which is - called from HTML forms either by GET or POST methods or both (ie input - present in both QUERY_STRING and the stdin of the CGI process.) - - The CGI name/value pairs used are: - - cmd = edit, managedir, print, history - file = short name of file, without path - - If real-gridsite-admin.cgi is run by an internal redirection inside - mod_gridsite (as should ALWAYS be the case) then the environment - variable REDIRECT_GRST_DIR_PATH will be set to the full path of - the directory holding the file in question. This respects any complex - URI -> file path mapping done by Apache. - -*/ - -void GRSThttpError(char *status) -{ - printf("Status: %s\n", status); - printf("Server-CGI: GridSite Admin %s\n", VERSION); - printf("Content-Length: %d\n", 2 * strlen(status) + 58); - puts("Content-Type: text/html\n"); - - printf("%s\n", status); - printf("

%s

\n", status); - - exit(0); -} - -void adminfooter(GRSThttpBody *bp, char *dn, char *help_uri, char *dir_uri, - char *admin_file) -{ - GRSThttpPrintf(bp, "

\n"); - - if (dn != NULL) GRSThttpPrintf(bp, "

You are %s
\n", dn); - else GRSThttpPrintf(bp, "
\n"); - - if (admin_file != NULL) - GRSThttpPrintf(bp, "" - "Manage directory .\n", - dir_uri, admin_file); - else GRSThttpPrintf(bp, "" - "Back to directory .\n", dir_uri); - - if (help_uri != NULL) - GRSThttpPrintf(bp, "Website Help .\n", help_uri); - - if ((getenv("GRST_NO_LINK") == NULL) && - (getenv("REDIRECT_GRST_NO_LINK") == NULL)) - GRSThttpPrintf(bp, "Built with " - "GridSite %s\n", - VERSION); - - GRSThttpPrintf(bp, "\n"); -} - -int GRSTstrCmpShort(char *long_s, char *short_s) -{ - while (*short_s != '\0') - { - if (*long_s > *short_s) return +1; - if (*long_s < *short_s) return -1; - - ++long_s; - ++short_s; - } - - return 0; -} - -char *makevfilename(char *publicname, size_t size, char *dn) -{ - int i; - char *ext, *vfilename, *encpublicname, *encdn, *p; - struct timeval tv_now; - - gettimeofday(&tv_now, NULL); - - ext = rindex(publicname, '.'); - if (ext == NULL) ext = ""; - - encpublicname = GRSThttpUrlEncode(publicname); - for (p=encpublicname; *p != '\0'; ++p) if (*p == '%') *p = '='; - - encdn = GRSThttpUrlEncode(dn); - for (p=encdn; *p != '\0'; ++p) if (*p == '%') *p = '='; - - /* we used zero-padding for times so - alphanumeric sorting will sort chronologically too */ - - asprintf(&vfilename, "%s:%s:%08X:%05X:%X:%s:%s", GRST_HIST_PREFIX, - encpublicname, tv_now.tv_sec, tv_now.tv_usec, size, encdn, ext); - - return vfilename; -} - -void justheader(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *dir_uri, char *admin_file) -{ - GRSThttpBody bp; - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_HEADFILE); - - GRSThttpWriteOut(&bp); -} - -void justfooter(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, - char *dir_uri, char *admin_file) -{ - GRSThttpBody bp; - - puts("Status: 200 OK\nContent-Type: text/html"); - - GRSThttpBodyInit(&bp); - - if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasWrite(perm) - || GRSTgaclPermHasAdmin(perm)) - adminfooter(&bp, dn, help_uri, dir_uri, admin_file); - - GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); - - GRSThttpWriteOut(&bp); -} - -int main() -{ - int i, gsiproxylimit_i = 1; - char *cmd, *dir_uri, *file, *dir_path, *admin_file, *dn = NULL, - *help_uri, *p, *content_type, *request_uri, *button, - *grst_cred_0, *gsiproxylimit, *dn_lists, buf[12]; - GRSTgaclCred *cred; - GRSTgaclUser *user = NULL; - GRSTgaclAcl *acl; - GRSTgaclPerm perm = GRST_PERM_NONE; - - help_uri = getenv("REDIRECT_GRST_HELP_URI"); /* can be NULL */ - admin_file = getenv("REDIRECT_GRST_ADMIN_FILE"); - dir_path = getenv("REDIRECT_GRST_DIR_PATH"); - request_uri = getenv("REQUEST_URI"); - - if ((dir_path == NULL) || (admin_file == NULL) || (request_uri == NULL)) - { - puts("Status: 500 Internal Server Error\nContent-type: text/plain\n\n" - "REDIRECT_GRST_DIR_PATH or REDIRECT_GRST_ADMIN_FILE " - "or REQUEST_URI missing"); - return; - } - - GRSTgaclInit(); - - grst_cred_0 = getenv("GRST_CRED_0"); - - if ((grst_cred_0 != NULL) && (cred = GRSTx509CompactToCred(grst_cred_0))) - { - gsiproxylimit = getenv("REDIRECT_GRST_GSIPROXY_LIMIT"); - if (gsiproxylimit != NULL) sscanf(gsiproxylimit, "%d", &gsiproxylimit_i); - - if (GRSTgaclCredGetDelegation(cred) <= gsiproxylimit_i) - { - user = GRSTgaclUserNew(cred); - - if ((p = index(grst_cred_0, ' ')) && - (p = index(++p, ' ')) && - (p = index(++p, ' ')) && - (p = index(++p, ' '))) dn = &p[1]; - } - /* User has a cert so check for voms attributes */ - for(i=1; ; i++) - { - sprintf (buf, "GRST_CRED_%d", i); - - - grst_cred_0 = getenv(buf); - if (grst_cred_0==NULL) break; - - if (cred=GRSTx509CompactToCred(grst_cred_0)) - GRSTgaclUserAddCred(user, cred); - } - /* no more voms attributes found found */ - } - else if ((dn = getenv("SSL_CLIENT_S_DN")) != NULL) - { - cred = GRSTgaclCredNew("person"); - GRSTgaclCredAddValue(cred, "dn", dn); - user = GRSTgaclUserNew(cred); - } - - dn_lists = getenv("REDIRECT_GRST_DN_LISTS"); - if (dn_lists == NULL) dn_lists = getenv("GRST_DN_LISTS"); - if (dn_lists != NULL) GRSTgaclUserSetDNlists(user, dn_lists); - - if (GRSTgaclDNlistHasUser(getenv("REDIRECT_GRST_ADMIN_LIST"), - user)) perm = GRST_PERM_ALL; - else - { - p = getenv("REMOTE_HOST"); - if (p != NULL) - { - cred = GRSTgaclCredNew("dns"); - GRSTgaclCredAddValue(cred, "hostname", p); - - if (user == NULL) user = GRSTgaclUserNew(cred); - else GRSTgaclUserAddCred(user, cred); - } - - acl = GRSTgaclAclLoadforFile(dir_path); - if (acl != NULL) perm = GRSTgaclAclTestUser(acl, user); - } - - /* we're relying on being a CGI with all this un-free()ed strdup()ing */ - - dir_uri = strdup(request_uri); - p = rindex(dir_uri, '?'); - if (p != NULL) *p = '\0'; - p = rindex(dir_uri, '/'); - if (p != NULL) p[1] = '\0'; - - content_type = getenv("CONTENT_TYPE"); - - if ((content_type != NULL) && - (GRSTstrCmpShort(content_type, "multipart/form-data; boundary=") == 0)) - { - uploadfile(dn, perm, help_uri, dir_path, dir_uri, admin_file); - return 0; - } - - cmd = GRSThttpGetCGI("cmd"); - file = GRSThttpGetCGI("file"); - button = GRSThttpGetCGI("button"); - - /* file and directory functions in grst_admin_file.c */ - - if (strcmp(cmd, "header") == 0) - justheader(dn, perm, help_uri, dir_path, dir_uri, admin_file); - else if (strcmp(cmd, "footer") == 0) - justfooter(dn, perm, help_uri, dir_path, dir_uri, admin_file); - else if (strcmp(cmd, "managedir") == 0) - managedir(dn, perm, help_uri, dir_path, dir_uri, admin_file); - else if (strcmp(cmd, "print") == 0) - printfile(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "history") == 0) - filehistory(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "editdnlist") == 0) - editdnlistform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "edit") == 0) - { - if ((strcasecmp(button, "new directory") == 0) || - (strcasecmp(button, "Create") == 0)) - newdirectory(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else - editfileform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - } - else if (strcmp(cmd, "editaction") == 0) - editfileaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "editdnlistaction") == 0) - editdnlistaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "delete") == 0) - deletefileform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "deleteaction") == 0) - deletefileaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "rename") == 0) - renameform(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "renameaction") == 0) - renameaction(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "ziplist") == 0) - ziplist(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "unzipfile") == 0) - unzipfile(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "create_acl") == 0) - create_acl(dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - - /* GACL functions in grst_admin_gacl.c */ - - else if (strcmp(cmd, "show_acl") == 0) - show_acl(0, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "admin_acl") == 0) - show_acl(1, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "acl_history") == 0) - show_acl(2, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd, "revert_acl") == 0) - revert_acl(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - //show_acl(2, user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"new_entry_form")==0) - new_entry_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"new_entry")==0) - new_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"del_entry_sure")==0) - del_entry_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"del_entry")==0) - del_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"edit_entry_form")==0) - edit_entry_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"edit_entry")==0) - edit_entry(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"add_cred_form")==0) - add_cred_form(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"add_cred")==0) - add_cred(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"del_cred_sure")==0) - del_cred_sure(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - else if (strcmp(cmd,"del_cred")==0) - del_cred(user, dn, perm, help_uri, dir_path, file, dir_uri, admin_file); - - /* you what? */ - - else GRSThttpError("500 Internal Server Error"); -} diff --git a/org.gridsite.core/src/grst_asn1.c b/org.gridsite.core/src/grst_asn1.c deleted file mode 100644 index bc92a87..0000000 --- a/org.gridsite.core/src/grst_asn1.c +++ /dev/null @@ -1,506 +0,0 @@ - -#define _GNU_SOURCE -#include -#include - -#include -#include -#include - -#include -#include -#include - -#include "gridsite.h" - -/// ASN1 time string (in a char *) to time_t -/** - * (Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if - * necessary) - */ - -time_t GRSTasn1TimeToTimeT(char *asn1time, size_t len) -{ - char zone; - struct tm time_tm; - - if (len == 0) len = strlen(asn1time); - - if ((len != 13) && (len != 15)) return 0; /* dont understand */ - - if ((len == 13) && - ((sscanf(asn1time, "%02d%02d%02d%02d%02d%02d%c", - &(time_tm.tm_year), - &(time_tm.tm_mon), - &(time_tm.tm_mday), - &(time_tm.tm_hour), - &(time_tm.tm_min), - &(time_tm.tm_sec), - &zone) != 7) || (zone != 'Z'))) return 0; /* dont understand */ - - if ((len == 15) && - ((sscanf(asn1time, "20%02d%02d%02d%02d%02d%02d%c", - &(time_tm.tm_year), - &(time_tm.tm_mon), - &(time_tm.tm_mday), - &(time_tm.tm_hour), - &(time_tm.tm_min), - &(time_tm.tm_sec), - &zone) != 7) || (zone != 'Z'))) return 0; /* dont understand */ - - /* time format fixups */ - - if (time_tm.tm_year < 90) time_tm.tm_year += 100; - --(time_tm.tm_mon); - - return timegm(&time_tm); -} - -/* this function is taken from OpenSSL without modification */ - -static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, - int indent) - { - static const char fmt[]="%-18s"; - static const char fmt2[]="%2d %-15s"; - char str[128]; - const char *p,*p2=NULL; - - if (constructed & V_ASN1_CONSTRUCTED) - p="cons: "; - else - p="prim: "; - if (BIO_write(bp,p,6) < 6) goto err; -#if OPENSSL_VERSION_NUMBER >= 0x0090701fL - BIO_indent(bp,indent,128); -#endif - - p=str; - if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - sprintf(str,"priv [ %d ] ",tag); - else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - sprintf(str,"cont [ %d ]",tag); - else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - sprintf(str,"appl [ %d ]",tag); - else p = ASN1_tag2str(tag); - - if (p2 != NULL) - { - if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; - } - else - { - if (BIO_printf(bp,fmt,p) <= 0) goto err; - } - return(1); -err: - return(0); - } - -static void GRSTasn1AddToTaglist(struct GRSTasn1TagList taglist[], - int maxtag, int *lasttag, - char *treecoords, int start, int headerlength, - int length, int tag) -{ - if ((strlen(treecoords) > GRST_ASN1_MAXCOORDLEN) || - (*lasttag + 1 > maxtag)) return; - - ++(*lasttag); - - strncpy(taglist[*lasttag].treecoords, treecoords, GRST_ASN1_MAXCOORDLEN+1); - taglist[*lasttag].start = start; - taglist[*lasttag].headerlength = headerlength; - taglist[*lasttag].length = length; - taglist[*lasttag].tag = tag; -} - -int GRSTasn1SearchTaglist(struct GRSTasn1TagList taglist[], - int lasttag, char *treecoords) -{ - int i; - - for (i=0; i <= lasttag; ++i) - { - if (strcmp(treecoords, taglist[i].treecoords) == 0) return i; - } - - return -1; -} - -static int GRSTasn1PrintPrintable(BIO *bp, char *str, int length) -{ - int ret = 0; - char *dup, *p; - - dup = strndup(str, length); - - for (p=dup; *p != '\0'; ++p) if ((*p < ' ') || (*p > '~')) *p = '.'; - - if (bp != NULL) ret = BIO_write(bp, dup, strlen(dup)); - - free(dup); - - return ret; -} - -static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset, - int depth, int indent, int dump, char *treecoords, - struct GRSTasn1TagList taglist[], int maxtag, int *lasttag) - { - int sibling = 0; - char sibtreecoords[512]; - - unsigned char *p,*ep,*tot,*op,*opp; - long len; - int tag,xclass,ret=0; - int nl,hl,j,r; - ASN1_OBJECT *o=NULL; - ASN1_OCTET_STRING *os=NULL; - int dump_indent; - - - dump_indent = 6; /* Because we know BIO_dump_indent() */ - p= *pp; - tot=p+length; - op=p-1; - while ((p < tot) && (op < p)) - { - op=p; - j=ASN1_get_object(&p,&len,&tag,&xclass,length); - - if (j & 0x80) - { - if ((bp != NULL) && - (BIO_write(bp,"Error in encoding\n",18) <= 0)) - goto end; - ret=0; - goto end; - } - hl=(p-op); - length-=hl; - - ++sibling; - sprintf(sibtreecoords, "%s-%d", treecoords, sibling); - - GRSTasn1AddToTaglist(taglist, maxtag, lasttag, sibtreecoords, - (int)offset+(int)(op - *pp), - (int) hl, len, tag); - - if (bp != NULL) - { - BIO_printf(bp, " %s %ld %ld %d %d ", sibtreecoords, - (long)offset+(long)(op - *pp), hl, len, tag); - - GRSTasn1PrintPrintable(bp, p, -// &((*pp)[(long)offset+(long)(op - *pp)+hl]), - (len > 30) ? 30 : len); - - BIO_printf(bp, "\n"); - } - - - /* if j == 0x21 it is a constructed indefinite length object */ - if ((bp != NULL) && - (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) - <= 0)) goto end; - - if (j != (V_ASN1_CONSTRUCTED | 1)) - { - if ((bp != NULL) && - (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", - depth,(long)hl,len) <= 0)) - goto end; - } - else - { - if ((bp != NULL) && - (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", - depth,(long)hl) <= 0)) - goto end; - } - if ((bp != NULL) && - !asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) - goto end; - if (j & V_ASN1_CONSTRUCTED) - { - ep=p+len; - if ((bp != NULL) && - (BIO_write(bp,"\n",1) <= 0)) goto end; - if (len > length) - { - if (bp != NULL) BIO_printf(bp, - "length is greater than %ld\n",length); - ret=0; - goto end; - } - if ((j == 0x21) && (len == 0)) - { - for (;;) - { - r=GRSTasn1Parse2(bp,&p,(long)(tot-p), - offset+(p - *pp),depth+1, - indent,dump,sibtreecoords, - taglist, maxtag, lasttag); - if (r == 0) { ret=0; goto end; } - if ((r == 2) || (p >= tot)) break; - } - } - else - while (p < ep) - { - r=GRSTasn1Parse2(bp,&p,(long)len, - offset+(p - *pp),depth+1, - indent,dump,sibtreecoords, - taglist, maxtag, lasttag); - if (r == 0) { ret=0; goto end; } - } - } - else if (xclass != 0) - { - p+=len; - if ((bp != NULL) && - (BIO_write(bp,"\n",1) <= 0)) goto end; - } - else - { - nl=0; - if ( (tag == V_ASN1_PRINTABLESTRING) || - (tag == V_ASN1_T61STRING) || - (tag == V_ASN1_IA5STRING) || - (tag == V_ASN1_VISIBLESTRING) || - (tag == V_ASN1_UTCTIME) || - (tag == V_ASN1_GENERALIZEDTIME)) - { - if ((bp != NULL) && - (BIO_write(bp,":",1) <= 0)) goto end; - if ((len > 0) && (bp != NULL) && - BIO_write(bp,(char *)p,(int)len) - != (int)len) - goto end; - } - else if (tag == V_ASN1_OBJECT) - { - opp=op; - if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) - { - if (bp != NULL) - { - if (BIO_write(bp,":",1) <= 0) goto end; - i2a_ASN1_OBJECT(bp,o); - } - } - else - { - if ((bp != NULL) && - (BIO_write(bp,":BAD OBJECT",11) <= 0)) - goto end; - } - } - else if (tag == V_ASN1_BOOLEAN) - { - int ii; - - opp=op; - ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); - if (ii < 0) - { - if ((bp != NULL) && - (BIO_write(bp,"Bad boolean\n",12))) - goto end; - } - if (bp != NULL) BIO_printf(bp,":%d",ii); - } - else if (tag == V_ASN1_BMPSTRING) - { - /* do the BMP thang */ - } - else if (tag == V_ASN1_OCTET_STRING) - { - int i; - - opp=op; - os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); - if (os != NULL) - { - opp=os->data; - - if (os->length > 0) - { - if ((bp != NULL) && - (BIO_write(bp,":",1) <= 0)) - goto end; - if ((bp != NULL) && - (GRSTasn1PrintPrintable(bp, - opp, - os->length) <= 0)) - goto end; - } - - M_ASN1_OCTET_STRING_free(os); - os=NULL; - } - } - else if (tag == V_ASN1_INTEGER) - { - ASN1_INTEGER *bs; - int i; - - opp=op; - bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); - if (bs != NULL) - { - if ((bp != NULL) && - (BIO_write(bp,":",1) <= 0)) goto end; - if (bs->type == V_ASN1_NEG_INTEGER) - if ((bp != NULL) && - (BIO_write(bp,"-",1) <= 0)) - goto end; - for (i=0; ilength; i++) - { - if ((bp != NULL) && - (BIO_printf(bp,"%02X", - bs->data[i]) <= 0)) - goto end; - } - if (bs->length == 0) - { - if ((bp != NULL) && - (BIO_write(bp,"00",2) <= 0)) - goto end; - } - } - else - { - if ((bp != NULL) && - (BIO_write(bp,"BAD INTEGER",11) <= 0)) - goto end; - } - M_ASN1_INTEGER_free(bs); - } - else if (tag == V_ASN1_ENUMERATED) - { - ASN1_ENUMERATED *bs; - int i; - - opp=op; - bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); - if (bs != NULL) - { - if ((bp != NULL) && - (BIO_write(bp,":",1) <= 0)) goto end; - if (bs->type == V_ASN1_NEG_ENUMERATED) - if ((bp != NULL) && - (BIO_write(bp,"-",1) <= 0)) - goto end; - for (i=0; ilength; i++) - { - if ((bp != NULL) && - (BIO_printf(bp,"%02X", - bs->data[i]) <= 0)) - goto end; - } - if (bs->length == 0) - { - if ((bp != NULL) && - (BIO_write(bp,"00",2) <= 0)) - goto end; - } - } - else - { - if ((bp != NULL) && - (BIO_write(bp,"BAD ENUMERATED",11) <= 0)) - goto end; - } - M_ASN1_ENUMERATED_free(bs); - } - else if (len > 0 && dump) - { - if (!nl) - { - if ((bp != NULL) && - (BIO_write(bp,"\n",1) <= 0)) - goto end; - } - if ((bp != NULL) && - (BIO_dump_indent(bp,(char *)p, - ((dump == -1 || dump > len)?len:dump), - dump_indent) <= 0)) - goto end; - nl=1; - } - - if (!nl) - { - if ((bp != NULL) && - (BIO_write(bp,"\n",1) <= 0)) goto end; - } - p+=len; - if ((tag == V_ASN1_EOC) && (xclass == 0)) - { - ret=2; /* End of sequence */ - goto end; - } - } - - length-=len; - } - ret=1; -end: - if (o != NULL) ASN1_OBJECT_free(o); - if (os != NULL) M_ASN1_OCTET_STRING_free(os); - *pp=p; - return(ret); - } - -int GRSTasn1ParseDump(BIO *bp, unsigned char *pp, long len, - struct GRSTasn1TagList taglist[], - int maxtag, int *lasttag) - { - return(GRSTasn1Parse2(bp,&pp,len,0,0,0,0,"", - taglist, maxtag, lasttag)); - } - -int GRSTasn1GetX509Name(char *x509name, int maxlength, char *coords, - char *asn1string, - struct GRSTasn1TagList taglist[], int lasttag) -{ - int i, iobj, istr, n, len = 0; - ASN1_OBJECT *obj = NULL; - unsigned char coordstmp[81], *q; - const unsigned char *shortname; - - for (i=1; ; ++i) - { - snprintf(coordstmp, sizeof(coordstmp), coords, i, 1); - iobj = GRSTasn1SearchTaglist(taglist, lasttag, coordstmp); - if (iobj < 0) break; - - snprintf(coordstmp, sizeof(coordstmp), coords, i, 2); - istr = GRSTasn1SearchTaglist(taglist, lasttag, coordstmp); - if (istr < 0) break; - - q = &asn1string[taglist[iobj].start]; - d2i_ASN1_OBJECT(&obj, &q, taglist[iobj].length + - taglist[iobj].headerlength); - - n = OBJ_obj2nid(obj); -// free obj now? - shortname = OBJ_nid2sn(n); - - if (len + 2 + strlen(shortname) + taglist[istr].length >= maxlength) - { - x509name[0] = '\0'; - return GRST_RET_FAILED; - } - - sprintf(&x509name[len], "/%s=%.*s", shortname, - taglist[istr].length, - &asn1string[taglist[istr].start+taglist[istr].headerlength]); - len += 2 + strlen(shortname) + taglist[istr].length; - } - - x509name[len] = '\0'; - - return (x509name[0] != '\0') ? GRST_RET_OK : GRST_RET_FAILED; -} diff --git a/org.gridsite.core/src/grst_gacl.c b/org.gridsite.core/src/grst_gacl.c deleted file mode 100644 index 336c853..0000000 --- a/org.gridsite.core/src/grst_gacl.c +++ /dev/null @@ -1,1178 +0,0 @@ -/* - Copyright (c) 2002-3, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/*---------------------------------------------------------------* - * For more information about GridSite: http://www.gridsite.org/ * - *---------------------------------------------------------------*/ - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE -#endif -#include - -#include -#include -#include - -#include "gridsite.h" - -/* * - * Global variables, shared by all GACL functions by private to libgacl * - * */ - -char *grst_perm_syms[] = { "none", - "read", - "exec", - "list", - "write", - "admin", - NULL }; - -GRSTgaclPerm grst_perm_vals[] = { GRST_PERM_NONE, - GRST_PERM_READ, - GRST_PERM_EXEC, - GRST_PERM_LIST, - GRST_PERM_WRITE, - GRST_PERM_ADMIN, - -1 }; - -int GRSTgaclInit(void) -{ - xmlInitParser(); - - LIBXML_TEST_VERSION - - xmlKeepBlanksDefault(0); - - return 1; -} - -/* declare these two private functions at the start */ - -GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *); -GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *); - -/* * - * Functions to manipulate GRSTgaclCred structures * - * */ - -GRSTgaclCred *GRSTgaclCredNew(char *type) -/* - GRSTgaclCredNew - allocate a new GRSTgaclCred structure, and return - it's pointer or NULL on (malloc) error. -*/ -{ - GRSTgaclCred *newcred; - - if (type == NULL) return NULL; - - newcred = malloc(sizeof(GRSTgaclCred)); - if (newcred == NULL) return NULL; - - newcred->type = strdup(type); - newcred->delegation = 0; - newcred->firstname = NULL; - newcred->next = NULL; - - return newcred; -} - -int GRSTgaclCredAddValue(GRSTgaclCred *cred, char *rawname, char *rawvalue) -/* - GRSTgaclCredAddValue - add a name/value pair to a GRSTgaclCred -*/ -{ - int i; - char *name, *value; - GRSTgaclNamevalue *p; - - name = strdup(rawname); - - /* no leading or trailing space in value */ - - value = rawvalue; - while ((*value != '\0') && isspace(*value)) ++value; - - value = strdup(value); - - for (i=strlen(value) - 1; (i >= 0) && isspace(value[i]); --i) value[i]='\0'; - - if (cred->firstname == NULL) - { - cred->firstname = malloc(sizeof (GRSTgaclNamevalue)); - (cred->firstname)->name = name; - (cred->firstname)->value = value; - (cred->firstname)->next = NULL; - } - else - { - p = cred->firstname; - - while (p->next != NULL) p = (GRSTgaclNamevalue *) p->next; - - p->next = malloc(sizeof(GRSTgaclNamevalue)); - ((GRSTgaclNamevalue *) p->next)->name = name; - ((GRSTgaclNamevalue *) p->next)->value = value; - ((GRSTgaclNamevalue *) p->next)->next = NULL; - } - - return 1; -} - -static int GRSTgaclNamevalueFree(GRSTgaclNamevalue *p) -{ - if (p == NULL) return 1; - - if (p->next != NULL) - GRSTgaclNamevalueFree((GRSTgaclNamevalue *) p->next); - if (p->name != NULL) free(p->name); - if (p->value != NULL) free(p->value); - free(p); - - return 1; -} - -int GRSTgaclCredFree(GRSTgaclCred *cred) -/* - GRSTgaclCredFree - free memory structures of a GRSTgaclCred, - returning 1 always! -*/ -{ - if (cred == NULL) return 1; - - GRSTgaclNamevalueFree(cred->firstname); - if (cred->type != NULL) free(cred->type); - free(cred); - - return 1; -} - -static int GRSTgaclCredsFree(GRSTgaclCred *firstcred) -/* - GRSTgaclCredsFree - free a cred and all the creds in its *next chain -*/ -{ - if (firstcred == NULL) return 0; - - if (firstcred->next != NULL) GRSTgaclCredsFree(firstcred->next); - - return GRSTgaclCredFree(firstcred); -} - -static int GRSTgaclCredInsert(GRSTgaclCred *firstcred, GRSTgaclCred *newcred) -/* - GRSTgaclCredInsert - insert a cred in the *next chain of firstcred - - FOR THE MOMENT THIS JUST APPENDS! -*/ -{ - if (firstcred == NULL) return 0; - - if (firstcred->next == NULL) - { - firstcred->next = newcred; - return 1; - } - - return GRSTgaclCredInsert(firstcred->next, newcred); -} - -int GRSTgaclEntryAddCred(GRSTgaclEntry *entry, GRSTgaclCred *cred) -/* - GRSTaddCred - add a new credential to an existing entry, returning 1 - on success or 0 on error -*/ -{ - if (entry == NULL) return 0; - - if (entry->firstcred == NULL) - { - entry->firstcred = cred; - return 1; - } - else return GRSTgaclCredInsert(entry->firstcred, cred); -} - -static int GRSTgaclCredRemoveCred(GRSTgaclCred *firstcred, GRSTgaclCred *oldcred) -/* - (Private) - - GRSTgaclCredRemoveCred - remove a cred in the *next chain of firstcred - and relink the chain -*/ -{ - if (firstcred == NULL) return 0; - -// yeah, I know -} - -int GRSTgaclEntryDelCred(GRSTgaclEntry *entry, GRSTgaclCred *cred) -/* - GRSTgaclEntryDelCred - remove a new cred from an entry, returning 1 - on success (or absense) or 0 on error. -*/ -{ - if (entry == NULL) return 0; - - return GRSTgaclCredRemoveCred(entry->firstcred, cred); -} - -int GRSTgaclCredPrint(GRSTgaclCred *cred, FILE *fp) -/* - GRSTgaclCredPrint - print a credential and any name-value pairs is contains -*/ -{ - char *q; - GRSTgaclNamevalue *p; - - if (cred->firstname != NULL) - { - fprintf(fp, "<%s>\n", cred->type); - - p = cred->firstname; - - do { - fprintf(fp, "<%s>", p->name); - - for (q=p->value; *q != '\0'; ++q) - if (*q == '<') fputs("<", fp); - else if (*q == '>') fputs(">", fp); - else if (*q == '&') fputs("&" , fp); - else if (*q == '\'') fputs("'", fp); - else if (*q == '"') fputs(""", fp); - else fputc(*q, fp); - - fprintf(fp, "\n", p->name); - - p = (GRSTgaclNamevalue *) p->next; - - } while (p != NULL); - - fprintf(fp, "\n", cred->type); - } - else fprintf(fp, "<%s/>\n", cred->type); - - return 1; -} - -/* * - * Functions to manipulate GRSTgaclEntry structures * - * */ - -GRSTgaclEntry *GRSTgaclEntryNew(void) -/* - GRSTgaclEntryNew - allocate space for a new entry, returning its pointer - or NULL on failure. -*/ -{ - GRSTgaclEntry *newentry; - - newentry = (GRSTgaclEntry *) malloc(sizeof(GRSTgaclEntry)); - if (newentry == NULL) return NULL; - - newentry->firstcred = NULL; - newentry->allowed = 0; - newentry->denied = 0; - newentry->next = NULL; - - return newentry; -} - -int GRSTgaclEntryFree(GRSTgaclEntry *entry) -/* - GRSTgaclEntryFree - free up space used by an entry (always returns 1) -*/ -{ - int i; - - if (entry == NULL) return 1; - - GRSTgaclCredsFree(entry->firstcred); - - free(entry); - - return 1; -} - -static int GRSTgaclEntriesFree(GRSTgaclEntry *entry) -/* - GRSTgaclEntriesFree - free up entry and all entries linked to in its *next - chain -*/ -{ - if (entry == NULL) return 0; - - if (entry->next != NULL) GRSTgaclEntriesFree(entry->next); - - return GRSTgaclEntryFree(entry); -} - -static int GRSTgaclEntryInsert(GRSTgaclEntry *firstentry, GRSTgaclEntry *newentry) -/* - GRSTgaclEntryInsert - insert an entry in the *next chain of firstentry - - FOR THE MOMENT THIS JUST APPENDS -*/ -{ - if (firstentry == NULL) return 0; - - if (firstentry->next == NULL) - { - firstentry->next = newentry; - return 1; - } - - return GRSTgaclEntryInsert(firstentry->next, newentry); -} - -int GRSTgaclAclAddEntry(GRSTgaclAcl *acl, GRSTgaclEntry *entry) -/* - GRSTgaclAclAddEntry - add a new entry to an existing acl, returning 1 - on success or 0 on error -*/ -{ - if (acl == NULL) return 0; - - if (acl->firstentry == NULL) - { - acl->firstentry = entry; - return 1; - } - else return GRSTgaclEntryInsert(acl->firstentry, entry); -} - -int GRSTgaclEntryPrint(GRSTgaclEntry *entry, FILE *fp) -{ - GRSTgaclCred *cred; - GRSTgaclPerm i; - - fputs("\n", fp); - - for (cred = entry->firstcred; cred != NULL; cred = cred->next) - GRSTgaclCredPrint(cred, fp); - - if (entry->allowed) - { - fputs("", fp); - - for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i) - if ((entry->allowed) & i) GRSTgaclPermPrint(i, fp); - - fputs("\n", fp); - } - - - if (entry->denied) - { - fputs("", fp); - - for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i) - if (entry->denied & i) GRSTgaclPermPrint(i, fp); - - fputs("\n", fp); - } - - fputs("\n", fp); - - return 1; -} - -/* * - * Functions to manipulate GRSTgaclPerm items * - * */ - -int GRSTgaclPermPrint(GRSTgaclPerm perm, FILE *fp) -{ - GRSTgaclPerm i; - - for (i=GRST_PERM_READ; grst_perm_syms[i] != NULL; ++i) - if (perm == grst_perm_vals[i]) - { - fprintf(fp, "<%s/>", grst_perm_syms[i]); - return 1; - } - - return 0; -} - -int GRSTgaclEntryAllowPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm) -{ - entry->allowed = entry->allowed | perm; - - return 1; -} - -int GRSTgaclEntryUnallowPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm) -{ - entry->allowed = entry->allowed & ~perm; - - return 1; -} - -int GRSTgaclEntryDenyPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm) -{ - entry->denied = entry->denied | perm; - - return 1; -} - -int GRSTgaclEntryUndenyPerm(GRSTgaclEntry *entry, GRSTgaclPerm perm) -{ - entry->denied = entry->denied & ~perm; - - return 1; -} - -char *GRSTgaclPermToChar(GRSTgaclPerm perm) -/* - GRSTgaclPermToChar - return char * or NULL corresponding to most significant - set bit of perm. -*/ -{ - char *p = NULL; - GRSTgaclPerm i; - - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (perm & grst_perm_vals[i]) p = grst_perm_syms[i]; - - return p; -} - -GRSTgaclPerm GRSTgaclPermFromChar(char *s) -/* - GRSTgaclPermToChar - return access perm corresponding to symbol s[] -*/ -{ - GRSTgaclPerm i; - - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (strcasecmp(grst_perm_syms[i], s) == 0) return grst_perm_vals[i]; - - return -1; -} - -/* * - * Functions to manipulate GRSTgaclAcl structures * - * */ - -GRSTgaclAcl *GRSTgaclAclNew(void) -/* - GRSTgaclAclNew - allocate a new acl and return its pointer (or NULL - on failure.) -*/ -{ - GRSTgaclAcl *newacl; - - newacl = (GRSTgaclAcl *) malloc(sizeof(GRSTgaclAcl)); - if (newacl == NULL) return NULL; - - newacl->firstentry = NULL; - - return newacl; -} - -int GRSTgaclAclFree(GRSTgaclAcl *acl) -/* - GRSTgaclAclFree - free up space used by *acl. Always returns 1. -*/ -{ - if (acl == NULL) return 1; - - GRSTgaclEntriesFree(acl->firstentry); - - return 1; -} - -int GRSTgaclAclPrint(GRSTgaclAcl *acl, FILE *fp) -{ - GRSTgaclEntry *entry; - - fputs("\n", fp); - - for (entry = acl->firstentry; entry != NULL; entry = entry->next) - GRSTgaclEntryPrint(entry, fp); - - fputs("\n", fp); - - return 1; -} - -int GRSTgaclAclSave(GRSTgaclAcl *acl, char *filename) -{ - int ret; - FILE *fp; - - fp = fopen(filename, "w"); - if (fp == NULL) return 0; - - fputs("\n", fp); - - ret = GRSTgaclAclPrint(acl, fp); - - fclose(fp); - - return ret; -} - -/* * - * Functions for loading and parsing XML using libxml * - * */ - -// need to check these for libxml memory leaks? - what needs to be freed? - -static GRSTgaclCred *GRSTgaclCredParse(xmlNodePtr cur) -/* - GRSTgaclCredParse - parse a credential stored in the libxml structure cur, - returning it as a pointer or NULL on error. -*/ -{ - xmlNodePtr cur2; - GRSTgaclCred *cred; - - cred = GRSTgaclCredNew((char *) cur->name); - - cred->firstname = NULL; - cred->next = NULL; - - for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) - { - GRSTgaclCredAddValue(cred, (char *) cur2->name, - (char *) xmlNodeGetContent(cur2)); - } - - return cred; -} - -static GRSTgaclEntry *GRSTgaclEntryParse(xmlNodePtr cur) -/* - GRSTgaclEntryParse - parse an entry stored in the libxml structure cur, - returning it as a pointer or NULL on error. -*/ -{ - int i; - xmlNodePtr cur2; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclPerm perm; - - if (xmlStrcmp(cur->name, (const xmlChar *) "entry") != 0) return NULL; - - cur = cur->xmlChildrenNode; - - entry = GRSTgaclEntryNew(); - - while (cur != NULL) - { - if (xmlStrcmp(cur->name, (const xmlChar *) "allow") == 0) - { - for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (xmlStrcmp(cur2->name, - (const xmlChar *) grst_perm_syms[i]) == 0) - GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]); - } - else if (xmlStrcmp(cur->name, (const xmlChar *) "deny") == 0) - { - for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (xmlStrcmp(cur2->name, - (const xmlChar *) grst_perm_syms[i]) == 0) - GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]); - } - else if ((cred = GRSTgaclCredParse(cur)) != NULL) - { - if (!GRSTgaclEntryAddCred(entry, cred)) - { - GRSTgaclCredFree(cred); - GRSTgaclEntryFree(entry); - return NULL; - } - } - else /* I cannot parse this - give up rather than get it wrong */ - { - GRSTgaclEntryFree(entry); - return NULL; - } - - cur=cur->next; - } - - return entry; -} - -GRSTgaclAcl *GRSTgaclAclLoadFile(char *filename) -{ - xmlDocPtr doc; - xmlNodePtr cur; - GRSTgaclAcl *acl; - - doc = xmlParseFile(filename); - if (doc == NULL) return NULL; - - cur = xmlDocGetRootElement(doc); - if (cur == NULL) - { - xmlFreeDoc(doc); - return NULL; - } - - if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy")) - { - acl=GRSTxacmlAclParse(doc, cur, acl); - } - else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl")) - { - acl=GRSTgaclAclParse(doc, cur, acl); - } - else /* ACL format not recognised */ - { - xmlFreeDoc(doc); - return NULL; - } - - xmlFreeDoc(doc); - return acl; -} - -GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr doc, xmlNodePtr cur, GRSTgaclAcl *acl) -{ - GRSTgaclEntry *entry; - - cur = cur->xmlChildrenNode; - - acl = GRSTgaclAclNew(); - - while (cur != NULL) - { - entry = GRSTgaclEntryParse(cur); - if (entry == NULL) - { - GRSTgaclAclFree(acl); - xmlFreeDoc(doc); - return NULL; - } - - GRSTgaclAclAddEntry(acl, entry); - - cur=cur->next; - } - - return acl; -} -int GRSTgaclFileIsAcl(char *pathandfile) -/* Return 1 if filename in *pathandfile starts GRST_ACL_FILE - Return 0 otherwise. */ -{ - char *filename; - - filename = rindex(pathandfile, '/'); - if (filename == NULL) filename = pathandfile; - else filename++; - - return (strncmp(filename, GRST_ACL_FILE, sizeof(GRST_ACL_FILE) - 1) == 0); -} - -char *GRSTgaclFileFindAclname(char *pathandfile) -/* Return malloc()ed ACL filename that governs the given file or directory - (for directories, the ACL file is in the directory itself), or NULL if none - can be found. */ -{ - int len; - char *path, *file, *p; - struct stat statbuf; - - len = strlen(pathandfile); - if (len == 0) return NULL; - - path = malloc(len + sizeof(GRST_ACL_FILE) + 2); - strcpy(path, pathandfile); - - if ((stat(path, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode) && - (path[len-1] != '/')) - { - strcat(path, "/"); - ++len; - } - - if (path[len-1] != '/') - { - p = rindex(pathandfile, '/'); - if (p != NULL) - { - file = &p[1]; - p = rindex(path, '/'); - sprintf(p, "/%s:%s", GRST_ACL_FILE, file); - - if (stat(path, &statbuf) == 0) return path; - - *p = '\0'; /* otherwise strip off any filename */ - } - } - - while (path[0] != '\0') - { - strcat(path, "/"); - strcat(path, GRST_ACL_FILE); - - if (stat(path, &statbuf) == 0) return path; - - p = rindex(path, '/'); - *p = '\0'; /* strip off the / we added for ACL */ - - p = rindex(path, '/'); - if (p == NULL) break; /* must start without / and we there now ??? */ - - *p = '\0'; /* strip off another layer of / */ - } - - free(path); - return NULL; -} - -GRSTgaclAcl *GRSTgaclAclLoadforFile(char *pathandfile) -/* Return ACL that governs the given file or directory (for directories, - the ACL file is in the directory itself.) */ -{ - char *path; - GRSTgaclAcl *acl; - - path = GRSTgaclFileFindAclname(pathandfile); - - if (path != NULL) - { - acl = GRSTgaclAclLoadFile(path); - free(path); - return acl; - } - - return NULL; -} - -/* * - * Functions to create and query GACLuser * - * */ - -GRSTgaclUser *GRSTgaclUserNew(GRSTgaclCred *cred) -{ - GRSTgaclUser *user; - - if (cred == NULL) return NULL; - - user = malloc(sizeof(GRSTgaclUser)); - - if (user != NULL) user->firstcred = cred; - - user->dnlists = NULL; - - return user; -} - -int GRSTgaclUserFree(GRSTgaclUser *user) -{ - if (user == NULL) return 1; - - if (user->firstcred != NULL) GRSTgaclCredsFree(user->firstcred); - - if (user->dnlists != NULL) free(user->dnlists); - - free(user); - - return 1; -} - -int GRSTgaclUserAddCred(GRSTgaclUser *user, GRSTgaclCred *cred) -{ - GRSTgaclCred *crediter; - - if ((user == NULL) || (cred == NULL)) return 0; - - if (user->firstcred == NULL) - { - user->firstcred = cred; - cred->next = NULL; /* so cannot be used to add whole lists */ - return 1; - } - - crediter = user->firstcred; - - while (crediter->next != NULL) crediter = crediter->next; - - crediter->next = cred; - cred->next = NULL; /* so cannot be used to add whole lists */ - - return 1; -} - -int GRSTgaclUserHasCred(GRSTgaclUser *user, GRSTgaclCred *cred) -/* test if the user has the given credential */ -{ - GRSTgaclCred *crediter; - GRSTgaclNamevalue *usernamevalue, *crednamevalue; - - - if (cred == NULL) return 0; - - if (strcmp(cred->type, "any-user") == 0) return 1; - - if (user == NULL) return 0; - - if (strcmp(cred->type, "dn-list") == 0) - { - if ((cred->firstname == NULL) || - (strcmp((cred->firstname)->name, "url") != 0) || - ((cred->firstname)->next != NULL)) return 0; - - return GRSTgaclDNlistHasUser((cred->firstname)->value, user); - } - - if (strcmp(cred->type, "dns") == 0) - { - if ((user->firstcred == NULL) || - ((user->firstcred)->firstname == NULL) || - (cred->firstname == NULL) || - (strcmp((cred->firstname)->name, "hostname") != 0) || - ((cred->firstname)->next != NULL)) return 0; - - for (crediter=user->firstcred; - crediter != NULL; - crediter = crediter->next) - if (strcmp(crediter->type, "dns") == 0) - { - if ((crediter->firstname == NULL) || - (strcmp((crediter->firstname)->name, "hostname") != 0)) return 0; - - return (fnmatch((cred->firstname)->value, - (crediter->firstname)->value, FNM_CASEFOLD) == 0); - } - - - return 0; - } - - if (strcmp(cred->type, "auth-user") == 0) - { - if ((user->firstcred == NULL) || - ((user->firstcred)->firstname == NULL)) return 0; - - for (crediter=user->firstcred; - crediter != NULL; - crediter = crediter->next) - if (strcmp(crediter->type, "person") == 0) return 1; - - return 0; - } - - for (crediter=user->firstcred; crediter != NULL; crediter = crediter->next) - { - if (strcmp(crediter->type, cred->type) != 0) continue; - - if ((crediter->firstname == NULL) && - (cred->firstname == NULL)) return 1; - - if ((crediter->firstname == NULL) || - (cred->firstname == NULL)) continue; - - usernamevalue = crediter->firstname; - crednamevalue = cred->firstname; - - for (;;) - { - if (strcmp(usernamevalue->name,crednamevalue->name) != 0) break; - - if (strcmp(cred->type, "person") == 0) - { - if (GRSTx509NameCmp(usernamevalue->value, - crednamevalue->value) != 0) break; - } - else if (strcmp(usernamevalue->value, - crednamevalue->value) != 0) break; - - /* ok if cred list runs out before user's cred list */ - if (crednamevalue->next == NULL) return 1; - - /* but not ok if more names to match which user doesn't have */ - if (usernamevalue->next == NULL) break; - - crednamevalue = (GRSTgaclNamevalue *) crednamevalue->next; - usernamevalue = (GRSTgaclNamevalue *) usernamevalue->next; - } - } - - return 0; -} - -GRSTgaclCred *GRSTgaclUserFindCredtype(GRSTgaclUser *user, char *type) -/* find the first credential of a given type for this user */ -{ - GRSTgaclCred *cred; - - if (user == NULL) return NULL; - - cred = user->firstcred; - - while (cred != NULL) - { - if (strcmp(cred->type, type) == 0) return cred; - - cred = cred->next; - } - - return NULL; -} - -int GRSTgaclUserSetDNlists(GRSTgaclUser *user, char *dnlists) -{ - if ((user == NULL) || (dnlists == NULL)) return 0; - - if (user->dnlists != NULL) free(user->dnlists); - - user->dnlists = strdup(dnlists); - - return 1; -} - -/* * - * Functions to test for access perm of an individual * - * */ - -static char *recurse4file(char *dir, char *file, int recurse_level) -/* try to find file[] in dir[]. try subdirs if not found. - return full path to first found version or NULL on failure */ -{ - char *fullfilename, *fulldirname; - struct stat statbuf; - DIR *dirDIR; - struct dirent *file_ent; - - /* try to find in current directory */ - - asprintf(&fullfilename, "%s/%s", dir, file); - if (stat(fullfilename, &statbuf) == 0) return fullfilename; - free(fullfilename); - - /* maybe search in subdirectories */ - - if (recurse_level >= GRST_RECURS_LIMIT) return NULL; - - dirDIR = opendir(dir); - - if (dirDIR == NULL) return NULL; - - while ((file_ent = readdir(dirDIR)) != NULL) - { - if (file_ent->d_name[0] == '.') continue; - - asprintf(&fulldirname, "%s/%s", dir, file_ent->d_name); - - if ((stat(fulldirname, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode) && - ((fullfilename = recurse4file(fulldirname, file, - recurse_level + 1)) != NULL)) - { - closedir(dirDIR); - return fullfilename; - } - - free(fulldirname); - } - - closedir(dirDIR); - - return NULL; -} - -int GRSTgaclDNlistHasUser(char *listurl, GRSTgaclUser *user) -{ - char *dn_lists_dirs, *dn_list_ptr, *enclisturl, *filename, *dirname, - line[512], *p; - FILE *fp; - GRSTgaclCred *cred; - - if ((listurl == NULL) || (user == NULL)) return 0; - - enclisturl = GRSThttpUrlEncode(listurl); - - if (user->dnlists != NULL) p = user->dnlists; - else p = getenv("GRST_DN_LISTS"); - - if (p == NULL) p = GRST_DN_LISTS; - dn_lists_dirs = strdup(p); /* we need to keep this for free() later! */ - dn_list_ptr = dn_lists_dirs; /* copy, for naughty function strsep() */ - - while ((dirname = strsep(&dn_list_ptr, ":")) != NULL) - { - filename = recurse4file(dirname, enclisturl, 0); - if (filename == NULL) continue; - - fp = fopen(filename, "r"); - free(filename); - - if (fp == NULL) continue; - - while (fgets(line, sizeof(line), fp) != NULL) - { - p = index(line, '\n'); - if (p != NULL) *p = '\0'; - - cred = user->firstcred; - - while (cred != NULL) - { - if ((strcmp(cred->type, "person") == 0) && - (cred->firstname != NULL) && - (strcmp("dn", (cred->firstname)->name) == 