From 8468f8272f5cdbd66595a201da0aa98c77842f12 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ale=C5=A1=20K=C5=99enek?= <ljocha@ics.muni.cz>
Date: Tue, 16 Oct 2007 17:12:30 +0000
Subject: [PATCH] merge 31

---
 org.glite.lb.client/src/Event.cpp.T     | 12 +++-
 org.glite.lb.client/src/JobStatus.cpp.T |  1 +
 org.glite.lb.client/src/args.c.T        |  1 +
 org.glite.lb.client/src/connection.c    | 98 +++++++++++++++++++++++++++++----
 org.glite.lb.client/src/export.sh       | 21 ++++++-
 5 files changed, 119 insertions(+), 14 deletions(-)

diff --git a/org.glite.lb.client/src/Event.cpp.T b/org.glite.lb.client/src/Event.cpp.T
index 7b800ed..03bd29b 100644
--- a/org.glite.lb.client/src/Event.cpp.T
+++ b/org.glite.lb.client/src/Event.cpp.T
@@ -317,6 +317,7 @@ Event::name(void) const
 }
 
 
+/* FIXME: this will not work with the current frozen assignment of constants in Event.h */
 static 
 std::string const attr_names[Event::ATTR_MAX] = {
 @@@{
@@ -387,12 +388,21 @@ std::vector<std::pair<Event::Attr,Event::AttrType> > const & Event::getAttrs(voi
 
 const std::string Event::getEventName(Type type)
 {
+	char *s;
+
 	if(type < 0 || type >= TYPE_MAX) {
 		STACK_ADD;
 		throw(Exception(EXCEPTION_MANDATORY, EINVAL, "invalid event type"));
 	}
 
-	return std::string(edg_wll_EventToString(edg_wll_EventCode(type)));
+	s = edg_wll_EventToString(edg_wll_EventCode(type));
+	if (!s) {
+		STACK_ADD;
+		throw(Exception(EXCEPTION_MANDATORY, EINVAL, "invalid event type"));
+	}
+	std::string ret(s);
+	free(s);
+	return ret;
 }
 
 
diff --git a/org.glite.lb.client/src/JobStatus.cpp.T b/org.glite.lb.client/src/JobStatus.cpp.T
index 5498313..1a29c76 100644
--- a/org.glite.lb.client/src/JobStatus.cpp.T
+++ b/org.glite.lb.client/src/JobStatus.cpp.T
@@ -405,6 +405,7 @@ JobStatus::getValJobStatusList(Attr attr) const
 }
 
 
+/* FIXME: this will not work with the current frozen assignment of constants in JobStatus.h */
 static std::string const attr_names[JobStatus::ATTR_MAX] = {
 @@@{
 	for (sort {$a cmp $b} getAllFields $status) {
diff --git a/org.glite.lb.client/src/args.c.T b/org.glite.lb.client/src/args.c.T
index f7ed2ed..d140c2f 100644
--- a/org.glite.lb.client/src/args.c.T
+++ b/org.glite.lb.client/src/args.c.T
@@ -228,6 +228,7 @@ static void read_event(const edg_wll_Args* o, char* arg, char* par)
 	    // list type
 	    int i;
 	    printf("Available events:   extra options\n");
+/* XXX: holes in edg_wll_EventCode */
 	    for (i = EDG_WLL_EVENT_UNDEF + 1; i < EDG_WLL_EVENT__LAST; i++)
 	    {
 		char* e = edg_wll_EventToString(i);
diff --git a/org.glite.lb.client/src/connection.c b/org.glite.lb.client/src/connection.c
index 2924bd5..0e321fc 100644
--- a/org.glite.lb.client/src/connection.c
+++ b/org.glite.lb.client/src/connection.c
@@ -39,6 +39,7 @@ int CloseConnection(edg_wll_Context ctx, int* conn_index)
 		edg_wll_gss_release_cred(&ctx->connections->connPool[cIndex].gsiCred, NULL);
 	free(ctx->connections->connPool[cIndex].peerName);
 	free(ctx->connections->connPool[cIndex].buf);
+	free(ctx->connections->connPool[cIndex].certfile);
 	
 	memset(ctx->connections->connPool + cIndex, 0, sizeof(edg_wll_ConnPool));
 	
@@ -54,11 +55,23 @@ int CloseConnection(edg_wll_Context ctx, int* conn_index)
 int ConnectionIndex(edg_wll_Context ctx, const char *name, int port)
 {
 	int i;
+	struct stat statinfo;
+	int using_certfile = 0;
+
+	if (ctx->p_proxy_filename || ctx->p_cert_filename) {
+		stat(ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, &statinfo);
+		using_certfile = 1;
+	}
 
         for (i=0; i<ctx->connections->poolSize;i++) { 
-		if ((ctx->connections->connPool[i].peerName != NULL) &&
-                    !strcmp(name, ctx->connections->connPool[i].peerName) &&
-		   (port == ctx->connections->connPool[i].peerPort)) {
+//		printf("*** Testing connection %d: peerName = %s, peerPort = %d, file = %s\n", i, ctx->connections->connPool[i].peerName != NULL ? ctx->connections->connPool[i].peerName : "NULL", ctx->connections->connPool[i].peerPort, ctx->connections->connPool[i].file);
+		if ((ctx->connections->connPool[i].peerName != NULL) &&		// Conn Pool record must exist
+                    !strcmp(name, ctx->connections->connPool[i].peerName) &&	// Server names must be equal
+		   (port == ctx->connections->connPool[i].peerPort) && 		// Ports must be equal
+			(!using_certfile ||					// we are either using the default cert file
+				((ctx->connections->connPool[i].certfile->st_ino == statinfo.st_ino) &&	 // or checking which file
+				 (ctx->connections->connPool[i].certfile->st_dev == statinfo.st_dev)))) { // this conn uses to auth.
+
 
