From 25a241384e92128c47c0d688152d2da4c9ca5251 Mon Sep 17 00:00:00 2001 From: Andrew McNab Date: Thu, 23 Jul 2009 15:57:54 +0000 Subject: [PATCH] GRSTerrorLog fix for use inside if...else --- org.gridsite.core/CHANGES | 5 +++++ org.gridsite.core/interface/gridsite.h | 13 ++++++++----- org.gridsite.core/src/grst_err.c | 2 +- org.gridsite.core/src/grst_x509.c | 23 ++++++++++++----------- org.gridsite.core/src/htproxyput.c | 4 +++- org.gridsite.core/src/mod_gridsite.c | 3 ++- org.gridsite.core/src/slashgrid.c | 3 ++- 7 files changed, 33 insertions(+), 20 deletions(-) diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES index 296eb5a..ba55deb 100644 --- a/org.gridsite.core/CHANGES +++ b/org.gridsite.core/CHANGES @@ -1,3 +1,8 @@ +* Thu Jul 23 2009 Andrew McNab +- Check multiple VOMS issuer certs if present, and + use most permissive time range they provide +- Change (GRSTerrorLogFunc) to return int, to allow + if-less C macro using && instead. * Fri Jul 03 2009 Andrew McNab - ==== GridSite version 1.7.4 ==== * Thu Jul 02 2009 Andrew McNab diff --git a/org.gridsite.core/interface/gridsite.h b/org.gridsite.core/interface/gridsite.h index 10da0a7..36cbf6c 100644 --- a/org.gridsite.core/interface/gridsite.h +++ b/org.gridsite.core/interface/gridsite.h @@ -57,6 +57,10 @@ #include #endif +#ifndef _STDINT_H +#include +#endif + #ifndef FALSE #define FALSE (0) #endif @@ -79,12 +83,11 @@ // No such file or directory #define GRST_RET_NO_SUCH_FILE 1003 -// #define GRSTerrorLog(GRSTerrorLevel, GRSTerrorFmt, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, GRSTerrorFmt, __VA_ARGS__) -// void (*GRSTerrorLogFunc)(char *, int, int, char *, ...); - -#define GRSTerrorLog(GRSTerrorLevel, ...) if (GRSTerrorLogFunc != NULL) (GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__) +/* We use && now rather than if so this macro can be used inside if...else + but that means the function must return an int rather than be void */ +#define GRSTerrorLog(GRSTerrorLevel, ...) ((GRSTerrorLogFunc != NULL) && ((GRSTerrorLogFunc)(__FILE__, __LINE__, GRSTerrorLevel, __VA_ARGS__))) -extern void (*GRSTerrorLogFunc)(char *, int, int, char *, ...); +extern int (*GRSTerrorLogFunc)(char *, int, int, char *, ...); /* these levels are the same as Unix syslog() and Apache ap_log_error() */ diff --git a/org.gridsite.core/src/grst_err.c b/org.gridsite.core/src/grst_err.c index 106021f..3d4b120 100644 --- a/org.gridsite.core/src/grst_err.c +++ b/org.gridsite.core/src/grst_err.c @@ -37,4 +37,4 @@ #include "gridsite.h" -void (*GRSTerrorLogFunc)(char *, int, int, char *, ...) = NULL; +int (*GRSTerrorLogFunc)(char *, int, int, char *, ...) = NULL; diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index 6df74d8..171d047 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -46,7 +46,6 @@ #include #include #include -#include #include #include @@ -259,7 +258,7 @@ static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time, FILE *fp; EVP_MD_CTX ctx; struct stat statbuf; - time_t voms_service_time1 = INT32_MAX, voms_service_time2 = 0, + time_t voms_service_time1 = GRST_MAX_TIME_T, voms_service_time2 = 0, tmp_time1, tmp_time2; if ((vomsdir == NULL) || (vomsdir[0] == '\0')) return GRST_RET_FAILED; @@ -317,7 +316,7 @@ static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time, if (cert == NULL) continue; tmp_time1 = 0; - tmp_time2 = INT32_MAX; + tmp_time2 = GRST_MAX_TIME_T; if (GRSTx509VerifySig(&tmp_time1, &tmp_time2, &asn1string[taglist[iinfo].start], @@ -355,7 +354,7 @@ static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time, if (cert == NULL) continue; tmp_time1 = 0; - tmp_time2 = INT32_MAX; + tmp_time2 = GRST_MAX_TIME_T; if (GRSTx509VerifySig(&tmp_time1, &tmp_time2, &asn1string[taglist[iinfo].start], @@ -382,7 +381,7 @@ static int GRSTx509VerifyVomsSig(time_t *time1_time, time_t *time2_time, closedir(vomsDIR); - if ((voms_service_time1 == INT32_MAX) || (voms_service_time2 == 0)) + if ((voms_service_time1 == GRST_MAX_TIME_T) || (voms_service_time2 == 0)) return GRST_RET_FAILED; /* now we tighten up the VOMS AC time range using the most permissive @@ -474,14 +473,16 @@ static int GRSTx509VerifyVomsSigCert(time_t *time1_time, time_t *time2_time, cacert = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (cacert != NULL) - GRSTerrorLog(GRST_LOG_DEBUG, " Loaded CA root cert from file"); + { + GRSTerrorLog(GRST_LOG_DEBUG, " Loaded CA root cert from file"); + } else { GRSTerrorLog(GRST_LOG_DEBUG, " Failed to load CA root cert file"); return GRST_RET_FAILED; } } - + /* check times CA cert times, and reject if necessary */ tmp_time = GRSTasn1TimeToTimeT( @@ -510,7 +511,7 @@ static int GRSTx509VerifyVomsSigCert(time_t *time1_time, time_t *time2_time, X509_free(cacert); X509_free(vomscert); - if (ret != X509_V_OK) return chain_errors | GRST_CERT_BAD_SIG; + if (ret != X509_V_OK) return (chain_errors | GRST_CERT_BAD_SIG); asprintf(&vodir, "%s/%s", vomsdir, voname); @@ -534,7 +535,7 @@ static int GRSTx509VerifyVomsSigCert(time_t *time1_time, time_t *time2_time, asprintf(&lscpath, "%s/%s", vodir, vodirent->d_name); stat(lscpath, &statbuf); - GRSTerrorLog(GRST_LOG_DEBUG, "Check LSC file %s for %s,%s", + GRSTerrorLog(GRST_LOG_DEBUG, "Check LSC file %s for %s,%s", lscpath, acvomsdn, vomscert_cadn); if ((fp = fopen(lscpath, "r")) != NULL) @@ -570,8 +571,8 @@ static int GRSTx509VerifyVomsSigCert(time_t *time1_time, time_t *time2_time, free(lsc_vomsdn); if (!lsc_found) chain_errors |= GRST_CERT_BAD_SIG; - - return chain_errors ? GRST_RET_FAILED : GRST_RET_OK; + + return (chain_errors ? GRST_RET_FAILED : GRST_RET_OK); } /// Get the VOMS attributes in the given extension diff --git a/org.gridsite.core/src/htproxyput.c b/org.gridsite.core/src/htproxyput.c index df1ff8b..f6368f3 100644 --- a/org.gridsite.core/src/htproxyput.c +++ b/org.gridsite.core/src/htproxyput.c @@ -87,7 +87,7 @@ void printsyntax(char *argv0) "(Version: %s)\n", p, VERSION); } -void htproxy_logfunc(char *file, int line, int level, char *fmt, ...) +int htproxy_logfunc(char *file, int line, int level, char *fmt, ...) { char *mesg; va_list ap; @@ -99,6 +99,8 @@ void htproxy_logfunc(char *file, int line, int level, char *fmt, ...) fprintf(stderr, "%s(%d) %s\n", file, line, mesg); free(mesg); + + return 0; } int main(int argc, char *argv[]) diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c index 1180d88..e009bfc 100644 --- a/org.gridsite.core/src/mod_gridsite.c +++ b/org.gridsite.core/src/mod_gridsite.c @@ -4333,7 +4333,7 @@ static int mod_gridsite_server_post_config(apr_pool_t *pPool, } static server_rec *mod_gridsite_log_func_server; -static void mod_gridsite_log_func(char *file, int line, int level, +static int mod_gridsite_log_func(char *file, int line, int level, char *fmt, ...) { char *mesg; @@ -4347,6 +4347,7 @@ static void mod_gridsite_log_func(char *file, int line, int level, 0, mod_gridsite_log_func_server, "%s", mesg); free(mesg); + return 0; } static void mod_gridsite_child_init(apr_pool_t *pPool, server_rec *pServer) diff --git a/org.gridsite.core/src/slashgrid.c b/org.gridsite.core/src/slashgrid.c index fe3bec5..076ff76 100644 --- a/org.gridsite.core/src/slashgrid.c +++ b/org.gridsite.core/src/slashgrid.c @@ -2604,7 +2604,7 @@ static struct fuse_operations slashgrid_oper = { .destroy = slashgrid_destroy }; -void slashgrid_logfunc(char *file, int line, int level, char *fmt, ...) +int slashgrid_logfunc(char *file, int line, int level, char *fmt, ...) { char *mesg; va_list ap; @@ -2616,6 +2616,7 @@ void slashgrid_logfunc(char *file, int line, int level, char *fmt, ...) syslog(level, "%s(%d) %s", file, line, mesg); free(mesg); + return 0; } int main(int argc, char *argv[]) -- 1.8.2.3