0) && - (GRSTx509NameCmp(line, (cred->firstname)->value) == 0)) - { - fclose(fp); - free(dn_lists_dirs); - free(enclisturl); - return 1; - } - - cred = cred->next; - } - } - - fclose(fp); - } - - free(dn_lists_dirs); - free(enclisturl); - - return 0; -} - -GRSTgaclPerm GRSTgaclAclTestUser(GRSTgaclAcl *acl, GRSTgaclUser *user) -/* - GACLgaclAclTestUser - return bit fields depending on access perms user has - for given acl. All zero for no access. If *user is - NULL, matching to "any-user" will still work. -*/ -{ - int flag, onlyanyuser; - GRSTgaclPerm allowperms = 0, denyperms = 0, allowed; - GRSTgaclEntry *entry; - GRSTgaclCred *cred, *usercred; - - if (acl == NULL) return 0; - - for (entry = acl->firstentry; entry != NULL; entry = entry->next) - { - flag = 1; /* begin by assuming this entry applies to us */ - onlyanyuser = 1; /* begin by assuming just */ - - /* now go through creds, checking they all do apply to us */ - - for (cred = entry->firstcred; cred != NULL; cred = cred->next) - if (!GRSTgaclUserHasCred(user, cred)) flag = 0; - else if (strcmp(cred->type, "any-user") != 0) onlyanyuser = 0; - - if (!flag) continue; /* flag false if a subtest failed */ - - /* does apply to us, so we remember this entry's perms */ - - /* we dont allow Write or Admin on the basis of any-user alone */ - - allowed = entry->allowed; - - if (onlyanyuser) - allowed = entry->allowed & ~GRST_PERM_WRITE & ~GRST_PERM_ADMIN; - else allowed = entry->allowed; - - allowperms = allowperms | allowed; - denyperms = denyperms | entry->denied; - } - - return (allowperms & (~ denyperms)); - /* for each perm type, any deny we saw kills any allow */ -} - -GRSTgaclPerm GRSTgaclAclTestexclUser(GRSTgaclAcl *acl, GRSTgaclUser *user) -/* - GRSTgaclAclTestexclUser - - return bit fields depending on ALLOW perms OTHER users - have for given acl. All zero if they have no access. - (used for testing if a user has exclusive access) -*/ -{ - int flag; - GRSTgaclPerm perm = 0; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - - if (acl == NULL) return 0; - - for (entry = acl->firstentry; entry != NULL; entry = entry->next) - { - flag = 0; /* flag will be set if cred implies other users */ - - for (cred = entry->firstcred; cred != NULL; cred = cred->next) - { - if (strcmp(cred->type, "person") != 0) - /* if we ever add support for other person-specific credentials, - they must also be recognised here */ - { - flag = 1; - break; - } - - if (!GRSTgaclUserHasCred(user, cred)) - /* if user doesnt have this person credential, assume - it refers to a different individual */ - { - flag = 1; - break; - } - } - - if (flag) perm = perm | entry->allowed; - } - - return perm; -} - -/* - Wrapper functions for gridsite-gacl.h support of legacy API -*/ - -GRSTgaclEntry *GACLparseEntry(xmlNodePtr cur) -{ - return GRSTgaclEntryParse(cur); -} diff --git a/org.gridsite.core/src/grst_htcp.c b/org.gridsite.core/src/grst_htcp.c deleted file mode 100644 index ec9672a..0000000 --- a/org.gridsite.core/src/grst_htcp.c +++ /dev/null @@ -1,311 +0,0 @@ -/* - Copyright (c) 2002-5, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef VERSION -#define VERSION "x.x.x" -#endif - -#define _GNU_SOURCE -#include - -#include -#include -#include -#include -#include - -#include "gridsite.h" - -int GRSThtcpNOPrequestMake(char **request, int *request_length, - unsigned int trans_id) -/* - Make a complete HTCP NOP request and return a pointer to malloc'd - memory pointing to it. -*/ -{ - *request_length = - asprintf(request,"%c%c" /* place holder for total length */ - "%c%c" /* HTCP version 0.0 */ - "%c%c" /* DATA length place holder */ - "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */ - "%c%c%c%c" /* TRANS-ID placeholder */ - "%c%c", /* AUTH (LENGTH=2 means no AUTH) */ - 0, 0, - 0, 0, - 0, 0, - GRSThtcpNOPop * 16, 2, - 0, 0, 0, 0, - 0, 2); - - if (*request_length < 0) return GRST_RET_FAILED; - - (*request)[0] = *request_length / 256; - (*request)[1] = *request_length % 256; - - (*request)[4] = (*request_length - 6) / 256; - (*request)[5] = (*request_length - 6) % 256; - - memcpy(&((*request)[8]), &trans_id, 4); - - return GRST_RET_OK; -} - -int GRSThtcpNOPresponseMake(char **message, int *message_length, - unsigned int trans_id) -/* - Make a complete HTCP NOP response for a found file and return a pointer - to malloc'd memory pointing to it. -*/ -{ - *message_length = - asprintf(message, - "%c%c" /* place holder for total length */ - "%c%c" /* HTCP version 0.0 */ - "%c%c" /* DATA length place holder */ - "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */ - "%c%c%c%c" /* TRANS-ID place holder */ - "%c%c", /* AUTH (LENGTH=2 means no AUTH) */ - 0, 0, - 0, 0, - 0, 0, - GRSThtcpNOPop * 16, 1, /* RR=1, MO=0, RESPONSE=0 (ie found) */ - 0, 0, 0, 0, - 0, 2); - - if (*message_length < 0) return GRST_RET_FAILED; - - (*message)[0] = *message_length / 256; - (*message)[1] = *message_length % 256; - - (*message)[4] = (*message_length - 6) / 256; - (*message)[5] = (*message_length - 6) % 256; - - memcpy(&((*message)[8]), &trans_id, 4); - - return GRST_RET_OK; -} - -int GRSThtcpTSTrequestMake(char **request, int *request_length, - unsigned int trans_id, - char *method, char *uri, char *req_hdrs) -/* - Make a complete HTCP TST request and return a pointer to malloc'd - memory pointing to it. -*/ -{ - if ((method == NULL) || (uri == NULL) || (req_hdrs == NULL)) - return GRST_RET_FAILED; - - *request_length = - asprintf(request,"%c%c" /* place holder for total length */ - "%c%c" /* HTCP version 0.0 */ - "%c%c" /* DATA length place holder */ - "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */ - "%c%c%c%c" /* TRANS-ID placeholder */ - "%c%c%s" /* OP-DATA: METHOD */ - "%c%c%s" /* OP-DATA: URI */ - "%c%c%s" /* OP-DATA: VERSION */ - "%c%c%s" /* OP-DATA: REQ-HDRS */ - "%c%c", /* AUTH (LENGTH=2 means no AUTH) */ - 0, 0, - 0, 0, - 0, 0, - GRSThtcpTSTop * 16, 2, - 0, 0, 0, 0, - strlen(method) / 256, strlen(method) % 256, method, - strlen(uri) / 256, strlen(uri) % 256, uri, - 0, 8, "HTTP/1.1", - strlen(req_hdrs)/256, strlen(req_hdrs) % 256, req_hdrs, - 0, 2); - - if (*request_length < 0) return GRST_RET_FAILED; - - (*request)[0] = *request_length / 256; - (*request)[1] = *request_length % 256; - - (*request)[4] = (*request_length - 6) / 256; - (*request)[5] = (*request_length - 6) % 256; - - memcpy(&((*request)[8]), &trans_id, 4); - - return GRST_RET_OK; -} - -int GRSThtcpTSTresponseMake(char **message, int *message_length, - unsigned int trans_id, - char *resp_hdrs, char *entity_hdrs, - char *cache_hdrs) -/* - Make a complete HTCP TST response for a found file and return a pointer - to malloc'd memory pointing to it. -*/ -{ - if ((resp_hdrs != NULL) && (entity_hdrs != NULL) && (cache_hdrs != NULL)) - /* found file response */ - *message_length = - asprintf(message, - "%c%c" /* place holder for total length */ - "%c%c" /* HTCP version 0.0 */ - "%c%c" /* DATA length place holder */ - "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */ - "%c%c%c%c" /* TRANS-ID place holder */ - "%c%c%s" /* OP-DATA: RESP-HDRS */ - "%c%c%s" /* OP-DATA: ENTITY-HDRS */ - "%c%c%s" /* OP-DATA: CACHE-HDRS */ - "%c%c", /* AUTH (LENGTH=2 means no AUTH) */ - 0, 0, - 0, 0, - 0, 0, - GRSThtcpTSTop * 16, 1, /* RR=1, MO=0, RESPONSE=0 (ie found) */ - 0, 0, 0, 0, - strlen(resp_hdrs) / 256, strlen(resp_hdrs) % 256, resp_hdrs, - strlen(entity_hdrs) / 256, strlen(entity_hdrs) % 256, entity_hdrs, - strlen(cache_hdrs) / 256, strlen(cache_hdrs) % 256, cache_hdrs, - 0, 2); - else if (cache_hdrs != NULL) - /* not found file response, just cache_hdrs given */ - *message_length = - asprintf(message, - "%c%c" /* place holder for total length */ - "%c%c" /* HTCP version 0.0 */ - "%c%c" /* DATA length place holder */ - "%c%c" /* OPCODE,RESPONSE,RESERVED,F1,RR */ - "%c%c%c%c" /* TRANS-ID */ - "%c%c%s" /* OP-DATA: CACHE-HDRS */ - "%c%c", /* AUTH (LENGTH=2 means no AUTH) */ - 0, 0, - 0, 0, - 0, 0, - GRSThtcpTSTop * 16 + 1, 1, /* RR=1, MO=0, RESPONSE=1 (missing) */ - 0, 0, 0, 0, - strlen(cache_hdrs) / 256, strlen(cache_hdrs) % 256, cache_hdrs, - 0, 2); - else return GRST_RET_FAILED; - - if (*message_length < 0) return GRST_RET_FAILED; - - (*message)[0] = *message_length / 256; - (*message)[1] = *message_length % 256; - - (*message)[4] = (*message_length - 6) / 256; - (*message)[5] = (*message_length - 6) % 256; - - memcpy(&((*message)[8]), &trans_id, 4); - - return GRST_RET_OK; -} - -int GRSThtcpMessageParse(GRSThtcpMessage *parsed, char *raw, int length) -{ - GRSThtcpCountstr *s; - - bzero(parsed, sizeof(GRSThtcpMessage)); - - if (length < (void *) &(parsed->method) - - (void *) &(parsed->total_length_msb) + 2) - return GRST_RET_FAILED; - - memcpy(parsed, raw, (void *) &(parsed->method) - - (void *) &(parsed->total_length_msb)); - - if (parsed->opcode == GRSThtcpNOPop) return GRST_RET_OK; - - if ((parsed->opcode == GRSThtcpTSTop) && (parsed->rr == 0)) - { - /* a TST request */ - - /* point to start of data/auth in raw */ - s = (GRSThtcpCountstr *) &(((GRSThtcpMessage *) raw)->method); - - /* METHOD string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->method = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - /* URI string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->uri = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - /* VERSION string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->version = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - /* REQ-HDRS string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->req_hdrs = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - return GRST_RET_OK; - } - - if ((parsed->opcode == GRSThtcpTSTop) && (parsed->rr == 1)) - { - /* a TST response */ - - /* point to start of data/auth in raw */ - s = (GRSThtcpCountstr *) &(((GRSThtcpMessage *) raw)->method); - - /* RESP-HDRS string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->resp_hdrs = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - /* ENTITY-HDRS string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->entity_hdrs = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - /* CACHE-HDRS string */ - - if ((void *) s + 2 + GRSThtcpCountstrLen(s) > (void *) raw + length) - return GRST_RET_FAILED; - parsed->cache_hdrs = s; - s = (GRSThtcpCountstr *) ((void *) s + 2 + GRSThtcpCountstrLen(s)); - - return GRST_RET_OK; - } - - return GRST_RET_FAILED; -} diff --git a/org.gridsite.core/src/grst_http.c b/org.gridsite.core/src/grst_http.c deleted file mode 100644 index c933ca0..0000000 --- a/org.gridsite.core/src/grst_http.c +++ /dev/null @@ -1,443 +0,0 @@ -/* - Copyright (c) 2002-3, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef VERSION -#define VERSION "x.x.x" -#endif - -#define _GNU_SOURCE -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "gridsite.h" - -void GRSThttpBodyInit(GRSThttpBody *thisbody) -{ - thisbody->size = 0; /* simple, but we don't expose internals to callers */ -} - -void GRSThttpPrintf(GRSThttpBody *thisbody, char *fmt, ...) -/* append printf() style format and arguments to *thisbody. - This requires vasprintf from glibc!! */ -{ - char *p; - size_t size; - va_list args; - - va_start(args, fmt); - size = vasprintf(&p, fmt, args); - va_end(args); - - if (size == 0) free(p); /* don't need to bother in this case */ - else if (size > 0) - { - if (thisbody->size == 0) /* need to initialise */ - { - thisbody->first = (GRSThttpCharsList *)malloc(sizeof(GRSThttpCharsList)); - thisbody->first->text = p; - thisbody->first->next = NULL; - - thisbody->last = thisbody->first; - thisbody->size = size; - } - else - { - thisbody->last->next = (GRSThttpCharsList *) - malloc(sizeof(GRSThttpCharsList)); - ((GRSThttpCharsList *) thisbody->last->next)->text = p; - ((GRSThttpCharsList *) thisbody->last->next)->next = NULL; - - thisbody->last = thisbody->last->next; - thisbody->size = thisbody->size + size; - } - } -} - -int GRSThttpCopy(GRSThttpBody *thisbody, char *file) -/* - copy a whole file, named file[], into the body output buffer, returning - 1 if file was found and copied ok, or 0 otherwise. -*/ -{ - int fd, len; - char c, *p; - struct stat statbuf; - - fd = open(file, O_RDONLY); - - if (fd == -1) return 0; - - if (fstat(fd, &statbuf) != 0) - { - close(fd); - return 0; - } - - p = malloc(statbuf.st_size + 1); - - if (p == NULL) - { - close(fd); - return 0; - } - - len = read(fd, p, statbuf.st_size); - p[len] = '\0'; - - close(fd); - - if (thisbody->size == 0) /* need to initialise */ - { - thisbody->first = (GRSThttpCharsList *) malloc(sizeof(GRSThttpCharsList)); - thisbody->first->text = p; - thisbody->first->next = NULL; - - thisbody->last = thisbody->first; - thisbody->size = len; - } - else - { - thisbody->last->next=(GRSThttpCharsList *)malloc(sizeof(GRSThttpCharsList)); - ((GRSThttpCharsList *) thisbody->last->next)->text = p; - ((GRSThttpCharsList *) thisbody->last->next)->next = NULL; - - thisbody->last = thisbody->last->next; - thisbody->size = thisbody->size + len; - } - - return 1; -} - -void GRSThttpWriteOut(GRSThttpBody *thisbody) -/* output Content-Length header, blank line then whole of the body to - standard output */ -{ - GRSThttpCharsList *p; - - printf("Content-Length: %d\n\n", thisbody->size); - - p = thisbody->first; - - while (p != NULL) - { - fputs(p->text, stdout); - - p = p->next; - } -} - -int GRSThttpPrintHeaderFooter(GRSThttpBody *bp, char *file, char *headfootname) -/* - try to print Header or Footer appropriate for absolute path file[], - returning 1 rather than 0 if found. -*/ -{ - int found = 0; - char *pathfile, *p; - struct stat statbuf; - - pathfile = malloc(strlen(file) + strlen(headfootname) + 2); - strcpy(pathfile, file); - - if ((pathfile[strlen(pathfile) - 1] != '/') && - (stat(pathfile, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode)) strcat(pathfile, "/"); - - for (;;) - { - p = rindex(pathfile, '/'); - if (p == NULL) break; - p[1] = '\0'; - strcat(p, headfootname); - - if (stat(pathfile, &statbuf) == 0) - { - found = GRSThttpCopy(bp, pathfile); - break; - } - - p[0] = '\0'; - } - - free(pathfile); - return found; -} - -char *GRSThttpGetCGI(char *name) -/* - Return a malloc()ed copy of CGI form parameter identified by name[], - either received by QUERY_STRING (via GET) or on stdin (via POST). - Caller must free() the returned string itself. If name[] is not found, - an empty NUL-terminated malloc()ed string is returned. name[] has any - URL-encoding reversed. -*/ -{ - char *p, *namepattern, *valuestart, *returnvalue, *querystring; - int c, i, j, n, contentlength = 0; - static char *cgiposted = NULL; - size_t size_needed; - - if (cgiposted == NULL) /* have to initialise cgiposted */ - { - p = getenv("CONTENT_LENGTH"); - if (p != NULL) sscanf(p, "%d", &contentlength); - - querystring = getenv("REDIRECT_QUERY_STRING"); - if (querystring == NULL) querystring = getenv("QUERY_STRING"); - - if (querystring == NULL) cgiposted = malloc(contentlength + 3); - else cgiposted = malloc(contentlength + strlen(querystring) + 4); - - cgiposted[0] = '&'; - - for (i = 1; i <= contentlength; ++i) - { - c = getchar(); - if (c == EOF) break; - cgiposted[i] = c; - } - - cgiposted[i] = '&'; - cgiposted[i+1] = '\0'; - - if (querystring != NULL) - { - strcat(cgiposted, querystring); - strcat(cgiposted, "&"); - } - } - - namepattern = malloc(strlen(name) + 3); - sprintf(namepattern, "&%s=", name); - - p = strstr(cgiposted, namepattern); - free(namepattern); - if (p == NULL) return strdup(""); - - valuestart = &p[strlen(name) + 2]; - - for (n=0; valuestart[n] != '&'; ++n) ; - - returnvalue = malloc(n + 1); - - j=0; - - for (i=0; i < n; ++i) - { - if ((i < n - 2) && (valuestart[i] == '%')) /* url encoded as %HH */ - { - returnvalue[j] = 0; - - if (isdigit(valuestart[i+1])) - returnvalue[j] += 16 * (valuestart[i+1] - '0'); - else if (isalpha(valuestart[i+1])) - returnvalue[j] += 16 * (10 + tolower(valuestart[i+1]) - 'a'); - - if (isdigit(valuestart[i+2])) - returnvalue[j] += valuestart[i+2] - '0'; - else if (isalpha(valuestart[i+2])) - returnvalue[j] += 10 + tolower(valuestart[i+2]) - 'a'; - - i = i + 2; - } - else if (valuestart[i] == '+') returnvalue[j] = ' '; - else returnvalue[j] = valuestart[i]; - - if (returnvalue[j] == '\r') continue; /* CR/LF -> LF */ - ++j; - } - - returnvalue[j] = '\0'; - - return returnvalue; -} - -/* * - * Utility functions * - * */ - -char *GRSThttpUrlDecode(char *in) -{ - int i, j, n; - char *out; - - n = strlen(in); - out = malloc(n + 1); - - j=0; - - for (i=0; i < n; ++i) - { - if ((i < n - 2) && (in[i] == '%')) /* url encoded as %HH */ - { - out[j] = 0; - - if (isdigit(in[i+1])) - out[j] += 16 * (in[i+1] - '0'); - else if (isalpha(in[i+1])) - out[j] += 16 * (10 + tolower(in[i+1]) - 'a'); - - if (isdigit(in[i+2])) - out[j] += in[i+2] - '0'; - else if (isalpha(in[i+2])) - out[j] += 10 + tolower(in[i+2]) - 'a'; - - i = i + 2; - } - else if (in[i] == '+') out[j] = ' '; - else out[j] = in[i]; - - ++j; - } - - out[j] = '\0'; - - return out; -} - -char *GRSThttpUrlEncode(char *in) -/* Return a pointer to a malloc'd string holding a URL-encoded (RFC 1738) - version of *in. Only A-Z a-z 0-9 . _ - are passed through unmodified. - (DN's processed by GRSThttpUrlEncode can be used as valid Unix filenames, - assuming they do not exceed restrictions on filename length.) */ -{ - char *out, *p, *q; - - out = malloc(3*strlen(in) + 1); - - p = in; - q = out; - - while (*p != '\0') - { - if (isalnum(*p) || (*p == '.') || (*p == '_') || (*p == '-')) - { - *q = *p; - ++q; - } - else - { - sprintf(q, "%%%2X", *p); - q = &q[3]; - } - - ++p; - } - - *q = '\0'; - return out; -} - -char *GRSThttpUrlMildencode(char *in) -/* Return a pointer to a malloc'd string holding a partially URL-encoded - version of *in. "Partially" means that A-Z a-z 0-9 . = - _ @ and / - are passed through unmodified. (DN's processed by GRSThttpUrlMildencode() - can be used as valid Unix paths+filenames if you are prepared to - create or simulate the resulting /X=xyz directories.) */ -{ - char *out, *p, *q; - - out = malloc(3*strlen(in) + 1); - - p = in; - q = out; - - while (*p != '\0') - { - if (isalnum(*p) || (*p == '.') || (*p == '=') || (*p == '-') - || (*p == '/') || (*p == '@') || (*p == '_')) - { - *q = *p; - ++q; - } - else if (*p == ' ') - { - *q = '+'; - ++q; - } - else - { - sprintf(q, "%%%2X", *p); - q = &q[3]; - } - - ++p; - } - - *q = '\0'; - return out; -} - -/// Return a one-time passcode string, for use with GridHTTP -/** - * Returns - * - * String is timestamp+SHA1_HASH(timestamp+":"+method+":"+URL) - * Timestamps and hashes are in lowercase hexadecimal. Timestamps are - * seconds since 00:00:00 on January 1, 1970 UTC. - */ - -/* -char *GRSThttpMakeOneTimePasscode(time_t timestamp, char *method, char *url) -{ - int len, i; - char *stringtohash, hashedstring[EVP_MAX_MD_SIZE], *returnstring; - const EVP_MD *m; - EVP_MD_CTX ctx; - - m = EVP_sha1(); - if (m == NULL) return NULL; - - asprintf(&stringtohash, "%08x:%s:%s", timestamp, method, url); - - EVP_DigestInit(&ctx, m); - EVP_DigestUpdate(&ctx, stringtohash, strlen(stringtohash)); - EVP_DigestFinal(&ctx, hashedstring, &len); - - returnstring = malloc(9 + len * 2); - - sprintf(returnstring, "%08x", timestamp); - - for (i=0; - - return returnstring; -} -*/ diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c deleted file mode 100644 index 71ab3fd..0000000 --- a/org.gridsite.core/src/grst_x509.c +++ /dev/null @@ -1,1518 +0,0 @@ -/* - Copyright (c) 2002-5, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - --------------------------------------------------------------- - For more information about GridSite: http://www.gridsite.org/ - --------------------------------------------------------------- -*/ - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "gridsite.h" - -#define GRST_KEYSIZE 512 -#define GRST_PROXYCACHE "/../proxycache/" -#define GRST_MAX_CHAIN_LEN 9 - -/// Compare X509 Distinguished Name strings -int GRSTx509NameCmp(char *a, char *b) -/** - * This function attempts to do with string representations what - * would ideally be done with OIDs/values. In particular, we equate - * "/Email=" == "/emailAddress=" to deal with this important change - * between OpenSSL 0.9.6 and 0.9.7. - * Other than that, it is currently the same as ordinary strcmp(3). - */ -{ - int ret; - char *aa, *bb, *p; - - aa = strdup(a); - while ((p = strstr(aa, "/emailAddress=")) != NULL) - { - memmove(&p[6], &p[13], strlen(&p[13]) + 1); - p[1] = 'E'; - } - - bb = strdup(b); - while ((p = strstr(bb, "/emailAddress=")) != NULL) - { - memmove(&p[6], &p[13], strlen(&p[13]) + 1); - p[1] = 'E'; - } - - ret = strcmp(aa, bb); - - free(aa); - free(bb); - - return ret; -} - - -/// Check critical extensions -/** - * Returning GRST_RET_OK if all of extensions are known to us or - * OpenSSL; GRST_REF_FAILED otherwise. - * - * Since this function relies on functionality (X509_supported_extension) - * introduced in 0.9.7, then we do nothing and report an error - * (GRST_RET_FAILED) if one of the associated defines - * (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent. - */ - -int GRSTx509KnownCriticalExts(X509 *cert) -{ - int i; - char s[80]; - X509_EXTENSION *ex; - -#ifdef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION - for (i = 0; i < X509_get_ext_count(cert); ++i) - { - ex = X509_get_ext(cert, i); - - if (X509_EXTENSION_get_critical(ex) && - !X509_supported_extension(ex)) - { - OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1); - - if (strcmp(s, GRST_PROXYCERTINFO_OID) != 0) return GRST_RET_FAILED; - } - } - - return GRST_RET_OK; -#else - return GRST_RET_FAILED; -#endif -} - -/// Check if certificate can be used as a CA to sign standard X509 certs -/* - * Return GRST_RET_OK if true; GRST_RET_FAILED if not. - */ - -int GRSTx509IsCA(X509 *cert) -{ - int idret, purpose_id; - - purpose_id = X509_PURPOSE_get_by_sname("sslclient"); - - /* final argument to X509_check_purpose() is whether to check for CAness */ - - if (X509_check_purpose(cert, purpose_id + X509_PURPOSE_MIN, 1)) - return GRST_RET_OK; - else return GRST_RET_FAILED; -} - -/// Check certificate chain for GSI proxy acceptability. -/** - * Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise. - * - * Inspired by GSIcheck written by Mike Jones, SVE, Manchester Computing, - * The University of Manchester. - * - * The GridSite version handles old and new style Globus proxies, and - * proxies derived from user certificates issued with "X509v3 Basic - * Constraints: CA:FALSE" (eg UK e-Science CA) - * - * We do not check chain links between certs here: this is done by - * GRST_check_issued/X509_check_issued in mod_ssl's ssl_engine_init.c - * - * TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions - * (although via GRSTx509KnownCriticalExts() we can accept them.) - */ - -int GRSTx509CheckChain(int *first_non_ca, X509_STORE_CTX *ctx) -{ - STACK_OF(X509) *certstack; /* Points to the client's cert chain */ - X509 *cert; /* Points to the client's cert */ - int depth; /* Depth of cert chain */ - size_t len,len2; /* Lengths of issuer and cert DN */ - int IsCA; /* Holds whether cert is allowed to sign */ - int prevIsCA; /* Holds whether previous cert in chain is - allowed to sign */ - int prevIsLimited; /* previous cert was proxy and limited */ - int i,j; /* Iteration variables */ - char *cert_DN; /* Pointer to current-certificate-in-chain's - DN */ - char *issuer_DN; /* Pointer to - issuer-of-current-cert-in-chain's DN */ - char *proxy_part_DN; /* Pointer to end part of current-cert-in-chain - maybe eg "/CN=proxy" */ - time_t now; - - time(&now); - - *first_non_ca = 0; /* set to something predictable if things fail */ - - /* Check for context */ - if (!ctx) return X509_V_ERR_INVALID_CA; - /* Can't GSI-verify if there is no context. Here and throughout this - function we report all errors as X509_V_ERR_INVALID_CA. */ - - /* Set necessary preliminary values */ - IsCA = TRUE; /* =prevIsCA - start from a CA */ - prevIsLimited = 0; - - /* Get the client cert chain */ - certstack = X509_STORE_CTX_get_chain(ctx); /* Get the client's chain */ - depth = sk_X509_num(certstack); /* How deep is that chain? */ - - /* Check the client chain */ - for (i=depth-1; i >= 0; --i) - /* loop through client-presented chain starting at CA end */ - { - prevIsCA=IsCA; - - /* Check for X509 certificate and point to it with 'cert' */ - if (cert = sk_X509_value(certstack, i)) - { - /* we check times and reject immediately if invalid */ - - if (now < - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0)) - return X509_V_ERR_INVALID_CA; - - if (now > - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0)) - return X509_V_ERR_INVALID_CA; - - /* If any forebear certificate is not allowed to sign we must - assume all decendents are proxies and cannot sign either */ - if (prevIsCA) - { - /* always treat the first cert (from the CA files) as a CA */ - if (i == depth-1) IsCA = TRUE; - /* check if this cert is valid CA for signing certs */ - else IsCA = (GRSTx509IsCA(cert) == GRST_RET_OK); - - if (!IsCA) *first_non_ca = i; - } - else - { - IsCA = FALSE; - /* Force proxy check next iteration. Important because I can - sign any CA I create! */ - } - - cert_DN = X509_NAME_oneline(X509_get_subject_name(cert),NULL,0); - issuer_DN = X509_NAME_oneline(X509_get_issuer_name(cert),NULL,0); - len = strlen(cert_DN); - len2 = strlen(issuer_DN); - - /* issuer didn't have CA status, so this is (at best) a proxy: - check for bad proxy extension*/ - - if (!prevIsCA) - { - if (prevIsLimited) /* we reject proxies of limited proxies! */ - return X509_V_ERR_INVALID_CA; - - /* User not allowed to sign shortened DN */ - if (len2 > len) return X509_V_ERR_INVALID_CA; - - /* Proxy subject must begin with issuer. */ - if (strncmp(cert_DN, issuer_DN, len2) != 0) - return X509_V_ERR_INVALID_CA; - - /* Set pointer to end of base DN in cert_DN */ - proxy_part_DN = &cert_DN[len2]; - - /* First attempt at support for Old and New style GSI - proxies: /CN=anything is ok for now */ - if (strncmp(proxy_part_DN, "/CN=", 4) != 0) - return X509_V_ERR_INVALID_CA; - - if ((strncmp(proxy_part_DN, "/CN=limited proxy", 17) == 0) && - (i > 0)) prevIsLimited = 1; /* ready for next cert ... */ - } - } - } - - /* Check cert whose private key is being used by client. If previous in - chain is not allowed to be a CA then need to check this final cert for - valid proxy-icity too */ - if (!prevIsCA) - { - if (prevIsLimited) return X509_V_ERR_INVALID_CA; - /* we do not accept proxies signed by limited proxies */ - - if (cert = sk_X509_value(certstack, 0)) - { - /* Load DN & length of DN and either its issuer or the - first-bad-issuer-in-chain */ - cert_DN = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - issuer_DN = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - len = strlen(cert_DN); - len2 = strlen(issuer_DN); - - /* issuer didn't have CA status, check for bad proxy extension */ - - if (len2 > len) return X509_V_ERR_INVALID_CA; - /* User not allowed to sign shortened DN */ - - if (strncmp(cert_DN, issuer_DN, len2) != 0) - return X509_V_ERR_INVALID_CA; - /* Proxy subject must begin with issuer. */ - - proxy_part_DN = &cert_DN[len2]; - /* Set pointer to end of DN base in cert_DN */ - - /* Remander of subject must be either "/CN=proxy" or - "/CN=limited proxy" (or /CN=XYZ for New style GSI) */ - - /* First attempt at support for Old and New style GSI - proxies: /CN=anything is ok for now. */ - if (strncmp(proxy_part_DN, "/CN=", 4) != 0) - return X509_V_ERR_INVALID_CA; - } - } - - return X509_V_OK; /* this is also GRST_RET_OK, of course - by choice */ -} - -/// Example VerifyCallback routine - -/** - * - */ - -int GRSTx509VerifyCallback (int ok, X509_STORE_CTX *ctx) -{ - int errnum = X509_STORE_CTX_get_error(ctx); - int errdepth = X509_STORE_CTX_get_error_depth(ctx); - int first_non_ca; - -#ifndef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#endif - - if (errnum == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) - { - if (GRSTx509KnownCriticalExts(X509_STORE_CTX_get_current_cert(ctx)) - == GRST_RET_OK) - { - ok = TRUE; - errnum = X509_V_OK; - X509_STORE_CTX_set_error(ctx, errnum); - } - } - else if ((errdepth == 0) && - (errnum == X509_V_OK) && - (GRSTx509CheckChain(&first_non_ca, ctx) != X509_V_OK)) ok = FALSE; - - - return ok; - -// check this - -// if (ok) return GRST_RET_OK; -// else return GRST_RET_FAILED; -} - -/// Check the signature of the VOMS attributes -/* - * Returns GRST_RET_OK if signature is ok, other values if not. - */ - -static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time, - unsigned char *asn1string, - struct GRSTasn1TagList taglist[], - int lasttag, - char *vomsdir, int acnumber) -{ -#define GRST_ASN1_COORDS_VOMS_DN "-1-1-%d-1-3-1-1-1-%%d-1-%%d" -#define GRST_ASN1_COORDS_VOMS_INFO "-1-1-%d-1" -#define GRST_ASN1_COORDS_VOMS_SIG "-1-1-%d-3" - int ret, isig, iinfo; - char *certpath, acvomsdn[200], dn_coords[200], - info_coords[200], sig_coords[200]; - unsigned char *q; - DIR *vomsDIR; - struct dirent *vomsdirent; - X509 *cert; - EVP_PKEY *prvkey; - FILE *fp; - EVP_MD_CTX ctx; - time_t voms_service_time1, voms_service_time2; - - if ((vomsdir == NULL) || (vomsdir[0] == '\0')) return GRST_RET_FAILED; - - snprintf(dn_coords, sizeof(dn_coords), - GRST_ASN1_COORDS_VOMS_DN, acnumber); - - if (GRSTasn1GetX509Name(acvomsdn, sizeof(acvomsdn), dn_coords, - asn1string, taglist, lasttag) != GRST_RET_OK) return GRST_RET_FAILED; - - snprintf(info_coords, sizeof(info_coords), - GRST_ASN1_COORDS_VOMS_INFO, acnumber); - iinfo = GRSTasn1SearchTaglist(taglist, lasttag, info_coords); - - snprintf(sig_coords, sizeof(sig_coords), - GRST_ASN1_COORDS_VOMS_SIG, acnumber); - isig = GRSTasn1SearchTaglist(taglist, lasttag, sig_coords); - - if ((iinfo < 0) || (isig < 0)) return GRST_RET_FAILED; - - vomsDIR = opendir(vomsdir); - if (vomsDIR == NULL) return GRST_RET_FAILED; - - while ((vomsdirent = readdir(vomsDIR)) != NULL) - { - asprintf(&certpath, "%s/%s", vomsdir, vomsdirent->d_name); - fp = fopen(certpath, "r"); - free(certpath); - if (fp == NULL) continue; - - cert = PEM_read_X509(fp, NULL, NULL, NULL); - fclose(fp); - if (cert == NULL) continue; - - if (GRSTx509NameCmp(acvomsdn, - X509_NAME_oneline(X509_get_subject_name(cert),NULL,0)) != 0) - { - X509_free(cert); - continue; - } - - prvkey = X509_extract_key(cert); - if (prvkey == NULL) - { - X509_free(cert); - continue; - } - - OpenSSL_add_all_digests(); -#if OPENSSL_VERSION_NUMBER >= 0x0090701fL - EVP_MD_CTX_init(&ctx); - EVP_VerifyInit_ex(&ctx, EVP_md5(), NULL); -#else - EVP_VerifyInit(&ctx, EVP_md5()); -#endif - - EVP_VerifyUpdate(&ctx, - &asn1string[taglist[iinfo].start+ - 0*taglist[iinfo].headerlength], - taglist[iinfo].length+taglist[iinfo].headerlength); - - ret = EVP_VerifyFinal(&ctx, - &asn1string[taglist[isig].start+ - taglist[isig].headerlength]+1, - taglist[isig].length - 1, - prvkey); - -#if OPENSSL_VERSION_NUMBER >= 0x0090701fL - EVP_MD_CTX_cleanup(&ctx); -#endif - EVP_PKEY_free(prvkey); - - if (ret != 1) /* signature doesnt match, look for more */ - { - continue; - X509_free(cert); - } - - voms_service_time1 = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0); - if (voms_service_time1 > *time1_time) - *time1_time = voms_service_time1; - - voms_service_time2 = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0); - if (voms_service_time2 < *time1_time) - *time2_time = voms_service_time2; - - X509_free(cert); - closedir(vomsDIR); - return GRST_RET_OK ; /* verified */ - } - - closedir(vomsDIR); - return GRST_RET_FAILED; -} - -/// Get the VOMS attributes in the given extension -/* - * Puts any VOMS credentials found into the Compact Creds string array - * starting at *creds. Always returns GRST_RET_OK - even for invalid - * credentials, which are just ignored. - */ - -int GRSTx509ParseVomsExt(int *lastcred, int maxcreds, size_t credlen, - char *creds, time_t time1_time, time_t time2_time, - X509_EXTENSION *ex, char *ucuserdn, char *vomsdir) -{ -#define MAXTAG 500 -#define GRST_ASN1_COORDS_FQAN "-1-1-%d-1-7-1-2-1-2-%d" -#define GRST_ASN1_COORDS_USER_DN "-1-1-%d-1-2-1-1-1-1-%%d-1-%%d" -#define GRST_ASN1_COORDS_TIME1 "-1-1-%d-1-6-1" -#define GRST_ASN1_COORDS_TIME2 "-1-1-%d-1-6-2" - ASN1_OCTET_STRING *asn1data; - char *asn1string, acuserdn[200], acvomsdn[200], - dn_coords[200], fqan_coords[200], time1_coords[200], - time2_coords[200]; - long asn1length; - int lasttag=-1, itag, i, acnumber = 1; - struct GRSTasn1TagList taglist[MAXTAG+1]; - time_t actime1, actime2, time_now; - - asn1data = X509_EXTENSION_get_data(ex); - asn1string = ASN1_STRING_data(asn1data); - asn1length = ASN1_STRING_length(asn1data); - - GRSTasn1ParseDump(NULL, asn1string, asn1length, taglist, MAXTAG, &lasttag); - - for (acnumber = 1; ; ++acnumber) /* go through ACs one by one */ - { - snprintf(dn_coords, sizeof(dn_coords), GRST_ASN1_COORDS_USER_DN, acnumber); - if (GRSTasn1GetX509Name(acuserdn, sizeof(acuserdn), dn_coords, - asn1string, taglist, lasttag) != GRST_RET_OK) break; - - if (GRSTx509NameCmp(ucuserdn, acuserdn) != 0) continue; - - if (GRSTx509VerifyVomsSig(&time1_time, &time2_time, - asn1string, taglist, lasttag, vomsdir, acnumber) - != GRST_RET_OK) continue; - - snprintf(time1_coords, sizeof(time1_coords), GRST_ASN1_COORDS_TIME1, acnumber); - itag = GRSTasn1SearchTaglist(taglist, lasttag, time1_coords); - actime1 = GRSTasn1TimeToTimeT(&asn1string[taglist[itag].start+ - taglist[itag].headerlength], - taglist[itag].length); - if (actime1 > time1_time) time1_time = actime1; - - snprintf(time2_coords, sizeof(time2_coords), GRST_ASN1_COORDS_TIME2, acnumber); - itag = GRSTasn1SearchTaglist(taglist, lasttag, time2_coords); - actime2 = GRSTasn1TimeToTimeT(&asn1string[taglist[itag].start+ - taglist[itag].headerlength], - taglist[itag].length); - if (actime2 < time2_time) time2_time = actime2; - - time(&time_now); - if ((time1_time > time_now) || (time2_time < time_now)) - continue; /* expiration isnt invalidity ...? */ - - for (i=1; ; ++i) - { - snprintf(fqan_coords, sizeof(fqan_coords), GRST_ASN1_COORDS_FQAN, acnumber, i); - itag = GRSTasn1SearchTaglist(taglist, lasttag, fqan_coords); - - if (itag > -1) - { - if (*lastcred < maxcreds - 1) - { - ++(*lastcred); - snprintf(&creds[*lastcred * (credlen + 1)], credlen+1, - "VOMS %010lu %010lu 0 %.*s", - time1_time, time2_time, - taglist[itag].length, - &asn1string[taglist[itag].start+ - taglist[itag].headerlength]); - } - } - else break; - } - } - - return GRST_RET_OK; -} - -/// Get the VOMS attributes in the extensions to the given cert stack -/* - * Puts any VOMS credentials found into the Compact Creds string array - * starting at *creds. Always returns GRST_RET_OK. - */ - -int GRSTx509GetVomsCreds(int *lastcred, int maxcreds, size_t credlen, - char *creds, X509 *usercert, STACK_OF(X509) *certstack, - char *vomsdir) -{ - int i, j; - char s[80]; - unsigned char *ucuser; - X509_EXTENSION *ex; - ASN1_STRING *asn1str; - X509 *cert; - time_t time1_time = 0, time2_time = 0, uctime1_time, uctime2_time; - - uctime1_time = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(usercert)),0); - uctime2_time = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(usercert)),0); - ucuser = - X509_NAME_oneline(X509_get_subject_name(usercert), NULL, 0); - - for (j=sk_X509_num(certstack)-1; j >= 0; --j) - { - cert = sk_X509_value(certstack, j); - - time1_time = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0); - uctime1_time = (time1_time > uctime1_time) ? time1_time:uctime1_time; - - time2_time = - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0); - uctime2_time = (time2_time < uctime2_time) ? time2_time:uctime2_time; - - for (i=0; i < X509_get_ext_count(cert); ++i) - { - ex = X509_get_ext(cert, i); - OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1); - - if (strcmp(s, GRST_VOMS_OID) == 0) /* a VOMS extension */ - { - GRSTx509ParseVomsExt(lastcred, maxcreds, credlen, creds, - uctime1_time, uctime2_time, - ex, ucuser, vomsdir); - } - } - } - - return GRST_RET_OK; -} - -/// Turn a Compact Cred line into a GRSTgaclCred object -/** - * Returns pointer to created GRSTgaclCred or NULL or failure. - */ - -GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) -{ - int delegation; - char *p; - time_t now, notbefore, notafter; - GRSTgaclCred *cred = NULL; - - time(&now); - - if (grst_cred == NULL) return NULL; /* just in case */ - - if (strncmp(grst_cred, "X509USER ", 9) == 0) - { - if ((sscanf(grst_cred, "X509USER %lu %lu %d", - ¬before, ¬after, &delegation) == 3) - && (now >= notbefore) - && (now <= notafter) - && (p = index(grst_cred, ' ')) - && (p = index(++p, ' ')) - && (p = index(++p, ' ')) - && (p = index(++p, ' '))) - { - cred = GRSTgaclCredNew("person"); - GRSTgaclCredSetDelegation(cred, delegation); - GRSTgaclCredAddValue(cred, "dn", &p[1]); - } - - return cred; - } - - if (strncmp(grst_cred, "VOMS ", 5) == 0) - { - if ((sscanf(grst_cred, "VOMS %lu %lu %d", - ¬before, ¬after, &delegation) == 3) - && (now >= notbefore) - && (now <= notafter) - && (p = index(grst_cred, ' ')) - && (p = index(++p, ' ')) - && (p = index(++p, ' ')) - && (p = index(++p, ' '))) - { - /* include /VO/group/subgroup/Role=role/Capability=cap */ - - if (p[1] != '/') return NULL; /* must begin with / */ - - cred = GRSTgaclCredNew("voms"); - GRSTgaclCredSetDelegation(cred, delegation); - GRSTgaclCredAddValue(cred, "fqan", &p[1]); - } - - return cred; - } - - return NULL; /* dont recognise this credential type */ -} - -/// Get the credentials in an X509 cert/GSI proxy, including any VOMS -/** - * Credentials are placed in Compact Creds string array at *creds. - * - * Function returns GRST_RET_OK on success, or GRST_RET_FAILED if - * some inconsistency found in certificate. - */ - -int GRSTx509CompactCreds(int *lastcred, int maxcreds, size_t credlen, - char *creds, STACK_OF(X509) *certstack, char *vomsdir, - X509 *peercert) -{ - int i, j, delegation = 0; - char credtemp[credlen+1]; - X509 *cert, *usercert = NULL, *gsiproxycert = NULL; - - *lastcred = -1; - - for (i = sk_X509_num(certstack) - 1; i >= 0; --i) - { - cert = sk_X509_value(certstack, i); - - if (usercert != NULL) - { /* found a (GSI proxy) cert after the user cert */ - gsiproxycert = cert; - ++delegation; - } - - if ((usercert == NULL) && - (i < sk_X509_num(certstack) - 1) && - (GRSTx509IsCA(cert) != GRST_RET_OK)) usercert = cert; - /* found the 1st non-CA cert */ - } - - if (peercert != NULL) - { - if (usercert != NULL) /* found a (GSI proxy) cert after user cert */ - { - gsiproxycert = peercert; - ++delegation; - } - - if ((usercert == NULL) && - (GRSTx509IsCA(peercert) != GRST_RET_OK)) usercert = peercert; - /* found the 1st non-CA cert */ - } - - if ((usercert == NULL) /* if no usercert ("EEC"), we're not interested */ - || - (snprintf(credtemp, credlen+1, "X509USER %010lu %010lu %d %s", - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(usercert)),0), - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(usercert)),0), - delegation, - X509_NAME_oneline(X509_get_subject_name(usercert), NULL, 0)) >= credlen+1) - || - (*lastcred >= maxcreds-1)) - { - *lastcred = -1; /* just in case the caller looks at it */ - return GRST_RET_FAILED; /* tell caller that things didn't work out */ - } - - ++(*lastcred); - strcpy(&creds[*lastcred * (credlen + 1)], credtemp); - - if ((gsiproxycert != NULL) - && - (snprintf(credtemp, credlen+1, "GSIPROXY %010lu %010lu %d %s", - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(gsiproxycert)),0), - GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(gsiproxycert)),0), - delegation, - X509_NAME_oneline(X509_get_subject_name(gsiproxycert), NULL, 0)) < credlen+1) - && - (*lastcred < maxcreds-1)) - { - ++(*lastcred); - strcpy(&creds[*lastcred * (credlen + 1)], credtemp); - - GRSTx509GetVomsCreds(lastcred, maxcreds, credlen, creds, - usercert, certstack, vomsdir); - - } - - return GRST_RET_OK; -} - -/// Find proxy file name of the current user -/** - * Return a string with the proxy file name or NULL if not present. - * This function does not check if the proxy has expired. - */ - -char *GRSTx509FindProxyFileName(void) -{ - char *p; - - p = getenv("X509_USER_PROXY"); - - if (p != NULL) return strdup(p); - - p = malloc(sizeof("/tmp/x509up_uXYYYXXXYYY")); - - sprintf(p, "/tmp/x509up_u%d", getuid()); - - return p; -} - -static void mpcerror(FILE *debugfp, char *msg) -{ - if (debugfp != NULL) - { - fputs(msg, debugfp); - ERR_print_errors_fp(debugfp); - } -} - -/// Make a GSI Proxy chain from a request, certificate and private key -/** - * The proxy chain is returned in *proxychain. If debugfp is non-NULL, - * errors are output to that file pointer. The proxy will expired in - * the given number of minutes starting from the current time. - */ - -int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp, - char *reqtxt, char *cert, char *key, int minutes) -{ - char *ptr, *certchain; - int i, subjAltName_pos, ncerts; - long serial = 2796, ptrlen; - EVP_PKEY *pkey, *CApkey; - const EVP_MD *digest; - X509 *certs[GRST_MAX_CHAIN_LEN]; - X509_REQ *req; - X509_NAME *name, *CAsubject, *newsubject; - X509_NAME_ENTRY *ent; - X509V3_CTX ctx; - X509_EXTENSION *subjAltName; - STACK_OF (X509_EXTENSION) * req_exts; - FILE *fp; - BIO *reqmem, *certmem; - - /* read in the request */ - reqmem = BIO_new(BIO_s_mem()); - BIO_puts(reqmem, reqtxt); - - if (!(req = PEM_read_bio_X509_REQ(reqmem, NULL, NULL, NULL))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error reading request from BIO memory\n"); - BIO_free(reqmem); - return GRST_RET_FAILED; - } - - BIO_free(reqmem); - - /* verify signature on the request */ - if (!(pkey = X509_REQ_get_pubkey (req))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error getting public key from request\n"); - return GRST_RET_FAILED; - } - - if (X509_REQ_verify(req, pkey) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error verifying signature on certificate\n"); - return GRST_RET_FAILED; - } - - /* read in the signing certificate */ - if (!