From 149c72b80dad3bee0e5a2f506a15f11a8c681d33 Mon Sep 17 00:00:00 2001 From: Andrew McNab Date: Mon, 10 Oct 2005 10:16:01 +0000 Subject: [PATCH] gsexec patch and doc updates --- org.gridsite.core/CHANGES | 3 ++ org.gridsite.core/doc/httpd-fileserver.conf | 4 +- org.gridsite.core/doc/httpd-webserver.conf | 4 +- org.gridsite.core/src/gsexec.c | 62 +++++++++++++++++++++++++---- 4 files changed, 61 insertions(+), 12 deletions(-) diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES index 5f9c111..7aa4a69 100644 --- a/org.gridsite.core/CHANGES +++ b/org.gridsite.core/CHANGES @@ -1,3 +1,6 @@ +* Mon Oct 10 2005 Andrew McNab +- Add target_gname patch to gsexec from + Gerben Venekamp * Thu Oct 6 2005 Andrew McNab - Fix session reuse with Shared-Memory SSL Session Cache bug #8856 in mod_gridsite. diff --git a/org.gridsite.core/doc/httpd-fileserver.conf b/org.gridsite.core/doc/httpd-fileserver.conf index 27293e8..301a8ee 100644 --- a/org.gridsite.core/doc/httpd-fileserver.conf +++ b/org.gridsite.core/doc/httpd-fileserver.conf @@ -54,7 +54,7 @@ ## ## and add the following directive to the HTTPS section: ## -## GridSiteMethods GET PUT DELETE +## GridSiteMethods GET PUT DELETE MOVE ## ## If you wish to accept Globus GSI Proxies as well as full X.509 user ## certificates, set GridSiteGSIProxyLimit to the depth of proxy you @@ -149,7 +149,7 @@ SSLOptions +ExportCertData +StdEnvVars GridSiteAuth on GridSiteDNlists /etc/grid-security/dn-lists/ GridSiteGSIProxyLimit 0 -# GridSiteMethods GET PUT DELETE +# GridSiteMethods GET PUT DELETE MOVE diff --git a/org.gridsite.core/doc/httpd-webserver.conf b/org.gridsite.core/doc/httpd-webserver.conf index 1b163cf..dfb3edb 100644 --- a/org.gridsite.core/doc/httpd-webserver.conf +++ b/org.gridsite.core/doc/httpd-webserver.conf @@ -56,7 +56,7 @@ ## ## and add the following directive to the HTTPS section: ## -## GridSiteMethods GET PUT DELETE +## GridSiteMethods GET PUT DELETE MOVE ## ## If you wish to accept Globus GSI Proxies as well as full X.509 user ## certificates, set GridSiteGSIProxyLimit to the depth of proxy you @@ -211,7 +211,7 @@ ScriptAlias /real-gridsite-admin.cgi /usr/sbin/real-gridsite-admin.cgi ## This directive allows authorized people to write/delete files ## from non-browser clients - eg with htcp(1) - GridSiteMethods GET PUT DELETE + GridSiteMethods GET PUT DELETE MOVE ## These directives (and the ScriptAlias above) allow authorized ## people to manage files, ACLs and DN Lists through their web diff --git a/org.gridsite.core/src/gsexec.c b/org.gridsite.core/src/gsexec.c index c978fe4..4278c77 100644 --- a/org.gridsite.core/src/gsexec.c +++ b/org.gridsite.core/src/gsexec.c @@ -444,6 +444,8 @@ void mapdir_newlease(char *mapdir, char *encodedkey) } /****************************************************************************** +Based on gridmapdir_userid: + Function: gridmapdir_userid Description: This is equivalent to globus_gss_assist_gridmap but for the dynamic @@ -470,14 +472,13 @@ Returns: int GRSTexecGetMapping(char **target_uname, char **target_gname, char *mapdir, char *key) { - char *encodedkey; + char *encodedkey; + struct passwd *pw = NULL; if (key[0] != '/') return 1; /* must be a proper X.509 DN or path */ encodedkey = mapdir_urlencode(key); -log_err("encodedkey=%s\n", encodedkey); *target_uname = mapdir_otherlink(mapdir, encodedkey); -log_err("*target_uname=%s\n", *target_uname); if (*target_uname == NULL) /* maybe no lease yet */ { @@ -496,9 +497,56 @@ log_err("*target_uname=%s\n", *target_uname); free(encodedkey); -// nasty hack for now -*target_gname = strdup(*target_uname); - + /* + * Get the group name of target user. + (Contributed by Gerben Venekamp venekamp@nikhef.nl ) + */ + + if ((pw = getpwnam(*target_uname)) != NULL) + { + struct group grp = { NULL, NULL, -1, NULL }; + struct group *tst = NULL; + char tmp_buf[100]; + + /* + * NOTE: Do not use the getgrgid() function call! Calling this function + * will overwrite the contents of the internal buffer associated with + * this call. Hence, further down the execution path we will run into + * a wall, head first; simply because the guid has changed to that of + * the targer uid. The only solution out of the situation is avoiding + * the function call and manage the needed buffers ourselves. + */ + + switch (getgrgid_r(pw->pw_gid, &grp, tmp_buf, sizeof(tmp_buf), &tst)) + { + case 0: /* no error */ + *target_gname = strdup(grp.gr_name); + break; + case ERANGE: + log_err("The buffer for holding strings is too small " + "(%d byte now)\n", sizeof(tmp_buf)); + break; + default: + log_err("Could not get group name for user (%s)\n", + *target_uname); + } + + /* Test if all was well. */ + + if (target_gname == NULL) + { + exit(102); + } + } + else + { + log_err("Could not get info for the target user (%s)\n",*target_uname); + exit(102); + } + + log_no_err("target group name determined (%s -> %s)\n", + *target_uname, *target_gname); + return 0; } @@ -629,7 +677,6 @@ int main(int argc, char *argv[]) } mapping_type = getenv("GRST_EXEC_METHOD"); -// log_err("mapping_type from GRST_EXEC_METHOD=%s\n",mapping_type); if ((mapping_type == NULL) || (mapping_type[0] == '\0') || (strcasecmp(mapping_type, "suexec") == 0)) @@ -640,7 +687,6 @@ int main(int argc, char *argv[]) } else if (strcasecmp(mapping_type, "X509DN") == 0) { -// log_err("X509DN mapping type\n"); if ((grst_cred_0 = getenv("GRST_CRED_0")) == NULL) map_x509dn = getenv("SSL_CLIENT_S_DN"); else map_x509dn = index(grst_cred_0, '/'); -- 1.8.2.3