From 47738f8ac9ee0f4d04bc6fb1ee3f7b8d424214b5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= Date: Mon, 11 Jun 2007 15:18:15 +0000 Subject: [PATCH] API change and new function due to restructuring. --- .../examples/wscalc_srv_ex.c | 5 +- .../examples/wscalc_srv_ex2.c | 7 ++- .../interface/glite_gsplugin-int.h | 5 +- .../interface/glite_gsplugin.h | 4 +- .../src/glite_gsplugin.c | 70 +++++++++++++--------- org.glite.security.gss/Makefile | 2 +- 6 files changed, 54 insertions(+), 39 deletions(-) diff --git a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c index 9e5da4d..be2c735 100644 --- a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c +++ b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c @@ -31,7 +31,7 @@ main(int argc, char **argv) char *name; char *cert, *key; int opt; - + gss_cred_id_t cred; cert = key = NULL; name = strrchr(argv[0],'/'); @@ -48,10 +48,11 @@ main(int argc, char **argv) if ( cert || key ) { if ( glite_gsplugin_init_context(&ctx) ) { perror("init context"); exit(1); } - if (glite_gsplugin_set_credential(ctx, cert, key)) { + if (edg_wll_gss_acquire_cred_gsi(cert, key, &cred, NULL, NULL) != 0) { fprintf (stderr, "Failed to set credentials\n"); exit(1); } + glite_gsplugin_set_credential(ctx, cred); } soap_init(&soap); diff --git a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c index c7343a0..96358fa 100644 --- a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c +++ b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c @@ -38,6 +38,7 @@ main(int argc, char **argv) char *subject = NULL; int opt, port = 19999; + char *cert_filename = NULL, *key_filename = NULL; int sock; @@ -49,14 +50,14 @@ main(int argc, char **argv) while ((opt = getopt_long(argc, argv, "c:k:p:", long_options, NULL)) != EOF) { switch (opt) { case 'p': port = atoi(optarg); break; - case 'c': ctx->cert_filename = strdup(optarg); break; - case 'k': ctx->key_filename = strdup(optarg); break; + case 'c': cert_filename = strdup(optarg); break; + case 'k': key_filename = strdup(optarg); break; case '?': default : usage(name); exit(1); } } - if ( edg_wll_gss_acquire_cred_gsi(ctx->cert_filename, ctx->key_filename, &ctx->cred, &subject, &gss_code) ) { + if ( edg_wll_gss_acquire_cred_gsi(cert_filename, key_filename, &ctx->cred, &subject, &gss_code) ) { edg_wll_gss_get_error(&gss_code, "Failed to read credential", &msg); fprintf(stderr, "%s\n", msg); free(msg); diff --git a/org.glite.security.gsoap-plugin/interface/glite_gsplugin-int.h b/org.glite.security.gsoap-plugin/interface/glite_gsplugin-int.h index 9ae3bb4..6a48cde 100644 --- a/org.glite.security.gsoap-plugin/interface/glite_gsplugin-int.h +++ b/org.glite.security.gsoap-plugin/interface/glite_gsplugin-int.h @@ -12,11 +12,10 @@ struct _glite_gsplugin_ctx { char *error_msg; - char *key_filename; - char *cert_filename; - edg_wll_GssConnection *connection; gss_cred_id_t cred; + int internal_connection; + int internal_credentials; void *user_data; }; diff --git a/org.glite.security.gsoap-plugin/interface/glite_gsplugin.h b/org.glite.security.gsoap-plugin/interface/glite_gsplugin.h index be3aa74..dce770a 100644 --- a/org.glite.security.gsoap-plugin/interface/glite_gsplugin.h +++ b/org.glite.security.gsoap-plugin/interface/glite_gsplugin.h @@ -20,8 +20,8 @@ extern void *glite_gsplugin_get_udata(struct soap *); extern void glite_gsplugin_set_udata(struct soap *, void *); extern void glite_gsplugin_set_timeout(glite_gsplugin_Context, struct timeval const *); -extern int glite_gsplugin_set_credential(glite_gsplugin_Context, const char *, const char *); -extern void glite_gsplugin_set_connection(glite_gsplugin_Context, edg_wll_GssConnection *); +extern void glite_gsplugin_set_credential(glite_gsplugin_Context, gss_cred_id_t); +extern int glite_gsplugin_set_connection(glite_gsplugin_Context, edg_wll_GssConnection *); extern int glite_gsplugin(struct soap *, struct soap_plugin *, void *); extern char *glite_gsplugin_errdesc(struct soap *); diff --git a/org.glite.security.gsoap-plugin/src/glite_gsplugin.c b/org.glite.security.gsoap-plugin/src/glite_gsplugin.c index 1131532..5112ca8 100644 --- a/org.glite.security.gsoap-plugin/src/glite_gsplugin.c +++ b/org.glite.security.gsoap-plugin/src/glite_gsplugin.c @@ -53,12 +53,13 @@ glite_gsplugin_init_context(glite_gsplugin_Context *ctx) int glite_gsplugin_free_context(glite_gsplugin_Context ctx) { - OM_uint32 ms; - + OM_uint32 ms; + if (ctx == NULL) return 0; - if ( ctx->cred != GSS_C_NO_CREDENTIAL ) gss_release_cred(&ms, &ctx->cred); + if ( ctx->internal_credentials && ctx->cred != GSS_C_NO_CREDENTIAL ) + gss_release_cred(&ms, &ctx->cred); if ( ctx->connection ) { if ( ctx->connection->context != GSS_C_NO_CONTEXT ) edg_wll_gss_close(ctx->connection, NULL); @@ -66,10 +67,6 @@ glite_gsplugin_free_context(glite_gsplugin_Context ctx) } if (ctx->error_msg) free(ctx->error_msg); - if (ctx->key_filename) - free(ctx->key_filename); - if (ctx->cert_filename) - free(ctx->cert_filename); free(ctx); return 0; @@ -110,6 +107,7 @@ void glite_gsplugin_set_timeout(glite_gsplugin_Context ctx, struct timeval const else ctx->timeout = NULL; } +#if 0 int glite_gsplugin_set_credential(glite_gsplugin_Context ctx, const char *cert, @@ -129,13 +127,35 @@ glite_gsplugin_set_credential(glite_gsplugin_Context ctx, return 0; } +#endif void +glite_gsplugin_set_credential(glite_gsplugin_Context ctx, + gss_cred_id_t cred) +{ + ctx->cred = cred; + ctx->internal_credentials = 0; +} + +int glite_gsplugin_set_connection(glite_gsplugin_Context ctx, edg_wll_GssConnection *conn) { - free(ctx->connection); - ctx->connection = malloc(sizeof(*ctx->connection)); - memcpy(ctx->connection, conn, sizeof(*ctx->connection)); + int ret = SOAP_OK; + + if ( ctx->connection ) { + if ( ctx->internal_connection && ctx->connection->context != GSS_C_NO_CONTEXT) { + pdprintf(("GSLITE_GSPLUGIN: closing gss connection\n")); + ret = edg_wll_gss_close(ctx->connection, ctx->timeout); + } + free(ctx->connection); + } + if (conn) { + ctx->connection = malloc(sizeof(edg_wll_GssConnection)); + memcpy(ctx->connection, conn, sizeof(edg_wll_GssConnection)); + } else ctx->connection = NULL; + ctx->internal_connection = 0; + + return ret; } int @@ -165,6 +185,7 @@ glite_gsplugin(struct soap *soap, struct