(fp = fopen(cert, "r"))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error opening signing certificate file\n"); - return GRST_RET_FAILED; - } - - for (ncerts = 1; ncerts < GRST_MAX_CHAIN_LEN; ++ncerts) - if (!(certs[ncerts] = PEM_read_X509(fp, NULL, NULL, NULL))) break; - - if (ncerts == 1) /* zeroth cert with be new proxy cert */ - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error reading signing certificate file\n"); - return GRST_RET_FAILED; - } - - fclose(fp); - - CAsubject = X509_get_subject_name(certs[1]); - - /* read in the CA private key */ - if (!(fp = fopen(key, "r"))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error reading signing private key file\n"); - return GRST_RET_FAILED; - } - - if (!(CApkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error reading signing private key in file\n"); - return GRST_RET_FAILED; - } - - fclose(fp); - - /* get subject name */ - if (!(name = X509_REQ_get_subject_name (req))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error getting subject name from request\n"); - return GRST_RET_FAILED; - } - - /* create new certificate */ - if (!(certs[0] = X509_new ())) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error creating X509 object\n"); - return GRST_RET_FAILED; - } - - /* set version number for the certificate (X509v3) and the serial number - need 3 = v4 for GSI proxy?? */ - if (X509_set_version (certs[0], 3L) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting certificate version\n"); - return GRST_RET_FAILED; - } - - ASN1_INTEGER_set (X509_get_serialNumber (certs[0]), serial++); - - if (!(name = X509_get_subject_name(certs[1]))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error getting subject name from CA certificate\n"); - return GRST_RET_FAILED; - } - - if (X509_set_issuer_name (certs[0], name) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting issuer name of certificate\n"); - return GRST_RET_FAILED; - } - - /* set issuer and subject name of the cert from the req and the CA */ - ent = X509_NAME_ENTRY_create_by_NID(NULL, OBJ_txt2nid("commonName"), - MBSTRING_ASC, "proxy", -1); - - newsubject = X509_NAME_dup(CAsubject); - - X509_NAME_add_entry(newsubject, ent, -1, 0); - - if (X509_set_subject_name(certs[0], newsubject) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting subject name of certificate\n"); - return GRST_RET_FAILED; - } - - /* set public key in the certificate */ - if (X509_set_pubkey(certs[0], pkey) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting public key of the certificate\n"); - return GRST_RET_FAILED; - } - -// need to set validity within limits of earlier certificates in the chain - - /* set duration for the certificate */ - if (!(X509_gmtime_adj (X509_get_notBefore(certs[0]), 0))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting beginning time of the certificate\n"); - return GRST_RET_FAILED; - } - - if (!(X509_gmtime_adj (X509_get_notAfter(certs[0]), 60 * minutes))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error setting ending time of the certificate\n"); - return GRST_RET_FAILED; - } - - /* sign the certificate with the signing private key */ - if (EVP_PKEY_type (CApkey->type) == EVP_PKEY_RSA) - digest = EVP_md5(); - else - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error checking signing private key for a valid digest\n"); - return GRST_RET_FAILED; - } - - if (!(X509_sign (certs[0], CApkey, digest))) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error signing certificate\n"); - return GRST_RET_FAILED; - } - - /* store the completed certificate chain */ - - certchain = strdup(""); - - for (i=0; i < ncerts; ++i) - { - certmem = BIO_new(BIO_s_mem()); - - if (PEM_write_bio_X509(certmem, certs[i]) != 1) - { - mpcerror(debugfp, - "GRSTx509MakeProxyCert(): error writing certificate to memory BIO\n"); - return GRST_RET_FAILED; - } - - ptrlen = BIO_get_mem_data(certmem, &ptr); - - certchain = realloc(certchain, strlen(certchain) + ptrlen + 1); - - strncat(certchain, ptr, ptrlen); - - BIO_free(certmem); - } - - *proxychain = certchain; - - return GRST_RET_OK; -} - -/// Find a proxy file in the proxy cache -/** - * Returns the full path and file name of proxy file associated - * with given delegation ID and user DN. - */ - -char *GRSTx509CachedProxyFind(char *proxydir, char *delegation_id, - char *user_dn) -/* - Return a pointer to a malloc'd string with the full path of the - proxy file corresponding to the given delegation_id, or NULL - if not found. -*/ -{ - int ret, len; - char *filename = NULL, *line, *p, *proxyfile = NULL; - DIR *proxyDIR; - FILE *fp; - struct dirent *ent; - struct stat entstat; - - if ((proxyDIR = opendir(proxydir)) == NULL) return NULL; - - len = strlen(delegation_id); - if (strlen(user_dn) > len) len = strlen(user_dn); - - if ((line = malloc(len + 2)) == NULL) return NULL; - - while ((ent = readdir(proxyDIR)) != NULL) - { - if (ent->d_name[0] != '.') /* private keys begin with . */ - { - if (asprintf(&filename, "%s/%s", proxydir, ent->d_name) == -1) - break; - if ((stat(filename, &entstat) != 0) - || !S_ISREG(entstat.st_mode)) - { - free(filename); - continue; - } - - fp = fopen(filename, "r"); - if (fp != NULL) - { - if (fgets(line, len + 2, fp) != NULL) - { - p = index(line, '\n'); - - if (p != NULL) - { - *p = '\0'; - if (strcmp(line, delegation_id) == 0) - { - if (fgets(line, len + 2, fp) != NULL) - { - p = index(line, '\n'); - - if (p != NULL) - { - *p = '\0'; - - if (strcmp(line, user_dn) == 0) - { - proxyfile = filename; - fclose(fp); - break; - } - } - } - } - } - } - - fclose(fp); - } - - free(filename); - } - } - - closedir(proxyDIR); - free(line); - - return proxyfile; -} - -/// Find a temporary proxy private key file in the proxy cache -/** - * Returns the full path and file name of the private key file associated - * with given delegation ID and user DN. - */ - -char *GRSTx509CachedProxyKeyFind(char *proxydir, char *delegation_id, - char *user_dn) -/* - Return a pointer to a malloc'd string with the full path of the - private proxy key corresponding to the given delegation_id, or NULL - if not found. -*/ -{ - int ret, len; - char *filename = NULL, *line, *p, *keyfile = NULL; - DIR *proxyDIR; - FILE *fp; - struct dirent *ent; - struct stat entstat; - - if ((proxyDIR = opendir(proxydir)) == NULL) return NULL; - - len = strlen(delegation_id); - if (strlen(user_dn) > len) len = strlen(user_dn); - - if ((line = malloc(len + 2)) == NULL) return NULL; - - while ((ent = readdir(proxyDIR)) != NULL) - { - if (ent->d_name[0] == '.') /* private keys begin with . */ - { - if (asprintf(&filename, "%s/%s", proxydir, ent->d_name) == -1) - break; - if ((stat(filename, &entstat) != 0) - || !S_ISREG(entstat.st_mode)) - { - free(filename); - continue; - } - - fp = fopen(filename, "r"); - if (fp != NULL) - { - if (fgets(line, len + 2, fp) != NULL) - { - p = index(line, '\n'); - - if (p != NULL) - { - *p = '\0'; - if (strcmp(line, delegation_id) == 0) - { - if (fgets(line, len + 2, fp) != NULL) - { - p = index(line, '\n'); - - if (p != NULL) - { - *p = '\0'; - - if (strcmp(line, user_dn) == 0) - { - keyfile = filename; - fclose(fp); - break; - } - } - } - } - } - } - - fclose(fp); - } - - free(filename); - } - } - - closedir(proxyDIR); - free(line); - - return keyfile; -} - -/// Make and store a X.509 request for a GSI proxy -/** - * Returns GRST_RET_OK on success, non-zero otherwise. Request string - * is PEM encoded, and the key is stored in proxydir as temporary file - * with a filename like .XXXXXX - */ - -int GRSTx509MakeProxyRequest(char **reqtxt, char *proxydir, - char *delegation_id, char *user_dn) -{ - int i, fd; - char *docroot, *reqfile, *prvkeyfile, *ptr; - size_t ptrlen; - FILE *fp; - RSA *keypair; - X509_NAME *subject; - X509_NAME_ENTRY *ent; - EVP_PKEY *pkey; - X509_REQ *certreq; - BIO *reqmem; - const EVP_MD *digest; - struct stat statbuf; - - if ((keypair = RSA_generate_key(GRST_KEYSIZE, 65537, NULL, NULL)) == NULL) - return 1; - asprintf(&prvkeyfile, "%s/.XXXXXX", proxydir); - - fd = mkstemp(prvkeyfile); - - if ((fp = fdopen(fd, "w")) == NULL) return 1; - - fprintf(fp, "%s\n%s\n", delegation_id, user_dn); - - if (!PEM_write_RSAPrivateKey(fp, keypair, NULL, NULL, 0, NULL, NULL)) - return 1; - - if (fclose(fp) != 0) return 1; - - /* now create the certificate request */ - - certreq = X509_REQ_new(); - if (certreq == NULL) return 1; - - OpenSSL_add_all_algorithms(); - - pkey = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(pkey, keypair); - - X509_REQ_set_pubkey(certreq, pkey); - - subject = X509_NAME_new(); - ent = X509_NAME_ENTRY_create_by_NID(NULL, OBJ_txt2nid("organizationName"), - MBSTRING_ASC, "Dummy", -1); - X509_NAME_add_entry (subject, ent, -1, 0); - X509_REQ_set_subject_name (certreq, subject); - - digest = EVP_md5(); - X509_REQ_sign(certreq, pkey, digest); - - reqmem = BIO_new(BIO_s_mem()); - PEM_write_bio_X509_REQ(reqmem, certreq); - ptrlen = BIO_get_mem_data(reqmem, &ptr); - - *reqtxt = malloc(ptrlen + 1); - memcpy(*reqtxt, ptr, ptrlen); - (*reqtxt)[ptrlen] = '\0'; - - BIO_free(reqmem); - - X509_REQ_free(certreq); - - return 0; -} - -/// Create a stack of X509 certificate from a PEM-encoded string -/** - * Creates a dynamically allocated stack of X509 certificate objects - * by walking through the PEM-encoded X509 certificates. - * - * Returns GRST_RET_OK on success, non-zero otherwise. - * - */ - -int GRSTx509StringToChain(STACK_OF(X509) **certstack, char *certstring) -{ - STACK_OF(X509_INFO) *sk=NULL; - BIO *certbio; - X509_INFO *xi; - - *certstack = sk_X509_new_null(); - if (*certstack == NULL) return GRST_RET_FAILED; - - certbio = BIO_new_mem_buf(certstring, -1); - - if (!(sk=PEM_X509_INFO_read_bio(certbio, NULL, NULL, NULL))) - { - BIO_free(certbio); - sk_X509_INFO_free(sk); - sk_X509_free(*certstack); - return GRST_RET_FAILED; - } - - while (sk_X509_INFO_num(sk)) - { - xi=sk_X509_INFO_shift(sk); - if (xi->x509 != NULL) - { - sk_X509_push(*certstack, xi->x509); - xi->x509=NULL; - } - X509_INFO_free(xi); - } - - if (!sk_X509_num(*certstack)) - { - BIO_free(certbio); - sk_X509_INFO_free(sk); - sk_X509_free(*certstack); - return GRST_RET_FAILED; - } - - BIO_free(certbio); - sk_X509_INFO_free(sk); - - return GRST_RET_OK; -} - -/// Return the short file name for the given delegation_id and user_dn -/** - * Returns a malloc'd string with the short file name (no paths) that - * derived from the hashed delegation_id and user_dn - * - * File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN - * is DER encoded version of user_dn with any trailing CN=proxy removed - * Hashes are the most significant 8 bytes, in lowercase hexadecimal. - */ - -char *GRSTx509MakeProxyFileName(char *delegation_id, - STACK_OF(X509) *certstack) -{ - int i, depth, prevIsCA = 1, IsCA, hash_name_len, delegation_id_len, - der_name_len; - unsigned char *der_name, *buf, hash_name[EVP_MAX_MD_SIZE], - hash_delegation_id[EVP_MAX_MD_SIZE], - filename[34]; - X509_NAME *subject_name; - X509 *cert; - const EVP_MD *m; - EVP_MD_CTX ctx; - - depth = sk_X509_num(certstack); - - for (i=depth-1; i >= 0; --i) - /* loop through the proxy chain starting at CA end */ - { - if (cert = sk_X509_value(certstack, i)) - { - IsCA = (GRSTx509IsCA(cert) == GRST_RET_OK); - - if (prevIsCA && !IsCA) /* the full certificate of the user */ - { - break; - } - } - } - - if (i < 0) return NULL; /* not found: something wrong with the chain */ - - if ((subject_name = X509_get_subject_name(cert)) == NULL) return NULL; - - der_name_len = i2d_X509_NAME(X509_get_subject_name(cert), NULL); - if (der_name_len == 0) return NULL; - - buf = OPENSSL_malloc(der_name_len); - der_name = buf; - - - if (!i2d_X509_NAME(X509_get_subject_name(cert), &der_name)) - { - OPENSSL_free(der_name); - return NULL; - } - - OpenSSL_add_all_digests(); - - m = EVP_sha1(); - if (m == NULL) - { - OPENSSL_free(der_name); - return NULL; - } - - - EVP_DigestInit(&ctx, m); - EVP_DigestUpdate(&ctx, delegation_id, strlen(delegation_id)); - EVP_DigestFinal(&ctx, hash_delegation_id, &delegation_id_len); - - /* lots of nasty hard coded numbers: - "8bytes/16chars delegation ID" + "-" + "8bytes/16chars DN" */ - - for (i=0; i <=7; ++i) - sprintf(&filename[i*2], "%02x", hash_delegation_id[i]); - - filename[16] = '-'; - - - - EVP_DigestInit(&ctx, m); - EVP_DigestUpdate(&ctx, buf, der_name_len); - EVP_DigestFinal(&ctx, hash_name, &hash_name_len); - - for (i=0; i <=7; ++i) - sprintf(&filename[17 + i*2], "%02x", hash_name[i]); - - return strdup(filename); -} - -/// Store a GSI proxy chain in the proxy cache, along with the private key -/** - * Returns GRST_RET_OK on success, non-zero otherwise. The existing - * private key with the same delegation ID and user DN is appended to - * make a valid proxy file, and the temporary private key file deleted. - */ - -int GRSTx509CacheProxy(char *proxydir, char *delegation_id, - char *user_dn, char *proxychain) -{ - int c, len = 0, i; - char *upcertfile, *upcertpath, *prvkeyfile, *p, *ptr; - FILE *ifp, *ofp; - STACK_OF(X509) *certstack; - BIO *certmem; - X509 *cert; - long ptrlen; - - prvkeyfile = GRSTx509CachedProxyKeyFind(proxydir, delegation_id, user_dn); - - if (prvkeyfile == NULL) - { - return GRST_RET_FAILED; - } - - if ((ifp = fopen(prvkeyfile, "r")) == NULL) - { - free(prvkeyfile); - return GRST_RET_FAILED; - } - -// fprintf(stderr, "\n\n\n\n PROXYCHAIN = \n %s", proxychain); - if (GRSTx509StringToChain(&certstack, proxychain) != GRST_RET_OK) - return GRST_RET_FAILED; - - upcertfile = GRSTx509MakeProxyFileName(delegation_id, certstack); - - if (upcertfile == NULL) - { - free(prvkeyfile); - sk_X509_free(certstack); - return GRST_RET_FAILED; - } - - asprintf(&upcertpath, "%s/%s", proxydir, upcertfile); - ofp = fopen(upcertpath, "w"); - chmod(upcertpath, S_IRUSR | S_IWUSR); - free(upcertpath); - - if (ofp == NULL) - { - fclose(ifp); - free(prvkeyfile); - free(upcertfile); - return GRST_RET_FAILED; - } - - fprintf(ofp, "%s\n%s\n", delegation_id, user_dn); - - /* write out the most recent proxy by itself */ - - if (cert = sk_X509_value(certstack, 0)) - { - certmem = BIO_new(BIO_s_mem()); - if (PEM_write_bio_X509(certmem, cert) == 1) - { - ptrlen = BIO_get_mem_data(certmem, &ptr); - fwrite(ptr, 1, ptrlen, ofp); - } - - BIO_free(certmem); - } - - /* insert proxy private key */ - - while ((c = fgetc(ifp)) != EOF) fputc(c, ofp); - unlink(prvkeyfile); - free(prvkeyfile); - - for (i=1; i <= sk_X509_num(certstack) - 1; ++i) - /* loop through the proxy chain starting at 2nd most recent proxy */ - { - if (cert = sk_X509_value(certstack, i)) - { - certmem = BIO_new(BIO_s_mem()); - if (PEM_write_bio_X509(certmem, cert) == 1) - { - ptrlen = BIO_get_mem_data(certmem, &ptr); - fwrite(ptr, 1, ptrlen, ofp); - } - - BIO_free(certmem); - } - } - - sk_X509_free(certstack); - free(upcertfile); - - if (fclose(ifp) != 0) return GRST_RET_FAILED; - if (fclose(ofp) != 0) return GRST_RET_FAILED; - -/* should also check validity of proxy cert to avoid suprises? */ - - return GRST_RET_OK; -} diff --git a/org.gridsite.core/src/grst_xacml.c b/org.gridsite.core/src/grst_xacml.c deleted file mode 100644 index c38424f..0000000 --- a/org.gridsite.core/src/grst_xacml.c +++ /dev/null @@ -1,577 +0,0 @@ -/* - Andrew McNab and Shiv Kaushal, University of Manchester. - Copyright (c) 2002-3. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/*------------------------------------------------------------------------* - * For more information about GridSite: http://www.gridpp.ac.uk/gridsite/ * - *------------------------------------------------------------------------*/ - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE -#endif -#include - -#include -#include -#include - -#include "gridsite.h" - -//#define XACML_DEBUG - -#ifdef XACML_DEBUG - #define XACML_DEBUG_FILE "/tmp/grstxacmldebug.out" -#endif - - -/* * - * Global variables, shared by all GACL functions by private to libgacl * - * */ - -extern char *grst_perm_syms[]; -extern GRSTgaclPerm grst_perm_vals[]; - - -FILE* debugfile; - -GRSTgaclAcl *GRSTgaclAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *); -GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr, xmlNodePtr, GRSTgaclAcl *); - -/* * - * Functions to read in XACML 1.1 compliant format ACL * - * Functions based on method for opening GACL format * - * */ - -// need to check these for libxml memory leaks? - what needs to be freed? - - -static GRSTgaclCred *GRSTxacmlCredParse(xmlNodePtr cur) -/* - GRSTxacmlCredParse - parse a credential stored in the libxml structure cur, - returning it as a pointer or NULL on error. -*/ -{ - xmlNodePtr attr_val; - xmlNodePtr attr_des; - GRSTgaclCred *cred; - - // cur points to or , loop done outside this function. - - if ( (xmlStrcmp(cur->name, (const xmlChar *) "AnySubject") == 0)) cred = GRSTgaclCredNew("any-user"); - - else{ - - attr_val=cur->xmlChildrenNode->xmlChildrenNode; - attr_des=attr_val->next; - - cred = GRSTgaclCredNew((char *) xmlNodeGetContent(attr_des->properties->children)); - - cred->firstname = NULL; - cred->next = NULL; - - //Assumed that there is only one name/value pair per credential - GRSTgaclCredAddValue(cred, (char *) xmlNodeGetContent(attr_des->properties->next->children), - (char *) xmlNodeGetContent(attr_val)); - } - - return cred; -} - -static GRSTgaclEntry *GRSTxacmlEntryParse(xmlNodePtr cur) -/* - GRSTxacmlEntryParse - parse an entry stored in the libxml structure cur, - returning it as a pointer or NULL on error. Also checks to see if the following - tag refers to the same by checking the of both -*/ -{ - int i, check=0; - xmlDocPtr doc=cur->doc; - xmlNodePtr cur2; - xmlNodePtr rule_root=cur; - GRSTgaclEntry *entry; - GRSTgaclCred *cred; - GRSTgaclPerm perm; - - - // Next line not needed as function only called if tag found - // if (xmlStrcmp(cur->name, (const xmlChar *) "Rule") != 0) return NULL; - // cur and rule_root point to the tag - - cur = cur->xmlChildrenNode->xmlChildrenNode; - // cur should now be pointing at tag -#ifdef XACML_DEBUG - fprintf (debugfile, "Starting to Parse Entry\n"); -#endif - entry = GRSTgaclEntryNew(); - - while (cur!=NULL){ - - if (xmlStrcmp(cur->name, (const xmlChar *) "Subjects") == 0){ -#ifdef XACML_DEBUG - fprintf (debugfile, "Starting to Parse Credentials\n"); -#endif - if (check==0){ - // cur still pointing at tag make cur2 point to and loop over them. - cur2=cur->xmlChildrenNode; - while (cur2!=NULL){ - if ( ((cred = GRSTxacmlCredParse(cur2)) != NULL) && (!GRSTgaclEntryAddCred(entry, cred))){ - GRSTgaclCredFree(cred); - GRSTgaclEntryFree(entry); - return NULL; - } - cur2=cur2->next; - } - } - } - - else if (xmlStrcmp(cur->name, (const xmlChar *) "Actions") == 0){ -#ifdef XACML_DEBUG - fprintf (debugfile, "Starting to Parse Permissions\n"); -#endif - if (xmlStrcmp(xmlNodeGetContent(rule_root->properties->next->children), (const xmlChar *) "Permit") == 0 ){ -#ifdef XACML_DEBUG - fprintf (debugfile, "\tPermit-ed actions: "); -#endif - for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) //cur2-> - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (xmlStrcmp(xmlNodeGetContent(cur2->xmlChildrenNode->xmlChildrenNode), (const xmlChar *) grst_perm_syms[i]) == 0) - { -#ifdef XACML_DEBUG - fprintf (debugfile, "%s ", grst_perm_syms[i]); -#endif - GRSTgaclEntryAllowPerm(entry, grst_perm_vals[i]); - } - } - - if (xmlStrcmp(xmlNodeGetContent(rule_root->properties->next->children), (const xmlChar *) "Deny") == 0 ) { -#ifdef XACML_DEBUG - fprintf (debugfile, "\tDeny-ed actions: "); -#endif - for (cur2 = cur->xmlChildrenNode; cur2 != NULL; cur2=cur2->next) //cur2-> - for (i=0; grst_perm_syms[i] != NULL; ++i) - if (xmlStrcmp(xmlNodeGetContent(cur2->xmlChildrenNode->xmlChildrenNode), (const xmlChar *) grst_perm_syms[i]) == 0) - { - -#ifdef XACML_DEBUG - fprintf (debugfile, "%s ", grst_perm_syms[i]); -#endif - GRSTgaclEntryDenyPerm(entry, grst_perm_vals[i]); - } - } - - } - else{ // I cannot parse this - give up rather than get it wrong -#ifdef XACML_DEBUG - fprintf (debugfile, "OOOPSIE\n"); -#endif - GRSTgaclEntryFree(entry); - return NULL; - } - - cur=cur->next; - - // Check if next Rule should be included when end of current rule reached - // If RuleId are from the same entry (eg Entry1A and Entry1D) - // make cur point to the next Rule's tag - if (cur==NULL) - if (check==0) - if (rule_root->next!=NULL) - if ( strncmp(xmlNodeGetContent(rule_root->properties->children), // RuleId of this Rule - xmlNodeGetContent(rule_root->next->properties->children), // RuleId of next Rule - 6) == 0){ -#ifdef XACML_DEBUG - fprintf (debugfile, "End of perms and creds, next is %s \n", xmlNodeGetContent(rule_root->next->properties->children)); -#endif - rule_root=rule_root->next; - cur=rule_root->xmlChildrenNode->xmlChildrenNode; -#ifdef XACML_DEBUG - fprintf (debugfile, "skipped to <%s> tag of next Rule\n", cur->name); -#endif - check++; - } - } - - return entry; -} - -GRSTgaclAcl *GRSTxacmlAclLoadFile(char *filename) -{ -xmlDocPtr doc; - xmlNodePtr cur; - GRSTgaclAcl *acl; - - doc = xmlParseFile(filename); - if (doc == NULL) return NULL; - - cur = xmlDocGetRootElement(doc); - if (cur == NULL) return NULL; - - if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy")) { acl=GRSTxacmlAclParse(doc, cur, acl);} - else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl")) {acl=GRSTgaclAclParse(doc, cur, acl);} - else /* ACL format not recognised */ - { - free(doc); - free(cur); - return NULL; - } - - xmlFreeDoc(doc); - return acl; -} - -GRSTgaclAcl *GRSTxacmlAclParse(xmlDocPtr doc, xmlNodePtr cur, GRSTgaclAcl *acl) -{ - GRSTgaclEntry *entry; - - #ifdef XACML_DEBUG - debugfile=fopen(XACML_DEBUG_FILE, "w"); - fprintf (debugfile, "ACL loaded..\n"); - fprintf (debugfile, "Parsing XACML\n"); - #endif - - // Have an XACML policy file. - // Skip tag and set cur to first tag - cur = cur->xmlChildrenNode->next; - - acl = GRSTgaclAclNew(); - - while (cur != NULL){ - - if ( !xmlStrcmp(cur->name, (const xmlChar *)"Rule") ) - { // IF statement not needed? - #ifdef XACML_DEBUG - fprintf (debugfile, "Rule %s found\n", xmlNodeGetContent(cur->properties->children) ); - fprintf (debugfile, "Parsing Entry for this rule\n"); - #endif - entry = GRSTxacmlEntryParse(cur); - - if (entry == NULL) - { - GRSTgaclAclFree(acl); - xmlFreeDoc(doc); - return NULL; - } - else GRSTgaclAclAddEntry(acl, entry); - - #ifdef XACML_DEBUG - fprintf (debugfile, "Entry read in\n\n"); - #endif - } - - // If the current and next Rules are part of the same entry then advance two Rules - // If not then advance 1 - if (cur->next != NULL) - { - if ( strncmp(xmlNodeGetContent(cur->properties->children), // RuleId of this Rule - xmlNodeGetContent(cur->next->properties->children), // RuleId of next Rule - 6) == 0) - { - #ifdef XACML_DEBUG - fprintf (debugfile, "skipping next rule %s, should have been caught previously\n\n", xmlNodeGetContent(cur->next->properties->children) ); - #endif - cur=cur->next; - } // Check first 6 characters i.e. Entry1**/ - } - - cur=cur->next; - - } - - #ifdef XACML_DEBUG - fprintf (debugfile, "Finished loading ACL - Fanfare!\n"); - fclose(debugfile); - #endif - - return acl; -} - - -int GRSTxacmlFileIsAcl(char *pathandfile) -/* Return 1 if filename in *pathandfile starts GRST_ACL_FILE - Return 0 otherwise. */ -{ - char *filename; - - filename = rindex(pathandfile, '/'); - if (filename == NULL) filename = pathandfile; - else filename++; - - return (strncmp(filename, GRST_ACL_FILE, sizeof(GRST_ACL_FILE) - 1) == 0); -} - -char *GRSTxacmlFileFindAclname(char *pathandfile) -/* Return malloc()ed ACL filename that governs the given file or directory - (for directories, the ACL file is in the directory itself), or NULL if none - can be found. */ -{ - char *path, *p; - struct stat statbuf; - - path = malloc(strlen(pathandfile) + sizeof(GRST_ACL_FILE) + 1); - strcpy(path, pathandfile); - - if (stat(path, &statbuf) == 0) - { - if (!S_ISDIR(statbuf.st_mode)) /* can strip this / off straightaway */ - { - p = rindex(path, '/'); - if (p != NULL) *p = '\0'; - } - } - - while (path[0] != '\0') - { - strcat(path, "/"); - strcat(path, GRST_ACL_FILE); - - if (stat(path, &statbuf) == 0) return path; - - p = rindex(path, '/'); - *p = '\0'; /* strip off the / we added for ACL */ - - p = rindex(path, '/'); - if (p == NULL) break; /* must start without / and we there now ??? */ - - *p = '\0'; /* strip off another layer of / */ - } - - free(path); - return NULL; -} - -GRSTgaclAcl *GRSTxacmlAclLoadforFile(char *pathandfile) -/* Return ACL that governs the given file or directory (for directories, - the ACL file is in the directory itself.) */ -{ - char *path; - GRSTgaclAcl *acl; - - path = GRSTxacmlFileFindAclname(pathandfile); - - if (path != NULL) - { - acl = GRSTxacmlAclLoadFile(path); - free(path); - return acl; - } - - return NULL; -} - - - -/* * - * Functions to save ACL in XACML 1.1 compliant format * - * Functions based on method for saving to GACL format * - * */ - - -int GRSTxacmlCredPrint(GRSTgaclCred *cred, FILE *fp) -/* - GRSTxacmlCredPrint - print a credential and any name-value pairs is contains in XACML form -*/ -{ - char *q; - GRSTgaclNamevalue *p; - - if (cred->firstname != NULL) - { - - p = cred->firstname; - - do { - - fputs("\t\t\t\t\n", fp); - fputs("\t\t\t\t\t\n", fp); - fputs("\t\t\t\t\t\t", fp); - for (q=p->value; *q != '\0'; ++q) - if (*q == '<') fputs("<", fp); - else if (*q == '>') fputs(">", fp); - else if (*q == '&') fputs("&" , fp); - else if (*q == '\'') fputs("'", fp); - else if (*q == '"') fputs(""", fp); - else fputc(*q, fp); - - - fputs("\n", fp); - - fputs("\t\t\t\t\t\ttype); - fputs("\t\t\t\t\t\t\tDataType=", fp); - fprintf(fp, "\"%s\"/>\n", p->name); - fputs("\t\t\t\t\t\n", fp); - fputs("\t\t\t\t\n", fp); - p = (GRSTgaclNamevalue *) p->next; - } while (p != NULL); - - } - else fputs("\t\t\t\t\n", fp); - - return 1; -} - - -int GRSTxacmlEntryPrint(GRSTgaclEntry *entry, FILE *fp, int rule_number) -{ - GRSTgaclCred *cred; - GRSTgaclPerm i; - - if (entry->allowed){ - - fprintf(fp, "\t\n", rule_number); - fputs("\t\t\n", fp); - fputs("\t\t\t\n", fp); - - for (cred = entry->firstcred; cred != NULL; cred = cred->next) - GRSTxacmlCredPrint(cred, fp); - - fputs("\t\t\t\n", fp); - fputs("\t\t\t\n", fp); - - for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i) - if ((entry->allowed) & i) GRSTxacmlPermPrint(i, fp); - - fputs("\t\t\t\n", fp); - fputs("\t\t\n", fp); - fputs("\t\n", fp); - } - - if (entry->denied){ - - fprintf(fp, "\t\n", rule_number); - fputs("\t\t\n", fp); - fputs("\t\t\t\n", fp); - - for (cred = entry->firstcred; cred != NULL; cred = cred->next) - GRSTxacmlCredPrint(cred, fp); - - fputs("\t\t\t\n", fp); - fputs("\t\t\t\n", fp); - - for (i=GRST_PERM_READ; i <= GRST_PERM_ADMIN; ++i) - if (entry->denied & i) GRSTxacmlPermPrint(i, fp); - - fputs("\t\t\t\n", fp); - fputs("\t\t\n", fp); - fputs("\t\n", fp); - } - return 1; -} - - -int GRSTxacmlPermPrint(GRSTgaclPerm perm, FILE *fp) -{ - GRSTgaclPerm i; - - for (i=GRST_PERM_READ; grst_perm_syms[i] != NULL; ++i) - if (perm == grst_perm_vals[i]) - { - - fputs("\t\t\t\t\n", fp); - fputs("\t\t\t\t\t\n", fp); - fputs("\t\t\t\t\t\t", fp); - fprintf(fp, "%s", grst_perm_syms[i]); - fputs("\n", fp); - fputs("\t\t\t\t\t\t\n", fp); - fputs("\t\t\t\t\t\n", fp); - fputs("\t\t\t\t\n",fp); - - return 1; - } - - return 0; -} - -int GRSTxacmlAclPrint(GRSTgaclAcl *acl, FILE *fp, char* dir_uri) -{ - GRSTgaclEntry *entry; - int rule_number=1; - - fputs("\n\n", fp); - - fputs("\t\n\t\t\n\t\t\t\n", fp); - fputs("\t\t\t\t\n", fp); - fputs("\t\t\t\t\t", fp); - fprintf(fp, "%s", dir_uri); - fputs("\n", fp); - fputs("\t\t\t\t\t\n", fp); - - fputs("\t\t\t\t\n\t\t\t\n\t\t\n\t\t\n\t\t\t\n\t\t", fp); - fputs("\n\t\t\n\t\t\t\n\t\t\n\t\n\n", fp); - - for (entry = acl->firstentry; entry != NULL; entry = entry->next){ - - GRSTxacmlEntryPrint(entry, fp, rule_number); - rule_number++; - } - - fputs("\n", fp); - - return 1; -} - -int GRSTxacmlAclSave(GRSTgaclAcl *acl, char *filename, char* dir_uri) -{ - int ret; - FILE *fp; - - fp = fopen(filename, "w"); - if (fp == NULL) return 0; - - fprintf(fp,"\n"); - - ret = GRSTxacmlAclPrint(acl, fp, dir_uri); - - fclose(fp); - - return ret; -} - - - - diff --git a/org.gridsite.core/src/gsexec.c b/org.gridsite.core/src/gsexec.c deleted file mode 100644 index 4278c77..0000000 --- a/org.gridsite.core/src/gsexec.c +++ /dev/null @@ -1,1104 +0,0 @@ -/* Copyright 1999-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * suexec.c -- "Wrapper" support program for suEXEC behaviour for Apache - * - *********************************************************************** - * - * NOTE! : DO NOT edit this code!!! Unless you know what you are doing, - * editing this code might open up your system in unexpected - * ways to would-be crackers. Every precaution has been taken - * to make this code as safe as possible; alter it at your own - * risk. - * - *********************************************************************** - * - * - */ - -#include "apr.h" -#include "apr_file_io.h" -#include "ap_config.h" -#include "gsexec.h" - -#include -#include -#include -#include -#include -#if APR_HAVE_UNISTD_H -#include -#endif - -#include -#include -#include - -#ifdef HAVE_PWD_H -#include -#endif - -#ifdef HAVE_GRP_H -#include -#endif - -/* - *********************************************************************** - * There is no initgroups() in QNX, so I believe this is safe :-) - * Use cc -osuexec -3 -O -mf -DQNX suexec.c to compile. - * - * May 17, 1997. - * Igor N. Kovalenko -- infoh mail.wplus.net - *********************************************************************** - */ - -#if defined(NEED_INITGROUPS) -int initgroups(const char *name, gid_t basegid) -{ - /* QNX and MPE do not appear to support supplementary groups. */ - return 0; -} -#endif - -#if defined(SUNOS4) -extern char *sys_errlist[]; -#define strerror(x) sys_errlist[(x)] -#endif - -#if defined(PATH_MAX) -#define AP_MAXPATH PATH_MAX -#elif defined(MAXPATHLEN) -#define AP_MAXPATH MAXPATHLEN -#else -#define AP_MAXPATH 8192 -#endif - -#define AP_ENVBUF 256 - -extern char **environ; -static FILE *log = NULL; - -char *safe_env_lst[] = -{ - /* variable name starts with */ - "HTTP_", - "SSL_", - "GRST_", - - /* variable name is */ - "AUTH_TYPE=", - "CONTENT_LENGTH=", - "CONTENT_TYPE=", - "DATE_GMT=", - "DATE_LOCAL=", - "DOCUMENT_NAME=", - "DOCUMENT_PATH_INFO=", - "DOCUMENT_ROOT=", - "DOCUMENT_URI=", - "GATEWAY_INTERFACE=", - "HTTPS=", - "LAST_MODIFIED=", - "PATH_INFO=", - "PATH_TRANSLATED=", - "QUERY_STRING=", - "QUERY_STRING_UNESCAPED=", - "REMOTE_ADDR=", - "REMOTE_HOST=", - "REMOTE_IDENT=", - "REMOTE_PORT=", - "REMOTE_USER=", - "REDIRECT_HANDLER=", - "REDIRECT_QUERY_STRING=", - "REDIRECT_REMOTE_USER=", - "REDIRECT_STATUS=", - "REDIRECT_URL=", - "REQUEST_METHOD=", - "REQUEST_URI=", - "SCRIPT_FILENAME=", - "SCRIPT_NAME=", - "SCRIPT_URI=", - "SCRIPT_URL=", - "SERVER_ADMIN=", - "SERVER_NAME=", - "SERVER_ADDR=", - "SERVER_PORT=", - "SERVER_PROTOCOL=", - "SERVER_SIGNATURE=", - "SERVER_SOFTWARE=", - "UNIQUE_ID=", - "USER_NAME=", - "TZ=", - NULL -}; - - -static void err_output(int is_error, const char *fmt, va_list ap) -{ -#ifdef AP_LOG_EXEC - time_t timevar; - struct tm *lt; - - if (!log) { - if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) { - fprintf(stderr, "suexec failure: could not open log file\n"); - perror("fopen"); - exit(1); - } - } - - if (is_error) { - fprintf(stderr, "suexec policy violation: see suexec log for more " - "details\n"); - } - - time(&timevar); - lt = localtime(&timevar); - - fprintf(log, "[%d-%.2d-%.2d %.2d:%.2d:%.2d]: ", - lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, - lt->tm_hour, lt->tm_min, lt->tm_sec); - - vfprintf(log, fmt, ap); - - fflush(log); -#endif /* AP_LOG_EXEC */ - return; -} - -static void log_err(const char *fmt,...) -{ -#ifdef AP_LOG_EXEC - va_list ap; - - va_start(ap, fmt); - err_output(1, fmt, ap); /* 1 == is_error */ - va_end(ap); -#endif /* AP_LOG_EXEC */ - return; -} - -static void log_no_err(const char *fmt,...) -{ -#ifdef AP_LOG_EXEC - va_list ap; - - va_start(ap, fmt); - err_output(0, fmt, ap); /* 0 == !is_error */ - va_end(ap); -#endif /* AP_LOG_EXEC */ - return; -} - -static void clean_env(void) -{ - char pathbuf[512]; - char **cleanenv; - char **ep; - int cidx = 0; - int idx; - - /* While cleaning the environment, the environment should be clean. - * (e.g. malloc() may get the name of a file for writing debugging info. - * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd. Sprintf() may be - * susceptible to bad locale settings....) - * (from PR 2790) - */ - char **envp = environ; - char *empty_ptr = NULL; - - environ = &empty_ptr; /* VERY safe environment */ - - if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) { - log_err("failed to malloc memory for environment\n"); - exit(120); - } - - sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH); - cleanenv[cidx] = strdup(pathbuf); - cidx++; - - for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) { - for (idx = 0; safe_env_lst[idx]; idx++) { - if (!strncmp(*ep, safe_env_lst[idx], - strlen(safe_env_lst[idx]))) { - cleanenv[cidx] = *ep; - cidx++; - break; - } - } - } - - cleanenv[cidx] = NULL; - - environ = cleanenv; -} - -/* Pool account functions */ - - -#include -#include -#include -#include -#include -#include -#include - -/****************************************************************************** -Function: mapdir_otherlink -Description: - find another link in map directory to the same inode as firstlink - and change the modification time of firstlink to now (so that we - always know when this pair was last used) - -Parameters: - firstlink, the filename of the link we already know - -Returns: - a pointer to the other link's filename (without path) or NULL if none - found (this is malloc'd and will need freeing) - -******************************************************************************/ -static char *mapdir_otherlink(char *mapdir, char *firstlink) -{ - int ret; - char *firstlinkpath, *otherlinkdup, *otherlinkpath; - struct dirent *mapdirentry; - DIR *mapdirstream; - struct stat statbuf; - ino_t firstinode; - - firstlinkpath = malloc(strlen(mapdir) + 2 + strlen(firstlink)); - sprintf(firstlinkpath, "%s/%s", mapdir, firstlink); - ret = stat(firstlinkpath, &statbuf); - free(firstlinkpath); - if (ret != 0) return NULL; - if (statbuf.st_nlink != 2) return NULL; - - firstinode = statbuf.st_ino; /* save for comparisons */ - - mapdirstream = opendir(mapdir); - - if (mapdirstream != NULL) - { - while ((mapdirentry = readdir(mapdirstream)) != NULL) - { - if (strcmp(mapdirentry->d_name, firstlink) == 0) continue; - - otherlinkpath = malloc(strlen(mapdir) + 2 + - strlen(mapdirentry->d_name)); - sprintf(otherlinkpath, "%s/%s", mapdir, - mapdirentry->d_name); - - ret = stat(otherlinkpath, &statbuf); - if ((ret == 0) && (statbuf.st_ino == firstinode)) - { - utime(otherlinkpath, (struct utimbuf *) NULL); - free(otherlinkpath); - otherlinkdup = strdup(mapdirentry->d_name); - closedir(mapdirstream); - return otherlinkdup; - } - else free(otherlinkpath); - } - - closedir(mapdirstream); - } - - return NULL; -} - -/****************************************************************************** -Function: mapdir_urlencode -Description: - Convert string to URL encoded and return pointer to the encoded - version, obtained through malloc. Calling routine must free - this. Here "URL encoded" means anything other than an isalnum() - goes to %HH where HH is its ascii value in hex; also A-Z => a-z - This name is suitable for filenames since no / or spaces. - -Parameters: - rawstring, the string to be converted - -Returns: - a pointer to the encoded string or NULL if the malloc failed - -******************************************************************************/ -static char *mapdir_urlencode(char *rawstring) -{ - int encodedchar = 0, rawchar = 0; - char * encodedstring; - - encodedstring = (char *) malloc(3 * strlen(rawstring) + 1); - - if (encodedstring == NULL) return (char *) NULL; - - while (rawstring[rawchar] != '\0') - { - if (isalnum(rawstring[rawchar])) - { - encodedstring[encodedchar] = tolower(rawstring[rawchar]); - ++rawchar; - ++encodedchar; - } - else - { - sprintf(&encodedstring[encodedchar], "%%%02x", - rawstring[rawchar]); - ++rawchar; - encodedchar = encodedchar + 3; - } - } - - encodedstring[encodedchar] = '\0'; - - return encodedstring; -} - -/****************************************************************************** -Function: mapdir_newlease -Description: - Search for an unleased local username to give to the X.509 DN or - directory key corresponding to encodedfilename, and then lease it. - -Parameters: - encodedfilename, URL-encoded X.509 DN or directory key to associate - with an unlease pool username - -Returns: - no return value -******************************************************************************/ - -void mapdir_newlease(char *mapdir, char *encodedkey) -{ - int ret; - char *userfilename, *encodedfilename; - struct dirent *mapdirentry; - DIR *mapdirstream; - struct stat statbuf; - - encodedfilename = malloc(strlen(mapdir) + (size_t) 2 + - strlen(encodedkey)); - sprintf(encodedfilename, "%s/%s", mapdir, encodedkey); - - mapdirstream = opendir(mapdir); - - while ((mapdirentry = readdir(mapdirstream)) != NULL) - { - /* we dont want any files that dont look like acceptable usernames */ - if ((*(mapdirentry->d_name) == '%') || - (strcmp(mapdirentry->d_name, "root") == 0)) continue; - else if (*(mapdirentry->d_name) == '.') continue; - else if (index(mapdirentry->d_name, '~') != NULL) continue; - - userfilename = malloc(strlen(mapdir) + (size_t) 2 + - strlen(mapdirentry->d_name)); - sprintf(userfilename, "%s/%s", mapdir, mapdirentry->d_name); - stat(userfilename, &statbuf); - - if (statbuf.st_nlink == 1) /* this one isnt leased yet */ - { - ret = link(userfilename, encodedfilename); - free(userfilename); - if (ret != 0) - { - /* link failed: this is probably because a VERY lucky - other process has obtained a lease for encodedfilename - while we were faffing around */ - closedir(mapdirstream); - free(encodedfilename); - return; - } - - stat(encodedfilename, &statbuf); - if (statbuf.st_nlink > 2) - { - /* two keys have grabbed the same username: back off */ - unlink(encodedfilename); - continue; - } - - closedir(mapdirstream); - free(encodedfilename); - return; /* link worked ok, so return */ - } - else free(userfilename); /* already in use, try next one */ - } - - closedir(mapdirstream); - free(encodedfilename); - return; /* no unleased names left: give up */ -} - -/****************************************************************************** -Based on gridmapdir_userid: - -Function: gridmapdir_userid -Description: - This is equivalent to globus_gss_assist_gridmap but for the dynamic - user ids in the gridmapdir: maps a globusID to a local unix user id, - either one already leased, or calls gridmapdir_newlease() to obtain - a new lease. This is called by globus_gss_assist_gridmap if the - local user id in the static gridmap file begins . (for a dynamic id) - -Parameters: - globusidp, globus client name who requested authentication - usernameprefix, prefix of the local usernames which would - be acceptable (or "\0" ) - *userid returned userid name for local system. - -Returns: - - 0 on success - !=0 on failure - -******************************************************************************/ - - - -int GRSTexecGetMapping(char **target_uname, char **target_gname, - char *mapdir, char *key) -{ - char *encodedkey; - struct passwd *pw = NULL; - - if (key[0] != '/') return 1; /* must be a proper X.509 DN or path */ - - encodedkey = mapdir_urlencode(key); - *target_uname = mapdir_otherlink(mapdir, encodedkey); - - if (*target_uname == NULL) /* maybe no lease yet */ - { - mapdir_newlease(mapdir, encodedkey); - /* try making a lease */ - - *target_uname = mapdir_otherlink(mapdir, encodedkey); - /* check if there is a now a lease - possibly made by someone else */ - - if (*target_uname == NULL) - { - free(encodedkey); - return 1; /* still no good */ - } - } - - free(encodedkey); - - /* - * Get the group name of target user. - (Contributed by Gerben Venekamp venekamp@nikhef.nl ) - */ - - if ((pw = getpwnam(*target_uname)) != NULL) - { - struct group grp = { NULL, NULL, -1, NULL }; - struct group *tst = NULL; - char tmp_buf[100]; - - /* - * NOTE: Do not use the getgrgid() function call! Calling this function - * will overwrite the contents of the internal buffer associated with - * this call. Hence, further down the execution path we will run into - * a wall, head first; simply because the guid has changed to that of - * the targer uid. The only solution out of the situation is avoiding - * the function call and manage the needed buffers ourselves. - */ - - switch (getgrgid_r(pw->pw_gid, &grp, tmp_buf, sizeof(tmp_buf), &tst)) - { - case 0: /* no error */ - *target_gname = strdup(grp.gr_name); - break; - case ERANGE: - log_err("The buffer for holding strings is too small " - "(%d byte now)\n", sizeof(tmp_buf)); - break; - default: - log_err("Could not get group name for user (%s)\n", - *target_uname); - } - - /* Test if all was well. */ - - if (target_gname == NULL) - { - exit(102); - } - } - else - { - log_err("Could not get info for the target user (%s)\n",*target_uname); - exit(102); - } - - log_no_err("target group name determined (%s -> %s)\n", - *target_uname, *target_gname); - - return 0; -} - -void internal_server_error(void) -{ - /* use this when its probably an httpd.conf configuration error */ - - puts("Status: 500 Internal Server Error\n" - "Content-Type: text/html\n\n" - "500 Internal Server Error\n" - "

