From: Andrew McNab Date: Fri, 9 Nov 2007 14:09:40 +0000 (+0000) Subject: Sync X-Git-Tag: org-gridsite-core_R_1_5_5~1 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b98dcedbe0450a17aba9a93e8b53417e51420ea9;p=jra1mw.git Sync --- diff --git a/org.gridsite.core/interface/gridsite.h b/org.gridsite.core/interface/gridsite.h index f2d054c..0581ef8 100644 --- a/org.gridsite.core/interface/gridsite.h +++ b/org.gridsite.core/interface/gridsite.h @@ -252,7 +252,7 @@ int GRSTgaclEntryDelCred(GRSTgaclEntry *, GRSTgaclCred *); /* #define GACLprintCred(x,y) GRSTgaclCredPrint((x),(y)) */ int GRSTgaclCredCredPrint(GRSTgaclCred *, FILE *); -int GRSTgaclCredCmp(GRSTgaclCred *, GRSTgaclCred *); +int GRSTgaclCredCmpAuri(GRSTgaclCred *, GRSTgaclCred *); /* #define GACLnewEntry(x) GRSTgaclEntryNew((x)) */ GRSTgaclEntry *GRSTgaclEntryNew(void); diff --git a/org.gridsite.core/src/grst_gacl.c b/org.gridsite.core/src/grst_gacl.c index f46d0c5..e6239c3 100644 --- a/org.gridsite.core/src/grst_gacl.c +++ b/org.gridsite.core/src/grst_gacl.c @@ -339,7 +339,7 @@ int GRSTgaclCredPrint(GRSTgaclCred *cred, FILE *fp) return 0; } -int GRSTgaclCredCmp(GRSTgaclCred *cred1, GRSTgaclCred *cred2) +int GRSTgaclCredCmpAuri(GRSTgaclCred *cred1, GRSTgaclCred *cred2) /* GRSTgaclCredCmp - compare two credentials for exact match in AURI values (this means a string match, not just any-user=DN etc) diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index ca82492..8208324 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -1110,7 +1110,7 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) /// Returns pointer to created GRSTgaclCred or NULL or failure. { int delegation; - char *p; + char *p, *encoded; time_t now, notbefore, notafter; GRSTgaclCred *cred = NULL; @@ -1129,7 +1129,9 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) && (p = index(++p, ' ')) && (p = index(++p, ' '))) { - cred = GRSTgaclCredCreate("dn:", &p[1]); + encoded = GRSThttpUrlMildencode(&p[1]); + cred = GRSTgaclCredCreate("dn:", encoded); + free(encoded); GRSTgaclCredSetDelegation(cred, delegation); } @@ -1151,7 +1153,9 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) if (p[1] != '/') return NULL; /* must begin with / */ - cred = GRSTgaclCredCreate("fqan:", &p[1]); + encoded = GRSThttpUrlMildencode(&p[1]); + cred = GRSTgaclCredCreate("fqan:", encoded); + free(encoded); GRSTgaclCredSetDelegation(cred, delegation); } diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c index 6fa3d52..e551943 100644 --- a/org.gridsite.core/src/mod_gridsite.c +++ b/org.gridsite.core/src/mod_gridsite.c @@ -319,8 +319,12 @@ char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf, if ((grst_cred_auri_0 != NULL) && (strncmp(grst_cred_auri_0, "dn:", 3) == 0)) { - dn = &grst_cred_auri_0[3]; - if (dn[0] == '\0') dn = NULL; + dn = GRSThttpUrlDecode(&grst_cred_auri_0[3]); + if (dn[0] == '\0') + { + free(dn); + dn = NULL; + } } if (dn != NULL) @@ -360,6 +364,8 @@ char *make_admin_footer(request_rec *r, mod_gridsite_dir_cfg *conf, out = apr_pstrcat(r->pool, out, temp, NULL); } } + + free(dn); } if ((https != NULL) && (strcasecmp(https, "on") == 0)) @@ -2353,7 +2359,7 @@ int GRST_load_ssl_creds(SSL *ssl, conn_rec *conn) void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain) { int i, lastcred, lowest_voms_delegation = 65535; - char envname[14], *tempfile = NULL, + char envname[14], *tempfile = NULL, *encoded, *sessionfile, session_id[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2]; apr_file_t *fp = NULL; SSL *ssl; @@ -2405,12 +2411,14 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain) else if ((grst_cert->type == GRST_CERT_TYPE_EEC) || (grst_cert->type == GRST_CERT_TYPE_PROXY)) { + encoded = GRSThttpUrlMildencode(grst_cert->dn); + apr_table_setn(conn->notes, apr_psprintf(conn->pool, "GRST_CRED_AURI_%d", i), - apr_pstrcat(conn->pool, "dn:", grst_cert->dn, NULL)); + apr_pstrcat(conn->pool, "dn:", encoded, NULL)); if (fp != NULL) apr_file_printf(fp, "GRST_CRED_AURI_%d=dn:%s\n", - i, grst_cert->dn); + i, encoded); apr_table_setn(conn->notes, apr_psprintf(conn->pool, "GRST_CRED_VALID_%d", i), @@ -2427,7 +2435,9 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain) grst_cert->delegation, 0); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server, - "store GRST_CRED_AURI_%d=dn:%s", i, grst_cert->dn); + "store GRST_CRED_AURI_%d=dn:%s", i, encoded); + + free(encoded); ++i; } @@ -2440,13 +2450,15 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain) (grst_cert->delegation == lowest_voms_delegation)) { /* only export attributes from the last proxy to contain them */ + + encoded = GRSThttpUrlMildencode(grst_cert->value); apr_table_setn(conn->notes, apr_psprintf(conn->pool, "GRST_CRED_AURI_%d", i), - apr_pstrcat(conn->pool, "fqan:", grst_cert->value, NULL)); + apr_pstrcat(conn->pool, "fqan:", encoded, NULL)); if (fp != NULL) apr_file_printf(fp, "GRST_CRED_AURI_%d=fqan:%s\n", - i, grst_cert->value); + i, encoded); apr_table_setn(conn->notes, apr_psprintf(conn->pool, "GRST_CRED_VALID_%d", i), @@ -2463,7 +2475,9 @@ void GRST_save_ssl_creds(conn_rec *conn, GRSTx509Chain *grst_chain) grst_cert->delegation, 0); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, conn->base_server, - "store GRST_CRED_AURI_%d=fqan:%s", i, grst_cert->value); + "store GRST_CRED_AURI_%d=fqan:%s", i, encoded); + + free(encoded); ++i; } @@ -2605,7 +2619,7 @@ static int mod_gridsite_perm_handler(request_rec *r) char *dn, *p, *q, envname1[30], envname2[30], *grst_cred_auri_0 = NULL, *dir_path, *remotehost, s[99], *grst_cred_auri_i, *cookies, *file, *https, - *cookiefile, oneline[1025], *key_i, + *cookiefile, oneline[1025], *key_i, *decoded, *destination = NULL, *destination_uri = NULL, *querytmp, *destination_prefix = NULL, *destination_translated = NULL, *aclpath = NULL, *grst_cred_valid_0 = NULL, *grst_cred_valid_i, @@ -2999,6 +3013,7 @@ static int mod_gridsite_perm_handler(request_rec *r) { if (strncmp(cred->auri, "dn:", 3) == 0) { + decoded = GRSThttpUrlDecode(&(cred->auri[3])); apr_table_setn(env, apr_psprintf(r->pool, "GRST_CRED_%d", i), apr_psprintf(r->pool, @@ -3007,16 +3022,19 @@ static int mod_gridsite_perm_handler(request_rec *r) cred->notbefore, cred->notafter, cc_delegation, - &(cred->auri[3]))); + decoded)); + free(decoded); } else if (strncmp(cred->auri, "fqan:", 5) == 0) { + decoded = GRSThttpUrlDecode(&(cred->auri[5])); apr_table_setn(env, apr_psprintf(r->pool, "GRST_CRED_%d", i), apr_psprintf(r->pool, "VOMS %ld %ld 0 %s", notbefore, notafter, - &(cred->auri[5]))); + decoded)); + free(decoded); } apr_table_setn(env, diff --git a/org.gridsite.core/src/slashgrid.c b/org.gridsite.core/src/slashgrid.c index 33d2413..e008699 100644 --- a/org.gridsite.core/src/slashgrid.c +++ b/org.gridsite.core/src/slashgrid.c @@ -1198,7 +1198,7 @@ GRSTgaclPerm get_gaclPerm(struct fuse_context *fuse_ctx, char *path) GRSTgaclCred *cred; GRSTgaclUser *user = NULL; GRSTgaclAcl *acl; - char *dn = NULL; + char *dn = NULL, *encoded_dn; // eventually want a UID cache here... @@ -1216,9 +1216,12 @@ GRSTgaclPerm get_gaclPerm(struct fuse_context *fuse_ctx, char *path) if (dn != NULL) { - cred = GRSTgaclCredCreate("dn:", dn); + encoded_dn = GRSThttpMildUrlEncode(dn); + + cred = GRSTgaclCredCreate("dn:", encoded_dn); user = GRSTgaclUserNew(cred); free(dn); + free(encoded_dn); } acl = GRSTgaclAclLoadforFile(path);