soap_plugin *p, void *arg) glite_gsplugin_free_context(pdata->ctx); return EINVAL; } + pdata->ctx->internal_credentials = 1; pdprintf(("GSLITE_GSPLUGIN: server running with certificate: %s\n", subject)); free(subject); pdata->def = 1; @@ -250,14 +271,15 @@ glite_gsplugin_connect( ctx = ((int_plugin_data_t *)soap_lookup_plugin(soap, plugin_id))->ctx; if ( ctx->cred == GSS_C_NO_CREDENTIAL ) { - pdprintf(("GSLITE_GSPLUGIN: loading credentials\n")); - ret = edg_wll_gss_acquire_cred_gsi(ctx->cert_filename, ctx->key_filename, - &ctx->cred, NULL, &gss_stat); + pdprintf(("GSLITE_GSPLUGIN: loading default credentials\n")); + ret = edg_wll_gss_acquire_cred_gsi(NULL, NULL, + &ctx->cred, NULL, &gss_stat); if ( ret ) { edg_wll_gss_get_error(&gss_stat, "failed to load GSI credentials", - &ctx->error_msg); + &ctx->error_msg); goto err; } + ctx->internal_credentials = 1; } if ( !(ctx->connection = malloc(sizeof(*ctx->connection))) ) return errno; @@ -271,6 +293,7 @@ glite_gsplugin_connect( edg_wll_gss_get_error(&gss_stat, "edg_wll_gss_connect()", &ctx->error_msg); goto err; } + ctx->internal_connection = 1; soap->errnum = 0; return 0; @@ -298,21 +321,10 @@ static int glite_gsplugin_close(struct soap *soap) { glite_gsplugin_Context ctx; - int ret = SOAP_OK; - pdprintf(("GSLITE_GSPLUGIN: glite_gsplugin_close()\n")); ctx = ((int_plugin_data_t *)soap_lookup_plugin(soap, plugin_id))->ctx; - if ( ctx->connection ) { - if ( ctx->connection->context != GSS_C_NO_CONTEXT) { - pdprintf(("GSLITE_GSPLUGIN: closing gss connection\n")); - ret = edg_wll_gss_close(ctx->connection, ctx->timeout); - } - free(ctx->connection); - ctx->connection = NULL; - } - - return ret; + return glite_gsplugin_set_connection(ctx, NULL); } @@ -327,8 +339,10 @@ glite_gsplugin_accept(struct soap *soap, int s, struct sockaddr *a, int *n) pdprintf(("GSLITE_GSPLUGIN: glite_gsplugin_accept()\n")); ctx = ((int_plugin_data_t *)soap_lookup_plugin(soap, plugin_id))->ctx; if ( (conn = accept(s, (struct sockaddr *)&a, n)) < 0 ) return conn; - if ( !ctx->connection - && !(ctx->connection = malloc(sizeof(*ctx->connection))) ) return -1; + if ( !ctx->connection ) { + if ( !(ctx->connection = malloc(sizeof(*ctx->connection))) ) return -1; + ctx->internal_connection = 1; + } if ( edg_wll_gss_accept(ctx->cred, conn, ctx->timeout, ctx->connection, &gss_code)) { pdprintf(("GSLITE_GSPLUGIN: Client authentication failed, closing.\n")); edg_wll_gss_get_error(&gss_code, "Client authentication failed", &ctx->error_msg); diff --git a/org.glite.security.gss/Makefile b/org.glite.security.gss/Makefile index 03bd481..3ded94f 100644 --- a/org.glite.security.gss/Makefile +++ b/org.glite.security.gss/Makefile @@ -133,7 +133,7 @@ distbin: install: -mkdir -p ${PREFIX}/lib -mkdir -p ${PREFIX}/share/doc/${package}-${version} - -mkdir -p ${PREFIX}/include/glite/security/${package} + -mkdir -p ${PREFIX}/include/glite/security ${INSTALL} -m 755 ${GSS_LTLIB} ${GSS_THRLTLIB} ${PREFIX}/lib ${INSTALL} -m 644 ${top_srcdir}/LICENSE ${PREFIX}/share/doc/${package}-${version} cd ${top_srcdir}/interface && ${INSTALL} -m 644 ${HDRS} ${PREFIX}/include/glite/security/ -- 1.8.2.3