Internal Server Error

"); -} - -void forbidden_error(void) -{ - /* use this when unix file permissions/ownerships are probably wrong */ - - puts("Status: 403 Forbidden\n" - "Content-Type: text/html\n\n" - "403 Forbidden\n" - "

Forbidden

"); -} - -int main(int argc, char *argv[]) -{ - int userdir = 0; /* ~userdir flag */ - uid_t uid; /* user information */ - gid_t gid; /* target group placeholder */ - uid_t httpd_uid; /* uid for AP_HTTPD_USER */ - gid_t httpd_gid; /* uid for AP_HTTPD_GROUP */ - char *mapping_type; /* suexec / X509DN / directory */ - char *grst_cred_0; /* GRST_CRED_0 */ - char *map_x509dn; /* DN to use as pool acct. key */ - char *map_directory; /* directory as pool acct. key */ - - char *diskmode_env; /* GRST_DISK_MODE as a string */ - apr_fileperms_t diskmode_apr; /* GRST_DISK_MODE as Apache perms */ - mode_t diskmode_t; /* GRST_DISK_MODE as mode_t */ - - char *target_uname; /* target user name */ - char *target_gname; /* target group name */ - char *target_homedir; /* target home directory */ - char *actual_uname; /* actual user name */ - char *actual_gname; /* actual group name */ - char *prog; /* name of this program */ - char *cmd; /* command to be executed */ - char cwd[AP_MAXPATH]; /* current working directory */ - char dwd[AP_MAXPATH]; /* docroot working directory */ - struct passwd *pw; /* password entry holder */ - struct group *gr; /* group entry holder */ - struct stat dir_info; /* directory info holder */ - struct stat prg_info; /* program info holder */ - - /* - * Start with a "clean" environment - */ - clean_env(); - - prog = argv[0]; - /* - * Check existence/validity of the UID of the user - * running this program. Error out if invalid. - */ - uid = getuid(); - if ((pw = getpwuid(uid)) == NULL) { - log_err("crit: invalid uid: (%ld)\n", uid); - internal_server_error(); - exit(102); - } - /* - * Check existence/validity of the GID of the user - * running this program. Error out if invalid. - */ - gid = getgid(); - if ((gr = getgrgid(gid)) == NULL) { - log_err("crit: invalid gid: (%ld)\n", gid); - internal_server_error(); - exit(102); - } - /* - * See if this is a 'how were you compiled' request, and - * comply if so. - */ - if ((argc > 1) - && (! strcmp(argv[1], "-V")) - && ((uid == 0) -#ifdef _OSD_POSIX - /* User name comparisons are case insensitive on BS2000/OSD */ - || (! strcasecmp(AP_HTTPD_USER, pw->pw_name))) -#else /* _OSD_POSIX */ - || (! strcmp(AP_HTTPD_USER, pw->pw_name))) -#endif /* _OSD_POSIX */ - ) { -#ifdef AP_DOC_ROOT - fprintf(stderr, " -D AP_DOC_ROOT=\"%s\"\n", AP_DOC_ROOT); -#endif -#ifdef AP_GID_MIN - fprintf(stderr, " -D AP_GID_MIN=%d\n", AP_GID_MIN); -#endif -#ifdef AP_HTTPD_USER - fprintf(stderr, " -D AP_HTTPD_USER=\"%s\"\n", AP_HTTPD_USER); -#endif -#ifdef AP_LOG_EXEC - fprintf(stderr, " -D AP_LOG_EXEC=\"%s\"\n", AP_LOG_EXEC); -#endif -#ifdef AP_SAFE_PATH - fprintf(stderr, " -D AP_SAFE_PATH=\"%s\"\n", AP_SAFE_PATH); -#endif -#ifdef AP_SUEXEC_UMASK - fprintf(stderr, " -D AP_SUEXEC_UMASK=%03o\n", AP_SUEXEC_UMASK); -#endif -#ifdef AP_UID_MIN - fprintf(stderr, " -D AP_UID_MIN=%d\n", AP_UID_MIN); -#endif -#ifdef AP_USERDIR_SUFFIX - fprintf(stderr, " -D AP_USERDIR_SUFFIX=\"%s\"\n", AP_USERDIR_SUFFIX); -#endif - exit(0); - } - /* - * If there are a proper number of arguments, set - * all of them to variables. Otherwise, error out. - */ - if (argc < 4) { - log_err("too few arguments\n"); - internal_server_error(); - exit(101); - } - - mapping_type = getenv("GRST_EXEC_METHOD"); - if ((mapping_type == NULL) || - (mapping_type[0] == '\0') || - (strcasecmp(mapping_type, "suexec") == 0)) - { - target_uname = argv[1]; - target_gname = argv[2]; - mapping_type = NULL; - } - else if (strcasecmp(mapping_type, "X509DN") == 0) - { - if ((grst_cred_0 = getenv("GRST_CRED_0")) == NULL) - map_x509dn = getenv("SSL_CLIENT_S_DN"); - else map_x509dn = index(grst_cred_0, '/'); - - if ((map_x509dn == NULL) || (map_x509dn[0] == '\0')) - { - log_err("No GRST_CRED_0/SSL_CLIENT_S_DN despite X509DN mapping\n"); - forbidden_error(); - exit(151); - } - - if (GRSTexecGetMapping(&target_uname, &target_gname, - GRST_EXECMAPDIR, map_x509dn) - != 0) - { - log_err("GRSTexecGetMapping() failed mapping \"%s\"\n", - map_x509dn); - forbidden_error(); - exit(152); - } - } - else if (strcasecmp(mapping_type, "directory") == 0) - { - map_directory = getenv("GRST_EXEC_DIRECTORY"); - if (map_directory == NULL) - { - log_err("No GRST_EXEC_DIRECTORY despite directory mapping\n"); - internal_server_error(); - exit(153); - } - - if (GRSTexecGetMapping(&target_uname, &target_gname, - GRST_EXECMAPDIR, map_directory) - != 0) - { - log_err("GRSTexecGetMapping() failed mapping \"%s\"\n", - map_directory); - internal_server_error(); - exit(154); - } - } - else - { - log_err("mapping type \"%s\" not recognised\n", mapping_type); - internal_server_error(); - exit(155); - } - - cmd = argv[3]; - - /* - * Check to see if the user running this program - * is the user allowed to do so as defined in - * suexec.h. If not the allowed user, error out. - */ -#ifdef _OSD_POSIX - /* User name comparisons are case insensitive on BS2000/OSD */ - if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) { - log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); - internal_server_error(); - exit(103); - } - /* User name comparisons are case insensitive on BS2000/OSD */ - if (strcasecmp(AP_HTTPD_GROUP, gr->gr_name)) { - log_err("group mismatch (%s instead of %s)\n", gr->gr_name, AP_HTTPD_GROUP); - internal_server_error(); - exit(103); - } -#else /*_OSD_POSIX*/ - if (strcmp(AP_HTTPD_USER, pw->pw_name)) { - log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER); - internal_server_error(); - exit(103); - } - if (strcmp(AP_HTTPD_GROUP, gr->gr_name)) { - log_err("group mismatch (%s instead of %s)\n", gr->gr_name, AP_HTTPD_GROUP); - internal_server_error(); - exit(103); - } -#endif /*_OSD_POSIX*/ - - /* Since they match (via name) save these for later */ - - httpd_uid = uid; - httpd_gid = gid; - - /* - * Check for a leading '/' (absolute path) in the command to be executed, - * or attempts to back up out of the current directory, - * to protect against attacks. If any are - * found, error out. Naughty naughty crackers. - */ - if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3)) - || (strstr(cmd, "/../") != NULL)) { - log_err("invalid command (%s)\n", cmd); - internal_server_error(); - exit(104); - } - - /* - * Check to see if this is a ~userdir request. If - * so, set the flag, and remove the '~' from the - * target username. - */ - if (!strncmp("~", target_uname, 1)) { - target_uname++; - userdir = 1; - } - - /* - * Error out if the target username is invalid. - */ - if (strspn(target_uname, "1234567890") != strlen(target_uname)) { - if ((pw = getpwnam(target_uname)) == NULL) { - log_err("invalid target user name: (%s)\n", target_uname); - internal_server_error(); - exit(105); - } - } - else { - if ((pw = getpwuid(atoi(target_uname))) == NULL) { - log_err("invalid target user id: (%s)\n", target_uname); - internal_server_error(); - exit(121); - } - } - - /* - * Error out if the target group name is invalid. - */ - if (strspn(target_gname, "1234567890") != strlen(target_gname)) { - if ((gr = getgrnam(target_gname)) == NULL) { - log_err("invalid target group name: (%s)\n", target_gname); - internal_server_error(); - exit(106); - } - gid = gr->gr_gid; - actual_gname = strdup(gr->gr_name); - } - else { - gid = atoi(target_gname); - actual_gname = strdup(target_gname); - } - -#ifdef _OSD_POSIX - /* - * Initialize BS2000 user environment - */ - { - pid_t pid; - int status; - - switch (pid = ufork(target_uname)) { - case -1: /* Error */ - log_err("failed to setup bs2000 environment for user %s: %s\n", - target_uname, strerror(errno)); - internal_server_error(); - exit(150); - case 0: /* Child */ - break; - default: /* Father */ - while (pid != waitpid(pid, &status, 0)) - ; - /* @@@ FIXME: should we deal with STOP signals as well? */ - if (WIFSIGNALED(status)) { - kill (getpid(), WTERMSIG(status)); - } - internal_server_error(); - exit(WEXITSTATUS(status)); - } - } -#endif /*_OSD_POSIX*/ - - /* - * Save these for later since initgroups will hose the struct - */ - uid = pw->pw_uid; - actual_uname = strdup(pw->pw_name); - target_homedir = strdup(pw->pw_dir); - - /* - * Log the transaction here to be sure we have an open log - * before we setuid(). - */ - log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n", - target_uname, actual_uname, - target_gname, actual_gname, - cmd); - - /* - * Error out if attempt is made to execute as root or as - * a UID less than AP_UID_MIN. Tsk tsk. - */ - if ((uid == 0) || (uid < AP_UID_MIN)) { - log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); - internal_server_error(); - exit(107); - } - - /* - * Error out if attempt is made to execute as root group - * or as a GID less than AP_GID_MIN. Tsk tsk. - */ - if ((gid == 0) || (gid < AP_GID_MIN)) { - log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); - internal_server_error(); - exit(108); - } - - /* - * Change UID/GID here so that the following tests work over NFS. - * - * Initialize the group access list for the target user, - * and setgid() to the target group. If unsuccessful, error out. - */ - if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { - log_err("failed to setgid (%ld: %s)\n", gid, cmd); - internal_server_error(); - exit(109); - } - - /* - * setuid() to the target user. Error out on fail. - */ - if ((setuid(uid)) != 0) { - log_err("failed to setuid (%ld: %s)\n", uid, cmd); - internal_server_error(); - exit(110); - } - - /* - * Get the current working directory, as well as the proper - * document root (dependant upon whether or not it is a - * ~userdir request). Error out if we cannot get either one, - * or if the current working directory is not in the docroot. - * Use chdir()s and getcwd()s to avoid problems with symlinked - * directories. Yuck. - */ - if (getcwd(cwd, AP_MAXPATH) == NULL) { - log_err("cannot get current working directory\n"); - internal_server_error(); - exit(111); - } - -#if 0 - if (userdir) { - if (((chdir(target_homedir)) != 0) || - ((chdir(AP_USERDIR_SUFFIX)) != 0) || - ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) { - log_err("cannot get docroot information (%s)\n", target_homedir); - internal_server_error(); - exit(112); - } - } - else { - if (((chdir(AP_DOC_ROOT)) != 0) || - ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) { - log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT); - internal_server_error(); - exit(113); - } - } - - if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { - log_err("command not in docroot (%s/%s)\n", cwd, cmd); - internal_server_error(); - exit(114); - } -#endif - - /* - * Stat the cwd and verify it is a directory, or error out. - */ - if (((lstat(cwd, &dir_info)) != 0) || !(S_ISDIR(dir_info.st_mode))) { - log_err("cannot stat directory: (%s)\n", cwd); - internal_server_error(); - exit(115); - } - - /* - * Error out if cwd is writable by others. - */ - if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { - log_err("directory is writable by others: (%s)\n", cwd); - forbidden_error(); - exit(116); - } - - /* - * Error out if we cannot stat the program. - */ - if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) { - log_err("cannot stat program: (%s)\n", cmd); - forbidden_error(); - exit(117); - } - - /* - * Error out if the program is writable by others. - */ - if (prg_info.st_mode & S_IWOTH) { - log_err("file is writable by others: (%s/%s)\n", cwd, cmd); - forbidden_error(); - exit(118); - } - - /* - * Error out if the file is setuid or setgid. - */ - if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) { - log_err("file is either setuid or setgid: (%s/%s)\n", cwd, cmd); - forbidden_error(); - exit(119); - } - - /* - * Error out if the target name/group is different from - * the name/group of the cwd or the program AND the name/group - * of the cwd and program are not the AP_HTTPD_USER/AP_HTTPD_GROUP - * AND the name/group of the cwd and program are not root - */ - if (((uid != dir_info.st_uid) && (httpd_uid != dir_info.st_uid) - && (0 != dir_info.st_uid)) || - ((gid != dir_info.st_gid) && (httpd_gid != dir_info.st_gid) - && (0 != dir_info.st_gid)) || - ((uid != prg_info.st_uid) && (httpd_uid != prg_info.st_uid) - && (0 != prg_info.st_uid)) || - ((gid != prg_info.st_gid) && (httpd_gid != prg_info.st_gid) - && (0 != prg_info.st_gid))) - { - log_err("target (%ld/%ld) or %s (%ld/%ld) or root (0/0) uid/gid " - "mismatch with directory (%ld/%ld) or program (%ld/%ld)\n", - uid, gid, AP_HTTPD_USER, httpd_uid, httpd_gid, - dir_info.st_uid, dir_info.st_gid, - prg_info.st_uid, prg_info.st_gid); - forbidden_error(); - exit(120); - } - /* - * Error out if the program is not executable for the user. - * Otherwise, she won't find any error in the logs except for - * "[error] Premature end of script headers: ..." - */ - if (!(prg_info.st_mode & S_IXUSR)) { - log_err("file has no execute permission: (%s/%s)\n", cwd, cmd); - forbidden_error(); - exit(121); - } - - diskmode_env = getenv("GRST_DISK_MODE"); - if (diskmode_env != NULL) - { - diskmode_apr = 0; - sscanf(diskmode_env, "%i", &diskmode_apr); - - diskmode_t = S_IRUSR | S_IWUSR; - - if (diskmode_apr & APR_GREAD ) diskmode_t |= S_IRGRP; - if (diskmode_apr & APR_GWRITE) diskmode_t |= S_IWGRP; - if (diskmode_apr & APR_WREAD ) diskmode_t |= S_IROTH; - - diskmode_t &= (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); - -// log_err("diskmode_env=%s diskmode_apr=%x diskmode_t=%o ~diskmode_t=%o\n", diskmode_env, diskmode_apr, diskmode_t, ~diskmode_t); - - umask(~diskmode_t); - } -#ifdef AP_SUEXEC_UMASK - else umask(AP_SUEXEC_UMASK); -#else - else umask(~(S_IRUSR | S_IWUSR)); -#endif /* AP_SUEXEC_UMASK */ - - /* - * Be sure to close the log file so the CGI can't - * mess with it. If the exec fails, it will be reopened - * automatically when log_err is called. Note that the log - * might not actually be open if AP_LOG_EXEC isn't defined. - * However, the "log" cell isn't ifdef'd so let's be defensive - * and assume someone might have done something with it - * outside an ifdef'd AP_LOG_EXEC block. - */ - if (log != NULL) { - fclose(log); - log = NULL; - } - - /* - * Execute the command, replacing our image with its own. - */ -#ifdef NEED_HASHBANG_EMUL - /* We need the #! emulation when we want to execute scripts */ - { - extern char **environ; - - ap_execve(cmd, &argv[3], environ); - } -#else /*NEED_HASHBANG_EMUL*/ - execv(cmd, &argv[3]); -#endif /*NEED_HASHBANG_EMUL*/ - - /* - * (I can't help myself...sorry.) - * - * Uh oh. Still here. Where's the kaboom? There was supposed to be an - * EARTH-shattering kaboom! - * - * Oh well, log the failure and error out. - */ - log_err("(%d)%s: exec failed (%s)\n", errno, strerror(errno), cmd); - internal_server_error(); - exit(255); -} diff --git a/org.gridsite.core/src/gsexec.h b/org.gridsite.core/src/gsexec.h deleted file mode 100644 index b777421..0000000 --- a/org.gridsite.core/src/gsexec.h +++ /dev/null @@ -1,126 +0,0 @@ -/* Copyright 1999-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * suexec.h -- user-definable variables for the suexec wrapper code. - * (See README.configure on how to customize these variables.) - */ - - -#ifndef _SUEXEC_H -#define _SUEXEC_H - -/* - * Include ap_config_layout so we can work out where the default htdocsdir - * and logsdir are. - */ -#include "ap_config_layout.h" - -/* - * HTTPD_USER -- Define as the username under which Apache normally - * runs. This is the only user allowed to execute - * this program. - */ -#ifndef AP_HTTPD_USER -#define AP_HTTPD_USER "apache" -#endif - -/* - * HTTPD_GROUP -- Define as the group under which Apache normally - * runs. This is the only user allowed to execute - * this program. - */ -#ifndef AP_HTTPD_GROUP -#define AP_HTTPD_GROUP "apache" -#endif - -/* - * UID_MIN -- Define this as the lowest UID allowed to be a target user - * for suEXEC. For most systems, 500 or 100 is common, but - * 99 will include user nobody on RedHat Linux systems. - */ -#ifdef AP_UID_MIN -#undef AP_UID_MIN -#endif -#define AP_UID_MIN 99 - -/* - * GID_MIN -- Define this as the lowest GID allowed to be a target group - * for suEXEC. For most systems, 100 is common, but 99 will - * include group nobody on RedHat Linux systems. - */ -#ifdef AP_GID_MIN -#undef AP_GID_MIN -#endif -#define AP_GID_MIN 99 - -/* - * USERDIR_SUFFIX -- Define to be the subdirectory under users' - * home directories where suEXEC access should - * be allowed. All executables under this directory - * will be executable by suEXEC as the user so - * they should be "safe" programs. If you are - * using a "simple" UserDir directive (ie. one - * without a "*" in it) this should be set to - * the same value. suEXEC will not work properly - * in cases where the UserDir directive points to - * a location that is not the same as the user's - * home directory as referenced in the passwd file. - * - * If you have VirtualHosts with a different - * UserDir for each, you will need to define them to - * all reside in one parent directory; then name that - * parent directory here. IF THIS IS NOT DEFINED - * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK! - * See the suEXEC documentation for more detailed - * information. - */ -#ifndef AP_USERDIR_SUFFIX -#define AP_USERDIR_SUFFIX "public_html" -#endif - -/* - * LOG_EXEC -- Define this as a filename if you want all suEXEC - * transactions and errors logged for auditing and - * debugging purposes. - */ -#ifndef AP_LOG_EXEC -#define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */ -#endif - -/* - * DOC_ROOT -- Define as the DocumentRoot set for Apache. This - * will be the only hierarchy (aside from UserDirs) - * that can be used for suEXEC behavior. - */ -#ifndef AP_DOC_ROOT -#define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR -#endif - -/* - * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables. - * - */ -#ifndef AP_SAFE_PATH -#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin" -#endif - -/* - * GRST_EXECMAPDIR -- Location of the gridmapdir-style directory of lock files - * - */ -#define GRST_EXECMAPDIR "/var/www/execmapdir" - -#endif /* _SUEXEC_H */ diff --git a/org.gridsite.core/src/htcp.c b/org.gridsite.core/src/htcp.c deleted file mode 100644 index 9c8edb7..0000000 --- a/org.gridsite.core/src/htcp.c +++ /dev/null @@ -1,2021 +0,0 @@ -/* - Copyright (c) 2002-5, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/*---------------------------------------------------------------* - * For more about GridSite: http://www.gridsite.org/ * - *---------------------------------------------------------------*/ - -#ifndef VERSION -#define VERSION "0.0.0" -#endif - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "gridsite.h" - -/* deal with older versions of libcurl and curl.h */ - -#ifndef CURLOPT_WRITEDATA -#define CURLOPT_WRITEDATA CURLOPT_FILE -#endif - -#ifndef CURLOPT_READDATA -#define CURLOPT_READDATA CURLOPT_FILE -#endif - -#ifndef CURLE_HTTP_RETURNED_ERROR -#define CURLE_HTTP_RETURNED_ERROR CURLE_HTTP_NOT_FOUND -#endif - -#define HTCP_GET 1 -#define HTCP_PUT 2 -#define HTCP_DELETE 3 -#define HTCP_LIST 4 -#define HTCP_LONGLIST 5 -#define HTCP_MKDIR 6 -#define HTCP_MOVE 7 -#define HTCP_PING 8 -#define HTCP_FIND 9 -#define HTCP_RMTCP 10 - -#define HTCP_SITECAST_GROUPS 32 - -#define HTCP_HOST_CONF "/etc/htcp.conf" -#define HTCP_USER_CONF ".htcp.conf" - -struct grst_stream_data { char *source; - char *destination; - int ishttps; - int method; - FILE *fp; - char *cert; - char *key; - char *capath; - char *useragent; - char *errorbuf; - int noverify; - int anonymous; - int gridhttp; - int verbose; - int timeout; - char *groups; - int sitecast; - char *domain; } ; - -struct grst_index_blob { char *text; - size_t used; - size_t allocated; } ; - -struct grst_dir_list { char *filename; - size_t length; - int length_set; - time_t modified; - int modified_set; } ; - -struct grst_header_data { int retcode; - char *location; - char *gridhttppasscode; - size_t length; - int length_set; - time_t modified; - int modified_set; - struct grst_stream_data *common_data; } ; - -struct grst_sitecast_group { unsigned char quad1; unsigned char quad2; - unsigned char quad3; unsigned char quad4; - int port; int timewait; int ttl; }; - -size_t headers_callback(void *ptr, size_t size, size_t nmemb, void *p) -/* Find the values of the return code, Content-Length, Last-Modified - and Location headers */ -{ - float f; - char *s, *q; - size_t realsize; - struct tm modified_tm; - struct grst_header_data *header_data; - - header_data = (struct grst_header_data *) p; - realsize = size * nmemb; - s = malloc(realsize + 1); - memcpy(s, ptr, realsize); - s[realsize] = '\0'; - - if (sscanf(s, "Content-Length: %d", &(header_data->length)) == 1) - header_data->length_set = 1; - else if (sscanf(s, "HTTP/%f %d ", &f, &(header_data->retcode)) == 2) ; - else if (strncmp(s, "Location: ", 10) == 0) - { - header_data->location = strdup(&s[10]); - - for (q=header_data->location; *q != '\0'; ++q) - if ((*q == '\r') || (*q == '\n')) *q = '\0'; - - if (header_data->common_data->verbose > 0) - fprintf(stderr, "Received Location: %s\n", header_data->location); - } - else if (strncmp(s, "Set-Cookie: GRIDHTTP_PASSCODE=", 29) == 0) - { - header_data->gridhttppasscode = strdup(&s[12]); - q = index(header_data->gridhttppasscode, ';'); - if (q != NULL) *q = '\0'; - - if (header_data->common_data->verbose > 0) - fprintf(stderr, "Received GridHTTP Auth Cookie: %s\n", - header_data->gridhttppasscode); - } - else if (strncmp(s, "Last-Modified: ", 15) == 0) - { - /* follow RFC 2616: first try RFC 822 (kosher), then RFC 850 and - asctime() formats too. Must be GMT whatever the format. */ - - if (strptime(&s[15], "%a, %d %b %Y %T GMT", &modified_tm) != NULL) - { - header_data->modified = mktime(&modified_tm); - header_data->modified_set = 1; - } - else if (strptime(&s[15], "%a, %d-%b-%y %T GMT", &modified_tm) != NULL) - { - header_data->modified = mktime(&modified_tm); - header_data->modified_set = 1; - } - else if (strptime(&s[15], "%a %b %d %T %Y", &modified_tm) != NULL) - { - header_data->modified = mktime(&modified_tm); - header_data->modified_set = 1; - } - } - - free(s); - return realsize; -} - -int set_std_opts(CURL *easyhandle, struct grst_stream_data *common_data) -{ - struct stat statbuf; - - curl_easy_setopt(easyhandle, CURLOPT_FOLLOWLOCATION, 0); - - if ((common_data->cert != NULL) && (common_data->key != NULL)) - { - curl_easy_setopt(easyhandle, CURLOPT_SSLENGINE, NULL); - curl_easy_setopt(easyhandle, CURLOPT_SSLCERTTYPE, "PEM"); - curl_easy_setopt(easyhandle, CURLOPT_SSLCERT, common_data->cert); - curl_easy_setopt(easyhandle, CURLOPT_SSLKEY, common_data->key); - } - else - { - curl_easy_setopt(easyhandle, CURLOPT_SSLENGINE, "RSA"); - curl_easy_setopt(easyhandle, CURLOPT_SSLCERTTYPE, "ENG"); - } - - if (common_data->capath != NULL) - { -#if (LIBCURL_VERSION_NUM >= 0x070908) - if ((stat(common_data->capath, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode)) - curl_easy_setopt(easyhandle, CURLOPT_CAPATH, common_data->capath); - else -#endif - curl_easy_setopt(easyhandle, CURLOPT_CAINFO, common_data->capath); - } - - if (common_data->noverify) - { - curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYHOST, 0); - } - else - { - curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYPEER, 2); - curl_easy_setopt(easyhandle, CURLOPT_SSL_VERIFYHOST, 2); - } - - return 1; -} - -int do_rmtcp(char *sources[], char *destination, - struct grst_stream_data *common_data) -{ - CURL *easyhandle; - char *p, *thisdestination; - int isrc, anyerror = 0, thiserror, isdirdest; - struct grst_header_data header_data; - struct curl_slist *gh_header_slist=NULL, *nogh_header_slist=NULL; - char remoteserver[255]; - - easyhandle = curl_easy_init(); - if( !easyhandle ) - { - fprintf(stderr, "Cannot initialize CURL handle while preparing to copy file.\n"); - exit(-1); - } - - common_data->gridhttp = 1; // for debug purpose - if (common_data->gridhttp) - { - asprintf(&p, "Upgrade: GridHTTP/1.0"); - gh_header_slist = curl_slist_append(gh_header_slist, p); - free(p); - - nogh_header_slist = curl_slist_append(nogh_header_slist, "Upgrade:"); - } - - // common_data->verbose = 1; //for debug purpose - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - - set_std_opts(easyhandle, common_data); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - - if (destination[strlen(destination) - 1] != '/') - { - isdirdest = 0; - thisdestination = destination; - } - else isdirdest = 1; - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - if (isdirdest) - { - p = rindex(sources[isrc], '/'); - if (p == NULL) p = sources[isrc]; - else p++; - - asprintf(&thisdestination, "%s%s", destination, p); - } - - if( strncmp(sources[isrc], "https://", 8) == 0 ){ - if (common_data->verbose > 0) - fprintf(stderr, "%s -> %s\n", sources[isrc], thisdestination); - - curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]); - - if ((common_data->gridhttp) && - (strncmp(sources[isrc], "https://", 8) == 0)) - { - if (common_data->verbose > 0) - fprintf(stderr, "Add Upgrade: GridHTTP/1.0\n"); - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist); - } - else - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist); - - header_data.retcode = 0; - header_data.location = NULL; - header_data.gridhttppasscode = NULL; - header_data.common_data = common_data; - thiserror = curl_easy_perform(easyhandle); - - } - - asprintf(&p, "Destination: %s", thisdestination); - nogh_header_slist=NULL; - nogh_header_slist = curl_slist_append(nogh_header_slist,p); - // fprintf(stdout, "complete destination file: %s\n", p); - free(p); - - // send request to destination server, - // to ask it to download file from source server - strcpy( remoteserver, destination); - while( (p=strrchr(remoteserver, '/')) !=NULL) - { - if( *(p-1) == '/' )break; - else *p = '\0'; - } - - common_data->source = sources[isrc]; - common_data->destination = remoteserver; - set_std_opts(easyhandle, common_data); - // send copy request to copy server (destination) - asprintf(&p, "COPY %s", sources[isrc]); - curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, p);//"COPY");//gh_header_slist); - curl_easy_setopt(easyhandle, CURLOPT_URL, remoteserver); - curl_easy_setopt(easyhandle, CURLOPT_COOKIE, header_data.gridhttppasscode); - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, nogh_header_slist); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - thiserror = curl_easy_perform(easyhandle); - free(p); - } - - curl_easy_cleanup(easyhandle); - - return anyerror; - -} - -int do_copies(char *sources[], char *destination, - struct grst_stream_data *common_data) -{ - char *p, *thisdestination; - int isrc, anyerror = 0, thiserror, isdirdest; - CURL *easyhandle; - struct stat statbuf; - struct grst_header_data header_data; - struct curl_slist *gh_header_slist = NULL, *nogh_header_slist = NULL; - - easyhandle = curl_easy_init(); - - if (common_data->gridhttp) - { - asprintf(&p, "Upgrade: GridHTTP/1.0"); - gh_header_slist = curl_slist_append(gh_header_slist, p); - free(p); - - nogh_header_slist = curl_slist_append(nogh_header_slist, "Upgrade:"); - } - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - - set_std_opts(easyhandle, common_data); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - - if (destination[strlen(destination) - 1] != '/') - { - isdirdest = 0; - thisdestination = destination; - } - else isdirdest = 1; - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - if (isdirdest) - { - p = rindex(sources[isrc], '/'); - if (p == NULL) p = sources[isrc]; - else p++; - - asprintf(&thisdestination, "%s%s", destination, p); - } - - if (common_data->verbose > 0) - fprintf(stderr, "Copy %s -> %s\n", sources[isrc], thisdestination); - - if (common_data->method == HTCP_GET) - { - common_data->fp = fopen(thisdestination, "w"); - if (common_data->fp == NULL) - { - fprintf(stderr,"... failed to open destination source file %s\n", - thisdestination); - anyerror = 99; - if (isdirdest) free(thisdestination); - continue; - } - - curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, common_data->fp); - curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]); - - if ((common_data->gridhttp) && - (strncmp(sources[isrc], "https://", 8) == 0)) - { - if (common_data->verbose > 0) - fprintf(stderr, "Add Upgrade: GridHTTP/1.0\n"); - - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist); - } - else - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist); - } - else if (common_data->method == HTCP_PUT) - { - if (stat(sources[isrc], &statbuf) != 0) - { - fprintf(stderr, "... source file %s not found\n", sources[isrc]); - anyerror = 99; - if (isdirdest) free(thisdestination); - continue; - } - - common_data->fp = fopen(sources[isrc], "r"); - if (common_data->fp == NULL) - { - fprintf(stderr, "... failed to open source file %s\n", - sources[isrc]); - anyerror = 99; - if (isdirdest) free(thisdestination); - continue; - } - - curl_easy_setopt(easyhandle, CURLOPT_READDATA, common_data->fp); - curl_easy_setopt(easyhandle, CURLOPT_URL, thisdestination); - curl_easy_setopt(easyhandle, CURLOPT_INFILESIZE, statbuf.st_size); - curl_easy_setopt(easyhandle, CURLOPT_UPLOAD, 1); - - if ((common_data->gridhttp) && - (strncmp(thisdestination, "https://", 8) == 0)) - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,gh_header_slist); - else - curl_easy_setopt(easyhandle,CURLOPT_HTTPHEADER,nogh_header_slist); - } - - header_data.retcode = 0; - header_data.location = NULL; - header_data.gridhttppasscode = NULL; - header_data.common_data = common_data; - thiserror = curl_easy_perform(easyhandle); - - fclose(common_data->fp); - - if ((common_data->gridhttp) && - (thiserror == 0) && - (header_data.retcode == 302) && - (header_data.location != NULL) && - (strncmp(header_data.location, "http://", 7) == 0) && - (header_data.gridhttppasscode != NULL)) - { - if (common_data->verbose > 0) - fprintf(stderr, "... Found (%d)\nGridHTTP redirect to %s\n", - header_data.retcode, header_data.location); - - /* try again with new URL and all the previous CURL options */ - - if (common_data->method == HTCP_GET) - { - common_data->fp = fopen(thisdestination, "w"); - if (common_data->fp == NULL) - { - fprintf(stderr, "... failed to open destination source " - "file %s\n", thisdestination); - anyerror = 99; - if (isdirdest) free(thisdestination); - continue; - } - } - else if (common_data->method == HTCP_PUT) - { - common_data->fp = fopen(sources[isrc], "r"); - if (common_data->fp == NULL) - { - fprintf(stderr, "... failed to open source file %s\n", - sources[isrc]); - anyerror = 99; - if (isdirdest) free(thisdestination); - continue; - } - } - - header_data.retcode = 0; - curl_easy_setopt(easyhandle, CURLOPT_URL, header_data.location); - curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, nogh_header_slist); - curl_easy_setopt(easyhandle, CURLOPT_COOKIE, - header_data.gridhttppasscode); - thiserror = curl_easy_perform(easyhandle); - - fclose(common_data->fp); - } - - if ((thiserror != 0) || - (header_data.retcode >= 300)) - { - fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n", - common_data->errorbuf, thiserror, header_data.retcode); - - if (thiserror != 0) anyerror = thiserror; - else anyerror = header_data.retcode; - } - else if (common_data->verbose > 0) - fprintf(stderr, "... OK (%d)\n", header_data.retcode); - - if (isdirdest) free(thisdestination); - } - - curl_easy_cleanup(easyhandle); - - return anyerror; -} - -int do_deletes(char *sources[], struct grst_stream_data *common_data) -{ - int isrc, anyerror = 0, thiserror; - CURL *easyhandle; - struct grst_header_data header_data; - - header_data.common_data = common_data; - - easyhandle = curl_easy_init(); - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "DELETE"); - curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1); - - set_std_opts(easyhandle, common_data); - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - if (common_data->verbose > 0) - fprintf(stderr, "Deleting %s\n", sources[isrc]); - - curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]); - - header_data.retcode = 0; - thiserror = curl_easy_perform(easyhandle); - - if ((thiserror != 0) || - (header_data.retcode >= 300)) - { - fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n", - common_data->errorbuf, thiserror, header_data.retcode); - - if (thiserror != 0) anyerror = thiserror; - else anyerror = header_data.retcode; - } - else if (common_data->verbose > 0) - fprintf(stderr, "... OK (%d)\n", header_data.retcode); - } - - curl_easy_cleanup(easyhandle); - - return anyerror; -} - -int do_move(char *source, char *destination, - struct grst_stream_data *common_data) -{ - int anyerror = 0, thiserror; - char *destination_header; - CURL *easyhandle; - struct grst_header_data header_data; - struct curl_slist *header_slist = NULL; - - easyhandle = curl_easy_init(); - - header_data.common_data = common_data; - - easyhandle = curl_easy_init(); - - asprintf(&destination_header, "Destination: %s", destination); - header_slist = curl_slist_append(header_slist, destination_header); - curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, header_slist); - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "MOVE"); - curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1); - - set_std_opts(easyhandle, common_data); - - if (common_data->verbose > 0) - fprintf(stderr, "Moving %s to %s\n", source, destination); - - curl_easy_setopt(easyhandle, CURLOPT_URL, source); - - header_data.retcode = 0; - thiserror = curl_easy_perform(easyhandle); - - if ((thiserror != 0) || - (header_data.retcode >= 300)) - { - fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n", - common_data->errorbuf, thiserror, header_data.retcode); - - if (thiserror != 0) anyerror = thiserror; - else anyerror = header_data.retcode; - } - else if (common_data->verbose > 0) - fprintf(stderr, "... OK (%d)\n", header_data.retcode); - - curl_easy_cleanup(easyhandle); - - return anyerror; -} - -int do_mkdirs(char *sources[], struct grst_stream_data *common_data) -{ - int isrc, anyerror = 0, thiserror; - CURL *easyhandle; - struct grst_header_data header_data; - - header_data.common_data = common_data; - - easyhandle = curl_easy_init(); - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "PUT"); - curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1); - - set_std_opts(easyhandle, common_data); - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - if (common_data->verbose > 0) - fprintf(stderr, "Make directory %s\n", sources[isrc]); - - curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]); - - header_data.retcode = 0; - thiserror = curl_easy_perform(easyhandle); - - if ((thiserror != 0) || - (header_data.retcode >= 300)) - { - fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n", - common_data->errorbuf, thiserror, header_data.retcode); - - if (thiserror != 0) anyerror = thiserror; - else anyerror = header_data.retcode; - } - else if (common_data->verbose > 0) - fprintf(stderr, "... OK (%d)\n", header_data.retcode); - } - - curl_easy_cleanup(easyhandle); - - return anyerror; -} - -int do_ping(struct grst_stream_data *common_data_ptr) -{ - int request_length, response_length, i, ret, s, igroup; - struct sockaddr_in srv, from; - socklen_t fromlen; -#define MAXBUF 8192 - char *request, response[MAXBUF], *p; - GRSThtcpMessage msg; - struct timeval start_timeval, wait_timeval, response_timeval; - struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS]; - fd_set readsckts; - - /* parse common_data_ptr->groups */ - - p = common_data_ptr->groups; - igroup = -1; - - for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS; ++igroup) - { - sitecast_groups[igroup+1].port = GRST_HTCP_PORT; - sitecast_groups[igroup+1].timewait = 1; - sitecast_groups[igroup+1].ttl = 1; - - ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d", - &(sitecast_groups[igroup+1].quad1), - &(sitecast_groups[igroup+1].quad2), - &(sitecast_groups[igroup+1].quad3), - &(sitecast_groups[igroup+1].quad4), - &(sitecast_groups[igroup+1].port), - &(sitecast_groups[igroup+1].ttl), - &(sitecast_groups[igroup+1].timewait)); - - if (ret == 0) break; /* end of list ? */ - - if (ret < 5) - { - fprintf(stderr, "Failed to parse multicast group " - "parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - ++igroup; - - if ((p = index(p, ',')) == NULL) break; - ++p; - } - - if (igroup == -1) - { - fprintf(stderr, "Failed to parse multicast group parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - { - fprintf(stderr, "Failed to open UDP socket\n"); - return CURLE_FAILED_INIT; - } - - /* loop through multicast groups and send off the NOP pings */ - - gettimeofday(&start_timeval, NULL); - - for (i=0; i <= igroup; ++i) - { - bzero(&srv, sizeof(srv)); - srv.sin_family = AF_INET; - srv.sin_port = htons(sitecast_groups[i].port); - srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000 - + sitecast_groups[i].quad2*0x10000 - + sitecast_groups[i].quad3*0x100 - + sitecast_groups[i].quad4); - - GRSThtcpNOPrequestMake(&request, &request_length, - (int) (start_timeval.tv_usec + i)); - - sendto(s, request, request_length, 0, (struct sockaddr *) &srv, - sizeof(srv)); - free(request); - } - - /* reusing wait_timeval is a Linux-specific feature of select() */ - wait_timeval.tv_sec = common_data_ptr->timeout - ? common_data_ptr->timeout : 60; - wait_timeval.tv_usec = 0; - - while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0)) - { - FD_ZERO(&readsckts); - FD_SET(s, &readsckts); - - ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval); - gettimeofday(&response_timeval, NULL); - - if (ret > 0) - { - response_length = recvfrom(s, response, MAXBUF, - 0, &from, &fromlen); - - if ((GRSThtcpMessageParse(&msg, response, response_length) - == GRST_RET_OK) && - (msg.opcode == GRSThtcpNOPop) && (msg.rr == 1) && - (msg.trans_id >= (int) start_timeval.tv_usec) && - (msg.trans_id <= (int) (start_timeval.tv_usec + igroup))) - { - printf("%s:%d %.3fms\n", - inet_ntoa(from.sin_addr), - ntohs(from.sin_port), - (((long) 1000000 * response_timeval.tv_sec) + - ((long) response_timeval.tv_usec) - - ((long) 1000000 * start_timeval.tv_sec) - - ((long) start_timeval.tv_usec)) / 1000.0); - } - } - } - - return GRST_RET_OK; -} - -int do_finds(char *sources[], - struct grst_stream_data *common_data_ptr, int num) -{ - int isrc; - - int request_length, response_length, i, ret, s, igroup; - struct sockaddr_in srv, from; - socklen_t fromlen; -#define MAXBUF 8192 - char *request, response[MAXBUF], *p; - GRSThtcpMessage msg; - struct timeval start_timeval, wait_timeval; - struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS]; - fd_set readsckts; - - /* parse common_data_ptr->groups */ - - if (common_data_ptr->groups == NULL) - { - fprintf(stderr, "No multicast groups given\n"); - return CURLE_FAILED_INIT; - } - - p = common_data_ptr->groups; - igroup = -1; - - for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS;) - { - sitecast_groups[igroup+1].port = GRST_HTCP_PORT; - sitecast_groups[igroup+1].timewait = 1; - sitecast_groups[igroup+1].ttl = 1; - - ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d", - &(sitecast_groups[igroup+1].quad1), - &(sitecast_groups[igroup+1].quad2), - &(sitecast_groups[igroup+1].quad3), - &(sitecast_groups[igroup+1].quad4), - &(sitecast_groups[igroup+1].port), - &(sitecast_groups[igroup+1].ttl), - &(sitecast_groups[igroup+1].timewait)); - - if (ret == 0) break; /* end of list ? */ - - if (ret < 5) - { - fprintf(stderr, "Failed to parse multicast group " - "parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - ++igroup; - - if ((p = index(p, ',')) == NULL) break; - ++p; - } - - if (igroup == -1) - { - fprintf(stderr, "Failed to parse multicast group parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - { - fprintf(stderr, "Failed to open UDP socket\n"); - return CURLE_FAILED_INIT; - } - - /* loop through multicast groups since we need to take each - ones timewait into account */ - - gettimeofday(&start_timeval, NULL); - - for (i=0; i <= igroup; ++i) - { - if (common_data_ptr->verbose) - fprintf(stderr, "Querying multicast group %d.%d.%d.%d:%d:%d:%d\n", - sitecast_groups[i].quad1, sitecast_groups[i].quad2, - sitecast_groups[i].quad3, sitecast_groups[i].quad4, - sitecast_groups[i].port, sitecast_groups[i].ttl, - sitecast_groups[i].timewait); - - bzero(&srv, sizeof(srv)); - srv.sin_family = AF_INET; - srv.sin_port = htons(sitecast_groups[i].port); - srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000 - + sitecast_groups[i].quad2*0x10000 - + sitecast_groups[i].quad3*0x100 - + sitecast_groups[i].quad4); - - /* send off queries, one for each source file */ - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - GRSThtcpTSTrequestMake(&request, &request_length, - (int) (start_timeval.tv_usec + isrc), - "GET", sources[isrc], ""); - - sendto(s, request, request_length, 0, - (struct sockaddr *) &srv, sizeof(srv)); - - free(request); - } - - /* reusing wait_timeval is a Linux-specific feature of select() */ - wait_timeval.tv_usec = 0; - wait_timeval.tv_sec = sitecast_groups[i].timewait; - - while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0)) - { - FD_ZERO(&readsckts); - FD_SET(s, &readsckts); - - ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval); - - if (ret > 0) - { - response_length = recvfrom(s, response, MAXBUF, - 0, &from, &fromlen); - - if ((GRSThtcpMessageParse(&msg, response, response_length) - == GRST_RET_OK) && - (msg.opcode == GRSThtcpTSTop) && (msg.rr == 1) && - (msg.trans_id >= (int) start_timeval.tv_usec) && - (msg.trans_id < (int) (start_timeval.tv_usec + num)) && - (msg.resp_hdrs != NULL) && - (GRSThtcpCountstrLen(msg.resp_hdrs) > 12)) - { - if (num > 1) printf("%s -> %.*s\n", - sources[msg.trans_id - (int) start_timeval.tv_usec], - GRSThtcpCountstrLen(msg.resp_hdrs) - 12, - &(msg.resp_hdrs->text[10])); - else printf("%.*s\n", - GRSThtcpCountstrLen(msg.resp_hdrs) - 12, - &(msg.resp_hdrs->text[10])); - } - } - } - - } - - return GRST_RET_OK; -} - -int translate_sitecast_url(char **source_ptr, - struct grst_stream_data *common_data_ptr) -{ - int request_length, response_length, i, ret, s, igroup; - struct sockaddr_in srv, from; - socklen_t fromlen; -#define MAXBUF 8192 - char *request, response[MAXBUF], *p; - GRSThtcpMessage msg; - struct timeval start_timeval, wait_timeval; - struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS]; - fd_set readsckts; - - /* parse common_data_ptr->groups */ - - if (common_data_ptr->groups == NULL) - { - fprintf(stderr, "No multicast groups given\n"); - return CURLE_FAILED_INIT; - } - - p = common_data_ptr->groups; - igroup = -1; - - for (igroup=-1; igroup+1 < HTCP_SITECAST_GROUPS;) - { - sitecast_groups[igroup+1].port = GRST_HTCP_PORT; - sitecast_groups[igroup+1].timewait = 1; - sitecast_groups[igroup+1].ttl = 1; - - ret = sscanf(p, "%d.%d.%d.