From 10bb664e77109b86e8b450e09c7b6ec6de44b79a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Tue, 14 Oct 2008 10:39:22 +0000 Subject: [PATCH] When renewing ACs, prefer VOMS server given in the original proxy (#33697) --- org.glite.security.proxyrenewal/src/voms.c | 61 +++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/org.glite.security.proxyrenewal/src/voms.c b/org.glite.security.proxyrenewal/src/voms.c index 1b66a23..f8786f3 100644 --- a/org.glite.security.proxyrenewal/src/voms.c +++ b/org.glite.security.proxyrenewal/src/voms.c @@ -1,3 +1,5 @@ +static const char rcsid[] = "$Id$"; + #include "renewal_locl.h" #include "renewd_locl.h" @@ -112,7 +114,7 @@ my_VOMS_Export(glite_renewal_core_context ctx, void *buf, int buf_len, X509_EXTE static int create_voms_command(glite_renewal_core_context ctx, struct vomsdata *vd, struct voms **voms_cert, char **command) { - int voms_error, ret; + int ret; struct data **attribs; #if 0 @@ -138,8 +140,6 @@ create_voms_command(glite_renewal_core_context ctx, struct vomsdata *vd, struct else ret = asprintf(command, "B%s:%s", attribs[0]->group, attribs[0]->role); -end: - return 0; } @@ -147,28 +147,63 @@ static int renew_voms_cert(glite_renewal_core_context ctx, struct vomsdata *vd, struct voms **voms_cert, char **buf, size_t *buf_len) { - int voms_error = 0, i, ret, voms_version; + int voms_error = 0, ret, voms_version, port = -1; struct contactdata **voms_contacts = NULL; struct contactdata **c; char *command = NULL; - char *err_msg; + char *err_msg, *voms_server = NULL, *p; + + ret = create_voms_command(ctx, vd, voms_cert, &command); + if (ret) + return ret; + + /* XXX the lifetime should be taken from the older proxy */ + VOMS_SetLifetime(60*60*12, vd, &voms_error); + + if ((*voms_cert)->uri != NULL) { + voms_server = strdup((*voms_cert)->uri); + if (voms_server == NULL) { + edg_wlpr_Log(ctx, LOG_ERR, "Not enough memory"); + ret = 1; + goto end; + } + + p = strchr(voms_server, ':'); + if (p) { + *p++ = '\0'; + port = atoi(p); + } + } + /* first try to contact the VOMS server that issued the original AC */ + if (voms_server && port != -1 && (*voms_cert)->server != NULL) { + ret = VOMS_ContactRaw(voms_server, port, (*voms_cert)->server, + command, (void**) buf, buf_len, &voms_version, + vd, &voms_error); + if (ret != 0) { + /* success, let's finish */ + ret = 0; + goto end; + } + err_msg = VOMS_ErrorMessage(vd, voms_error, NULL, 0); + edg_wlpr_Log(ctx, LOG_ERR, + "Failed to contact VOMS server %s of VO %s: %s\n", + (*c)->host, (*voms_cert)->voname, err_msg); + free(err_msg); + } + + /* if the original URI doesn't work, try VOMS servers given in local + configuration */ voms_contacts = VOMS_FindByVO(vd, (*voms_cert)->voname, ctx->voms_conf, NULL, &voms_error); if (voms_contacts == NULL) { err_msg = VOMS_ErrorMessage(vd, voms_error, NULL, 0); edg_wlpr_Log(ctx, LOG_ERR, "Can't find configuration for VO %s: %s\n", (*voms_cert)->voname, err_msg); free(err_msg); - return 1; + ret = 1; + goto end; } - ret = create_voms_command(ctx, vd, voms_cert, &command); - if (ret) - return ret; - - /* XXX the lifetime should be taken from the older proxy */ - VOMS_SetLifetime(60*60*12, vd, &voms_error); - ret = 0; for (c = voms_contacts; c && *c; c++) { ret = VOMS_ContactRaw((*c)->host, (*c)->port, (*c)->contact, -- 1.8.2.3