From 92fdd51e86e47aa542824c14db27a451037ad18b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Tue, 28 Aug 2012 22:39:24 +0000 Subject: [PATCH] Very basic identity mapping based on gridmap-file. Works for state queries. --- org.glite.lb.common/interface/authz.h | 10 +++ org.glite.lb.common/interface/context-int.h | 2 + org.glite.lb.common/src/context.c | 9 +++ org.glite.lb.server/src/bkserverd.c | 17 ++++- org.glite.lb.server/src/lb_authz.c | 89 ++++++++++++++++++++++++ org.glite.lb.server/src/pretty_print_wrapper.cpp | 2 +- 6 files changed, 127 insertions(+), 2 deletions(-) diff --git a/org.glite.lb.common/interface/authz.h b/org.glite.lb.common/interface/authz.h index 1ece9e3..12ed37a 100644 --- a/org.glite.lb.common/interface/authz.h +++ b/org.glite.lb.common/interface/authz.h @@ -59,6 +59,16 @@ typedef struct _edg_wll_authz_policy { typedef struct _edg_wll_authz_policy *edg_wll_authz_policy; +typedef struct _edg_wll_mapping_rule { + char *a; + char *b; +} _edg_wll_mapping_rule; + +typedef struct _edg_wll_id_mapping { + struct _edg_wll_mapping_rule **rules; + int num; +} _edg_wll_id_mapping; + int edg_wll_add_authz_rule(edg_wll_Context ctx, edg_wll_authz_policy policy, diff --git a/org.glite.lb.common/interface/context-int.h b/org.glite.lb.common/interface/context-int.h index 13ab3fd..2635b1d 100644 --- a/org.glite.lb.common/interface/context-int.h +++ b/org.glite.lb.common/interface/context-int.h @@ -188,6 +188,8 @@ glite_lb_padded_struct(_edg_wll_Context,150, char *authz_policy_file; char *html_header_file; + + _edg_wll_id_mapping id_mapping; ) /* to be used internally: set, update and and clear the error information in diff --git a/org.glite.lb.common/src/context.c b/org.glite.lb.common/src/context.c index 6402f93..d0efd1a 100644 --- a/org.glite.lb.common/src/context.c +++ b/org.glite.lb.common/src/context.c @@ -192,6 +192,15 @@ void edg_wll_FreeContext(edg_wll_Context ctx) } free (ctx->authz_policy.actions); } + if (ctx->id_mapping.num) { + for (i = 0; i < ctx->id_mapping.num; i++) { + free(ctx->id_mapping.rules[i]->a); + free(ctx->id_mapping.rules[i]->b); + free(ctx->id_mapping.rules[i]); + } + free(ctx->id_mapping.rules); + ctx->id_mapping.num = 0; + } if (ctx->jpreg_dir) free(ctx->jpreg_dir); if (ctx->serverIdentity) free(ctx->serverIdentity); diff --git a/org.glite.lb.server/src/bkserverd.c b/org.glite.lb.server/src/bkserverd.c index 9028035..c36d2ec 100644 --- a/org.glite.lb.server/src/bkserverd.c +++ b/org.glite.lb.server/src/bkserverd.c @@ -187,6 +187,8 @@ static char **msg_brokers = NULL; static char **msg_prefixes = NULL; char * html_header = NULL; static int html_header_forced = 0; +static char *gridmap = NULL; +struct _edg_wll_id_mapping id_mapping = {NULL, 0}; static struct option opts[] = { @@ -239,10 +241,11 @@ static struct option opts[] = { {"rss-time", 1, NULL, 'I'}, {"policy", 1, NULL, 'l'}, {"exclusive-zombies-off", 0, NULL, 'E'}, + {"gridmap-file",1, NULL, 'M'}, {NULL,0,NULL,0} }; -static const char *get_opt_string = "Ac:k:C:V:p:a:drm:ns:i:S:D:J:jR:F:xOL:N:X:Y:T:t:e:f:zb:gPBo:q:W:Z:GI:l:EH:" +static const char *get_opt_string = "Ac:k:C:V:p:a:drm:M:ns:i:S:D:J:jR:F:xOL:N:X:Y:T:t:e:f:zb:gPBo:q:W:Z:GI:l:EH:" #ifdef GLITE_LB_SERVER_WITH_WS "w:" #endif @@ -272,6 +275,7 @@ static void usage(char *me) "\t-s, --slaves\t number of slave servers to fork\n" "\t-i, --pidfile\t file to store master pid\n" "\t-L, --limits\t query limits numbers in format \"events_limit:jobs_limit:size_limit\"\n" + "\t-M, --gridmap-file\tgridmap-file to map clients identities\"\n" "\t-N, --notif-dur default[:max]\t Duration of notification registrations in seconds (default and maximal)\n" "\t-S, --purge-prefix\t purge files full-path prefix\n" "\t-D, --dump-prefix\t dump files full-path prefix\n" @@ -468,6 +472,7 @@ int main(int argc, char *argv[]) return 1; } break; + case 'M': gridmap = strdup(optarg); break; case 'N': { int std,max; switch (sscanf(optarg,"%d:%d",&std,&max)) { @@ -585,6 +590,14 @@ int main(int argc, char *argv[]) return 1; } + if (gridmap && parse_gridmap(ctx, gridmap, &id_mapping)) { + char *et, *ed; + + edg_wll_Error(ctx,&et,&ed); + glite_common_log(LOG_CATEGORY_CONTROL, LOG_PRIORITY_FATAL, "Cannot load identity mapping: %s: %s\n", et, ed); + return 1; + } + if (!html_header) { char *html_header_prefix = getenv("GLITE_LB_LOCATION_ETC"); if (!html_header_prefix) html_header_prefix="/etc"; @@ -1108,6 +1121,8 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data) if (html_header) ctx->html_header_file = strdup(html_header); else ctx->html_header_file = NULL; + ctx->id_mapping = id_mapping; + gettimeofday(&conn_start, 0); alen = sizeof(a); diff --git a/org.glite.lb.server/src/lb_authz.c b/org.glite.lb.server/src/lb_authz.c index fad7d80..73b4bef 100644 --- a/org.glite.lb.server/src/lb_authz.c +++ b/org.glite.lb.server/src/lb_authz.c @@ -1229,6 +1229,25 @@ edg_wll_acl_print(edg_wll_Context ctx, edg_wll_Acl a, char **policy) } int +equal_mapped(const char *a, const char *b, struct _edg_wll_id_mapping *mapping) +{ + int i; + + if (mapping == NULL || mapping->num == 0) + return 0; + + for (i = 0; i < mapping->num; i++) { + if (edg_wll_gss_equal_subj(a, mapping->rules[i]->a) && + edg_wll_gss_equal_subj(b, mapping->rules[i]->b)) + return 1; + if (edg_wll_gss_equal_subj(a, mapping->rules[i]->b) && + edg_wll_gss_equal_subj(b, mapping->rules[i]->a)) + return 1; + } + return 0; +} + +int check_jobstat_authz(edg_wll_Context ctx, const edg_wll_JobStat *stat, int job_flags, @@ -1247,6 +1266,9 @@ check_jobstat_authz(edg_wll_Context ctx, if (edg_wll_gss_equal_subj(peer->name, stat->owner)) return 1; + if (equal_mapped(peer->name, stat->owner, &ctx->id_mapping)) + return 1; + if (stat->payload_owner && edg_wll_gss_equal_subj(peer->name, stat->payload_owner)) return 1; @@ -1268,3 +1290,70 @@ check_jobstat_authz(edg_wll_Context ctx, return 0; } + +int +parse_gridmap(edg_wll_Context ctx, + const char *file, + struct _edg_wll_id_mapping *mapping) +{ + FILE *fd = NULL; + char line[4096]; + char *p, *a, *b; + int ret; + struct _edg_wll_mapping_rule *rule = NULL, **tmp; + + fd = fopen(file, "r"); + if (fd == NULL) + return edg_wll_SetError(ctx, errno, "Failed to open mapping file"); + + /* XXX -1 */ + while (fgets(line, sizeof(line), fd) != NULL) { + p = strchr(line, '\n'); + if (p) + *p = '\0'; + + p = line; + while(p && *p == ' ') + p++; + a = p; + + p = strchr(line, ' '); + if (!p) { + ret = edg_wll_SetError(ctx, EINVAL, "Wrong format of mapping file"); + goto end; + } + *p++ = '\0'; + + while(p && *p == ' ') + p++; + b = p; + + rule = malloc(sizeof(*rule)); + if (rule == NULL) { + ret = edg_wll_SetError(ctx, ENOMEM, "Not enough memory"); + goto end; + } + rule->a = strdup(a); + rule->b = strdup(b); + if (rule->a == NULL || rule->b == NULL) { + ret = edg_wll_SetError(ctx, ENOMEM, "Not enough memory"); + goto end; + } + + tmp = realloc(mapping->rules, (mapping->num+1) * sizeof(*tmp)); + if (tmp == NULL) { + ret = edg_wll_SetError(ctx, ENOMEM, "Not enough memory"); + goto end; + } + mapping->rules = tmp; + mapping->rules[mapping->num++] = rule; + rule = NULL; + } + + ret = 0; + +end: + fclose(fd); + + return ret; +} diff --git a/org.glite.lb.server/src/pretty_print_wrapper.cpp b/org.glite.lb.server/src/pretty_print_wrapper.cpp index d8968d6..c66ff54 100644 --- a/org.glite.lb.server/src/pretty_print_wrapper.cpp +++ b/org.glite.lb.server/src/pretty_print_wrapper.cpp @@ -17,9 +17,9 @@ limitations under the License. #include "pretty_print_wrapper.h" -#include #include #include +#include int pretty_print(char *jdl, char **formated_print){ CLASSAD_NAMESPACE ClassAd *classad; -- 1.8.2.3