%d:%d:%d:%d", - &(sitecast_groups[igroup+1].quad1), - &(sitecast_groups[igroup+1].quad2), - &(sitecast_groups[igroup+1].quad3), - &(sitecast_groups[igroup+1].quad4), - &(sitecast_groups[igroup+1].port), - &(sitecast_groups[igroup+1].ttl), - &(sitecast_groups[igroup+1].timewait)); - - if (ret == 0) break; /* end of list ? */ - - if (ret < 5) - { - fprintf(stderr, "Failed to parse multicast group " - "parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - ++igroup; - - if ((p = index(p, ',')) == NULL) break; - ++p; - } - - if (igroup == -1) - { - fprintf(stderr, "Failed to parse multicast group parameter %s\n", p); - return CURLE_FAILED_INIT; - } - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - { - fprintf(stderr, "Failed to open UDP socket\n"); - return CURLE_FAILED_INIT; - } - - /* loop through multicast groups since we need to take each - ones timewait into account */ - - gettimeofday(&start_timeval, NULL); - - for (i=0; i <= igroup; ++i) - { - if (common_data_ptr->verbose) - fprintf(stderr, "Querying multicast group %d.%d.%d.%d:%d:%d:%d\n", - sitecast_groups[i].quad1, sitecast_groups[i].quad2, - sitecast_groups[i].quad3, sitecast_groups[i].quad4, - sitecast_groups[i].port, sitecast_groups[i].ttl, - sitecast_groups[i].timewait); - - bzero(&srv, sizeof(srv)); - srv.sin_family = AF_INET; - srv.sin_port = htons(sitecast_groups[i].port); - srv.sin_addr.s_addr = htonl(sitecast_groups[i].quad1*0x1000000 - + sitecast_groups[i].quad2*0x10000 - + sitecast_groups[i].quad3*0x100 - + sitecast_groups[i].quad4); - - /* send off queries, one for each source file */ - - GRSThtcpTSTrequestMake(&request, &request_length, - (int) (start_timeval.tv_usec), - "GET", *source_ptr, ""); - - sendto(s, request, request_length, 0, - (struct sockaddr *) &srv, sizeof(srv)); - - free(request); - - /* reusing wait_timeval is a Linux-specific feature of select() */ - wait_timeval.tv_usec = 0; - wait_timeval.tv_sec = sitecast_groups[i].timewait; - - while ((wait_timeval.tv_sec > 0) || (wait_timeval.tv_usec > 0)) - { - FD_ZERO(&readsckts); - FD_SET(s, &readsckts); - - ret = select(s + 1, &readsckts, NULL, NULL, &wait_timeval); - - if (ret > 0) - { - response_length = recvfrom(s, response, MAXBUF, - 0, &from, &fromlen); - - if ((GRSThtcpMessageParse(&msg, response, response_length) - == GRST_RET_OK) && - (msg.opcode == GRSThtcpTSTop) && (msg.rr == 1) && - (msg.trans_id == (int) start_timeval.tv_usec) && - (msg.resp_hdrs != NULL) && - (GRSThtcpCountstrLen(msg.resp_hdrs) > 12)) - { - /* found one */ - - if (common_data_ptr->verbose > 0) - fprintf(stderr, "Sitecast %s -> %.*s\n", - *source_ptr, - GRSThtcpCountstrLen(msg.resp_hdrs) - 12, - &(msg.resp_hdrs->text[10])); - - free(*source_ptr); - - asprintf(source_ptr, "%.*s", - GRSThtcpCountstrLen(msg.resp_hdrs) - 12, - &(msg.resp_hdrs->text[10])); - - return GRST_RET_OK; - } - } - } - - } - - return GRST_RET_OK; -} - -size_t rawindex_callback(void *ptr, size_t size, size_t nmemb, void *data) -{ - if ( ((struct grst_index_blob *) data)->used + size * nmemb >= - ((struct grst_index_blob *) data)->allocated ) - { - ((struct grst_index_blob *) data)->allocated = - ((struct grst_index_blob *) data)->used + size * nmemb + 4096; - - ((struct grst_index_blob *) data)->text = - realloc( ((struct grst_index_blob *) data)->text, - ((struct grst_index_blob *) data)->allocated ); - } - - memcpy( &( ((struct grst_index_blob *) - data)->text[((struct grst_index_blob *) data)->used] ), - ptr, size * nmemb); - - ((struct grst_index_blob *) data)->used += size * nmemb; - - return size * nmemb; -} - -char *canonicalise(char *link, char *source) -{ - int i, j, srclen; - char *s; - - srclen = strlen(source); - - if ((strncmp(link, "https://", 8) == 0) || - (strncmp(link, "http://", 7) == 0)) - { - if (strncmp(link, source, srclen) != 0) return NULL; /* other site */ - - if (link[srclen] == '\0') return NULL; /* we dont self-link! */ - - for (i=0; link[srclen + i] != '\0'; ++i) - if (link[srclen + i] == '/') - { - if (link[srclen + i + 1] != '\0') return NULL; /* no subdirs */ - else return strdup(&link[srclen]); /* resolves to this dir */ - } - } - else if (link[0] != '/') /* relative link - need to check for subsubdirs */ - { - for (i=0; link[i] != '\0'; ++i) - if ((link[i] == '/') && (link[i+1] != '\0')) return NULL; - - s = strdup(link); - - for (i=0; s[i] != '\0'; ++i) - if (s[i] == '#') - { - s[i] = '\0'; - break; - } - - return s; - } - - /* absolute link on this server, starting / */ - - for (i=8; source[i] != '\0'; ++i) if (source[i] == '/') break; - - if (strncmp(link, &source[i], srclen - i) != 0) return NULL; - - for (j = srclen - i; link[j] != '\0'; ++j) - if ((link[j] == '/') && (link[j+1] != '\0')) return NULL; - - s = strdup(&link[srclen - i]); - - for (i=0; s[i] != '\0'; ++i) - if (s[i] == '#') - { - s[i] = '\0'; - break; - } - - if (s[0] == '\0') /* on second thoughts... */ - { - free(s); - return NULL; - } - - return s; -} - -int grst_dir_list_cmp(const void *a, const void *b) -{ - return strcmp( ((struct grst_dir_list *) a)->filename, - ((struct grst_dir_list *) b)->filename); -} - -struct grst_dir_list *index_to_dir_list(char *text, char *source) -{ - int taglevel = 0, wordnew = 1, i, namestart, used = 0, - allocated = 256; - char *p, *s; - struct grst_dir_list *list; - - list = (struct grst_dir_list *) - malloc(allocated * sizeof(struct grst_dir_list)); - - list[0].filename = NULL; - list[0].length = 0; - list[0].length_set = 0; - list[0].modified = 0; - list[0].modified_set = 0; - - for (p=text; *p != '\0'; ++p) - { - if (*p == '<') - { - ++taglevel; - - if ((taglevel == 1) && (list[used].filename != NULL)) - { - ++used; - if (used >= allocated) - { - allocated += 256; - list = (struct grst_dir_list *) - realloc((void *) list, - allocated * sizeof(struct grst_dir_list)); - } - - list[used].filename = NULL; - list[used].length = 0; - list[used].length_set = 0; - list[used].modified = 0; - list[used].modified_set = 0; - } - - wordnew = 1; - continue; - } - - if (*p == '>') - { - --taglevel; - wordnew = 1; - continue; - } - - if (isspace(*p)) - { - wordnew = 1; - continue; - } - - if ((wordnew) && (taglevel == 1)) - { - if (((*p == 'h') || (*p == 'H')) && - (strncasecmp(p, "href=", 5) == 0)) - { - if (p[5] == '"') { namestart = 6; - for (i=namestart; (p[i] != '\0') && - (p[i] != '"' ) && - (p[i] != '\n') && - (p[i] != '\t') && - (p[i] != '>' ) ; ++i) ; } - else { namestart = 5; - for (i=namestart; (p[i] != '\0') && - (p[i] != '"' ) && - (p[i] != ' ' ) && - (p[i] != '\n') && - (p[i] != '\t') && - (p[i] != ')' ) && - (p[i] != '>' ) ; ++i) ; } - if (i > namestart) - { - s = malloc(1 + i - namestart); - memcpy(s, &p[namestart], i - namestart); - s[i - namestart] = '\0'; - - list[used].filename = canonicalise(s, source); - free(s); - } - - p = &p[i-1]; /* -1 since continue results in ++i */ - continue; - } - - if (((*p == 'c') || (*p == 'C')) && - (strncasecmp(p, "content-length=", 15) == 0)) - { - list[used].length = 0; - list[used].length_set = 1; - - if (p[15] == '"') list[used].length = atoi(&p[16]); - else list[used].length = atoi(&p[15]); - - p = &p[15]; - continue; - } - - if (((*p == 'l') || (*p == 'L')) && - (strncasecmp(p, "last-modified=", 14) == 0)) - { - list[used].modified = 0; - list[used].modified_set = 1; - - if (p[14] == '"') list[used].modified = atoi(&p[15]); - else list[used].modified = atoi(&p[14]); - - p = &p[14]; - continue; - } - } - - wordnew = 0; - } - - qsort((void *) list, used, sizeof(struct grst_dir_list), grst_dir_list_cmp); - - return list; -} - -int do_listings(char *sources[], struct grst_stream_data *common_data, - int islonglist) -{ - int isrc, anyerror = 0, thiserror, i, isdir, ilast; - CURL *easyhandle; - const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - char *s; - struct grst_index_blob rawindex; - struct grst_dir_list *list; - struct grst_header_data header_data; - struct tm modified_tm; - time_t now; - - time(&now); - - header_data.common_data = common_data; - - easyhandle = curl_easy_init(); - - curl_easy_setopt(easyhandle, CURLOPT_USERAGENT, common_data->useragent); - if (common_data->verbose > 1) - curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 1); - - curl_easy_setopt(easyhandle, CURLOPT_WRITEHEADER, &header_data); - curl_easy_setopt(easyhandle, CURLOPT_HEADERFUNCTION, headers_callback); - - curl_easy_setopt(easyhandle, CURLOPT_ERRORBUFFER, common_data->errorbuf); - - set_std_opts(easyhandle, common_data); - - for (isrc=0; sources[isrc] != NULL; ++isrc) - { - if (common_data->verbose > 0) - fprintf(stderr, "Listing %s\n", sources[isrc]); - - if (sources[1] != NULL) printf("\n%s:\n", sources[isrc]); - - curl_easy_setopt(easyhandle, CURLOPT_URL, sources[isrc]); - - if (sources[isrc][strlen(sources[isrc])-1] == '/') - { - isdir = 1; - curl_easy_setopt(easyhandle,CURLOPT_WRITEFUNCTION,rawindex_callback); - curl_easy_setopt(easyhandle,CURLOPT_WRITEDATA,(void *) &rawindex); - curl_easy_setopt(easyhandle,CURLOPT_NOBODY,0); - rawindex.text = NULL; - rawindex.used = 0; - rawindex.allocated = 0; - } - else - { - isdir = 0; - curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, NULL); - curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, NULL); - curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1); - } - - header_data.gridhttppasscode = NULL; - header_data.length_set = 0; - header_data.modified_set = 0; - header_data.retcode = 0; - thiserror = curl_easy_perform(easyhandle); - - if ((thiserror != 0) || - (header_data.retcode >= 300)) - { - fprintf(stderr, "... curl error: %s (%d), HTTP error: %d\n", - common_data->errorbuf, thiserror, header_data.retcode); - - if (thiserror != 0) anyerror = thiserror; - else anyerror = header_data.retcode; - } - else if (isdir) - { - if (common_data->verbose > 0) - fprintf(stderr, "... OK (%d)\n", header_data.retcode); - - rawindex.text[rawindex.used] = '\0'; - - list = index_to_dir_list(rawindex.text, sources[isrc]); - ilast = -1; - - for (i=0; list[i].filename != NULL; ++i) - { - if (list[i].filename[0] == '.') continue; - - if (strncmp(list[i].filename, "mailto:", 7) == 0) continue; - - if ((ilast >= 0) && - (strcmp(list[i].filename, list[ilast].filename) == 0)) - continue; - ilast=i; - - if (islonglist) - { - if (!list[i].length_set || !list[i].modified_set) - { - curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, - NULL); - curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, NULL); - curl_easy_setopt(easyhandle, CURLOPT_NOBODY, 1); - - asprintf(&s, "%s%s", sources[isrc], list[i].filename); - curl_easy_setopt(easyhandle, CURLOPT_URL, s); - - header_data.gridhttppasscode = NULL; - header_data.length_set = 0; - header_data.modified_set = 0; - header_data.retcode = 0; - thiserror = curl_easy_perform(easyhandle); - free(s); - - if ((thiserror == 0) && - (header_data.retcode >= 200) && - (header_data.retcode <= 299)) - { - if (header_data.length_set) - { - list[i].length_set = 1; - list[i].length = header_data.length; - } - - if (header_data.modified_set) - { - list[i].modified_set = 1; - list[i].modified = header_data.modified; - } - } - } - - if (list[i].length_set) printf("%10ld ", list[i].length); - else fputs(" ? ", stdout); - - if (list[i].modified_set) - { - localtime_r(&(list[i].modified), &modified_tm); - - if (list[i].modified < now - 15552000) - printf("%s %2d %4d ", - months[modified_tm.tm_mon], - modified_tm.tm_mday, - modified_tm.tm_year + 1900); - else printf("%s %2d %02d:%02d ", - months[modified_tm.tm_mon], - modified_tm.tm_mday, - modified_tm.tm_hour, - modified_tm.tm_min); - } - else fputs(" ? ? ? ", stdout); - } - - puts(list[i].filename); - } - } - else - { - if (islonglist) - { - printf("%10ld ", header_data.length); - - localtime_r(&(header_data.modified), &modified_tm); - - if (header_data.modified < now - 15552000) - printf("%s %2d %4d ", - months[modified_tm.tm_mon], - modified_tm.tm_mday, - modified_tm.tm_year + 1900); - else printf("%s %2d %02d:%02d ", - months[modified_tm.tm_mon], - modified_tm.tm_mday, - modified_tm.tm_hour, - modified_tm.tm_min); - } - - puts(sources[isrc]); - } - } - - curl_easy_cleanup(easyhandle); - - return anyerror; -} - -#if (LIBCURL_VERSION_NUM < 0x070908) -char *make_tmp_ca_roots(char *dir) -/* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory, - so we make a temporary file with the concatenated CA root certs: that - is, all the files in that directory which end in .0 */ -{ - int ofd, ifd, c; - size_t size; - char tmp_ca_roots[] = "/tmp/.ca-roots-XXXXXX", buffer[4096], *s; - DIR *rootsDIR; - struct dirent *root_ent; - - if ((rootsDIR = opendir(dir)) == NULL) return NULL; - - if ((ofd = mkstemp(tmp_ca_roots)) == -1) - { - closedir(rootsDIR); - return NULL; - } - - while ((root_ent = readdir(rootsDIR)) != NULL) - { - if ((root_ent->d_name[0] != '.') && - (strlen(root_ent->d_name) > 2) && - (strncmp(&(root_ent->d_name[strlen(root_ent->d_name)-2]), - ".0", 2) == 0)) - { - asprintf(&s, "%s/%s", dir, root_ent->d_name); - ifd = open(s, O_RDONLY); - free(s); - - if (ifd != -1) - { - while ((size = read(ifd, buffer, sizeof(buffer))) > 0) - write(ofd, buffer, size); - close(ifd); - } - } - } - - closedir(rootsDIR); - - if (close(ofd) == 0) return strdup(tmp_ca_roots); - - unlink(tmp_ca_roots); /* try to clean up */ - - return NULL; -} -#endif - -void printsyntax(char *argv0) -{ - char *p; - - p = rindex(argv0, '/'); - if (p != NULL) ++p; - else p = argv0; - - fprintf(stderr, "%s [options] Source-URL[s] [Destination URL]\n" - "%s is one of a set of clients to fetch files or directory listings\n" -"from remote servers using HTTP or HTTPS, or to put or delete files or\n" -"directories onto remote servers using HTTPS. htcp is similar to scp(1)\n" -"but uses HTTP/HTTPS rather than ssh as its transfer protocol.\n" -"See the htcp(1) or http://www.gridsite.org/ for details.\n" -"(Version: %s)\n", p, p, VERSION); -} - -struct option long_options[] = { {"verbose", 0, 0, 'v'}, - {"cert", 1, 0, 0}, - {"key", 1, 0, 0}, - {"capath", 1, 0, 0}, - {"delete", 0, 0, 0}, - {"list", 0, 0, 0}, - {"long-list", 0, 0, 0}, - {"mkdir", 0, 0, 0}, - {"no-verify", 0, 0, 0}, - {"anon", 0, 0, 0}, - {"grid-http", 0, 0, 0}, - {"move", 0, 0, 0}, - {"ping", 0, 0, 0}, - {"groups", 1, 0, 0}, - {"timeout", 1, 0, 0}, - {"sitecast", 0, 0, 0}, - {"domain", 1, 0, 0}, - {"find", 0, 0, 0}, - {"rmtcp", 0, 0, 0}, - {"conf", 1, 0, 0}, - {0, 0, 0, 0} }; - -int update_common_data(struct grst_stream_data *, int, char *); - -void parse_conf(struct grst_stream_data *common_data_ptr, char *conf_file) -{ - int option_index; - char line[1001], *p; - FILE *fp; - - fp = fopen(conf_file, "r"); - if (fp == NULL) - { - if (common_data_ptr->verbose) - fprintf(stderr, "Failed to open configuration file %s\n", conf_file); - return; - } - - if (common_data_ptr->verbose) - fprintf(stderr, "Opened configuration file %s\n", conf_file); - - while (fgets(line, sizeof(line), fp) != NULL) - { - if ((p = index(line, '\n')) != NULL) *p = '\0'; - - for (option_index=0; - long_options[option_index].name != NULL; ++option_index) - { - if (long_options[option_index].has_arg && - (strncmp(line, long_options[option_index].name, - strlen(long_options[option_index].name)) == 0) && - (line[strlen(long_options[option_index].name)] == '=')) - { - update_common_data(common_data_ptr, option_index, - strdup(&line[strlen(long_options[option_index].name) + 1])); - break; - } - - if (!long_options[option_index].has_arg && - (strcmp(line, long_options[option_index].name) == 0)) - { - update_common_data(common_data_ptr, option_index, ""); - break; - } - } - } - - fclose(fp); -} - -int update_common_data(struct grst_stream_data *common_data_ptr, - int option_index, char *optarg) -{ - if (option_index == 1) common_data_ptr->cert = optarg; - else if (option_index == 2) common_data_ptr->key = optarg; - else if (option_index == 3) common_data_ptr->capath = optarg; - else if (option_index == 4) common_data_ptr->method = HTCP_DELETE; - else if (option_index == 5) common_data_ptr->method = HTCP_LIST; - else if (option_index == 6) common_data_ptr->method = HTCP_LONGLIST; - else if (option_index == 7) common_data_ptr->method = HTCP_MKDIR; - else if (option_index == 8) common_data_ptr->noverify = 1; - else if (option_index == 9) common_data_ptr->anonymous = 1; - else if (option_index ==10) common_data_ptr->gridhttp = 1; - else if (option_index ==11) common_data_ptr->method = HTCP_MOVE; - else if (option_index ==12) common_data_ptr->method = HTCP_PING; - else if (option_index ==13) common_data_ptr->groups = optarg; - else if (option_index ==14) common_data_ptr->timeout = atoi(optarg); - else if (option_index ==15) common_data_ptr->sitecast = 1; - else if (option_index ==16) { common_data_ptr->sitecast = 1; - common_data_ptr->domain = optarg; } - else if (option_index ==17) common_data_ptr->method = HTCP_FIND; - else if (option_index ==18) { printf("OK\n");common_data_ptr->method = HTCP_RMTCP;} - /* option_index == 19 is used by the --conf command line-only option */ - else return GRST_RET_FAILED; - - return GRST_RET_OK; -} - -int main(int argc, char *argv[]) -{ - char **sources, *destination = NULL, *executable, *p, *htcp_conf; - int c, i, option_index, anyerror; - struct stat statbuf; - struct grst_stream_data common_data; - struct grst_sitecast_group sitecast_groups[HTCP_SITECAST_GROUPS]; - struct passwd *userpasswd; - -#if (LIBCURL_VERSION_NUM < 0x070908) - char *tmp_ca_roots = NULL; -#endif - - if (argc == 1) - { - printsyntax(argv[0]); - return 0; - } - - common_data.cert = NULL; - common_data.key = NULL; - common_data.capath = NULL; - common_data.method = 0; - common_data.errorbuf = malloc(CURL_ERROR_SIZE); - asprintf(&(common_data.useragent), - "htcp/%s (http://www.gridsite.org/)", VERSION); - common_data.verbose = 0; - common_data.noverify = 0; - common_data.anonymous = 0; - common_data.gridhttp = 0; - - common_data.groups = NULL; - common_data.timeout = 0; - common_data.sitecast = 0; - common_data.domain = NULL; - - if ((argc > 1) && ((strcmp(argv[1], "--verbose") == 0) || - (strcmp(argv[1], "-v") == 0))) common_data.verbose = 1; - - /* examine any configuration files */ - - parse_conf(&common_data, HTCP_HOST_CONF); - - userpasswd = getpwuid(geteuid()); - asprintf(&htcp_conf, "%s/%s", userpasswd->pw_dir, HTCP_USER_CONF); - parse_conf(&common_data, htcp_conf); - free(htcp_conf); - - htcp_conf = getenv("HTCP_CONF"); - if (htcp_conf != NULL) parse_conf(&common_data, htcp_conf); - - common_data.verbose = 0; - - while (1) - { - option_index = 0; - - c = getopt_long(argc, argv, "v", long_options, &option_index); - - if (c == -1) break; - else if (c == 0) - { - if (option_index == 19) parse_conf(&common_data, optarg); - else update_common_data(&common_data, option_index, optarg); - } - else if (c == 'v') ++(common_data.verbose); - } - - if (common_data.verbose > 0) - { - p = rindex(argv[0], '/'); - if (p != NULL) ++p; - else p = argv[0]; - fprintf(stderr, "%s version %s\n", p, VERSION); - } - - if (common_data.anonymous) /* prevent any use of user certs */ - { - common_data.cert = NULL; - common_data.key = NULL; - } - else if ((common_data.cert == NULL) && (common_data.key != NULL)) - common_data.cert = common_data.key; - else if ((common_data.cert != NULL) && (common_data.key == NULL)) - common_data.key = common_data.cert; - else if ((common_data.cert == NULL) && (common_data.key == NULL)) - { - common_data.cert = getenv("X509_USER_PROXY"); - if (common_data.cert != NULL) common_data.key = common_data.cert; - else - { - asprintf(&(common_data.cert), "/tmp/x509up_u%d", geteuid()); - - /* one fine day, we will check the proxy file for expiry too ... */ - - if (stat(common_data.cert, &statbuf) == 0) - common_data.key = common_data.cert; - else - { - common_data.cert = getenv("X509_USER_CERT"); - common_data.key = getenv("X509_USER_KEY"); - - if ((common_data.cert == NULL) && - (userpasswd != NULL) && - (userpasswd->pw_dir != NULL)) - asprintf(&(common_data.cert), "%s/.globus/usercert.pem", - userpasswd->pw_dir); - - if ((common_data.key == NULL) && - (userpasswd != NULL) && - (userpasswd->pw_dir != NULL)) - asprintf(&(common_data.key), "%s/.globus/userkey.pem", - userpasswd->pw_dir); - } - } - } - - if (common_data.capath == NULL) common_data.capath = getenv("X509_CERT_DIR"); - - if (common_data.capath == NULL) - common_data.capath = "/etc/grid-security/certificates"; - -#if (LIBCURL_VERSION_NUM < 0x070908) - /* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory */ - - if ((common_data.capath != NULL) && - (stat(common_data.capath, &statbuf) == 0) && S_ISDIR(statbuf.st_mode)) - { - tmp_ca_roots = make_tmp_ca_roots(common_data.capath); - common_data.capath = tmp_ca_roots; - } -#endif - - executable = rindex(argv[0], '/'); - if (executable != NULL) executable++; - else executable = argv[0]; - - if (common_data.method == 0) /* command-line options override exec name */ - { - if (strcmp(executable,"htls")==0) common_data.method=HTCP_LIST; - else if (strcmp(executable,"htll")==0) common_data.method=HTCP_LONGLIST; - else if (strcmp(executable,"htrm")==0) common_data.method=HTCP_DELETE; - else if (strcmp(executable,"htmkdir")==0) common_data.method=HTCP_MKDIR; - else if (strcmp(executable,"htmv")==0) common_data.method=HTCP_MOVE; - else if (strcmp(executable,"htping")==0) common_data.method=HTCP_PING; - else if (strcmp(executable,"htfind")==0) common_data.method=HTCP_FIND; - else if (strcmp(executable,"htrmtcp")==0) common_data.method=HTCP_RMTCP; - } - - if (common_data.method == HTCP_PING) - { - if (common_data.groups != NULL) return do_ping(&common_data); - - fprintf(stderr, "Must specify at least one multicast group\n\n"); - printsyntax(argv[0]); - return CURLE_FAILED_INIT; - } - - if ((common_data.method == HTCP_DELETE) || - (common_data.method == HTCP_LIST) || - (common_data.method == HTCP_FIND) || - (common_data.method == HTCP_MKDIR) || - (common_data.method == HTCP_LONGLIST)) - { - if (optind >= argc) - { - fprintf(stderr, "Must give at least 1 non-option argument\n\n"); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - sources = (char **) malloc(sizeof(char *) * (1 + argc - optind)); - for (i=0; i < argc - optind; ++i) - { - sources[i] = argv[optind + i]; - - if ((common_data.method == HTCP_MKDIR) && - (sources[i][strlen(sources[i])-1] != '/')) - { - fprintf(stderr, "Argument \"%s\" is not a " - "directory URL (no trailing /)\n\n", sources[i]); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - } - - sources[i] = NULL; - - if (common_data.method == HTCP_DELETE) - anyerror = do_deletes(sources, &common_data); - else if (common_data.method == HTCP_MKDIR) - anyerror = do_mkdirs(sources, &common_data); - else if (common_data.method == HTCP_FIND) - anyerror = do_finds(sources, &common_data, argc - optind); - else if (common_data.method == HTCP_LONGLIST) - anyerror = do_listings(sources, &common_data, 1); - else anyerror = do_listings(sources, &common_data, 0); - - if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR; - - return anyerror; - } - - if (common_data.method == HTCP_MOVE) - { - if (optind >= argc - 1) - { - fputs("Must give exactly 2 non-option arguments\n\n", stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - anyerror = do_move(argv[optind], argv[optind + 1], &common_data); - - if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR; - - return anyerror; - } - - if (optind >= argc - 1) - { - fputs("Must give at least 2 non-option arguments\n\n", stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - sources = (char **) malloc(sizeof(char *) * (argc - optind)); - - for (i=0; i < (argc - optind - 1); ++i) - { - if (strncmp(argv[optind + i], "file:", 5) == 0) - sources[i] = strdup(&argv[optind + i][5]); - else sources[i] = strdup(argv[optind + i]); - - if (sources[i][0] == '\0') - { - fprintf(stderr, "Source argument %d is empty\n\n", i + 1); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - } - - sources[i] = NULL; - - if (strncmp(argv[optind+i], "file:", 5) == 0) - { - if ((argv[optind+i][strlen(argv[optind+i]) - 1] != '/') && - (stat(&argv[optind + i][5], &statbuf) == 0) && - S_ISDIR(statbuf.st_mode)) - asprintf(&destination, "%s/", &argv[optind + i][5]); - else destination = strdup(&argv[optind + i][5]); - } - else if ((strncmp(argv[optind+i], "http://", 7) != 0) && - (strncmp(argv[optind+i], "https://", 8) != 0)) - { - if ((argv[optind+i][strlen(argv[optind+i]) - 1] != '/') && - (stat(argv[optind+i], &statbuf) == 0) && - S_ISDIR(statbuf.st_mode)) - asprintf(&destination, "%s/", argv[optind+i]); - else destination = strdup(argv[optind+i]); - } - else destination = strdup(argv[optind+i]); - - if (destination[0] == '\0') - { - fputs("Destination argument is empty\n\n", stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - if ((argc - optind > 2) && (destination[strlen(destination)-1] != '/')) - { - fputs("For multiple sources, destination " - "must be a directory (end in /)\n\n", stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - // remote file copy - if ( common_data.method == HTCP_RMTCP ) - { - anyerror = do_rmtcp(sources, destination, &common_data); - fprintf(stdout, "The file has been moved!\n"); - // printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - if ((strncmp(destination, "http://", 7) == 0) || - (strncmp(destination, "https://", 8) == 0)) - common_data.method = HTCP_PUT; - else common_data.method = HTCP_GET; - - for (i=0; sources[i] != NULL; ++i) - { - if ((common_data.method == HTCP_PUT) && - ((strncmp(sources[i], "http://", 7) == 0) || - (strncmp(sources[i], "https://", 8) == 0))) - { - fputs("Cannot have both source and destination remote\n\n",stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - if (common_data.method == HTCP_GET) - { - if ((strncmp(sources[i], "http://", 7) != 0) && - (strncmp(sources[i], "https://", 8) != 0)) - { - fputs("Cannot have both source and " - "destination local (for now)\n\n",stderr); - printsyntax(argv[0]); - return CURLE_URL_MALFORMAT; - } - - if ((common_data.sitecast) && - ((common_data.domain == NULL) || - - ((strncmp(sources[i], "http://", 7) == 0) && - (strncmp(&sources[i][7], common_data.domain, - strlen(common_data.domain)) == 0) && - ((sources[i][7+strlen(common_data.domain)] == ':') || - (sources[i][7+strlen(common_data.domain)] == '/'))) || - - ((strncmp(sources[i], "https://", 8) == 0) && - (strncmp(&sources[i][8], common_data.domain, - strlen(common_data.domain)) == 0) && - ((sources[i][8+strlen(common_data.domain)] == ':') || - (sources[i][8+strlen(common_data.domain)] == '/'))))) - { - translate_sitecast_url(&sources[i], &common_data); - } - } - } - - anyerror = do_copies(sources, destination, &common_data); - if (anyerror > 99) anyerror = CURLE_HTTP_RETURNED_ERROR; - - return anyerror; -} diff --git a/org.gridsite.core/src/htproxyput.c b/org.gridsite.core/src/htproxyput.c deleted file mode 100644 index 834bea2..0000000 --- a/org.gridsite.core/src/htproxyput.c +++ /dev/null @@ -1,565 +0,0 @@ -/* - Copyright (c) 2002-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - -Build with: - -gcc -lcurl -lssl -lcrypto -o grst-proxy-put grst-proxy-put.c libgridsite.a - -http://www.gridpp.ac.uk/authz/gridsite/ - -*/ - -#ifndef VERSION -#define VERSION "0.0.0" -#endif - -#define _GNU_SOURCE - -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include - -#include "gridsite.h" - -#include "soapH.h" -#include "delegation.nsmap" - -#define USE_SOAP 0 -#define USE_G_HTTPS 1 -#define HTPROXY_PUT 0 - -int debugfunction(CURL *curl, curl_infotype type, char *s, size_t n, void *p) -{ - fwrite(s, sizeof(char), n, (FILE *) p); - - return 0; -} - -size_t parsegprheaders(void *ptr, size_t size, size_t nmemb, void *p) -{ - int i; - - if ((size * nmemb > 15) && - (strncmp((char *) ptr, "Delegation-ID: ", 15) == 0)) - { - *((char **) p) = malloc( size * nmemb - 14 ); - - memcpy(*((char **) p), &(((char *) ptr)[15]), size * nmemb - 15); - - for (i=0; i < size * nmemb - 15; ++i) - if (((*((char **) p))[i] == '\n') || ((*((char **) p))[i] == '\r')) - { - (*((char **) p))[i] = '\0'; /* drop trailing newline */ - break; - } - - (*((char **) p))[size * nmemb - 15] = '\0'; - } - - return size * nmemb; -} - -struct gprparams { char *req; size_t len; } ; - -size_t storegprbody(void *ptr, size_t size, size_t nmemb, void *p) -{ - ((struct gprparams *) p)->req = realloc( ((struct gprparams *) p)->req, - ((struct gprparams *) p)->len + size * nmemb + 1); - - memcpy( &((((struct gprparams *) p)->req)[((struct gprparams *) p)->len]), - ptr, size * nmemb); - - ((struct gprparams *) p)->len += size * nmemb; - - return size * nmemb; -} - -int GRSTgetProxyReq(CURL *curl, FILE *debugfp, char *delegid, char **reqtxt, - char *requrl, char *cert, char *key) -{ - char *delheader; - struct curl_slist *headerlist = NULL; - CURLcode res; - struct gprparams params; - - params.req = NULL; - params.len = 0; - - curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *) ¶ms); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, storegprbody); - - curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLCERT, cert); - - curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLKEY, key); - curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL); - -// curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, parsegprheaders); -// curl_easy_setopt(curl, CURLOPT_WRITEHEADER, (void *) delegid); - - curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/grid-security/certificates/"); - - curl_easy_setopt(curl, CURLOPT_URL, requrl); - curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET-PROXY-REQ"); - - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER,0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST,0); - - asprintf(&delheader, "Delegation-ID: %s", delegid); - headerlist = curl_slist_append(headerlist, delheader); - curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); - - if (debugfp != NULL) - { - curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); - curl_easy_setopt(curl, CURLOPT_DEBUGDATA, debugfp); - curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debugfunction); - } - - res = curl_easy_perform(curl); - - if (params.req != NULL) - { - params.req[params.len] = '\0'; - *reqtxt = params.req; - } - else *reqtxt = NULL; - - return (int) res; -} - -struct ppcparams{ char *cert; size_t len; }; - -size_t getppcbody(void *ptr, size_t size, size_t nmemb, void *p) -{ - size_t i; - - if (((struct ppcparams *) p)->len == 0) return 0; - - if (size * nmemb < ((struct ppcparams *) p)->len) i = size * nmemb; - else i = ((struct ppcparams *) p)->len; - - memcpy(ptr, ((struct ppcparams *) p)->cert, i); - - ((struct ppcparams *) p)->len -= i; - ((struct ppcparams *) p)->cert = &((((struct ppcparams *) p)->cert)[i+1]); - - return i; -} - -int GRSTputProxyCerts(CURL *curl, FILE *debugfp, char *delegid, char *certtxt, - char *requrl, char *cert, char *key) -{ - CURLcode res; - char *delheader; - long httpcode; - struct curl_slist *headerlist = NULL; - struct ppcparams params; - - params.cert = certtxt; - params.len = strlen(certtxt); - - curl_easy_setopt(curl, CURLOPT_READDATA, ¶ms); - curl_easy_setopt(curl, CURLOPT_READFUNCTION, getppcbody); - curl_easy_setopt(curl, CURLOPT_INFILESIZE, strlen(certtxt)); - curl_easy_setopt(curl, CURLOPT_UPLOAD, 1); - - curl_easy_setopt(curl, CURLOPT_NOBODY, 1); - - curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLCERT, cert); - - curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLKEY, key); -// curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL); - - curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/grid-security/certificates/"); - - curl_easy_setopt(curl, CURLOPT_URL, requrl); - curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT-PROXY-CERT"); - - headerlist = curl_slist_append(headerlist, - "Content-Type: application/x-x509-user-cert-chain"); - - asprintf(&delheader, "Delegation-ID: %s", delegid); - headerlist = curl_slist_append(headerlist, delheader); - curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); - -curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); -curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - - if (debugfp != NULL) - { - curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); - curl_easy_setopt(curl, CURLOPT_DEBUGDATA, debugfp); - curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debugfunction); - } - - res = curl_easy_perform(curl); - - curl_easy_getinfo(curl, CURLINFO_HTTP_CODE, &httpcode); - - curl_slist_free_all(headerlist); - - free(delheader); - - return (int) res; -} - - -#if (LIBCURL_VERSION_NUM < 0x070908) -char *make_tmp_ca_roots(char *dir) -/* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory, - so we make a temporary file with the concatenated CA root certs: that - is, all the files in that directory which end in .0 */ -{ - int ofd, ifd, c; - size_t size; - char tmp_ca_roots[] = "/tmp/.ca-roots-XXXXXX", buffer[4096], *s; - DIR *rootsDIR; - struct dirent *root_ent; - - if ((rootsDIR = opendir(dir)) == NULL) return NULL; - - if ((ofd = mkstemp(tmp_ca_roots)) == -1) - { - closedir(rootsDIR); - return NULL; - } - - while ((root_ent = readdir(rootsDIR)) != NULL) - { - if ((root_ent->d_name[0] != '.') && - (strlen(root_ent->d_name) > 2) && - (strncmp(&(root_ent->d_name[strlen(root_ent->d_name)-2]), - ".0", 2) == 0)) - { - asprintf(&s, "%s/%s", dir, root_ent->d_name); - ifd = open(s, O_RDONLY); - free(s); - - if (ifd != -1) - { - while ((size = read(ifd, buffer, sizeof(buffer))) > 0) - write(ofd, buffer, size); - - close(ifd); - } - } - } - - closedir(rootsDIR); - - if (close(ofd) == 0) return strdup(tmp_ca_roots); - - unlink(tmp_ca_roots); /* try to clean up if errors */ - - return NULL; -} -#endif - -void printsyntax(char *argv0) -{ - char *p; - - p = rindex(argv0, '/'); - if (p != NULL) ++p; - else p = argv0; - - fprintf(stderr, "%s [options] URL\n" - "(Version: %s)\n", p, VERSION); -} - -int main(int argc, char *argv[]) -{ - char *delegation_id = "", *reqtxt, *certtxt, *valid = NULL, - *cert = NULL, *key = NULL, *capath = NULL, *keycert; - struct ns__putProxyResponse *unused; - int option_index, c, protocol = USE_SOAP, noverify = 0, - method = HTPROXY_PUT, verbose = 0, fd, minutes; - struct soap soap_get, soap_put; - FILE *ifp, *ofp; - struct stat statbuf; - struct passwd *userpasswd; - struct option long_options[] = { {"verbose", 0, 0, 'v'}, - {"cert", 1, 0, 0}, - {"key", 1, 0, 0}, - {"capath", 1, 0, 0}, - {"soap", 0, 0, 0}, - {"g-https", 0, 0, 0}, - {"no-verify", 0, 0, 0}, - {"valid", 1, 0, 0}, - {"delegation-id",1, 0, 0}, - {"put", 0, 0, 0}, - {0, 0, 0, 0} }; - CURL *curl; - - if (argc == 1) - { - printsyntax(argv[0]); - return 0; - } - - while (1) - { - option_index = 0; - - c = getopt_long(argc, argv, "v", long_options, &option_index); - - if (c == -1) break; - else if (c == 0) - { - if (option_index == 1) cert = optarg; - else if (option_index == 2) key = optarg; - else if (option_index == 3) capath = optarg; - else if (option_index == 4) protocol = USE_SOAP; - else if (option_index == 5) protocol = USE_G_HTTPS; - else if (option_index == 6) noverify = 1; - else if (option_index == 7) valid = optarg; - else if (option_index == 8) delegation_id = optarg; - else if (option_index == 9) method = HTPROXY_PUT; - } - else if (c == 'v') ++verbose; - } - - if (optind + 1 != argc) - { - fprintf(stderr, "Must specify a target URL!\n"); - return 1; - } - - if (valid == NULL) minutes = 60 * 12; - else minutes = atoi(valid); - - if (verbose) fprintf(stderr, "Proxy valid for %d minutes\n", minutes); - - ERR_load_crypto_strings (); - OpenSSL_add_all_algorithms(); - - if ((cert == NULL) && (key != NULL)) cert = key; - else if ((cert != NULL) && (key == NULL)) key = cert; - else if ((cert == NULL) && (key == NULL)) - { - cert = getenv("X509_USER_PROXY"); - if (cert != NULL) key = cert; - else - { - asprintf(&(cert), "/tmp/x509up_u%d", geteuid()); - - /* one fine day, we will check the proxy file for - expiry too to avoid suprises when we try to use it ... */ - - if (stat(cert, &statbuf) == 0) key = cert; - else - { - cert = getenv("X509_USER_CERT"); - key = getenv("X509_USER_KEY"); - - userpasswd = getpwuid(geteuid()); - - if ((cert == NULL) && - (userpasswd != NULL) && - (userpasswd->pw_dir != NULL)) - asprintf(&(cert), "%s/.globus/usercert.pem", - userpasswd->pw_dir); - - if ((key == NULL) && - (userpasswd != NULL) && - (userpasswd->pw_dir != NULL)) - asprintf(&(key), "%s/.globus/userkey.pem", - userpasswd->pw_dir); - - } - } - } - - if (capath == NULL) capath = getenv("X509_CERT_DIR"); - if (capath == NULL) capath = "/etc/grid-security/certificates"; - - if (verbose) fprintf(stderr, "key=%s\ncert=%s\ncapath=%s\n", - key, cert, capath); - -#if (LIBCURL_VERSION_NUM < 0x070908) - /* libcurl before 7.9.8 doesnt support CURLOPT_CAPATH and the directory */ - - if ((capath != NULL) && - (stat(capath, &statbuf) == 0) && S_ISDIR(statbuf.st_mode)) - { - tmp_ca_roots = make_tmp_ca_roots(capath); - capath = tmp_ca_roots; - } -#endif - - if (protocol == USE_G_HTTPS) - { - if (verbose) fprintf(stderr, "Using G-HTTPS delegation protocol\n"); - - if (verbose) fprintf(stderr, "Delegation-ID: %s\n", delegation_id); - - curl_global_init(CURL_GLOBAL_DEFAULT); - curl = curl_easy_init(); - -// curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, NULL); - - GRSTgetProxyReq(curl, stderr, delegation_id, &reqtxt, - argv[optind], cert, key); - - if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt, cert, key, minutes) - != GRST_RET_OK) - { - return 1; - } - - GRSTputProxyCerts(curl, stderr, delegation_id, certtxt, - argv[optind], cert, key); - - curl_easy_cleanup(curl); - curl_global_cleanup(); - - return 0; - } - else if (protocol == USE_SOAP) - { - if (strcmp(key, cert) != 0) /* we have to concatenate for gSOAP */ - { - keycert = strdup("/tmp/XXXXXX"); - - fd = mkstemp(keycert); - ofp = fdopen(fd, "w"); - - ifp = fopen(key, "r"); - while ((c = fgetc(ifp)) != EOF) fputc(c, ofp); - fclose(ifp); - - ifp = fopen(cert, "r"); - while ((c = fgetc(ifp)) != EOF) fputc(c, ofp); - fclose(ifp); - - fclose(ofp); - - if (verbose) fprintf(stderr, "Created %s key/cert file\n", keycert); - } - else keycert = key; - - if (verbose) - { - fprintf(stderr, "Using SOAP delegation protocol\n"); - fprintf(stderr, "Delegation-ID: %s\n", delegation_id); - fprintf(stderr, "Send getProxyReq to service\n"); - } - - soap_init(&soap_get); - - if (soap_ssl_client_context(&soap_get, - SOAP_SSL_DEFAULT, - keycert, - "", - NULL, - capath, - NULL)) - { - soap_print_fault(&soap_get, stderr); - return 1; - } - - soap_call_ns__getProxyReq(&soap_get, - argv[optind], /* HTTPS url of service */ - "", /* no password on proxy */ - delegation_id, - &reqtxt); - - if (soap_get.error) - { - soap_print_fault(&soap_get, stderr); - return 1; - } - - if (verbose) fprintf(stderr, "reqtxt:\n%s", reqtxt); - - if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt, cert, key, minutes) - != GRST_RET_OK) - { - return 1; - } - - soap_init(&soap_put); - - if (verbose) fprintf(stderr, "Send putProxy to service:\n%s\n", certtxt); - - if (soap_ssl_client_context(&soap_put, - SOAP_SSL_DEFAULT, - keycert, - "", - NULL, - capath, - NULL)) - { - soap_print_fault(&soap_put, stderr); - return 1; - } - - soap_call_ns__putProxy(&soap_put, argv[optind], "", delegation_id, - certtxt, unused); - if (soap_put.error) - { - soap_print_fault(&soap_put, stderr); - return 1; - } - - return 0; - } - - /* weirdness */ -} - diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c deleted file mode 100644 index 4fbcfbe..0000000 --- a/org.gridsite.core/src/mod_gridsite.c +++ /dev/null @@ -1,3233 +0,0 @@ -/* - Copyright (c) 2003-6, Andrew McNab and Shiv Kaushal, - University of Manchester. All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - - This program includes dav_parse_range() from Apache mod_dav.c and - associated code contributed by David O Callaghan - - Copyright 2000-2005 The Apache Software Foundation or its licensors, as - applicable. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/*------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridsite.org/ * - *------------------------------------------------------------------*/ - -#ifndef VERSION -#define VERSION "x.x.x" -#endif - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE -#endif - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "mod_ssl-private.h" - -#include "gridsite.h" - -#ifndef UNSET -#define UNSET -1 -#endif - -#define GRST_SESSIONS_DIR "/var/www/sessions" - -module AP_MODULE_DECLARE_DATA gridsite_module; - -#define GRST_SITECAST_GROUPS 32 - -struct sitecast_group - { int socket; int quad1; int quad2; int quad3; int quad4; int port; }; - -#define GRST_SITECAST_ALIASES 32 - -struct sitecast_alias - { const char *sitecast_url; const char *local_path; server_rec *server; }; - -/* Globals, defined by main server directives in httpd.conf - These are assigned default values in create_gridsite_srv_config() */ - -int gridhttpport = 0; -char *sessionsdir = NULL; -char *sitecastdnlists = NULL; -struct sitecast_group sitecastgroups[GRST_SITECAST_GROUPS+1]; -struct sitecast_alias sitecastaliases[GRST_SITECAST_ALIASES]; - -typedef struct -{ - int auth; - int envs; - int format; - int indexes; - char *indexheader; - int gridsitelink; - char *adminfile; - char *adminuri; - char *helpuri; - char *dnlists; - char *dnlistsuri; - char *adminlist; - int gsiproxylimit; - char *unzip; - char *methods; - char *editable; - char *headfile; - char *footfile; - int gridhttp; - char *aclformat; - char *execmethod; - char *delegationuri; - ap_unix_identity_t execugid; - apr_fileperms_t diskmode; -} mod_gridsite_dir_cfg; /* per-directory config choices */ - - -/* - * dav_parse_range() is based on modules/dav/main/mod_dav.c from Apache - */ - -int dav_parse_range(request_rec *r, apr_off_t *range_start, - apr_off_t *range_end) -{ - const char *range_c; - char *range; - char *dash; - char *slash; - - range_c = apr_table_get(r->headers_in, "content-range"); - if (range_c == NULL) - return 0; - - range = apr_pstrdup(r->pool, range_c); - if (strncasecmp(range, "bytes ", 6) != 0 - || (dash = ap_strchr(range, '-')) == NULL - || (slash = ap_strchr(range, '/')) == NULL) { - /* malformed header. ignore it (per S14.16 of RFC2616) */ - return 0; - } - - *dash = *slash = '\0'; - - *range_start = apr_atoi64(range + 6); - *range_end = apr_atoi64(dash + 1); - - if (*range_end < *range_start - || (slash[1] != '*' && apr_atoi64(slash + 1) <= *range_end)) { - /* invalid range. ignore it (per S14.16 of RFC2616) */ - return 0; - } - - /* we now have a valid range */ - return 1; -} - -char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf, - int isdirectory) -/* - make string holding last modified text and admin links -*/ -{ - char *out, *https, *p, *dn = NULL, *file = NULL, *permstr = NULL, - *temp, modified[99], *dir_uri, *grst_cred_0 = NULL; - GRSTgaclPerm perm = GRST_PERM_NONE; - struct tm mtime_tm; - time_t mtime_time; - - https = (char *) apr_table_get(r->subprocess_env, "HTTPS"); - - dir_uri = apr_pstrdup(r->pool, r->uri); - p = rindex(dir_uri, '/'); - - if (p == NULL) return ""; - - file = apr_pstrdup(r->pool, &p[1]); - p[1] = '\0'; - /* dir_uri always gets both a leading and a trailing slash */ - - out = apr_pstrdup(r->pool, "