 			/* TryLock (next line) is in fact used only 
 			   to check the mutex status */
@@ -105,7 +118,8 @@ int AddConnection(edg_wll_Context ctx, char *name, int port)
 	free(ctx->connections->connPool[index].peerName);	// should be empty; just to be sure
 	ctx->connections->connPool[index].peerName = strdup(name);
 	ctx->connections->connPool[index].peerPort = port;
-	ctx->connections->connPool[index].gsiCred = NULL; // initial value
+	ctx->connections->connPool[index].gsiCred = GSS_C_NO_CREDENTIAL; // initial value
+	ctx->connections->connPool[index].certfile = NULL;
 	ctx->connections->connOpened++;
 
 	return index;
@@ -181,12 +195,19 @@ int edg_wll_open(edg_wll_Context ctx, int* connToUse)
 {
 	int index;
 	edg_wll_GssStatus gss_stat;
+	OM_uint32 lifetime = 0;
+	struct stat statinfo;
+	int acquire_cred = 0;
 	
 
 	edg_wll_ResetError(ctx);
 
         edg_wll_poolLock(); /* We are going to search the pool, it has better be locked */
 
+        /* July 12, 2007 - ZS - Searching the pool for srvName/srvPort is not enough.
+        we also need to check the user identity so that there may be several connections
+        open to the same server using different identities. */
+
 	if ( (index = ConnectionIndex(ctx, ctx->srvName, ctx->srvPort)) == -1 ) {
 		/* no such open connection in pool */
 		if (ctx->connections->connOpened == ctx->connections->poolSize)
@@ -210,16 +231,54 @@ int edg_wll_open(edg_wll_Context ctx, int* connToUse)
 
 	*connToUse = index;
 	
-	/* XXX support anonymous connections, perhaps add a flag to the connPool
+	/* Old Comment: support anonymous connections, perhaps add a flag to the connPool
 	 * struct specifying whether or not this connection shall be authenticated
 	 * to prevent from repeated calls to edg_wll_gss_acquire_cred_gsi() */
-	if (!ctx->connections->connPool[index].gsiCred && 
-	    edg_wll_gss_acquire_cred_gsi(
-	       ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
-	       ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
-	       &ctx->connections->connPool[index].gsiCred, NULL, &gss_stat)) {
-	    edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat);
-	    goto err;
+
+	// In case of using a specifically given cert file, stat it and check for the need to reauthenticate
+	if (ctx->p_proxy_filename || ctx->p_cert_filename) {
+		if (ctx->connections->connPool[index].certfile)	{	// Has the file been stated before?
+			stat(ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, &statinfo);
+			if (ctx->connections->connPool[index].certfile->st_mtime != statinfo.st_mtime)
+				acquire_cred = 1;	// File has been modified. Need to acquire new creds.
+		}
+		else acquire_cred = 1; 
+	}
+		
+	// Check if credentials exist. If so, check validity
+	if (ctx->connections->connPool[index].gsiCred) {
+		gss_inquire_cred(ctx->connections->connPool[index].gsiCred, NULL, &lifetime, NULL, NULL, NULL);
+        	#ifdef EDG_WLL_CONNPOOL_DEBUG	
+			printf ("Credential exists, lifetime: %d\n", lifetime);
+		#endif
+		if (!lifetime) acquire_cred = 1;	// Credentials exist and lifetime is OK. No need to authenticate.
+	}
+	else {
+			acquire_cred = 1;	// No credentials exist so far, acquire. 
+	}
+
+
+	if (acquire_cred) {
+		if (edg_wll_gss_acquire_cred_gsi(
+	        	ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename,
+		       ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename,
+		       &ctx->connections->connPool[index].gsiCred, NULL, &gss_stat)) {
+		    edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat);
+		    goto err;
+		}
+		else {
+			// Credentials Acquired successfully. Storing file identification.
+        		#ifdef EDG_WLL_CONNPOOL_DEBUG	
+				printf("Cert file: %s\n", ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename);
+			#endif
+
+			if (ctx->p_proxy_filename || ctx->p_cert_filename) {
+				if (!ctx->connections->connPool[index].certfile) // Allocate space for certfile stats
+					ctx->connections->connPool[index].certfile = 
+						(struct stat*)calloc(1, sizeof(struct stat));
+				stat(ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->connections->connPool[index].certfile);
+			}
+		}
 	}
 
