From 269cf6e1e6ce157f015a48831502094e8052fc60 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zden=C4=9Bk=20Salvet?= <salvet@ics.muni.cz>
Date: Fri, 26 Aug 2005 07:15:00 +0000
Subject: [PATCH] Authentization plugin for Globus ftpd.

---
 org.glite.jp.primary/Makefile        |   5 +-
 org.glite.jp.primary/src/ftpd_auth.c | 196 +++++++++++++++++++++++++++++++++++
 2 files changed, 200 insertions(+), 1 deletion(-)
 create mode 100644 org.glite.jp.primary/src/ftpd_auth.c

diff --git a/org.glite.jp.primary/Makefile b/org.glite.jp.primary/Makefile
index edf3853..ef3c7df 100644
--- a/org.glite.jp.primary/Makefile
+++ b/org.glite.jp.primary/Makefile
@@ -47,7 +47,7 @@ example:=jpps-test
 ps_prefix:=jpps_
 is_prefix:=jpis_
 
-plugins:=glite-jp-tags.la
+plugins:=glite-jp-tags.la glite-jp-ftpdauth.la
 
 HDRS_I=file_plugin.h
 HDRS_S=builtin_plugins.h backend.h
@@ -175,6 +175,9 @@ stdsoap2.o: ${gsoap_prefix}/devel/stdsoap2.c
 glite-jp-tags.la: tags_plugin.lo
 	${SOLINK} -o $@ tags_plugin.lo
 
+glite-jp-ftpdauth.la: ftpd_auth.lo
+	${SOLINK} -o $@ ftpd_auth.lo
+
 %.lo: %.c
 	${LTCOMPILE} -o $@ -c $<
 
diff --git a/org.glite.jp.primary/src/ftpd_auth.c b/org.glite.jp.primary/src/ftpd_auth.c
new file mode 100644
index 0000000..bc00462
--- /dev/null
+++ b/org.glite.jp.primary/src/ftpd_auth.c
@@ -0,0 +1,196 @@
+#include <sys/types.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "glite/jp/types.h"
+#include "glite/jp/context.h"
+
+#include "db.h"
+
+extern void reply(int n, char *fmt,...);
+
+#define FTPBE_DEFAULT_DB_CS     "jpps/@localhost:jpps"
+
+static char *user_subj = NULL;
+static char *int_prefix = NULL;
+static glite_jp_context_t ctx;
+
+static int open_db()
+{
+	char *db_cs = NULL;
+
+	db_cs = getenv("FTPBE_DB_CS");
+	if (!db_cs) db_cs = FTPBE_DEFAULT_DB_CS;
+
+	int_prefix = getenv("FTPBE_INT_PREFIX");
+	if (!int_prefix) {
+		reply(550, "Internal error: prefix not configured");
+		return 0;
+	}
+
+	glite_jp_init_context(&ctx);
+	if (glite_jp_db_connect(ctx, db_cs)) {
+		reply(550, "Internal error: backend DB access failed");
+		return 0;
+	}
+	
+	return 1;
+}
+
+static void close_db()
+{
+	glite_jp_db_close(ctx);
+}
+
+
+int globus_gss_assist_gridmap(char* globus_id, char** mapped_name)
+{
+	char *logname;
+
+	logname = getenv("GLITE_USER");
+	if (logname) {
+		*mapped_name = strdup(logname);
+		user_subj = strdup(globus_id);
+		if (!(*mapped_name) || !user_subj) return 1;
+				 
+		return 0;
+	} else {
+		return 1;
+		/* 
+		 * Note: return value need not follow globus numbering
+		 * scheme in ftpd
+		 */
+	}
+}
+
+int globus_gss_assist_userok(char*globus_id, char *account)
+{
+	char *logname;
+
+	logname = getenv("GLITE_USER");
+	if (logname) 
+		return strcmp(account,strdup(logname)) ? 1 : 0;
+	else
+		return 1;
+}
+
+int checknoretrieve(char *name)
+{
+	int result = 1; /* deny access by default */
+
+	char *stmt = NULL;
+	int db_retn;
+	glite_jp_db_stmt_t db_res;
+	char *db_row[1] = { NULL };
+
+	trio_asprintf(&stmt,"select j.owner from jobs j,files f where "
+			"f.ext_url='%|Ss%|Ss' and j.jobid=f.jobid",
+			int_prefix, name);
+	if (!stmt) {
+		reply(550, "Internal error: out of memory");
+		return 1;
+	}
+
+	if (!open_db()) return 1;
+
+	if ((db_retn = glite_jp_db_execstmt(ctx, stmt, &db_res)) <= 0) {
+		if (db_retn == 0) {
+			reply(553, "No such file registered");
+		} else {
+			reply(550, "Internal error: backend DB access failed");
+		}
+		goto out;
+	}
+	
+	db_retn = glite_jp_db_fetchrow(db_res, db_row);
+	if (db_retn != 1) {
+		glite_jp_db_freestmt(&db_res);
+		reply(550, "Internal error: backend DB access failed");
+		goto out;
+	}
+	glite_jp_db_freestmt(&db_res);
+
+	if (!strcmp(db_row[0], user_subj)) {
+		result = 0;
+	} else {
+		reply(553, "Permission denied");
+	}
+
+out:
+	free(db_row[0]);
+	close_db();
+	free(stmt);
+	return result;
+}
+
+int upl_check(char *name, uid_t * uid, gid_t * gid, int *f_mode, int *valid)
+{
+	int result = -1; /* deny access by default */
+
+	char *stmt = NULL;
+	int db_retn;
+	glite_jp_db_stmt_t db_res;
+	char *db_row[1] = { NULL };
+
+	*valid = 0; /* don't used uid & gid */
+
+	trio_asprintf(&stmt,"select state from files "
+			"where ext_url='%|Ss%|Ss' and ul_userid='%|Ss'",
+			int_prefix, name, user_subj);
+	if (!stmt) {
+		reply(550, "Internal error: out of memory");
+		return -1;
+	}
+
+	if (!open_db()) return -1;
+
+	if ((db_retn = glite_jp_db_execstmt(ctx, stmt, &db_res)) <= 0) {
+		if (db_retn == 0) {
+			reply(553, "No such upload in progress");
+		} else {
+			reply(550, "Internal error: backend DB access failed");
+		}
+		goto out;
+	}
+	
+	db_retn = glite_jp_db_fetchrow(db_res, db_row);
+	if (db_retn != 1) {
+		glite_jp_db_freestmt(&db_res);
+		reply(550, "Internal error: backend DB access failed");
+		goto out;
+	}
+	glite_jp_db_freestmt(&db_res);
+
+	if (!strcmp(db_row[0], "uploading")) {
+		result = 1;
+	} else {
+		reply(553, "Permission denied");
+	}
+
+out:
+	free(db_row[0]);
+	close_db();
+	free(stmt);
+	return result;
+}
+
+int del_check(char *name)
+{
+	reply(553, "Deleting files not supported");
+	return 0;
+}
+
+int rename(const char *f, const char * t)
+{
+	errno = EPERM;
+	return -1;
+}
+
+FILE *ftpd_popen(char *program, char *type, int closestderr)
+{
+	errno = EPERM;
+	return NULL;
+}
-- 
1.8.2.3