\n"); - - if (!isdirectory) - { - mtime_time = apr_time_sec(r->finfo.mtime); - - localtime_r(&mtime_time, &mtime_tm); - strftime(modified, sizeof(modified), - "%a %e %B %Y", &mtime_tm); - temp = apr_psprintf(r->pool,"

Last modified %s\n", modified); - out = apr_pstrcat(r->pool, out, temp, NULL); - - if ((conf->adminuri != NULL) && - (conf->adminuri[0] != '\0') && - (conf->adminfile != NULL) && - (conf->adminfile[0] != '\0') && - (strncmp(file, GRST_HIST_PREFIX, sizeof(GRST_HIST_PREFIX)-1) != 0)) - { - temp = apr_psprintf(r->pool, - ". " - "View page history\n", - conf->adminfile, file); - out = apr_pstrcat(r->pool, out, temp, NULL); - } - - out = apr_pstrcat(r->pool, out, "", NULL); - } - - out = apr_pstrcat(r->pool, out, "
", NULL); - - if (r->connection->notes != NULL) - grst_cred_0 = (char *) - apr_table_get(r->connection->notes, "GRST_CRED_0"); - - if ((grst_cred_0 != NULL) && - (strncmp(grst_cred_0, "X509USER ", sizeof("X509USER")) == 0)) - { - p = index(grst_cred_0, ' '); - if (p != NULL) - { - p = index(++p, ' '); - if (p != NULL) - { - p = index(++p, ' '); - if (p != NULL) - { - p = index(++p, ' '); - if (p != NULL) dn = p; - } - } - } - } - - if (dn != NULL) - { - temp = apr_psprintf(r->pool, "You are %s
\n", dn); - out = apr_pstrcat(r->pool, out, temp, NULL); - - if (r->notes != NULL) - permstr = (char *) apr_table_get(r->notes, "GRST_PERM"); - - if ((permstr != NULL) && - (conf->adminuri != NULL) && - (conf->adminuri[0] != '\0') && - (conf->adminfile != NULL) && - (conf->adminfile[0] != '\0')) - { - sscanf(permstr, "%d", &perm); - - if (!isdirectory && - GRSTgaclPermHasWrite(perm) && - (strncmp(file, GRST_HIST_PREFIX, - sizeof(GRST_HIST_PREFIX) - 1) != 0)) - { - temp = apr_psprintf(r->pool, - "" - "Edit page .\n", conf->adminfile, file); - out = apr_pstrcat(r->pool, out, temp, NULL); - } - - if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasWrite(perm)) - { - temp = apr_psprintf(r->pool, - "Manage directory .\n", - dir_uri, conf->adminfile); - - out = apr_pstrcat(r->pool, out, temp, NULL); - } - } - } - - if ((https != NULL) && (strcasecmp(https, "on") == 0)) - temp = apr_psprintf(r->pool, - "Switch to HTTP \n", - r->server->server_hostname, r->unparsed_uri); - else temp = apr_psprintf(r->pool, - "Switch to HTTPS \n", - r->server->server_hostname, r->unparsed_uri); - - out = apr_pstrcat(r->pool, out, temp, NULL); - - if ((conf->helpuri != NULL) && (conf->helpuri[0] != '\0')) - { - temp = apr_psprintf(r->pool, - ". Website Help\n", conf->helpuri); - out = apr_pstrcat(r->pool, out, temp, NULL); - } - - if ((!isdirectory) && - (conf->adminuri != NULL) && - (conf->adminuri[0] != '\0') && - (conf->adminfile != NULL) && - (conf->adminfile[0] != '\0')) - { - temp = apr_psprintf(r->pool, ". " - "Print View\n", conf->adminfile, file); - out = apr_pstrcat(r->pool, out, temp, NULL); - } - - if (conf->gridsitelink) - { - temp = apr_psprintf(r->pool, - ". Built with " - "GridSite %s\n", VERSION); - out = apr_pstrcat(r->pool, out, temp, NULL); - } - - out = apr_pstrcat(r->pool, out, "\n\n", NULL); - - return out; -} - -void delegation_header(request_rec *r, mod_gridsite_dir_cfg *conf){ - - apr_table_add(r->headers_out, - apr_pstrdup(r->pool, "Proxy-Delegation-Service"), - apr_psprintf(r->pool,"https://%s%s", r->hostname, conf->delegationuri)); - return; - -} - -int html_format(request_rec *r, mod_gridsite_dir_cfg *conf) -/* - try to do GridSite formatting of .html files (NOT .shtml etc) -*/ -{ - int i, fd, errstatus; - char *buf, *p, *file, *s, *head_formatted, *header_formatted, - *body_formatted, *admin_formatted, *footer_formatted; - size_t length; - struct stat statbuf; - apr_file_t *fp; - - if (r->finfo.filetype == APR_NOFILE) return HTTP_NOT_FOUND; - - if (apr_file_open(&fp, r->filename, APR_READ, 0, r->pool) != 0) - return HTTP_INTERNAL_SERVER_ERROR; - - - /* Put in Delegation service header if required */ - if (conf->delegationuri) delegation_header(r, conf); - - file = rindex(r->uri, '/'); - if (file != NULL) ++file; /* file points to name without path */ - - buf = apr_palloc(r->pool, (size_t)(r->finfo.size + 1)); - length = r->finfo.size; - apr_file_read(fp, buf, &length); - buf[r->finfo.size] = '\0'; - apr_file_close(fp); - - /* **** try to find a header file in this or parent directories **** */ - - /* first make a buffer big enough to hold path names we want to try */ - fd = -1; - s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - p[1] = '\0'; - strcat(p, conf->headfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* not found, so set up not to output one */ - { - head_formatted = apr_pstrdup(r->pool, ""); - header_formatted = apr_pstrdup(r->pool, ""); - body_formatted = buf; - } - else /* found a header file, so set up head and body to surround it */ - { - fstat(fd, &statbuf); - header_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, header_formatted, statbuf.st_size); - header_formatted[statbuf.st_size] = '\0'; - close(fd); - - p = strstr(buf, "pool, ""); - body_formatted = buf; - } - else - { - *p = '\0'; - head_formatted = buf; - ++p; - - while ((*p != '>') && (*p != '\0')) ++p; - - if (*p == '\0') - { - body_formatted = p; - } - else - { - *p = '\0'; - ++p; - body_formatted = p; - } - } - } - - /* **** remove closing tag from body **** */ - - p = strstr(body_formatted, "filename) + strlen(conf->footfile)); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - - p[1] = '\0'; - strcat(p, conf->footfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* failed to find a footer, so set up empty default */ - { - footer_formatted = apr_pstrdup(r->pool, ""); - } - else /* found a footer, so set up to use it */ - { - fstat(fd, &statbuf); - footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, footer_formatted, statbuf.st_size); - footer_formatted[statbuf.st_size] = '\0'; - close(fd); - } - - /* **** can now calculate the Content-Length and output headers **** */ - - length = strlen(head_formatted) + strlen(header_formatted) + - strlen(body_formatted) + strlen(admin_formatted) + - strlen(footer_formatted); - - ap_set_content_length(r, length); - ap_set_content_type(r, "text/html"); - - /* ** output the HTTP body (HTML Head+Body) ** */ - - ap_rputs(head_formatted, r); - ap_rputs(header_formatted, r); - ap_rputs(body_formatted, r); - ap_rputs(admin_formatted, r); - ap_rputs(footer_formatted, r); - - return OK; -} - -int html_dir_list(request_rec *r, mod_gridsite_dir_cfg *conf) -/* - output HTML directory listing, with level of formatting controlled - by GridSiteHtmlFormat/conf->format -*/ -{ - int i, fd, n, nn; - char *buf, *p, *s, *head_formatted, *header_formatted, - *body_formatted, *admin_formatted, *footer_formatted, *temp, - modified[99], *d_namepath, *indexheaderpath, *indexheadertext; - size_t length; - struct stat statbuf; - struct tm mtime_tm; - struct dirent **namelist; - - if (r->finfo.filetype == APR_NOFILE) return HTTP_NOT_FOUND; - - - /* Put in Delegation service header if required */ - if (conf->delegationuri) delegation_header(r, conf); - - head_formatted = apr_psprintf(r->pool, - "Directory listing %s\n", r->uri); - - if (conf->format) - { - /* **** try to find a header file in this or parent directories **** */ - - /* first make a buffer big enough to hold path names we want to try */ - fd = -1; - s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - p[1] = '\0'; - strcat(p, conf->headfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* not found, so set up to output sensible default */ - { - header_formatted = apr_pstrdup(r->pool, ""); - } - else /* found a header file, so set up head and body to surround it */ - { - fstat(fd, &statbuf); - header_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, header_formatted, statbuf.st_size); - header_formatted[statbuf.st_size] = '\0'; - close(fd); - } - } - else header_formatted = apr_pstrdup(r->pool, ""); - - body_formatted = apr_psprintf(r->pool, - "

Directory listing %s

\n", r->uri); - - if (conf->indexheader != NULL) - { - indexheaderpath = apr_psprintf(r->pool, "%s/%s", r->filename, - conf->indexheader); - fd = open(indexheaderpath, O_RDONLY); - if (fd != -1) - { - fstat(fd, &statbuf); - indexheadertext = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, indexheadertext, statbuf.st_size); - indexheadertext[statbuf.st_size] = '\0'; - close(fd); - - body_formatted = apr_pstrcat(r->pool, body_formatted, - indexheadertext, NULL); - } - } - - body_formatted = apr_pstrcat(r->pool, body_formatted, "

\n", NULL); - - if (r->unparsed_uri[1] != '\0') - body_formatted = apr_pstrcat(r->pool, body_formatted, - "\n", - NULL); - - nn = scandir(r->filename, &namelist, 0, versionsort); - for (n=0; n < nn; ++n) - { - if ((namelist[n]->d_name[0] != '.') && - ((conf->indexheader == NULL) || - (strcmp(conf->indexheader, namelist[n]->d_name) != 0))) - { - d_namepath = apr_psprintf(r->pool, "%s/%s", r->filename, - namelist[n]->d_name); - stat(d_namepath, &statbuf); - - localtime_r(&(statbuf.st_mtime), &mtime_tm); - strftime(modified, sizeof(modified), - "", - &mtime_tm); - - if (S_ISDIR(statbuf.st_mode)) - temp = apr_psprintf(r->pool, - "" - "%s\n", - namelist[n]->d_name, statbuf.st_size, statbuf.st_mtime, - namelist[n]->d_name, - statbuf.st_size, modified); - else temp = apr_psprintf(r->pool, - "" - "%s\n", - namelist[n]->d_name, statbuf.st_size, statbuf.st_mtime, - namelist[n]->d_name, - statbuf.st_size, modified); - - body_formatted = apr_pstrcat(r->pool,body_formatted,temp,NULL); - } - - free(namelist[n]); - } - - free(namelist); - - body_formatted = apr_pstrcat(r->pool, body_formatted, "
[Parent directory]
%R%e %b %y
" - "%s/%ld
" - "%s%ld
\n", NULL); - - if (conf->format) - { - /* **** set up dynamic part of footer to go at end of body **** */ - - admin_formatted = make_admin_footer(r, conf, TRUE); - - /* **** try to find a footer file in this or parent directories **** */ - - /* first make a buffer big enough to hold path names we want to try */ - fd = -1; - s = malloc(strlen(r->filename) + strlen(conf->footfile)); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - - p[1] = '\0'; - strcat(p, conf->footfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* failed to find a footer, so use standard default */ - { - footer_formatted = apr_pstrdup(r->pool, ""); - } - else /* found a footer, so set up to use it */ - { - fstat(fd, &statbuf); - footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, footer_formatted, statbuf.st_size); - footer_formatted[statbuf.st_size] = '\0'; - close(fd); - } - } - else - { - admin_formatted = apr_pstrdup(r->pool, ""); - footer_formatted = apr_pstrdup(r->pool, ""); - } - - /* **** can now calculate the Content-Length and output headers **** */ - - length = strlen(head_formatted) + strlen(header_formatted) + - strlen(body_formatted) + strlen(admin_formatted) + - strlen(footer_formatted); - - ap_set_content_length(r, length); - ap_set_content_type(r, "text/html"); - - /* ** output the HTTP body (HTML Head+Body) ** */ - - ap_rputs(head_formatted, r); - ap_rputs(header_formatted, r); - ap_rputs(body_formatted, r); - ap_rputs(admin_formatted, r); - ap_rputs(footer_formatted, r); - - return OK; -} - -int http_gridhttp(request_rec *r, mod_gridsite_dir_cfg *conf) -{ - int i; - char *httpurl, *filetemplate, *cookievalue, *envname_i, - *grst_cred_i, expires_str[APR_RFC822_DATE_LEN]; - apr_uint64_t gridauthcookie; - apr_table_t *env; - apr_time_t expires_time; - apr_file_t *fp; - - /* create random cookie and gridauthcookie file */ - - if (apr_generate_random_bytes((char *) &gridauthcookie, - sizeof(gridauthcookie)) - != APR_SUCCESS) return HTTP_INTERNAL_SERVER_ERROR; - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Generated GridHTTP passcode %016llx", gridauthcookie); - - filetemplate = apr_psprintf(r->pool, "%s/passcode-%016llxXXXXXX", - ap_server_root_relative(r->pool, - sessionsdir), - gridauthcookie); - - if (apr_file_mktemp(&fp, - filetemplate, - APR_CREATE | APR_WRITE | APR_EXCL, - r->pool) - != APR_SUCCESS) return HTTP_INTERNAL_SERVER_ERROR; - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Created passcode file %s", filetemplate); - - expires_time = apr_time_now() + apr_time_from_sec(300); - /* passcode cookies are valid for only 5 mins! */ - - apr_file_printf(fp, - "expires=%lu\ndomain=%s\npath=%s\nonetime=yes\nmethod=%s\n", - (time_t) apr_time_sec(expires_time), - r->hostname, r->uri, r->method); - /* above variables are evaluated in order and method= MUST be last! */ - - for (i=0; ; ++i) - { - envname_i = apr_psprintf(r->pool, "GRST_CRED_%d", i); - if (grst_cred_i = (char *) - apr_table_get(r->connection->notes, envname_i)) - { - apr_file_printf(fp, "%s=%s\n", envname_i, grst_cred_i); - } - else break; /* GRST_CRED_i are numbered consecutively */ - } - - if (apr_file_close(fp) != APR_SUCCESS) - { - apr_file_remove(filetemplate, r->pool); /* try to clean up */ - return HTTP_INTERNAL_SERVER_ERROR; - } - - /* send redirection header back to client */ - - cookievalue = rindex(filetemplate, '-'); - if (cookievalue != NULL) ++cookievalue; - else cookievalue = filetemplate; - - apr_rfc822_date(expires_str, expires_time); - - apr_table_add(r->headers_out, - apr_pstrdup(r->pool, "Set-Cookie"), - apr_psprintf(r->pool, - "GRIDHTTP_PASSCODE=%s; " - "expires=%s; " - "domain=%s; " - "path=%s", - cookievalue, expires_str, r->hostname, r->uri)); - - if (gridhttpport != DEFAULT_HTTP_PORT) - httpurl = apr_psprintf(r->pool, "http://%s:%d%s", r->hostname, - gridhttpport, ap_escape_uri(r->pool, r->uri)); - else httpurl = apr_pstrcat(r->pool, "http://", r->hostname, - ap_escape_uri(r->pool, r->uri), NULL); - - apr_table_setn(r->headers_out, apr_pstrdup(r->pool, "Location"), httpurl); - - r->status = HTTP_MOVED_TEMPORARILY; - return OK; -} - -int http_put_method(request_rec *r, mod_gridsite_dir_cfg *conf) -{ - char buf[2048]; - size_t length, total_length; - int retcode, stat_ret; - apr_file_t *fp; - apr_int32_t open_flag; - struct stat statbuf; - - int has_range = 0, is_done = 0; - apr_off_t range_start; - apr_off_t range_end; - size_t range_length; - - /* *** check if directory creation: PUT /.../ *** */ - - if ((r->unparsed_uri != NULL) && - (r->unparsed_uri[0] != '\0') && - (r->unparsed_uri[strlen(r->unparsed_uri) - 1] == '/')) - { - if (apr_dir_make(r->filename, - conf->diskmode - | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE, - r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR; - - /* we force the permissions, rather than accept any existing ones */ - - apr_file_perms_set(r->filename, conf->diskmode - | APR_UEXECUTE | APR_GEXECUTE | APR_WEXECUTE); - - ap_set_content_length(r, 0); - ap_set_content_type(r, "text/html"); - return OK; - } - - /* *** otherwise assume trying to create a regular file *** */ - - stat_ret = stat(r->filename, &statbuf); - - /* find if a range is specified */ - - has_range = dav_parse_range(r, &range_start, &range_end); - - if (has_range) - open_flag = APR_WRITE | APR_CREATE | APR_BUFFERED; - else - open_flag = APR_WRITE | APR_CREATE | APR_BUFFERED | APR_TRUNCATE; - - if (apr_file_open(&fp, r->filename, open_flag, - conf->diskmode, r->pool) != 0) return HTTP_INTERNAL_SERVER_ERROR; - - /* we force the permissions, rather than accept any existing ones */ - - apr_file_perms_set(r->filename, conf->diskmode); - - if (has_range) - { - if (apr_file_seek(fp, APR_SET, &range_start) != 0) - { - retcode = HTTP_INTERNAL_SERVER_ERROR; - //break; - return retcode; - } - - range_length = range_end - range_start + 1; - } - - retcode = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK); - if (retcode == OK) - { - if (has_range) total_length = 0; - if (ap_should_client_block(r)) - while ((length = ap_get_client_block(r, buf, sizeof(buf))) > 0) - { - if (has_range && (total_length + length > range_length)) - { - length = range_length - total_length; - is_done = 1; - } - - if (apr_file_write(fp, buf, &length) != 0) - { - retcode = HTTP_INTERNAL_SERVER_ERROR; - break; - } - - if (has_range) - { - if (is_done) break; - else total_length += length; - } - } - ap_set_content_length(r, 0); - ap_set_content_type(r, "text/html"); - } - - if (apr_file_close(fp) != 0) return HTTP_INTERNAL_SERVER_ERROR; - - if ((retcode == OK) && (stat_ret != 0)) - { - retcode = HTTP_CREATED; - ap_custom_response(r, HTTP_CREATED, ""); - } - - return retcode; -} - -int http_delete_method(request_rec *r, mod_gridsite_dir_cfg *conf) -{ - if (apr_file_remove(r->filename, r->pool) != 0) return HTTP_FORBIDDEN; - - ap_set_content_length(r, 0); - ap_set_content_type(r, "text/html"); - - return OK; -} - -int http_move_method(request_rec *r, mod_gridsite_dir_cfg *conf) -{ - char *destination_translated = NULL; - - if (r->notes != NULL) destination_translated = - (char *) apr_table_get(r->notes, "GRST_DESTINATION_TRANSLATED"); - - - if ((destination_translated == NULL) || - (apr_file_rename(r->filename, destination_translated, r->pool) != 0)) - return HTTP_FORBIDDEN; - - ap_set_content_length(r, 0); - ap_set_content_type(r, "text/html"); - - return OK; -} - -static int mod_gridsite_dir_handler(request_rec *r, mod_gridsite_dir_cfg *conf) -/* - handler switch for directories -*/ -{ - /* *** is this a write method? only possible if GridSiteAuth on *** */ - - if (conf->auth) - { - if ((r->method_number == M_PUT) && - (conf->methods != NULL) && - (strstr(conf->methods, " PUT " ) != NULL)) - return http_put_method(r, conf); - - if ((r->method_number == M_DELETE) && - (conf->methods != NULL) && - (strstr(conf->methods, " DELETE ") != NULL)) - return http_delete_method(r, conf); - } - - /* *** directory listing? *** */ - if ((r->method_number == M_GET) && (conf->indexes)) - return html_dir_list(r, conf); /* directory listing */ - - return DECLINED; /* *** nothing to see here, move along *** */ -} - -static int mod_gridsite_nondir_handler(request_rec *r, mod_gridsite_dir_cfg *conf) -/* - one big handler switch for everything other than directories, since we - might be responding to MIME * / * for local PUT, MOVE, COPY and DELETE, - and GET inside ghost directories. -*/ -{ - char *upgradeheader, *upgradespaced, *p; - const char *https_env; - - /* *** is this a write method or GridHTTP HTTPS->HTTP redirection? - only possible if GridSiteAuth on *** */ - - if (conf->auth) - { - if ((conf->gridhttp) && - ((r->method_number == M_GET) || - ((r->method_number == M_PUT) && - (strstr(conf->methods, " PUT ") != NULL))) && - ((upgradeheader = (char *) apr_table_get(r->headers_in, - "Upgrade")) != NULL) && - ((https_env=apr_table_get(r->subprocess_env,"HTTPS")) != NULL) && - (strcasecmp(https_env, "on") == 0)) - { - upgradespaced = apr_psprintf(r->pool, " %s ", upgradeheader); - - for (p=upgradespaced; *p != '\0'; ++p) - if ((*p == ',') || (*p == '\t')) *p = ' '; - -// TODO: what if we're pointing at a CGI or some dynamic content??? - - if (strstr(upgradespaced, " GridHTTP/1.0 ") != NULL) - return http_gridhttp(r, conf); - } - - if ((r->method_number == M_PUT) && - (conf->methods != NULL) && - (strstr(conf->methods, " PUT " ) != NULL)) - return http_put_method(r, conf); - - if ((r->method_number == M_DELETE) && - (conf->methods != NULL) && - (strstr(conf->methods, " DELETE ") != NULL)) - return http_delete_method(r, conf); - - if ((r->method_number == M_MOVE) && - (conf->methods != NULL) && - (strstr(conf->methods, " MOVE ") != NULL)) - return http_move_method(r, conf); - } - - /* *** check if a special ghost admin CGI *** */ - - if (conf->adminfile && conf->adminuri && - (strlen(r->filename) > strlen(conf->adminfile) + 1) && - (strcmp(&(r->filename[strlen(r->filename) - strlen(conf->adminfile)]), - conf->adminfile) == 0) && - (r->filename[strlen(r->filename)-strlen(conf->adminfile)-1] == '/') && - ((r->method_number == M_POST) || - (r->method_number == M_GET))) - { - ap_internal_redirect(conf->adminuri, r); - return OK; - } - - /* *** finally look for .html files that we should format *** */ - - if ((conf->format) && /* conf->format set by GridSiteHtmlFormat on */ - (strlen(r->filename) > 5) && - (strcmp(&(r->filename[strlen(r->filename)-5]), ".html") == 0) && - (r->method_number == M_GET)) return html_format(r, conf); - - return DECLINED; /* *** nothing to see here, move along *** */ -} - -static void recurse4dirlist(char *dirname, time_t *dirs_time, - char *fulluri, int fullurilen, - char *encfulluri, int enclen, - apr_pool_t *pool, char **body, - int recurse_level) -/* try to find DN Lists in dir[] and its subdirs that match the fulluri[] - prefix. add blobs of HTML to body as they are found. */ -{ - char *unencname, modified[99], *oneline, *d_namepath; - DIR *oneDIR; - struct dirent *onedirent; - struct tm mtime_tm; - size_t length; - struct stat statbuf; - - if ((stat(dirname, &statbuf) != 0) || - (!S_ISDIR(statbuf.st_mode)) || - ((oneDIR = opendir(dirname)) == NULL)) return; - - if (statbuf.st_mtime > *dirs_time) *dirs_time = statbuf.st_mtime; - - while ((onedirent = readdir(oneDIR)) != NULL) - { - if (onedirent->d_name[0] == '.') continue; - - d_namepath = apr_psprintf(pool, "%s/%s", dirname, onedirent->d_name); - if (stat(d_namepath, &statbuf) != 0) continue; - - if (S_ISDIR(statbuf.st_mode) && (recurse_level < GRST_RECURS_LIMIT)) - recurse4dirlist(d_namepath, dirs_time, fulluri, - fullurilen, encfulluri, enclen, - pool, body, recurse_level + 1); - else if ((strncmp(onedirent->d_name, encfulluri, enclen) == 0) && - (onedirent->d_name[strlen(onedirent->d_name) - 1] != '~')) - { - unencname = GRSThttpUrlDecode(onedirent->d_name); - - if (strncmp(unencname, fulluri, fullurilen) == 0) - { - - if (statbuf.st_mtime > *dirs_time) - *dirs_time = statbuf.st_mtime; - - localtime_r(&(statbuf.st_mtime), &mtime_tm); - strftime(modified, sizeof(modified), - "%R%e %b %y", - &mtime_tm); - - oneline = apr_psprintf(pool, - "" - "%s" - "%ld%s\n", - &unencname[fullurilen], statbuf.st_size, - statbuf.st_mtime, unencname, - statbuf.st_size, modified); - - *body = apr_pstrcat(pool, *body, oneline, NULL); - } - - free(unencname); /* libgridsite doesnt use pools */ - } - } - - closedir(oneDIR); -} - -static int mod_gridsite_dnlistsuri_dir_handler(request_rec *r, - mod_gridsite_dir_cfg *conf) -/* - virtual DN-list file lister: make all DN lists on the dn-lists - path of this server appear to be in the dn-lists directory itself - (ie where they appear in the DN lists path doesnt matter, as long - as their name matches) -*/ -{ - int enclen, fullurilen, fd; - char *fulluri, *encfulluri, *dn_list_ptr, *dirname, *unencname, - *body, *oneline, *p, *s, - *head_formatted, *header_formatted, *footer_formatted, - *permstr = NULL; - struct stat statbuf; - size_t length; - time_t dirs_time = 0; - GRSTgaclPerm perm = GRST_PERM_NONE; - - if (r->notes != NULL) - permstr = (char *) apr_table_get(r->notes, "GRST_PERM"); - - if (permstr != NULL) sscanf(permstr, "%d", &perm); - - fulluri = apr_psprintf(r->pool, "https://%s%s", - ap_get_server_name(r), conf->dnlistsuri); - fullurilen = strlen(fulluri); - - encfulluri = GRSThttpUrlEncode(fulluri); - enclen = strlen(encfulluri); - - if (conf->dnlists != NULL) p = conf->dnlists; - else p = getenv("GRST_DN_LISTS"); - - if (p == NULL) p = GRST_DN_LISTS; - dn_list_ptr = apr_pstrdup(r->pool, p); - - head_formatted = apr_psprintf(r->pool, - "Directory listing %s\n", r->uri); - - if (conf->format) - { - /* **** try to find a header file in this or parent directories **** */ - - /* first make a buffer big enough to hold path names we want to try */ - fd = -1; - s = malloc(strlen(r->filename) + strlen(conf->headfile) + 1); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - p[1] = '\0'; - strcat(p, conf->headfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* not found, so set up to output sensible default */ - { - header_formatted = apr_pstrdup(r->pool, ""); - } - else /* found a header file, so set up head and body to surround it */ - { - fstat(fd, &statbuf); - header_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, header_formatted, statbuf.st_size); - header_formatted[statbuf.st_size] = '\0'; - close(fd); - } - } - else header_formatted = apr_pstrdup(r->pool, ""); - - body = apr_psprintf(r->pool, - "

