From cee0c9f3870ba67a1bac0482a73dffa9abb0db04 Mon Sep 17 00:00:00 2001 From: Shiv Kaushal Date: Mon, 20 Jun 2005 13:24:15 +0000 Subject: [PATCH] Fixed VOMS detection in admin CGI (UserHasCred) and GRSTx509CompactToCred --- org.gridsite.core/src/grst_admin_main.c | 33 +++++++++++++++++++++++---------- org.gridsite.core/src/grst_gacl.c | 30 ++---------------------------- org.gridsite.core/src/grst_x509.c | 6 +++--- 3 files changed, 28 insertions(+), 41 deletions(-) diff --git a/org.gridsite.core/src/grst_admin_main.c b/org.gridsite.core/src/grst_admin_main.c index 22f0da5..a9e9f0e 100644 --- a/org.gridsite.core/src/grst_admin_main.c +++ b/org.gridsite.core/src/grst_admin_main.c @@ -87,7 +87,7 @@ void GRSThttpError(char *status) printf("Server-CGI: GridSite Admin %s\n", VERSION); printf("Content-Length: %d\n", 2 * strlen(status) + 58); puts("Content-Type: text/html\n"); - + printf("%s\n", status); printf("

%s

\n", status); @@ -108,7 +108,7 @@ void adminfooter(GRSThttpBody *bp, char *dn, char *help_uri, char *dir_uri, dir_uri, admin_file); else GRSThttpPrintf(bp, "" "Back to directory .\n", dir_uri); - + if (help_uri != NULL) GRSThttpPrintf(bp, "Website Help .\n", help_uri); @@ -179,13 +179,13 @@ void justfooter(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *dir_uri, char *admin_file) { GRSThttpBody bp; - + puts("Status: 200 OK\nContent-Type: text/html"); GRSThttpBodyInit(&bp); if (GRSTgaclPermHasList(perm) || GRSTgaclPermHasWrite(perm) - || GRSTgaclPermHasAdmin(perm)) + || GRSTgaclPermHasAdmin(perm)) adminfooter(&bp, dn, help_uri, dir_uri, admin_file); GRSThttpPrintHeaderFooter(&bp, dir_path, GRST_FOOTFILE); @@ -195,10 +195,10 @@ void justfooter(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, int main() { - int gsiproxylimit_i = 1; + int i, gsiproxylimit_i = 1; char *cmd, *dir_uri, *file, *dir_path, *admin_file, *dn = NULL, *help_uri, *p, *content_type, *request_uri, *button, - *grst_cred_0, *gsiproxylimit, *dn_lists; + *grst_cred_0, *gsiproxylimit, *dn_lists, buf[12]; GRSTgaclCred *cred; GRSTgaclUser *user = NULL; GRSTgaclAcl *acl; @@ -233,11 +233,24 @@ int main() if ((p = index(grst_cred_0, ' ')) && (p = index(++p, ' ')) && (p = index(++p, ' ')) && - (p = index(++p, ' '))) dn = &p[1]; - } + (p = index(++p, ' '))) dn = &p[1]; + } + /* User has a cert so check for voms attributes */ + for(i=1; ; i++) + { + sprintf (buf, "GRST_CRED_%d", i); + + + grst_cred_0 = getenv(buf); + if (grst_cred_0==NULL) break; + + if (cred=GRSTx509CompactToCred(grst_cred_0)) + GRSTgaclUserAddCred(user, cred); + } + /* no more voms attributes found found */ } else if ((dn = getenv("SSL_CLIENT_S_DN")) != NULL) - { + { cred = GRSTgaclCredNew("person"); GRSTgaclCredAddValue(cred, "dn", dn); user = GRSTgaclUserNew(cred); @@ -277,7 +290,7 @@ int main() if ((content_type != NULL) && (GRSTstrCmpShort(content_type, "multipart/form-data; boundary=") == 0)) - { + { uploadfile(dn, perm, help_uri, dir_path, dir_uri, admin_file); return 0; } diff --git a/org.gridsite.core/src/grst_gacl.c b/org.gridsite.core/src/grst_gacl.c index e5180de..1df2f02 100644 --- a/org.gridsite.core/src/grst_gacl.c +++ b/org.gridsite.core/src/grst_gacl.c @@ -837,8 +837,7 @@ int GRSTgaclUserHasCred(GRSTgaclUser *user, GRSTgaclCred *cred) { GRSTgaclCred *crediter; GRSTgaclNamevalue *usernamevalue, *crednamevalue; - int i; - char buf[12]; + if (cred == NULL) return 0; @@ -854,33 +853,8 @@ int GRSTgaclUserHasCred(GRSTgaclUser *user, GRSTgaclCred *cred) return GRSTgaclDNlistHasUser((cred->firstname)->value, user); } - /* Check for voms attributes*/ - - if (strcmp(cred->type, "voms")==0) - { - if ( (user->firstcred==NULL) || - ((user->firstcred)->firstname == NULL) || - (cred->firstname == NULL) || - (strcmp((cred->firstname)->name, "fqan") != 0) || - ((cred->firstname)->next != NULL)) return 0; - - /*assuimng only one name/value pair per cred*/ - for(i=1; ; i++) - { - sprintf (buf, "GRST_CRED_%d", i); - if (getenv(buf)==NULL) break; - - if (strcmp ( - index(getenv(buf),'/'), - (cred->firstname)->value - ) - == 0) return 1; - } - /* no match found */ - return 0; - } - if (strcmp(cred->type, "dns") == 0) + if (strcmp(cred->type, "dns") == 0) { if ((user->firstcred == NULL) || ((user->firstcred)->firstname == NULL) || diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index 942dd7e..ccf6100 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -647,7 +647,7 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) if (strncmp(grst_cred, "VOMS ", 5) == 0) { - if ((sscanf(grst_cred, "VOMS %lu %lu", + if ((sscanf(grst_cred, "VOMS %lu %lu %d", ¬before, ¬after, &delegation) == 3) && (now >= notbefore) && (now <= notafter) @@ -658,11 +658,11 @@ GRSTgaclCred *GRSTx509CompactToCred(char *grst_cred) { /* include /VO/group/subgroup/Role=role/Capability=cap */ - if (*p != '/') return NULL; /* must begin with / */ + if (p[1] != '/') return NULL; /* must begin with / */ cred = GRSTgaclCredNew("voms"); GRSTgaclCredSetDelegation(cred, delegation); - GRSTgaclCredAddValue(cred, "fqan", p); + GRSTgaclCredAddValue(cred, "fqan", &p[1]); } return cred; -- 1.8.2.3