 	if (ctx->connections->connPool[index].gss.context == NULL) {	
@@ -473,6 +532,9 @@ int edg_wll_http_send_recv_proxy(
 	char ***resp_head,
 	char **resp_body)
 {
+	int	err;
+	char	*et = NULL;
+
 	if (edg_wll_open_proxy(ctx)) return edg_wll_Error(ctx,NULL,NULL);
 	
 	switch (edg_wll_http_send_proxy(ctx,request,req_head,req_body)) {
@@ -492,6 +554,18 @@ int edg_wll_http_send_recv_proxy(
 			|| edg_wll_http_send_proxy(ctx,request,req_head,req_body)
 			|| edg_wll_http_recv_proxy(ctx,response,resp_head,resp_body));
 	}
+
+	/* XXX: workaround for bug #25153, don't keep proxy connection at all
+	 * May have slight performance impact, it would be nice to cover proxy
+	 * connections in the pool too.
+	 */
+
+	err = edg_wll_Error(ctx,NULL,&et);
+	edg_wll_close_proxy(ctx);
+	if (err) {
+		edg_wll_SetError(ctx,err,et);
+		free(et);
+	}
 	
 	return edg_wll_Error(ctx,NULL,NULL);
 }
diff --git a/org.glite.lb.client/src/export.sh b/org.glite.lb.client/src/export.sh
index eec2d92..7e21d95 100644
--- a/org.glite.lb.client/src/export.sh
+++ b/org.glite.lb.client/src/export.sh
@@ -39,7 +39,7 @@ GLITE_LB_EXPORT_JPDUMP_MAILDIR=${GLITE_LB_EXPORT_JPDUMP_MAILDIR:-/tmp/jpdump}
 # directory with exported data (file per job)
 GLITE_LB_EXPORT_JOBSDIR=${GLITE_LB_EXPORT_JOBSDIR:-/tmp/lbexport}
 # purge args (timeouts)
-GLITE_LB_EXPORT_PURGE_ARGS=${GLITE_LB_EXPORT_PURGE_ARGS:---cleared 2d --aborted 2w --cancelled 2w --other 2m}
+GLITE_LB_EXPORT_PURGE_ARGS=${GLITE_LB_EXPORT_PURGE_ARGS:---cleared 2d --aborted 2w --cancelled 2w --other 60d}
 # Book Keeping Server
 GLITE_LB_SERVER_PORT=${GLITE_LB_SERVER_PORT:-9000}
 GLITE_LB_EXPORT_BKSERVER=${GLITE_LB_EXPORT_BKSERVER:-localhost:$GLITE_LB_SERVER_PORT}
@@ -53,10 +53,17 @@ GLITE_LB_EXPORT_ENABLED=${GLITE_LB_EXPORT_ENABLED:-true}
 [ -d $GLITE_LB_EXPORT_PURGEDIR_KEEP ] || mkdir -p $GLITE_LB_EXPORT_PURGEDIR_KEEP
 [ -d $GLITE_LB_EXPORT_JOBSDIR ] || mkdir -p $GLITE_LB_EXPORT_JOBSDIR
 
+<<<<<<< TODO: merge export.sh
 if [ x"$GLITE_LB_PURGE_ENABLED" = x"true" ]; then
 	X509_USER_CERT="$X509_USER_CERT" X509_USER_KEY="$X509_USER_KEY" $PREFIX/bin/glite-lb-purge $GLITE_LB_EXPORT_PURGE_ARGS -l -m $GLITE_LB_EXPORT_BKSERVER -s
 fi
+=======
+if [ x"$GLITE_LB_PURGE_ENABLED" = x"true" ]; then
+	X509_USER_CERT="$X509_USER_CERT" X509_USER_KEY="$X509_USER_KEY" $PREFIX/sbin/glite-lb-purge $GLITE_LB_EXPORT_PURGE_ARGS -l -m $GLITE_LB_EXPORT_BKSERVER -s
+fi
+>>>>>>> 1.2.4.2
 
+<<<<<<< TODO: merge export.sh
 if [ x"$GLITE_LB_EXPORT_ENABLED" = x"true" ]; then
   for file in $GLITE_LB_EXPORT_PURGEDIR/*; do
     if [ -s $file ]; then
@@ -66,6 +73,18 @@ if [ x"$GLITE_LB_EXPORT_ENABLED" = x"true" ]; then
       else
         rm $file
       fi
+=======
+if [ x"$GLITE_LB_EXPORT_ENABLED" = x"true" ]; then
+  list=`ls $GLITE_LB_EXPORT_PURGEDIR/* 2>/dev/null`
+  for file in $list; do
+    if [ -s $file ]; then
+      $PREFIX/sbin/glite-lb-lb_dump_exporter -d $file -s $GLITE_LB_EXPORT_JOBSDIR -m $GLITE_LB_EXPORT_JPDUMP_MAILDIR
+      if [ -n "$GLITE_LB_EXPORT_PURGEDIR_KEEP" ]; then
+        mv $file $GLITE_LB_EXPORT_PURGEDIR_KEEP
+      else
+        rm $file
+      fi
+>>>>>>> 1.2.4.2
     else
       rm $file
     fi
-- 
1.8.2.3