Directory listing %s

\n", r->uri); - - if ((r->uri)[1] != '\0') - body = apr_pstrcat(r->pool, body, - "\n", - NULL); - - while ((dirname = strsep(&dn_list_ptr, ":")) != NULL) - recurse4dirlist(dirname, &dirs_time, fulluri, fullurilen, - encfulluri, enclen, r->pool, &body, 0); - - if ((stat(r->filename, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode) && - GRSTgaclPermHasWrite(perm)) - { - oneline = apr_psprintf(r->pool, - "\n" - "" - "\n", - r->uri, conf->adminfile); - - body = apr_pstrcat(r->pool, body, oneline, NULL); - } - - body = apr_pstrcat(r->pool, body, "
[Parent directory]
\n", NULL); - - free(encfulluri); /* libgridsite doesnt use pools */ - - if (conf->format) - { - /* **** try to find a footer file in this or parent directories **** */ - - /* first make a buffer big enough to hold path names we want to try */ - fd = -1; - s = malloc(strlen(r->filename) + strlen(conf->footfile)); - strcpy(s, r->filename); - - for (;;) - { - p = rindex(s, '/'); - if (p == NULL) break; /* failed to find one */ - - p[1] = '\0'; - strcat(p, conf->footfile); - - fd = open(s, O_RDONLY); - if (fd != -1) break; /* found one */ - - *p = '\0'; - } - - free(s); - - if (fd == -1) /* failed to find a footer, so use standard default */ - { - footer_formatted = apr_pstrdup(r->pool, ""); - } - else /* found a footer, so set up to use it */ - { - fstat(fd, &statbuf); - footer_formatted = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, footer_formatted, statbuf.st_size); - footer_formatted[statbuf.st_size] = '\0'; - close(fd); - } - } - else footer_formatted = apr_pstrdup(r->pool, ""); - - /* **** can now calculate the Content-Length and output headers **** */ - - length = strlen(head_formatted) + strlen(header_formatted) + - strlen(body) + strlen(footer_formatted); - - ap_set_content_length(r, length); - r->mtime = apr_time_from_sec(dirs_time); - ap_set_last_modified(r); - ap_set_content_type(r, "text/html"); - - /* ** output the HTTP body (HTML Head+Body) ** */ - ap_rputs(head_formatted, r); - ap_rputs(header_formatted, r); - ap_rputs(body, r); - ap_rputs(footer_formatted, r); - - return OK; -} - -static char *recurse4file(char *dir, char *file, apr_pool_t *pool, - int recurse_level) -/* try to find file[] in dir[]. try subdirs if not found. - return full path to first found version or NULL on failure */ -{ - char *fullfilename, *fulldirname; - struct stat statbuf; - DIR *dirDIR; - struct dirent *file_ent; - - /* try to find in current directory */ - - fullfilename = apr_psprintf(pool, "%s/%s", dir, file); - - if (stat(fullfilename, &statbuf) == 0) return fullfilename; - - /* maybe search in subdirectories */ - - if (recurse_level >= GRST_RECURS_LIMIT) return NULL; - - dirDIR = opendir(dir); - - if (dirDIR == NULL) return NULL; - - while ((file_ent = readdir(dirDIR)) != NULL) - { - if (file_ent->d_name[0] == '.') continue; - - fulldirname = apr_psprintf(pool, "%s/%s", dir, file_ent->d_name); - if ((stat(fulldirname, &statbuf) == 0) && - S_ISDIR(statbuf.st_mode) && - ((fullfilename = recurse4file(fulldirname, file, - pool, recurse_level + 1)) != NULL)) - { - closedir(dirDIR); - return fullfilename; - } - } - - closedir(dirDIR); - - return NULL; -} - -static int mod_gridsite_dnlistsuri_handler(request_rec *r, - mod_gridsite_dir_cfg *conf) -/* - virtual DN-list file generator -*/ -{ - int fd; - char *fulluri, *encfulluri, *dn_list_ptr, *filename, *dirname, *p, - *buf; - struct stat statbuf; - - /* *** check if a special ghost admin CGI *** */ - - if (conf->adminfile && conf->adminuri && - (strlen(r->filename) > strlen(conf->adminfile) + 1) && - (strcmp(&(r->filename[strlen(r->filename) - strlen(conf->adminfile)]), - conf->adminfile) == 0) && - (r->filename[strlen(r->filename)-strlen(conf->adminfile)-1] == '/') && - ((r->method_number == M_POST) || - (r->method_number == M_GET))) - { - ap_internal_redirect(conf->adminuri, r); - return OK; - } - - fulluri = apr_psprintf(r->pool, "https://%s%s", - ap_get_server_name(r), r->uri); - - encfulluri = GRSThttpUrlEncode(fulluri); - - if (conf->dnlists != NULL) p = conf->dnlists; - else p = getenv("GRST_DN_LISTS"); - - if (p == NULL) p = GRST_DN_LISTS; - dn_list_ptr = apr_pstrdup(r->pool, p); - - while ((dirname = strsep(&dn_list_ptr, ":")) != NULL) - { - filename = recurse4file(dirname, encfulluri, r->pool, 0); - - if (filename == NULL) continue; - - fd = open(filename, O_RDONLY); - - if (fd == -1) continue; - - fstat(fd, &statbuf); - ap_set_content_length(r, (apr_off_t) statbuf.st_size); - r->mtime = apr_time_from_sec(statbuf.st_mtime); - ap_set_content_type(r, "text/plain"); - ap_set_last_modified(r); - - buf = apr_palloc(r->pool, statbuf.st_size + 1); - read(fd, buf, statbuf.st_size); - buf[statbuf.st_size] = '\0'; - - ap_rputs(buf, r); - - close(fd); - - return OK; - } - - return HTTP_NOT_FOUND; -} - -static void *create_gridsite_srv_config(apr_pool_t *p, server_rec *s) -{ - int i; - - if (!(s->is_virtual)) - { - gridhttpport = GRST_HTTP_PORT; - - sessionsdir = apr_pstrdup(p, GRST_SESSIONS_DIR); - /* GridSiteSessionsDir dir-path */ - - sitecastdnlists = NULL; - - sitecastgroups[0].quad1 = 0; - sitecastgroups[0].quad2 = 0; - sitecastgroups[0].quad3 = 0; - sitecastgroups[0].quad4 = 0; - sitecastgroups[0].port = GRST_HTCP_PORT; - /* GridSiteCastUniPort udp-port */ - - for (i=1; i <= GRST_SITECAST_GROUPS; ++i) - sitecastgroups[i].port = 0; - /* GridSiteCastGroup mcast-list */ - - for (i=1; i <= GRST_SITECAST_ALIASES; ++i) - { - sitecastaliases[i].sitecast_url = NULL; - sitecastaliases[i].local_path = NULL; - sitecastaliases[i].server = NULL; - } /* GridSiteCastAlias url path */ - } - - return NULL; -} - -static void *create_gridsite_dir_config(apr_pool_t *p, char *path) -{ - mod_gridsite_dir_cfg *conf = apr_palloc(p, sizeof(*conf)); - - if (path == NULL) /* set up document root defaults */ - { - conf->auth = 0; /* GridSiteAuth on/off */ - conf->envs = 1; /* GridSiteEnvs on/off */ - conf->format = 0; /* GridSiteHtmlFormat on/off */ - conf->indexes = 0; /* GridSiteIndexes on/off */ - conf->indexheader = NULL; /* GridSiteIndexHeader File-value */ - conf->gridsitelink = 1; /* GridSiteLink on/off */ - conf->adminfile = apr_pstrdup(p, GRST_ADMIN_FILE); - /* GridSiteAdminFile File-value */ - conf->adminuri = NULL; /* GridSiteAdminURI URI-value */ - conf->helpuri = NULL; /* GridSiteHelpURI URI-value */ - conf->dnlists = NULL; /* GridSiteDNlists Search-path */ - conf->dnlistsuri = NULL; /* GridSiteDNlistsURI URI-value */ - conf->adminlist = NULL; /* GridSiteAdminList URI-value */ - conf->gsiproxylimit = 1; /* GridSiteGSIProxyLimit number */ - conf->unzip = NULL; /* GridSiteUnzip file-path */ - - conf->methods = apr_pstrdup(p, " GET "); - /* GridSiteMethods methods */ - - conf->editable = apr_pstrdup(p, " txt shtml html htm css js php jsp "); - /* GridSiteEditable types */ - - conf->headfile = apr_pstrdup(p, GRST_HEADFILE); - conf->footfile = apr_pstrdup(p, GRST_FOOTFILE); - /* GridSiteHeadFile and GridSiteFootFile file name */ - - conf->gridhttp = 0; /* GridSiteGridHTTP on/off */ - conf->aclformat = apr_pstrdup(p, "GACL"); - /* GridSiteACLFormat gacl/xacml */ - conf->delegationuri = NULL; /* GridSiteDelegationURI URI-value */ - conf->execmethod = NULL; - /* GridSiteExecMethod nosetuid/suexec/X509DN/directory */ - - conf->execugid.uid = 0; /* GridSiteUserGroup User Group */ - conf->execugid.gid = 0; /* ditto */ - conf->execugid.userdir = 0; /* ditto */ - - conf->diskmode = APR_UREAD | APR_UWRITE; - /* GridSiteDiskMode group-mode world-mode - GroupNone | GroupRead | GroupWrite WorldNone | WorldRead */ - } - else - { - conf->auth = UNSET; /* GridSiteAuth on/off */ - conf->envs = UNSET; /* GridSiteEnvs on/off */ - conf->format = UNSET; /* GridSiteHtmlFormat on/off */ - conf->indexes = UNSET; /* GridSiteIndexes on/off */ - conf->indexheader = NULL; /* GridSiteIndexHeader File-value */ - conf->gridsitelink = UNSET; /* GridSiteLink on/off */ - conf->adminfile = NULL; /* GridSiteAdminFile File-value */ - conf->adminuri = NULL; /* GridSiteAdminURI URI-value */ - conf->helpuri = NULL; /* GridSiteHelpURI URI-value */ - conf->dnlists = NULL; /* GridSiteDNlists Search-path */ - conf->dnlistsuri = NULL; /* GridSiteDNlistsURI URI-value */ - conf->adminlist = NULL; /* GridSiteAdminList URI-value */ - conf->gsiproxylimit = UNSET; /* GridSiteGSIProxyLimit number */ - conf->unzip = NULL; /* GridSiteUnzip file-path */ - conf->methods = NULL; /* GridSiteMethods methods */ - conf->editable = NULL; /* GridSiteEditable types */ - conf->headfile = NULL; /* GridSiteHeadFile file name */ - conf->footfile = NULL; /* GridSiteFootFile file name */ - conf->gridhttp = UNSET; /* GridSiteGridHTTP on/off */ - conf->aclformat = NULL; /* GridSiteACLFormat gacl/xacml */ - conf->delegationuri = NULL; /* GridSiteDelegationURI URI-value */ - conf->execmethod = NULL; /* GridSiteExecMethod */ - conf->execugid.uid = UNSET; /* GridSiteUserGroup User Group */ - conf->execugid.gid = UNSET; /* ditto */ - conf->execugid.userdir = UNSET; /* ditto */ - conf->diskmode = UNSET; /* GridSiteDiskMode group world */ - } - - return conf; -} - -static void *merge_gridsite_dir_config(apr_pool_t *p, void *vserver, - void *vdirect) -/* merge directory with server-wide directory configs */ -{ - mod_gridsite_dir_cfg *conf, *server, *direct; - - server = (mod_gridsite_dir_cfg *) vserver; - direct = (mod_gridsite_dir_cfg *) vdirect; - conf = apr_palloc(p, sizeof(*conf)); - - if (direct->auth != UNSET) conf->auth = direct->auth; - else conf->auth = server->auth; - - if (direct->envs != UNSET) conf->envs = direct->envs; - else conf->envs = server->envs; - - if (direct->format != UNSET) conf->format = direct->format; - else conf->format = server->format; - - if (direct->indexes != UNSET) conf->indexes = direct->indexes; - else conf->indexes = server->indexes; - - if (direct->gridsitelink != UNSET) conf->gridsitelink=direct->gridsitelink; - else conf->gridsitelink=server->gridsitelink; - - if (direct->indexheader != NULL) conf->indexheader = direct->indexheader; - else conf->indexheader = server->indexheader; - - if (direct->adminfile != NULL) conf->adminfile = direct->adminfile; - else conf->adminfile = server->adminfile; - - if (direct->adminuri != NULL) conf->adminuri = direct->adminuri; - else conf->adminuri = server->adminuri; - - if (direct->helpuri != NULL) conf->helpuri = direct->helpuri; - else conf->helpuri = server->helpuri; - - if (direct->dnlists != NULL) conf->dnlists = direct->dnlists; - else conf->dnlists = server->dnlists; - - if (direct->dnlistsuri != NULL) conf->dnlistsuri = direct->dnlistsuri; - else conf->dnlistsuri = server->dnlistsuri; - - if (direct->adminlist != NULL) conf->adminlist = direct->adminlist; - else conf->adminlist = server->adminlist; - - if (direct->gsiproxylimit != UNSET) - conf->gsiproxylimit = direct->gsiproxylimit; - else conf->gsiproxylimit = server->gsiproxylimit; - - if (direct->unzip != NULL) conf->unzip = direct->unzip; - else conf->unzip = server->unzip; - - if (direct->methods != NULL) conf->methods = direct->methods; - else conf->methods = server->methods; - - if (direct->editable != NULL) conf->editable = direct->editable; - else conf->editable = server->editable; - - if (direct->headfile != NULL) conf->headfile = direct->headfile; - else conf->headfile = server->headfile; - - if (direct->footfile != NULL) conf->footfile = direct->footfile; - else conf->footfile = server->footfile; - - if (direct->gridhttp != UNSET) conf->gridhttp = direct->gridhttp; - else conf->gridhttp = server->gridhttp; - - if (direct->aclformat != NULL) conf->aclformat = direct->aclformat; - else conf->aclformat = server->aclformat; - - if (direct->delegationuri != NULL) conf->delegationuri = direct->delegationuri; - else conf->delegationuri = server->delegationuri; - - if (direct->execmethod != NULL) conf->execmethod = direct->execmethod; - else conf->execmethod = server->execmethod; - - if (direct->execugid.uid != UNSET) - { conf->execugid.uid = direct->execugid.uid; - conf->execugid.gid = direct->execugid.gid; - conf->execugid.userdir = direct->execugid.userdir; } - else - { conf->execugid.uid = server->execugid.uid; - conf->execugid.gid = server->execugid.gid; - conf->execugid.userdir = server->execugid.userdir; } - - if (direct->diskmode != UNSET) conf->diskmode = direct->diskmode; - else conf->diskmode = server->diskmode; - - return conf; -} - -static const char *mod_gridsite_take1_cmds(cmd_parms *a, void *cfg, - const char *parm) -{ - int n, i; - char *p; - - if (strcasecmp(a->cmd->name, "GridSiteSessionsDir") == 0) - { - if (a->server->is_virtual) - return "GridSiteSessionsDir cannot be used inside a virtual server"; - - sessionsdir = apr_pstrdup(a->pool, parm); - } -/* GridSiteOnetimesDir is deprecated in favour of GridSiteSessionsDir */ - else if (strcasecmp(a->cmd->name, "GridSiteOnetimesDir") == 0) - { - if (a->server->is_virtual) - return "GridSiteOnetimesDir cannot be used inside a virtual server"; - - sessionsdir = apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteGridHTTPport") == 0) - { - gridhttpport = atoi(parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteCastDNlists") == 0) - { - if (a->server->is_virtual) - return "GridSiteDNlists cannot be used inside a virtual server"; - - sitecastdnlists = apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteCastUniPort") == 0) - { - if (a->server->is_virtual) - return "GridSiteCastUniPort cannot be used inside a virtual server"; - - if (sscanf(parm, "%d", &(sitecastgroups[0].port)) != 1) - return "Failed parsing GridSiteCastUniPort numeric value"; - } - else if (strcasecmp(a->cmd->name, "GridSiteCastGroup") == 0) - { - if (a->server->is_virtual) - return "GridSiteCastGroup cannot be used inside a virtual server"; - - for (i=1; i <= GRST_SITECAST_GROUPS; ++i) - { - if (sitecastgroups[i].port == 0) /* a free slot */ - { - sitecastgroups[i].port = GRST_HTCP_PORT; - - if (sscanf(parm, "%d.%d.%d.%d:%d", - &(sitecastgroups[i].quad1), - &(sitecastgroups[i].quad2), - &(sitecastgroups[i].quad3), - &(sitecastgroups[i].quad4), - &(sitecastgroups[i].port)) < 4) - return "Failed parsing GridSiteCastGroup nnn.nnn.nnn.nnn[:port]"; - - break; - } - } - - if (i > GRST_SITECAST_GROUPS) - return "Maximum GridSiteCastGroup groups reached"; - } - else if (strcasecmp(a->cmd->name, "GridSiteAdminFile") == 0) - { - if (index(parm, '/') != NULL) - return "/ not permitted in GridSiteAdminFile"; - - ((mod_gridsite_dir_cfg *) cfg)->adminfile = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteAdminURI") == 0) - { - if (*parm != '/') return "GridSiteAdminURI must begin with /"; - - ((mod_gridsite_dir_cfg *) cfg)->adminuri = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteHelpURI") == 0) - { - if (*parm != '/') return "GridSiteHelpURI must begin with /"; - - ((mod_gridsite_dir_cfg *) cfg)->helpuri = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteDNlists") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->dnlists = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteDNlistsURI") == 0) - { - if (*parm != '/') return "GridSiteDNlistsURI must begin with /"; - - if ((*parm != '\0') && (parm[strlen(parm) - 1] == '/')) - ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri = - apr_pstrdup(a->pool, parm); - else - ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri = - apr_pstrcat(a->pool, parm, "/", NULL); - } - else if (strcasecmp(a->cmd->name, "GridSiteAdminList") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->adminlist = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteGSIProxyLimit") == 0) - { - n = -1; - - if ((sscanf(parm, "%d", &n) == 1) && (n >= 0)) - ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit = n; - else return "GridSiteGSIProxyLimit must be a number >= 0"; - } - else if (strcasecmp(a->cmd->name, "GridSiteUnzip") == 0) - { - if (*parm != '/') return "GridSiteUnzip must begin with /"; - - ((mod_gridsite_dir_cfg *) cfg)->unzip = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteMethods") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->methods = - apr_psprintf(a->pool, " %s ", parm); - - for (p = ((mod_gridsite_dir_cfg *) cfg)->methods; - *p != '\0'; - ++p) if (*p == '\t') *p = ' '; - } - else if (strcasecmp(a->cmd->name, "GridSiteEditable") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->editable = - apr_psprintf(a->pool, " %s ", parm); - - for (p = ((mod_gridsite_dir_cfg *) cfg)->editable; - *p != '\0'; - ++p) if (*p == '\t') *p = ' '; - } - else if (strcasecmp(a->cmd->name, "GridSiteHeadFile") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->headfile = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteFootFile") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->footfile = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteIndexHeader") == 0) - { - if (index(parm, '/') != NULL) - return "/ not permitted in GridSiteIndexHeader"; - - ((mod_gridsite_dir_cfg *) cfg)->indexheader = - apr_pstrdup(a->pool, parm); - } - else if (strcasecmp(a->cmd->name, "GridSiteACLFormat") == 0) - { - if ((strcasecmp(parm,"GACL") != 0) && - (strcasecmp(parm,"XACML") != 0)) - return "GridsiteACLFormat must be either GACL or XACML"; - - ((mod_gridsite_dir_cfg *) cfg)->aclformat = apr_pstrdup(a->pool, parm); - } - - else if (strcasecmp(a->cmd->name, "GridSiteDelegationURI") == 0) - { - if (*parm != '/') return "GridSiteDelegationURI must begin with /"; - - if (*parm != '\0') - ((mod_gridsite_dir_cfg *) cfg)->delegationuri = - apr_pstrdup(a->pool, parm); - - } - else if (strcasecmp(a->cmd->name, "GridSiteExecMethod") == 0) - { - if (strcasecmp(parm, "nosetuid") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->execmethod = NULL; - return NULL; - } - - if ((strcasecmp(parm, "suexec") != 0) && - (strcasecmp(parm, "X509DN") != 0) && - (strcasecmp(parm, "directory") != 0)) - return "GridsiteExecMethod must be nosetuid, suexec, X509DN or directory"; - - ((mod_gridsite_dir_cfg *) cfg)->execmethod = apr_pstrdup(a->pool, parm); - } - - return NULL; -} - -static const char *mod_gridsite_take2_cmds(cmd_parms *a, void *cfg, - const char *parm1, const char *parm2) -{ - int i; - - if (strcasecmp(a->cmd->name, "GridSiteUserGroup") == 0) - { - if (!(unixd_config.suexec_enabled)) - return "Using GridSiteUserGroup will " - "require rebuilding Apache with suexec support!"; - - /* NB ap_uname2id/ap_gname2id are NOT thread safe - but OK - as long as not used in .htaccess, just at server start time */ - - ((mod_gridsite_dir_cfg *) cfg)->execugid.uid = ap_uname2id(parm1); - ((mod_gridsite_dir_cfg *) cfg)->execugid.gid = ap_gname2id(parm2); - ((mod_gridsite_dir_cfg *) cfg)->execugid.userdir = 0; - } - else if (strcasecmp(a->cmd->name, "GridSiteDiskMode") == 0) - { - if ((strcasecmp(parm1, "GroupNone" ) != 0) && - (strcasecmp(parm1, "GroupRead" ) != 0) && - (strcasecmp(parm1, "GroupWrite") != 0)) - return "First parameter of GridSiteDiskMode must be " - "GroupNone, GroupRead or GroupWrite!"; - - if ((strcasecmp(parm2, "WorldNone" ) != 0) && - (strcasecmp(parm2, "WorldRead" ) != 0)) - return "Second parameter of GridSiteDiskMode must be " - "WorldNone or WorldRead!"; - - ((mod_gridsite_dir_cfg *) cfg)->diskmode = - APR_UREAD | APR_UWRITE - | ( APR_GREAD * (strcasecmp(parm1, "GroupRead") == 0)) - | ((APR_GREAD | APR_GWRITE) * (strcasecmp(parm1, "GroupWrite") == 0)) - | ((APR_GREAD | APR_WREAD) * (strcasecmp(parm2, "WorldRead") == 0)); - } - else if (strcasecmp(a->cmd->name, "GridSiteCastAlias") == 0) - { - for (i=0; i < GRST_SITECAST_ALIASES; ++i) /* look for free slot */ - { - if (sitecastaliases[i].sitecast_url == NULL) - { - sitecastaliases[i].sitecast_url = parm1; - sitecastaliases[i].local_path = parm2; - sitecastaliases[i].server = a->server; - break; - } - } - } - - return NULL; -} - -static const char *mod_gridsite_flag_cmds(cmd_parms *a, void *cfg, - int flag) -{ - if (strcasecmp(a->cmd->name, "GridSiteAuth") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->auth = flag; - } - else if (strcasecmp(a->cmd->name, "GridSiteEnvs") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->envs = flag; - } - else if (strcasecmp(a->cmd->name, "GridSiteHtmlFormat") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->format = flag; - } - else if (strcasecmp(a->cmd->name, "GridSiteIndexes") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->indexes = flag; - } - else if (strcasecmp(a->cmd->name, "GridSiteLink") == 0) - { - ((mod_gridsite_dir_cfg *) cfg)->gridsitelink = flag; - } - else if (strcasecmp(a->cmd->name, "GridSiteGridHTTP") == 0) - { -// TODO: return error if try this on non-HTTPS virtual server - - ((mod_gridsite_dir_cfg *) cfg)->gridhttp = flag; - } - - return NULL; -} - -static const command_rec mod_gridsite_cmds[] = -{ -// TODO: need to check and document valid contexts for each command! - - AP_INIT_FLAG("GridSiteAuth", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - AP_INIT_FLAG("GridSiteEnvs", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - AP_INIT_FLAG("GridSiteHtmlFormat", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - AP_INIT_FLAG("GridSiteIndexes", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - AP_INIT_FLAG("GridSiteLink", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - - AP_INIT_TAKE1("GridSiteAdminFile", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "Ghost per-directory admin CGI"), - AP_INIT_TAKE1("GridSiteAdminURI", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "URI of real gridsite-admin.cgi"), - AP_INIT_TAKE1("GridSiteHelpURI", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "URI of Website Help pages"), - AP_INIT_TAKE1("GridSiteDNlists", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "DN Lists directories search path"), - AP_INIT_TAKE1("GridSiteDNlistsURI", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "URI of published DN lists"), - AP_INIT_TAKE1("GridSiteAdminList", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "URI of admin DN List"), - AP_INIT_TAKE1("GridSiteGSIProxyLimit", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "Max level of GSI proxy validity"), - AP_INIT_TAKE1("GridSiteUnzip", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "Absolute path to unzip command"), - - AP_INIT_RAW_ARGS("GridSiteMethods", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "permitted HTTP methods"), - AP_INIT_RAW_ARGS("GridSiteEditable", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "editable file extensions"), - AP_INIT_TAKE1("GridSiteHeadFile", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "filename of HTML header"), - AP_INIT_TAKE1("GridSiteFootFile", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "filename of HTML footer"), - AP_INIT_TAKE1("GridSiteIndexHeader", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "filename of directory header"), - - AP_INIT_FLAG("GridSiteGridHTTP", mod_gridsite_flag_cmds, - NULL, OR_FILEINFO, "on or off"), - AP_INIT_TAKE1("GridSiteGridHTTPport", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "GridHTTP port"), - AP_INIT_TAKE1("GridSiteSessionsDir", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "directory with GridHTTP passcodes and SSL session creds"), -/* GridSiteOnetimesDir is deprecated in favour of GridSiteSessionsDir */ - AP_INIT_TAKE1("GridSiteOnetimesDir", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "directory with GridHTTP passcodes"), - - AP_INIT_TAKE1("GridSiteCastDNlists", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "DN Lists directories search path for SiteCast"), - AP_INIT_TAKE1("GridSiteCastUniPort", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "UDP port for unicast/replies"), - AP_INIT_TAKE1("GridSiteCastGroup", mod_gridsite_take1_cmds, - NULL, RSRC_CONF, "multicast group[:port] to listen for HTCP on"), - AP_INIT_TAKE2("GridSiteCastAlias", mod_gridsite_take2_cmds, - NULL, RSRC_CONF, "URL and local path mapping"), - - AP_INIT_TAKE1("GridSiteACLFormat", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "format to save access control lists in"), - - AP_INIT_TAKE1("GridSiteDelegationURI", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "URI of the delegation service CGI"), - - AP_INIT_TAKE1("GridSiteExecMethod", mod_gridsite_take1_cmds, - NULL, OR_FILEINFO, "execution strategy used by gsexec"), - - AP_INIT_TAKE2("GridSiteUserGroup", mod_gridsite_take2_cmds, - NULL, OR_FILEINFO, - "user and group of gsexec processes in suexec mode"), - - AP_INIT_TAKE2("GridSiteDiskMode", mod_gridsite_take2_cmds, - NULL, OR_FILEINFO, - "group and world file modes for new files/directories"), - - {NULL} -}; - -static int mod_gridsite_first_fixups(request_rec *r) -{ - mod_gridsite_dir_cfg *conf; - - if (r->finfo.filetype != APR_DIR) return DECLINED; - - conf = (mod_gridsite_dir_cfg *) - ap_get_module_config(r->per_dir_config, &gridsite_module); - - /* we handle DN Lists as regular files, even if they also match - directory names */ - - if ((conf != NULL) && - (conf->dnlistsuri != NULL) && - (strncmp(r->uri, conf->dnlistsuri, strlen(conf->dnlistsuri)) == 0) && - (strcmp(r->uri, conf->dnlistsuri) != 0)) - { - r->finfo.filetype = APR_REG; - } - - return DECLINED; -} - - -int GRST_get_session_id(SSL *ssl, char *session_id, size_t len) -{ - int i; - SSL_SESSION *session; - - if (((session = SSL_get_session(ssl)) == NULL) || - (session->session_id_length == 0)) return GRST_RET_FAILED; - - if (2 * session->session_id_length + 1 > len) return GRST_RET_FAILED; - - for (i=0; i < (int) session->session_id_length; ++i) - sprintf(&(session_id[i*2]), "%02X", (unsigned char) session->session_id[i]); - - session_id[i*2] = '\0'; - - return GRST_RET_OK; -} - -int GRST_load_ssl_creds(SSL *ssl, conn_rec *conn) -{ - char session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2], *sessionfile = NULL, - line[512], *p; - apr_file_t *fp = NULL; - int i; - - if (GRST_get_session_id(ssl, session_id, sizeof(session_id)) != GRST_RET_OK) - return GRST_RET_FAILED; - - sessionfile = apr_psprintf(conn->pool, "%s/sslcreds-%s", - ap_server_root_relative(conn->pool, sessionsdir), - session_id); - - if (apr_file_open(&fp, sessionfile, APR_READ, 0, conn->pool) != APR_SUCCESS) - return GRST_RET_FAILED; - - while (apr_file_gets(line, sizeof(line), fp) == APR_SUCCESS) - { - if (sscanf(line, "GRST_CRED_%d=", &i) == 1) - { - p = index(line, '='); - - apr_table_setn(conn->notes, - apr_psprintf(conn->pool, "GRST_CRED_%d", i), - apr_pstrdup(conn->pool, &p[1])); - } - } - - apr_file_close(fp); - - /* connection notes created by GRST_save_ssl_creds() are now reloaded */ - apr_table_set(conn->notes, "GRST_save_ssl_creds", "yes"); - - return GRST_RET_OK; -} - -/* - Save result of GRSTx509CompactCreds() into connection notes, and - write out in an SSL session creds file. -*/ - -void GRST_save_ssl_creds(conn_rec *conn, - STACK_OF(X509) *certstack, X509 *peercert) -{ - int i, lastcred; - const int maxcreds = 99; - const size_t credlen = 1024; - char creds[maxcreds][credlen+1], envname[14], *tempfile = NULL, - *sessionfile, session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2]; - apr_file_t *fp = NULL; - SSL *ssl; - SSLConnRec *sslconn; - - /* check if already done */ - - if ((certstack != NULL) && (conn->notes != NULL) && - (apr_table_get(conn->notes, "GRST_save_ssl_creds") != NULL)) return; - - /* we at least need to say we've been run */ - - apr_table_set(conn->notes, "GRST_save_ssl_creds", "yes"); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server, - "set GRST_save_ssl_creds"); - - sslconn = (SSLConnRec *)ap_get_module_config(conn->conn_config,&ssl_module); - - if ((sslconn != NULL) && - ((ssl = sslconn->ssl) != NULL) && - (GRST_get_session_id(ssl,session_id,sizeof(session_id)) == GRST_RET_OK)) - { - sessionfile = apr_psprintf(conn->pool, "%s/sslcreds-%s", - ap_server_root_relative(conn->pool, sessionsdir), - session_id); - - tempfile = apr_pstrcat(conn->pool, - ap_server_root_relative(conn->pool, sessionsdir), - "/tmp-XXXXXX", NULL); - - if ((tempfile != NULL) && (tempfile[0] != '\0')) - apr_file_mktemp(&fp, tempfile, - APR_CREATE | APR_WRITE | APR_EXCL, conn->pool); - } - - if (GRSTx509CompactCreds(&lastcred, maxcreds, credlen, (char *) creds, - certstack, GRST_VOMS_DIR, peercert) == GRST_RET_OK) - { - for (i=0; i <= lastcred; ++i) - { - apr_table_setn(conn->notes, - apr_psprintf(conn->pool, "GRST_CRED_%d", i), - apr_pstrdup(conn->pool, creds[i])); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server, - "store GRST_CRED_%d=%s", i, creds[i]); - - if (fp != NULL) apr_file_printf(fp, "GRST_CRED_%d=%s\n", - i, creds[i]); - } - - /* free remaining dup'd certs? */ - } - - if (fp != NULL) - { - apr_file_close(fp); - apr_file_rename(tempfile, sessionfile, conn->pool); - } -} - -static int mod_gridsite_perm_handler(request_rec *r) -/* - Do authentication/authorization here rather than in the normal module - auth functions since the results of mod_ssl are available. - - We also publish environment variables here if requested by GridSiteEnv. -*/ -{ - int retcode = DECLINED, i, n, file_is_acl = 0, - destination_is_acl = 0, proxylevel, ishttps = 0; - char *dn, *p, envname[14], *grst_cred_0 = NULL, *dir_path, - *remotehost, s[99], *grst_cred_i, *cookies, *file, *https, - *gridauthpasscode = NULL, *cookiefile, oneline[1025], *key_i, - *destination = NULL, *destination_uri = NULL, *querytmp, - *destination_prefix = NULL, *destination_translated = NULL; - const char *content_type; - time_t now, notbefore, notafter; - apr_table_t *env; - apr_finfo_t cookiefile_info; - apr_file_t *fp; - request_rec *destreq; - GRSTgaclCred *cred = NULL, *cred_0 = NULL; - GRSTgaclUser *user = NULL; - GRSTgaclPerm perm = GRST_PERM_NONE, destination_perm = GRST_PERM_NONE; - GRSTgaclAcl *acl = NULL; - mod_gridsite_dir_cfg *cfg; - SSLConnRec *sslconn; - STACK_OF(X509) *certstack; - X509 *peercert; - - cfg = (mod_gridsite_dir_cfg *) - ap_get_module_config(r->per_dir_config, &gridsite_module); - - if (cfg == NULL) return DECLINED; - - if ((cfg->auth == 0) && - (cfg->envs == 0)) - return DECLINED; /* if not turned on, look invisible */ - - env = r->subprocess_env; - - p = (char *) apr_table_get(r->subprocess_env, "HTTPS"); - if ((p != NULL) && (strcmp(p, "on") == 0)) ishttps = 1; - - /* reload per-connection (SSL) cred variables? */ - - sslconn = (SSLConnRec *) ap_get_module_config(r->connection->conn_config, - &ssl_module); - if ((sslconn != NULL) && - (sslconn->ssl != NULL) && - (sslconn->ssl->session != NULL) && - (r->connection->notes != NULL) && - (apr_table_get(r->connection->notes, "GRST_save_ssl_creds") == NULL)) - { - if (GRST_load_ssl_creds(sslconn->ssl, r->connection) == GRST_RET_OK) - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Restored SSL session data from session cache file"); - } - - proxylevel = ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit + 1; - - if ((user == NULL) && - (r->connection->notes != NULL) && - ((grst_cred_0 = (char *) - apr_table_get(r->connection->notes, "GRST_CRED_0")) != NULL) && - (sscanf(grst_cred_0, "X509USER %*d %*d %d ", &proxylevel) == 1) && - (proxylevel <= ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit)) - { - apr_table_setn(env, "GRST_CRED_0", grst_cred_0); - - cred_0 = GRSTx509CompactToCred(grst_cred_0); - if (cred_0 != NULL) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Using identity %s from SSL/TLS", grst_cred_0); - - user = GRSTgaclUserNew(cred_0); - - /* check for VOMS GRST_CRED_i too */ - - for (i=1; ; ++i) - { - snprintf(envname, sizeof(envname), "GRST_CRED_%d", i); - if (grst_cred_i = (char *) - apr_table_get(r->connection->notes,envname)) - { - if (((mod_gridsite_dir_cfg *) cfg)->envs) - apr_table_setn(env, - apr_pstrdup(r->pool, envname), - grst_cred_i); - - if (cred = GRSTx509CompactToCred(grst_cred_i)) - GRSTgaclUserAddCred(user, cred); - } - else break; /* GRST_CRED_i are numbered consecutively */ - } - } - } - - if ((user != NULL) && ((mod_gridsite_dir_cfg *) cfg)->dnlists) - GRSTgaclUserSetDNlists(user, ((mod_gridsite_dir_cfg *) cfg)->dnlists); - - /* add DNS credential */ - - remotehost = (char *) ap_get_remote_host(r->connection, - r->per_dir_config, REMOTE_DOUBLE_REV, NULL); - if ((remotehost != NULL) && (*remotehost != '\0')) - { - cred = GRSTgaclCredNew("dns"); - GRSTgaclCredAddValue(cred, "hostname", remotehost); - - if (user == NULL) user = GRSTgaclUserNew(cred); - else GRSTgaclUserAddCred(user, cred); - } - - /* check for Destination: header and evaluate if present */ - - if ((destination = (char *) apr_table_get(r->headers_in, - "Destination")) != NULL) - { - destination_prefix = apr_psprintf(r->pool, "https://%s:%d/", - r->server->server_hostname, (int) r->server->port); - - if (strncmp(destination_prefix, destination, - strlen(destination_prefix)) == 0) - destination_uri = &destination[strlen(destination_prefix)-1]; - else if ((int) r->server->port == 443) - { - destination_prefix = apr_psprintf(r->pool, "https://%s/", - r->server->server_hostname); - - if (strncmp(destination_prefix, destination, - strlen(destination_prefix)) == 0) - destination_uri = &destination[strlen(destination_prefix)-1]; - } - - if (destination_uri != NULL) - { - destreq = ap_sub_req_method_uri("GET", destination_uri, r, NULL); - - if ((destreq != NULL) && (destreq->filename != NULL) - && (destreq->path_info != NULL)) - { - destination_translated = apr_pstrcat(r->pool, - destreq->filename, destreq->path_info, NULL); - - apr_table_setn(r->notes, "GRST_DESTINATION_TRANSLATED", - destination_translated); - - if (((mod_gridsite_dir_cfg *) cfg)->envs) - apr_table_setn(env, "GRST_DESTINATION_TRANSLATED", - destination_translated); - - p = rindex(destination_translated, '/'); - if ((p != NULL) && (strcmp(&p[1], GRST_ACL_FILE) == 0)) - destination_is_acl = 1; - } - } - } - - /* this checks for NULL arguments itself */ - if (GRSTgaclDNlistHasUser(((mod_gridsite_dir_cfg *) cfg)->adminlist, user)) - { - perm = GRST_PERM_ALL; - if (destination_translated != NULL) destination_perm = GRST_PERM_ALL; - } - else - { - acl = GRSTgaclAclLoadforFile(r->filename); - if (acl != NULL) perm = GRSTgaclAclTestUser(acl, user); - GRSTgaclAclFree(acl); - - if (destination_translated != NULL) - { - acl = GRSTgaclAclLoadforFile(destination_translated); - if (acl != NULL) destination_perm = GRSTgaclAclTestUser(acl, user); - GRSTgaclAclFree(acl); - - apr_table_setn(r->notes, "GRST_DESTINATION_PERM", - apr_psprintf(r->pool, "%d", destination_perm)); - - if (((mod_gridsite_dir_cfg *) cfg)->envs) - apr_table_setn(env, "GRST_DESTINATION_PERM", - apr_psprintf(r->pool, "%d", destination_perm)); - } - } - - /* first look for GRIDHTTP_PASSCODE cookie */ - - if ((p = (char *) apr_table_get(r->headers_in, "Cookie")) != NULL) - { - cookies = apr_pstrcat(r->pool, " ", p, NULL); - gridauthpasscode = strstr(cookies, " GRIDHTTP_PASSCODE="); - - if (gridauthpasscode != NULL) - { - gridauthpasscode = &gridauthpasscode[19]; - - for (p = gridauthpasscode; - (*p != '\0') && (*p != ';'); ++p) - if (!isalnum(*p)) *p = '\0'; - } - } - - /* then look for GRIDHTTP_PASSCODE in QUERY_STRING ie after ? */ - - if (gridauthpasscode == NULL) - { - if ((r->parsed_uri.query != NULL) && (r->parsed_uri.query[0] != '\0')) - { - querytmp = apr_pstrcat(r->pool,"&",r->parsed_uri.query,"&",NULL); - - gridauthpasscode = strstr(querytmp, "&GRIDHTTP_PASSCODE="); - - if (gridauthpasscode != NULL) - { - gridauthpasscode = &gridauthpasscode[19]; - - for (p = gridauthpasscode; - (*p != '\0') && (*p != '&'); ++p) - if (!isalnum(*p)) *p = '\0'; - } - } - } - - if ((gridauthpasscode != NULL) && (gridauthpasscode[0] != '\0')) - { - cookiefile = apr_psprintf(r->pool, "%s/passcode-%s", - ap_server_root_relative(r->pool, - sessionsdir), - gridauthpasscode); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Opening GridHTTP passcode file %s", cookiefile); - - if ((apr_stat(&cookiefile_info, cookiefile, - APR_FINFO_TYPE, r->pool) == APR_SUCCESS) && - (cookiefile_info.filetype == APR_REG) && - (apr_file_open(&fp, cookiefile, APR_READ, 0, r->pool) - == APR_SUCCESS)) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Reading GridHTTP passcode file %s", cookiefile); - - while (apr_file_gets(oneline, - sizeof(oneline), fp) == APR_SUCCESS) - { - p = index(oneline, '\n'); - if (p != NULL) *p = '\0'; - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "%s: %s", cookiefile, oneline); - - if ((strncmp(oneline, "expires=", 8) == 0) && - (apr_time_from_sec(atoll(&oneline[8])) < - apr_time_now())) - break; - else if ((strncmp(oneline, "domain=", 7) == 0) && - (strcmp(&oneline[7], r->hostname) != 0)) - break; /* exact needed in the version */ - else if ((strncmp(oneline, "path=", 5) == 0) && - (strcmp(&oneline[5], r->uri) != 0)) - break; - else if ((strncmp(oneline, "onetime=yes", 11) == 0) - && !ishttps) - apr_file_remove(cookiefile, r->pool); - else if (strncmp(oneline, "method=PUT", 10) == 0) - perm |= GRST_PERM_WRITE; - else if (strncmp(oneline, "method=GET", 10) == 0) - perm |= GRST_PERM_READ; - } - - apr_file_close(fp); - } - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "After GACL/Onetime evaluation, GRST_PERM=%d", perm); - - /* set permission and GACL environment variables */ - - apr_table_setn(r->notes, "GRST_PERM", apr_psprintf(r->pool, "%d", perm)); - - if (((mod_gridsite_dir_cfg *) cfg)->envs) - { - apr_table_setn(env, "GRST_PERM", apr_psprintf(r->pool, "%d", perm)); - - if (((dir_path = apr_pstrdup(r->pool, r->filename)) != NULL) && - ((p = rindex(dir_path, '/')) != NULL)) - { - *p = '\0'; - apr_table_setn(env, "GRST_DIR_PATH", dir_path); - } - - if (((mod_gridsite_dir_cfg *) cfg)->helpuri != NULL) - apr_table_setn(env, "GRST_HELP_URI", - ((mod_gridsite_dir_cfg *) cfg)->helpuri); - - if (((mod_gridsite_dir_cfg *) cfg)->adminfile != NULL) - apr_table_setn(env, "GRST_ADMIN_FILE", - ((mod_gridsite_dir_cfg *) cfg)->adminfile); - - if (((mod_gridsite_dir_cfg *) cfg)->editable != NULL) - apr_table_setn(env, "GRST_EDITABLE", - ((mod_gridsite_dir_cfg *) cfg)->editable); - - if (((mod_gridsite_dir_cfg *) cfg)->headfile != NULL) - apr_table_setn(env, "GRST_HEAD_FILE", - ((mod_gridsite_dir_cfg *) cfg)->headfile); - - if (((mod_gridsite_dir_cfg *) cfg)->footfile != NULL) - apr_table_setn(env, "GRST_FOOT_FILE", - ((mod_gridsite_dir_cfg *) cfg)->footfile); - - if (((mod_gridsite_dir_cfg *) cfg)->dnlists != NULL) - apr_table_setn(env, "GRST_DN_LISTS", - ((mod_gridsite_dir_cfg *) cfg)->dnlists); - - if (((mod_gridsite_dir_cfg *) cfg)->dnlistsuri != NULL) - apr_table_setn(env, "GRST_DN_LISTS_URI", - ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri); - - if (((mod_gridsite_dir_cfg *) cfg)->adminlist != NULL) - apr_table_setn(env, "GRST_ADMIN_LIST", - ((mod_gridsite_dir_cfg *) cfg)->adminlist); - - apr_table_setn(env, "GRST_GSIPROXY_LIMIT", - apr_psprintf(r->pool, "%d", - ((mod_gridsite_dir_cfg *)cfg)->gsiproxylimit)); - - if (((mod_gridsite_dir_cfg *) cfg)->unzip != NULL) - apr_table_setn(env, "GRST_UNZIP", - ((mod_gridsite_dir_cfg *) cfg)->unzip); - - if (!(((mod_gridsite_dir_cfg *) cfg)->gridsitelink)) - apr_table_setn(env, "GRST_NO_LINK", "1"); - - if (((mod_gridsite_dir_cfg *) cfg)->aclformat != NULL) - apr_table_setn(env, "GRST_ACL_FORMAT", - ((mod_gridsite_dir_cfg *) cfg)->aclformat); - - if (((mod_gridsite_dir_cfg *) cfg)->delegationuri != NULL) - apr_table_setn(env, "GRST_DELEGATION_URI", - ((mod_gridsite_dir_cfg *) cfg)->delegationuri); - - - if (((mod_gridsite_dir_cfg *) cfg)->execmethod != NULL) - { - apr_table_setn(env, "GRST_EXEC_METHOD", - ((mod_gridsite_dir_cfg *) cfg)->execmethod); - - if ((strcasecmp(((mod_gridsite_dir_cfg *) cfg)->execmethod, - "directory") == 0) && (r->filename != NULL)) - { - if ((r->content_type != NULL) && - (strcmp(r->content_type, DIR_MAGIC_TYPE) == 0)) - apr_table_setn(env, "GRST_EXEC_DIRECTORY", r->filename); - else - { - file = apr_pstrdup(r->pool, r->filename); - p = rindex(file, '/'); - if (p != NULL) - { - *p = '\0'; - apr_table_setn(env, "GRST_EXEC_DIRECTORY", file); - } - } - } - } - - apr_table_setn(env, "GRST_DISK_MODE", - apr_psprintf(r->pool, "0x%04x", - ((mod_gridsite_dir_cfg *)cfg)->diskmode)); - } - - if (((mod_gridsite_dir_cfg *) cfg)->auth) - { - /* *** Check HTTP method to decide which perm bits to check *** */ - - if ((r->filename != NULL) && - ((p = rindex(r->filename, '/')) != NULL) && - (strcmp(&p[1], GRST_ACL_FILE) == 0)) file_is_acl = 1; - - content_type = r->content_type; - if ((content_type != NULL) && - (strcmp(content_type, DIR_MAGIC_TYPE) == 0) && - (((mod_gridsite_dir_cfg *) cfg)->dnlistsuri != NULL) && - (strncmp(r->uri, - ((mod_gridsite_dir_cfg *) cfg)->dnlistsuri, - strlen(((mod_gridsite_dir_cfg *) cfg)->dnlistsuri)) == 0) && - (strlen(r->uri) > strlen(((mod_gridsite_dir_cfg *) cfg)->dnlistsuri))) - content_type = "text/html"; - - if ( GRSTgaclPermHasNone(perm) || - - /* first two M_GET conditions make the subtle distinction - between .../ that maps to .../index.html (governed by - Read perm) or to dir list (governed by List perm); - third M_GET condition deals with typeless CGI requests */ - - ((r->method_number == M_GET) && - !GRSTgaclPermHasRead(perm) && - (content_type != NULL) && - (strcmp(content_type, DIR_MAGIC_TYPE) != 0)) || - - ((r->method_number == M_GET) && - !GRSTgaclPermHasList(perm) && - (content_type != NULL) && - (strcmp(content_type, DIR_MAGIC_TYPE) == 0)) || - - ((r->method_number == M_GET) && - !GRSTgaclPermHasRead(perm) && - (content_type == NULL)) || - - ((r->method_number == M_POST) && !GRSTgaclPermHasRead(perm) ) || - - (((r->method_number == M_PUT) || - (r->method_number == M_DELETE)) && - !GRSTgaclPermHasWrite(perm) && !file_is_acl) || - - ((r->method_number == M_MOVE) && - ((!GRSTgaclPermHasWrite(perm) && !file_is_acl) || - (!GRSTgaclPermHasAdmin(perm) && file_is_acl) || - (!GRSTgaclPermHasWrite(destination_perm) - && !destination_is_acl) || - (!GRSTgaclPermHasAdmin(destination_perm) - && destination_is_acl)) ) || - - (((r->method_number == M_PUT) || - (r->method_number == M_DELETE)) && - !GRSTgaclPermHasAdmin(perm) && file_is_acl) - - ) retcode = HTTP_FORBIDDEN; - } - - return retcode; -} - -int GRST_X509_check_issued_wrapper(X509_STORE_CTX *ctx,X509 *x,X509 *issuer) -/* We change the default callback to use our wrapper and discard errors - due to GSI proxy chains (ie where users certs act as CAs) */ -{ - int ret; - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) - return 1; - - /* Non self-signed certs without signing are ok if they passed - the other checks inside X509_check_issued. Is this enough? */ - if ((ret == X509_V_ERR_KEYUSAGE_NO_CERTSIGN) && - (X509_NAME_cmp(X509_get_subject_name(issuer), - X509_get_subject_name(x)) != 0)) return 1; - - /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) return 0; - - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - return ctx->verify_cb(0, ctx); -} - -/* Later OpenSSL versions add a second pointer ... */ -int GRST_verify_cert_wrapper(X509_STORE_CTX *ctx, void *p) - -/* Earlier ones have a single argument ... */ -// int GRST_verify_cert_wrapper(X509_STORE_CTX *ctx) - -/* Before 0.9.7 we cannot change the check_issued callback directly in - the X509_STORE, so we must insert it in another callback that gets - called early enough */ -{ - ctx->check_issued = GRST_X509_check_issued_wrapper; - - return X509_verify_cert(ctx); -} - -int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx) -{ - SSL *ssl = (SSL *) X509_STORE_CTX_get_app_data(ctx); - conn_rec *conn = (conn_rec *) SSL_get_app_data(ssl); - server_rec *s = conn->base_server; - SSLConnRec *sslconn = - (SSLConnRec *) ap_get_module_config(conn->conn_config, &ssl_module); - int errnum = X509_STORE_CTX_get_error(ctx); - int errdepth = X509_STORE_CTX_get_error_depth(ctx); - int returned_ok; - int first_non_ca; - STACK_OF(X509) *certstack; - - /* - * GSI Proxy user-cert-as-CA handling: - * we skip Invalid CA errors at this stage, since we will check this - * again at errdepth=0 for the full chain using GRSTx509CheckChain - */ - if (errnum == X509_V_ERR_INVALID_CA) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "Skip Invalid CA error in case a GSI Proxy"); - - sslconn->verify_error = NULL; - ok = TRUE; - errnum = X509_V_OK; - X509_STORE_CTX_set_error(ctx, errnum); - } - - /* - * New style GSI Proxy handling, with critical ProxyCertInfo - * extension: we use GRSTx509KnownCriticalExts() to check this - */ -#ifndef X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#endif - if (errnum == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) - { - if (GRSTx509KnownCriticalExts(X509_STORE_CTX_get_current_cert(ctx)) - == GRST_RET_OK) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "GRSTx509KnownCriticalExts() accepts previously " - "Unhandled Critical Extension (GSI Proxy?)"); - - sslconn->verify_error = NULL; - ok = TRUE; - errnum = X509_V_OK; - X509_STORE_CTX_set_error(ctx, errnum); - } - } - - returned_ok = ssl_callback_SSLVerify(ok, ctx); - - /* in case ssl_callback_SSLVerify changed it */ - errnum = X509_STORE_CTX_get_error(ctx); - - if ((errdepth == 0) && (errnum == X509_V_OK)) - /* - * We've now got the last certificate - the identity being used for - * this connection. At this point we check the whole chain for valid - * CAs or, failing that, GSI-proxy validity using GRSTx509CheckChain. - */ - { - errnum = GRSTx509CheckChain(&first_non_ca, ctx); - - if (errnum != X509_V_OK) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Invalid certificate chain reported by " - "GRSTx509CheckChain()"); - - sslconn->verify_error = X509_verify_cert_error_string(errnum); - ok = FALSE; - } - else - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Valid certificate" - " chain reported by GRSTx509CheckChain()"); - - /* Put result of GRSTx509CompactCreds() into connection notes */ - if ((certstack = - (STACK_OF(X509) *) X509_STORE_CTX_get_chain(ctx)) != NULL) - GRST_save_ssl_creds(conn, certstack, NULL); - } - } - - return returned_ok; -} - -void sitecast_handle_NOP_request(server_rec *main_server, - GRSThtcpMessage *htcp_mesg, int igroup, - struct sockaddr_in *client_addr_ptr) -{ - int outbuf_len; - char *outbuf; - - if (GRSThtcpNOPresponseMake(&outbuf, &outbuf_len, - htcp_mesg->trans_id) == GRST_RET_OK) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast sends NOP response from port %d to %s:%d", - sitecastgroups[0].port, inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - - sendto(sitecastgroups[0].socket, outbuf, outbuf_len, 0, - client_addr_ptr, sizeof(struct sockaddr_in)); - - free(outbuf); - } -} - -void sitecast_handle_TST_GET(server_rec *main_server, - GRSThtcpMessage *htcp_mesg, int igroup, - struct sockaddr_in *client_addr_ptr) -{ - int i, outbuf_len, ialias, port; - char *filename, *outbuf, *location, *local_uri = NULL; - struct stat statbuf; - SSLSrvConfigRec *ssl_srv; - - /* check sanity of requested uri */ - - if (strncmp(htcp_mesg->uri->text, "http://", 7) == 0) - { - for (i=7; i < GRSThtcpCountstrLen(htcp_mesg->uri); ++i) - if (htcp_mesg->uri->text[i] == '/') - { - local_uri = &(htcp_mesg->uri->text[i]); - break; - } - } - else if (strncmp(htcp_mesg->uri->text, "https://", 8) == 0) - { - for (i=8; i < GRSThtcpCountstrLen(htcp_mesg->uri); ++i) - if (htcp_mesg->uri->text[i] == '/') - { - local_uri = &(htcp_mesg->uri->text[i]); - break; - } - } - - if (local_uri == NULL) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast responder only handles http(s):// (%*s requested by %s:%d)", - GRSThtcpCountstrLen(htcp_mesg->uri), - htcp_mesg->uri->text, - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - return; - } - - /* find if any GridSiteCastAlias lines match */ - - for (ialias=0; ialias < GRST_SITECAST_ALIASES ; ++ialias) - { - if (sitecastaliases[ialias].sitecast_url == NULL) return; /* no match */ - - if ((strlen(sitecastaliases[ialias].sitecast_url) - <= GRSThtcpCountstrLen(htcp_mesg->uri)) && - (strncmp(sitecastaliases[ialias].sitecast_url, - htcp_mesg->uri->text, - strlen(sitecastaliases[ialias].sitecast_url))==0)) break; - } - - if (ialias == GRST_SITECAST_ALIASES) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast responder does not handle %*s requested by %s:%d", - GRSThtcpCountstrLen(htcp_mesg->uri), - htcp_mesg->uri->text, - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - - return; /* no match */ - } - - /* convert URL to filename, using alias mapping */ - - asprintf(&filename, "%s%*s", - sitecastaliases[ialias].local_path, - GRSThtcpCountstrLen(htcp_mesg->uri) - - strlen(sitecastaliases[ialias].sitecast_url), - &(htcp_mesg->uri->text[strlen(sitecastaliases[ialias].sitecast_url)]) ); - - if (stat(filename, &statbuf) == 0) /* found file */ - { - ssl_srv = (SSLSrvConfigRec *) - ap_get_module_config(sitecastaliases[ialias].server->module_config, - &ssl_module); - - port = sitecastaliases[ialias].server->addrs->host_port; - if (port == 0) port = ((ssl_srv != NULL) && (ssl_srv->enabled)) - ? GRST_HTTPS_PORT : GRST_HTTP_PORT; - - asprintf(&location, "Location: http%s://%s:%d%s\r\n", - ((ssl_srv != NULL) && (ssl_srv->enabled)) ? "s" : "", - sitecastaliases[ialias].server->server_hostname, port, - local_uri); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast finds %*s at %s, redirects with %s", - GRSThtcpCountstrLen(htcp_mesg->uri), - htcp_mesg->uri->text, filename, location); - - if (GRSThtcpTSTresponseMake(&outbuf, &outbuf_len, - htcp_mesg->trans_id, - location, "", "") == GRST_RET_OK) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast sends TST response from port %d to %s:%d", - sitecastgroups[0].port, inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - - sendto(sitecastgroups[0].socket, outbuf, outbuf_len, 0, - client_addr_ptr, sizeof(struct sockaddr_in)); - - free(outbuf); - } - - free(location); - } - - free(filename); -} - -void sitecast_handle_request(server_rec *main_server, - char *reqbuf, int reqbuf_len, int igroup, - struct sockaddr_in *client_addr_ptr) -{ - GRSThtcpMessage htcp_mesg; - - if (GRSThtcpMessageParse(&htcp_mesg,reqbuf,reqbuf_len) != GRST_RET_OK) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast responder rejects format of UDP message from %s:%d", - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - return; - } - - if (htcp_mesg.rr != 0) /* ignore HTCP responses: we just do requests */ - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast responder ignores HTCP response from %s:%d", - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - return; - } - - if (htcp_mesg.opcode == GRSThtcpNOPop) - { - sitecast_handle_NOP_request(main_server, &htcp_mesg, - igroup, client_addr_ptr); - return; - } - - if (htcp_mesg.opcode == GRSThtcpTSTop) - { - if (((GRSThtcpCountstrLen(htcp_mesg.method) == 3) && - (strncmp(htcp_mesg.method->text, "GET", 3) == 0)) || - ((GRSThtcpCountstrLen(htcp_mesg.method) == 4) && - (strncmp(htcp_mesg.method->text, "HEAD", 4) == 0))) - { - sitecast_handle_TST_GET(main_server, &htcp_mesg, - igroup, client_addr_ptr); - return; - } - - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast responder rejects method %*s in TST message from %s:%d", - GRSThtcpCountstrLen(htcp_mesg.method), htcp_mesg.method->text, - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); - return; - } - - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast does not implement HTCP op-code %d in message from %s:%d", - htcp_mesg.opcode, - inet_ntoa(client_addr_ptr->sin_addr), - ntohs(client_addr_ptr->sin_port)); -} - -void sitecast_responder(server_rec *main_server) -{ -#define GRST_SITECAST_MAXBUF 8192 - char reqbuf[GRST_SITECAST_MAXBUF], *p; - int n, reqbuf_len, i, j, igroup, - quad1, quad2, quad3, quad4, port, retval, client_addr_len; - struct sockaddr_in srv, client_addr; - struct ip_mreq mreq; - fd_set readsckts; - struct hostent *server_hostent; - - strcpy((char *) main_server->process->argv[0], "GridSiteCast UDP responder"); - - /* initialise unicast/replies socket first */ - - bzero(&srv, sizeof(srv)); - srv.sin_family = AF_INET; - srv.sin_port = htons(sitecastgroups[0].port); - - if ((server_hostent = gethostbyname(main_server->server_hostname)) == NULL) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast UDP Responder fails to look up servername %s", - main_server->server_hostname); - return; - } - - srv.sin_addr.s_addr = (u_int32_t) (server_hostent->h_addr_list[0][0]); - - if (((sitecastgroups[0].socket - = socket(AF_INET, SOCK_DGRAM, 0)) < 0) || - (bind(sitecastgroups[0].socket, - (struct sockaddr *) &srv, sizeof(srv)) < 0)) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "mod_gridsite: sitecast responder fails on unicast bind (%s)", - strerror(errno)); - return; - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast UDP unicast/replies on %d.%d.%d.%d:%d", - server_hostent->h_addr_list[0][0], - server_hostent->h_addr_list[0][1], - server_hostent->h_addr_list[0][2], - server_hostent->h_addr_list[0][3], - sitecastgroups[0].port); - - /* initialise multicast listener sockets next */ - - for (i=1; (i <= GRST_SITECAST_GROUPS) && - (sitecastgroups[i].port != 0); ++i) - { - bzero(&srv, sizeof(srv)); - srv.sin_family = AF_INET; - srv.sin_port = htons(sitecastgroups[i].port); - srv.sin_addr.s_addr = htonl(sitecastgroups[i].quad1*0x1000000 - + sitecastgroups[i].quad2*0x10000 - + sitecastgroups[i].quad3*0x100 - + sitecastgroups[i].quad4); - - if (((sitecastgroups[i].socket - = socket(AF_INET, SOCK_DGRAM, 0)) < 0) || - (bind(sitecastgroups[i].socket, - (struct sockaddr *) &srv, sizeof(srv)) < 0)) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast UDP Responder fails on multicast bind (%s)", - strerror(errno)); - return; - } - - bzero(&mreq, sizeof(mreq)); - mreq.imr_multiaddr.s_addr = srv.sin_addr.s_addr; - mreq.imr_interface.s_addr = htonl(INADDR_ANY); - - if (setsockopt(sitecastgroups[i].socket, IPPROTO_IP, - IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, - "SiteCast UDP Responder fails on setting multicast"); - return; - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast UDP Responder listening on %d.%d.%d.%d:%d", - sitecastgroups[i].quad1, sitecastgroups[i].quad2, - sitecastgroups[i].quad3, sitecastgroups[i].quad4, sitecastgroups[i].port); - } - - while (1) /* **** main listening loop **** */ - { - /* set up bitmasks for select */ - - FD_ZERO(&readsckts); - - n = 0; - for (i=0; (i <= GRST_SITECAST_GROUPS) && - (sitecastgroups[i].port != 0); ++i) /* reset bitmask */ - { - FD_SET(sitecastgroups[i].socket, &readsckts); - if (sitecastgroups[i].socket > n) n = sitecastgroups[i].socket; - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast UDP Responder waiting for requests"); - - if ((retval = select(n + 1, &readsckts, NULL, NULL, NULL)) < 1) - continue; /* < 1 on timeout or error */ - - for (igroup=0; (igroup <= GRST_SITECAST_GROUPS) && - (sitecastgroups[igroup].port != 0); ++igroup) - { - if (FD_ISSET(sitecastgroups[igroup].socket, &readsckts)) - { - client_addr_len = sizeof(client_addr); - - if ((reqbuf_len = recvfrom(sitecastgroups[igroup].socket, - reqbuf, GRST_SITECAST_MAXBUF, 0, - (struct sockaddr *) &client_addr, &client_addr_len)) >= 0) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "SiteCast receives UDP message from %s:%d " - "to %d.%d.%d.%d:%d", - inet_ntoa(client_addr.sin_addr), - ntohs(client_addr.sin_port), - sitecastgroups[igroup].quad1, - sitecastgroups[igroup].quad2, - sitecastgroups[igroup].quad3, - sitecastgroups[igroup].quad4, - sitecastgroups[igroup].port); - - sitecast_handle_request(main_server, reqbuf, - reqbuf_len, igroup, - &client_addr); - } - } - } - - } /* **** end of main listening loop **** */ -} - -static int mod_gridsite_server_post_config(apr_pool_t *pPool, - apr_pool_t *pLog, apr_pool_t *pTemp, server_rec *main_server) -{ - SSL_CTX *ctx; - SSLSrvConfigRec *sc; - server_rec *this_server; - apr_proc_t *procnew = NULL; - apr_status_t status; - char *path; - const char *userdata_key = "sitecast_init"; - - apr_pool_userdata_get((void **) &procnew, userdata_key, - main_server->process->pool); - - /* we only fork responder if one not already forked and we have at - least one GridSiteCastAlias defined. This means it is possible - to run a responder with no groups - listening on unicast only! */ - - if ((procnew == NULL) && - (sitecastaliases[0].sitecast_url != NULL)) - { - /* UDP multicast responder required but not yet started */ - - procnew = apr_pcalloc(main_server->process->pool, sizeof(*procnew)); - apr_pool_userdata_set((const void *) procnew, userdata_key, - apr_pool_cleanup_null, main_server->process->pool); - - status = apr_proc_fork(procnew, pPool); - - if (status < 0) - { - ap_log_error(APLOG_MARK, APLOG_CRIT, status, main_server, - "mod_gridsite: Failed to spawn SiteCast responder process"); - return HTTP_INTERNAL_SERVER_ERROR; - } - else if (status == APR_INCHILD) - { - ap_log_error(APLOG_MARK, APLOG_NOTICE, status, main_server, - "mod_gridsite: Spawning SiteCast responder process"); - sitecast_responder(main_server); - exit(-1); - } - - apr_pool_note_subprocess(main_server->process->pool, - procnew, APR_KILL_AFTER_TIMEOUT); - } - - /* continue with normal HTTP/HTTPS servers */ - - ap_add_version_component(pPool, - apr_psprintf(pPool, "mod_gridsite/%s", VERSION)); - - for (this_server = main_server; - this_server != NULL; - this_server = this_server->next) - { - /* we do some GridSite OpenSSL magic for HTTPS servers */ - - sc = ap_get_module_config(this_server->module_config, &ssl_module); - - if ((sc != NULL) && - (sc->enabled) && - (sc->server != NULL) && - (sc->server->ssl_ctx != NULL)) - { - ctx = sc->server->ssl_ctx; - - /* in 0.9.7 we could set the issuer-checking callback directly */ -// ctx->cert_store->check_issued = GRST_X509_check_issued_wrapper; - - /* but in case 0.9.6 we do it indirectly with another wrapper */ - SSL_CTX_set_cert_verify_callback(ctx, - GRST_verify_cert_wrapper, - (void *) NULL); - - /* whatever version, we can set the SSLVerify wrapper properly */ - SSL_CTX_set_verify(ctx, ctx->verify_mode, - GRST_callback_SSLVerify_wrapper); - - if (main_server->loglevel >= APLOG_DEBUG) - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, - "Set mod_ssl verify callbacks to GridSite wrappers"); - } - } - - /* create sessions directory if necessary */ - - path = ap_server_root_relative(pPool, sessionsdir); - apr_dir_make_recursive(path, APR_UREAD | APR_UWRITE | APR_UEXECUTE, pPool); - chown(path, unixd_config.user_id, unixd_config.group_id); - - return OK; -} - -static void mod_gridsite_child_init(apr_pool_t *pPool, server_rec *pServer) -{ - apr_time_t cutoff_time; - apr_dir_t *dir; - char *filename; - apr_finfo_t finfo; - SSLSrvConfigRec *sc = ap_get_module_config(pServer->module_config, - &ssl_module); - GRSTgaclInit(); - - /* expire old ssl creds files */ - - if (sc != NULL) // && sc->enabled) - { - cutoff_time = apr_time_now() - - apr_time_from_sec(sc->session_cache_timeout); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServer, - "Cutoff time for ssl creds cache: %ld", - (long) apr_time_sec(cutoff_time)); - - if (apr_dir_open(&dir, - ap_server_root_relative(pPool, sessionsdir), pPool) == APR_SUCCESS) - { - while (apr_dir_read(&finfo, - APR_FINFO_CTIME | APR_FINFO_NAME, dir) == APR_SUCCESS) - { - if ((finfo.ctime < cutoff_time) && - (strncmp(finfo.name, "sslcreds-", 9) == 0)) - { - filename = apr_pstrcat(pPool, - ap_server_root_relative(pPool, sessionsdir), - "/", finfo.name, NULL); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServer, - "Remove %s from ssl creds cache", filename); - - apr_file_remove(filename, pPool); - } - } - - apr_dir_close(dir); - } - } -} - -static int mod_gridsite_handler(request_rec *r) -{ - mod_gridsite_dir_cfg *conf; - - conf = (mod_gridsite_dir_cfg *) - ap_get_module_config(r->per_dir_config, &gridsite_module); - - if ((conf->dnlistsuri != NULL) && - (strncmp(r->uri, conf->dnlistsuri, strlen(conf->dnlistsuri)) == 0)) - { - if (strcmp(r->uri, conf->dnlistsuri) == 0) - return mod_gridsite_dnlistsuri_dir_handler(r, conf); - - return mod_gridsite_dnlistsuri_handler(r, conf); - } - - if (strcmp(r->handler, DIR_MAGIC_TYPE) == 0) - return mod_gridsite_dir_handler(r, conf); - - return mod_gridsite_nondir_handler(r, conf); -} - -static ap_unix_identity_t *mod_gridsite_get_suexec_id_doer(const request_rec *r) -{ - mod_gridsite_dir_cfg *conf; - - conf = (mod_gridsite_dir_cfg *) - ap_get_module_config(r->per_dir_config, &gridsite_module); - - if ((conf->execugid.uid != UNSET) && - (conf->execmethod != NULL)) - { - - /* also push GRST_EXEC_DIRECTORY into request environment here too */ - - return &(conf->execugid); - } - - return NULL; -} - -static void register_hooks(apr_pool_t *p) -{ - /* config and handler stuff */ - - ap_hook_post_config(mod_gridsite_server_post_config, NULL, NULL, - APR_HOOK_LAST); - ap_hook_child_init(mod_gridsite_child_init, NULL, NULL, APR_HOOK_MIDDLE); - - ap_hook_fixups(mod_gridsite_first_fixups,NULL,NULL,APR_HOOK_FIRST); - - ap_hook_fixups(mod_gridsite_perm_handler,NULL,NULL,APR_HOOK_REALLY_LAST); - - ap_hook_handler(mod_gridsite_handler, NULL, NULL, APR_HOOK_FIRST); - - ap_hook_get_suexec_identity(mod_gridsite_get_suexec_id_doer, - NULL, NULL, APR_HOOK_MIDDLE); -} - -module AP_MODULE_DECLARE_DATA gridsite_module = -{ - STANDARD20_MODULE_STUFF, - create_gridsite_dir_config, /* dir config creater */ - merge_gridsite_dir_config, /* dir merger */ - create_gridsite_srv_config, /* create server config */ - NULL, /* merge server config */ - mod_gridsite_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/org.gridsite.core/src/mod_ssl-private.h b/org.gridsite.core/src/mod_ssl-private.h deleted file mode 100644 index 7b0b784..0000000 --- a/org.gridsite.core/src/mod_ssl-private.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - Copyright (c) 2003-4, Andrew McNab, University of Manchester - All rights reserved. - - Redistribution and use in source and binary forms, with or - without modification, are permitted provided that the following - conditions are met: - - o Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - o Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - - Portions of this code are derived from Apache mod_ssl, and are covered - by the Apache Software License: - - * Copyright 2001-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/*------------------------------------------------------------------* - * This program is part of GridSite: http://www.gridsite.org/ * - *------------------------------------------------------------------*/ - - -/* - * After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined - * in ssl_private.h, which is not installed along with httpd-devel (eg in - * the FC2 RPM.) This include file provides SIMPLIFIED structures for use - * by mod_gridsite: for example, pointers to unused structures are replaced - * by void * and some of the structures are truncated when only the early - * members are used. - * - * CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!! - */ - -#include - -typedef enum { - SSL_SHUTDOWN_TYPE_UNSET, - SSL_SHUTDOWN_TYPE_STANDARD, - SSL_SHUTDOWN_TYPE_UNCLEAN, - SSL_SHUTDOWN_TYPE_ACCURATE -} ssl_shutdown_type_e; - -typedef struct { - SSL *ssl; - const char *client_dn; - X509 *client_cert; - ssl_shutdown_type_e shutdown_type; - const char *verify_info; - const char *verify_error; - int verify_depth; - int is_proxy; - int disabled; - int non_ssl_request; -} SSLConnRec; - -typedef struct { - void *sc; /* pointer back to server config */ - SSL_CTX *ssl_ctx; -} modssl_ctx_t; - -typedef struct { - void *mc; - unsigned int enabled; - unsigned int proxy_enabled; - const char *vhost_id; - int vhost_id_len; - int session_cache_timeout; - modssl_ctx_t *server; - modssl_ctx_t *proxy; -} SSLSrvConfigRec; - -extern module AP_MODULE_DECLARE_DATA ssl_module; diff --git a/org.gridsite.core/src/roffit b/org.gridsite.core/src/roffit deleted file mode 100755 index d1c7263..0000000 --- a/org.gridsite.core/src/roffit +++ /dev/null @@ -1,370 +0,0 @@ -#!/usr/bin/env perl -# -# roffit: convert man page source files to HTML -# -# Read an nroff file. Output a HTML file. -# -# This is a very simple script, but I use it on very simple man pages and I've -# found no other script that makes beautiful web pages. -# -my $version = "0.3"; # (14 November 2003) -# Author: Daniel Stenberg -# Please email me improvements. -# -# You're free to do whatever you want with this script. -# -# Changes: -# -# 0.3 - Daniel Fandrich brought: -# o deal with .lp lines -# o .TH needs no section portion anymore -# o added generator meta tag in the header -# -# 0.2 - fixed the name for the SH section -# - added links from all words within \fIthis\fP or \fBthis\fP -# that has the same text as a .SH or .IP. -# - -use strict; -#use warnings; - -my $InFH = \*STDIN; -my $OutFH = \*STDOUT; -my $debugFH = \*STDERR; - -my %manpage; -my @out; - -my $indentlevel=0; # logical levels, not columns -my @p; -my $within_tp; -my $standalone=1; # by default we make stand-alone HTML pages -my $pre; -my %anchor; # hash with all anchors - -while($ARGV[0]) { - if($ARGV[0] eq "--bare") { - # don't include headers and stuff - $standalone=0; - shift @ARGV; - } - else { - printf $debugFH "unknown option: %s\n", $ARGV[0] if($ARGV[0] ne "-h"); - print $debugFH "Usage: roffit [options] < infile > outfile\n", - "Options:\n", - " --bare Do not put in HTML, HEAD, BODY tags\n"; - exit; - } -} - -sub showp { - my @p = @_; - push @out, "\n

", @p; -} - -sub defaultcss { - print $OutFH < -P.level0 { - padding-left: 2em; -} - -P.level1 { - padding-left: 4em; -} - -P.level2 { - padding-left: 6em; -} - -span.emphasis { - font-style: italic; -} - -span.bold { - font-weight: bold; -} - -span.manpage { - font-weight: bold; -} - -h2.nroffsh { - background-color: #e0e0e0; -} - -span.nroffip { - font-weight: bold; - font-size: 120%; - font-family: monospace; -} - -p.roffit { - text-align: center; - font-size: 80%; -} - -ENDOFCSS - ; -} - -sub text2name { - my ($text) = @_; - $text =~ s/^ *([^ ]*).*/$1/g; - $text =~ s/[^a-zA-Z0-9-]//g; - return $text; -} - -# scan through the file and check for sections we should convert -# to proper links -sub linkfile { - my @new; - for(@out) { - my $line=$_; - my $l; - while($line =~ s/([^<]*)<\/span>/[]/) { - my ($style, $name)=($1, $2); - - $l = text2name($name); - - #printf $debugFH "$style - $name - %s - %d\n", - #$l, $anchor{$l}; - - my $link; - if($anchor{$l}) { - $link="$name"; - } - else { - $link="$name"; - } - $line =~ s/\[\]/$link/; - } - push @new, $line; - } - return @new; -} - -sub parsefile { - - while(<$InFH>) { - my $in = $_; - my $out; - # print $debugFH "DEBUG IN: $_"; - - $in =~ s/[\r\n]//g if(!$pre); # tear off newlines - - if($in =~ /^\.([^ \n]*)(.*)/) { - # this is a line starting with a dot, that means it is special - my ($keyword, $rest) = ($1, $2); - $out = ""; - - # cut off initial spaces - $rest =~ s/^ +//g; - - if($keyword eq "\\\"") { - # this is a comment, skip this line - } - elsif($keyword =~ /^TH$/i) { - # man page header: - # curl 1 "22 Oct 2003" "Curl 7.10.8" "Curl Manual" - # NAME SECTION DATE VERSION MANUAL - if($rest =~ /([^ ]*) (\d+) \"([^\"]*)\" \"([^\"]*)\"(\"([^\"]*)\")?/) { - # strict matching only so far - $manpage{'name'} = $1; - $manpage{'section'} = $2; - $manpage{'date'} = $3; - $manpage{'version'} = $4; - $manpage{'manual'} = $6; - } - } - elsif($keyword =~ /^SH$/i) { - # Section Header - showp(@p); - @p=""; - if($pre) { - push @out, "\n"; - $pre = 0; - } - - my $name = text2name($rest); - $anchor{$name}=1; - - $rest =~ s/\"//g; # cut off quotes - $rest =~ s//>/g; - $out = "

$rest

"; - $indentlevel=0; - $within_tp=0; - } - elsif(($keyword =~ /^B$/i) || ($keyword =~ /^BI$/i)) { - # Make B and BI the same for simplicity - $rest =~ s/\"//g; # cut off quotes - $rest =~ s//>/g; - push @p, "$rest "; - } - elsif($keyword =~ /^I$/i) { - $rest =~ s/\"//g; # cut off quotes - $rest =~ s//>/g; - push @p, "$rest "; - } - elsif($keyword =~ /^RS$/i) { - # the start of another indent-level. for inlined tables - # within an "IP" - showp(@p); - @p=""; - $indentlevel++; - } - elsif($keyword =~ /^RE$/i) { - # end of the RS section - showp(@p); - @p=""; - $indentlevel--; - } - elsif($keyword =~ /^NF$/i) { - # We let nf start a 
 section
-                showp(@p);
-                @p="";
-                push @out, "
\n";
-                $pre=1
-            }
-            elsif($keyword =~ /^TP$/i) {
-                # Used within an "RS" section to make a new line. The first
-                # TP as a column indicator, but we decide to do that
-                # controlling in the CSS instead.
-                $within_tp=1;
-                showp(@p);
-                @p="";                
-            }
-            elsif($keyword =~ /^IP$/i) {
-                # start of a new paragraph coming up
-                showp(@p);
-                @p="";
-
-                my $name= text2name($rest);
-                $anchor{$name}=1;
-
-                $rest =~ s/\"//g; # cut off quotes
-                $rest =~ s//>/g;
-                
-                $indentlevel-- if ($indentlevel);
-                push @p, "$rest ";
-                # make this a single-line title
-                showp(@p);
-                @p="";
-                $indentlevel++;
-                $within_tp=0;
-            }
-            elsif($keyword =~ /^ad$/i) {
-                showp(@p);
-                @p="";
-            }
-            elsif($keyword =~ /^sp$/i) {
-                showp(@p);
-                @p="";
-            }
-            elsif($keyword =~ /^lp$/i) {
-                # marks end of a paragraph
-                showp(@p);
-                @p="";
-            }
-            elsif($keyword =~ /^pp$/i) {
-                # PP ends a TP section, but some TP sections don't use it
-                $within_tp=0;
-            }
-            elsif($keyword =~ /^so$/i) {
-                # This keyword refers to a different man page, named in the
-                # $rest.
-                # We don't support this
-                push @out, "See the $rest man page.\n";
-            }
-            elsif($keyword =~ /^BR$/i) {
-                # I'm not sure what this does exactly, but this is commonly
-                # used to include pointers to other man pages. Let's assume
-                # it only does that for now.
-                # blabla (3)
-                # or "blabla (3)"
-                # or strcmp "(3), " strcasecmp "(3)"
-                # etc
-                
-                $rest =~ s/\"//g; # cut off quotes
-                my @all = split /,/, $rest;
-                for(@all) {
-                    if(/([^ ]*) *\((\d+)\)/) {
-                        # TODO: this looks like a man page, check if there's a
-                        # HTML file for it and if so make a link to it
-                    }
-
-                    push @p, "$_ ";
-                }
-            }
-            else {
-                showp(@p);
-                print $debugFH "ALERT: unknown keyword \"$keyword\"\n";
-            }
-        }
-        else {
-            # text line, decode \-stuff
-            my $txt = $in;
-
-            $txt =~ s//>/g;
-            $txt =~ s/\\&//g; # cut off \&
-            $txt =~ s/\\fI//g;
-            $txt =~ s/\\fB//g;
-            $txt =~ s/\\fP/<\/span>/g;
-            $txt =~ s/\\//g;
-
-            if($txt =~ /^[ \t\r\n]*$/) {
-                # no contents, marks end of a paragraph
-                showp(@p);
-                @p="";
-            }
-            else {
-                $txt =~ s/^ /\ \;/g;
-                push @p, "$txt ";
-            }
-            $out ="";
-        }
-
-        if($out) {
-            push @out, $out;
-   #         print $debugFH "DEBUG OUT: $out\n";
-        }
-        else {
-   #         print $debugFH "DEBUG OUT: [withheld]\n";
-        }
-    }
-    showp(@p);
-}
-
-parsefile();
-
-my @conv = linkfile();
-
-my $title=sprintf("%s man page",
-                  $manpage{'name'}?$manpage{'name'}:"secret");
-
-if($standalone) {
-    print $OutFH <
-$title
-
-MOO
-    ;
-    defaultcss();
-    print "\n";
-}
-
-print $OutFH @conv;
-print $OutFH <
- This HTML page was made with roffit.
-ROFFIT
-    ;
-
-if($standalone) {
-    print "\n";
-}
diff --git a/org.gridsite.core/src/showx509exts.c b/org.gridsite.core/src/showx509exts.c
deleted file mode 100644
index 86f0290..0000000
--- a/org.gridsite.core/src/showx509exts.c
+++ /dev/null
@@ -1,133 +0,0 @@
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "gridsite.h"
-
-#define MAXTAG 500
-                                 
-main()
-{
-   X509   *cert, *tmpcert;
-   STACK_OF(X509) *certstack = sk_X509_new_null();
-   FILE   *fp;
-   struct vomsdata *vd;
-   int    i, j, vomserror, i1, i2, j1, j2, lastobject;
-   X509_EXTENSION *ex;
-   ASN1_OBJECT *asnobject;
-   char s[80], *t;
-   ASN1_OCTET_STRING *asndata;
-   BIO *out;
-   unsigned char *p, *op, *tot, *p1, *p2, *q, *oq;
-   long len1, length1, len2, length2;
-   int tag,xclass,ret=0;
-   struct GRSTasn1TagList taglist[MAXTAG+1];
-   int lasttag=-1, itag;
-   
- 
-   OpenSSL_add_all_algorithms();
-   ERR_load_crypto_strings();
-//   seed_prng();
-   
-//   fp = fopen("proxy-with-voms", "r");
-   fp = fopen("/tmp/x509up_u300", "r");
-   
-   cert = PEM_read_X509(fp, NULL, NULL, NULL);
-      
-   fclose(fp);
-
-   out=BIO_new(BIO_s_file());                                                                                        
-   BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-        
-   for (i = 0; i < X509_get_ext_count(cert); ++i)
-      {
-        lasttag=-1;
-      
-        ex = X509_get_ext(cert, i);
-
-        OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ex), 1);        
-        printf("%d OID=%s\n", i, s);
-        
-        asnobject = X509_EXTENSION_get_object(ex);
-        asndata = X509_EXTENSION_get_data(ex);
-
-        p1 = ASN1_STRING_data(asndata);
-        p = p1;
-        length1 = ASN1_STRING_length(asndata);
-              
-        GRSTasn1ParseDump(out, p1, length1, taglist, MAXTAG, &lasttag);
-
-{
-        int n, tag, xclass;
-        unsigned char *q, buf[100];
-        const unsigned char *dn, hash[EVP_MAX_MD_SIZE];
-        ASN1_OBJECT *obj = NULL;
-        const EVP_MD *m;
-        EVP_MD_CTX ctx;
-        char creds[501][101];
-        int lastcred = -1;
-   
-        itag = GRSTasn1SearchTaglist(taglist, lasttag, 
-               "-1-1-1-1-2-1-1-1-1-1-1-1");
-               
-        X509_NAME *xname;
-        
-        q = &p[taglist[itag].start];
-        
-        d2i_ASN1_OBJECT(&obj, &q, taglist[itag].length + 
-                                  taglist[itag].headerlength);
-
-        n  = OBJ_obj2nid(obj);
-        dn = OBJ_nid2sn(n);
-                         
-//        dn = X509_NAME_oneline(xname,NULL,0);
-        
-        printf("n=%d dn=%s obj2txt=%s\n", n, dn, OBJ_obj2txt(NULL,0,obj,1));
-
-        GRSTasn1GetX509Name(buf, 99, "-1-1-1-1-2-1-1-1-1-%d-1-%d", 
-                            p1, taglist, lasttag);
-        printf("%s\n", buf);
-        GRSTasn1GetX509Name(buf, 99, "-1-1-1-1-3-1-1-1-%d-1-%d", 
-                            p1, taglist, lasttag);
-        printf("%s\n", buf);
-
-        lastcred = -1;        
-        ret = GRSTx509ParseVomsExt(&lastcred, 500, 100, creds, 0, 2000040861,
-                             ex, 
-                  "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab",
-                  "/etc/grid-security/vomsdir");
-                  
-                  
-        printf("GRSTx509ParseVomsExt() returns %d, %d\n", ret, lastcred);
-                  
-        for (j=0; j <= lastcred;  ++j)
-         printf("cred=%d %s\n", j, creds[j]);
-        
-/*        
-        m = EVP_md5();
-        EVP_DigestInit(&ctx, m); 
-        EVP_DigestUpdate(&ctx, delegation_id, strlen(delegation_id));
-        EVP_DigestFinal(&ctx, hash, &delegation_id_len);
- */      
-}              
-
-/*       
-        itag = GRSTasn1SearchTaglist(taglist, &lasttag,
-                                     "1-1-1-1-1-7-1-2-1-2-1");
-                                    
-        printf("tag=%d %s %d %.*s\n",
-               itag, taglist[itag].treecoords, taglist[itag].tag,
-               taglist[itag].length, 
-               &p[taglist[itag].start+taglist[itag].headerlength]);
-*/
-      }
-}
diff --git a/org.gridsite.core/src/urlencode.c b/org.gridsite.core/src/urlencode.c
deleted file mode 100644
index bea36a9..0000000
--- a/org.gridsite.core/src/urlencode.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
-   Copyright (c) 2002-3, Andrew McNab, University of Manchester
-   All rights reserved.
-
-   Redistribution and use in source and binary forms, with or
-   without modification, are permitted provided that the following
-   conditions are met:
-
-     o Redistributions of source code must retain the above
-       copyright notice, this list of conditions and the following
-       disclaimer. 
-     o Redistributions in binary form must reproduce the above
-       copyright notice, this list of conditions and the following
-       disclaimer in the documentation and/or other materials
-       provided with the distribution. 
-
-   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-   BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-   ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-   OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-   POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/             *
- *---------------------------------------------------------------*/
-
-#include 
-#include 
-
-#include "gridsite.h"
-
-int main(int argn, char *argv[])
-{
-  int    i;
-
-  if (argn == 1)
-    {
-      puts("urlencode [-m|-d] string-to-encode-or-decode");
-      return 0;
-    }
-
-  if      (strcmp(argv[1], "-d") == 0) /* decode */
-   for (i = 2; i < argn; ++i) 
-      {
-        if (i > 2) fputs(" ", stdout);
-        fputs(GRSThttpUrlDecode(argv[i]), stdout);
-      }
-  else if (strcmp(argv[1], "-m") == 0) /* mild encode */
-   for (i = 2; i < argn; ++i) 
-      {
-        if (i > 2) fputs("%20", stdout);
-        fputs(GRSThttpUrlMildencode(argv[i]), stdout);
-      }
-  else /* standard encode */
-   for (i = 1; i < argn; ++i) 
-      {
-        if (i > 1) fputs("%20", stdout);
-        fputs(GRSThttpUrlEncode(argv[i]), stdout);
-      }
-
-  puts("");
-
-  return 0;
-}
diff --git a/org.gridsite.core/src/xacmlexample.c b/org.gridsite.core/src/xacmlexample.c
deleted file mode 100644
index af914b9..0000000
--- a/org.gridsite.core/src/xacmlexample.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
-   Copyright (c) 2005, Andrew McNab and Shiv Kaushal, University of Manchester
-   All rights reserved.
-
-   Redistribution and use in source and binary forms, with or
-   without modification, are permitted provided that the following
-   conditions are met:
-
-     o Redistributions of source code must retain the above
-       copyright notice, this list of conditions and the following
-       disclaimer. 
-     o Redistributions in binary form must reproduce the above
-       copyright notice, this list of conditions and the following
-       disclaimer in the documentation and/or other materials
-       provided with the distribution. 
-
-   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-   DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-   BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-   ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-   OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-   POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*---------------------------------------------------------------*
- * For more about GridSite: http://www.gridsite.org/             *
- *---------------------------------------------------------------*/
-
-/*
-   Example program using XACML
-
-   Build with:
-   
-    gcc -o xacmlexample xacmlexample.c -L. -I. -lgridsite -lxml2 -lz -lm
-*/
-
-#include 
-#include 
-#include 
-#include 
-
-int main()
-{
-  GRSTgaclCred  *cred, *usercred;
-  GRSTgaclEntry *entry;
-  GRSTgaclAcl   *acl1, *acl2;
-  GRSTgaclUser  *user;
-  GRSTgaclPerm   perm0, perm1, perm2;
-  FILE          *fp;
-
-  /* must initialise GACL before using XACML functions */
-
-  GRSTgaclInit();
-
-  /* build up an ACL, starting with a credential */
-
-  cred = GRSTgaclCredNew("person");
-
-  GRSTgaclCredAddValue(cred, "dn", "/O=Grid/CN=Mr Grid Person");
-
-  /* create an entry to put it in */
-
-  entry = GRSTgaclEntryNew();
-
-  /* add the credential to it */
-
-  GRSTgaclEntryAddCred(entry, cred);
-
-  /* add another credential */
-
-  cred = GRSTgaclCredNew("dn-list");
-  GRSTgaclCredAddValue(cred, "url", "example-dn-list");
-  GRSTgaclEntryAddCred(entry, cred);
-
-  fp = fopen("example-dn-list", "w");
-  fputs("/O=Grid/CN=Mr Grid Person\n", fp);
-  fclose(fp);
-
-  /* associate some permissions and denials to the credential */
-
-  GRSTgaclEntryAllowPerm( entry, GRST_PERM_READ);
-  GRSTgaclEntryAllowPerm( entry, GRST_PERM_WRITE);
-  GRSTgaclEntryAllowPerm( entry, GRST_PERM_ADMIN);
-  GRSTgaclEntryDenyPerm(  entry, GRST_PERM_ADMIN);
-  GRSTgaclEntryDenyPerm(  entry, GRST_PERM_LIST);
-
-  perm0 = GRST_PERM_READ | GRST_PERM_WRITE;
-
-  printf("test perm should be %d\n", perm0);
-
-  /* create a new ACL and add the entry to it */
-
-  acl1 = GRSTgaclAclNew();
-
-  GRSTgaclAclAddEntry(acl1, entry);
-
-  /* create a GRSTgaclUser to compare with the ACL */
-
-  usercred = GRSTgaclCredNew("person");
-
-  GRSTgaclCredAddValue(usercred, "dn", "/O=Grid/CN=Mr Grid Person");
-
-  user = GRSTgaclUserNew(usercred);
-
-  GRSTgaclUserSetDNlists(user, getcwd(NULL, 0));
-  printf("DN Lists dir %s\n", getcwd(NULL, 0));
-
-//  putenv("GRST_DN_LISTS=.");
-
-  perm1 = GRSTgaclAclTestUser(acl1, user);
-
-  printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm1);
-
-  /* print and save the whole ACL */
-
-  GRSTgaclAclPrint(acl1, stdout);
-
-  GRSTxacmlAclSave(acl1, "example.xacml");
-
-  puts("gridacl.out saved");
-
-  puts("");
-
-  /* load the ACL back off the disk, print and test it */
-
-  acl2 = GRSTxacmlAclLoadFile("example.xacml");
-
-  puts("gridacl.out loaded");
-
-  if (acl2 != NULL) GRSTgaclAclPrint(acl2, stdout); else puts("acl2 is NULL");
-
-  perm2 = GRSTgaclAclTestUser(acl2, user);
-
-  printf("test /O=Grid/CN=Mr Grid Person in acl = %d\n", perm2);
-
-  if (perm1 != perm0) return 1;
-  if (perm2 != perm0) return 2;
-
-  return 0;
-}
-