From d77904dae294a929e5cde5e4e297e0f453985fb1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Mon, 6 Aug 2007 14:38:13 +0000 Subject: [PATCH] Removed external dependency on Globus - Globus is still used in implementation but the header doesn't pull in Globus headers - Own variable types used instead of GSSAPI ones - Added new calls encapsulating some GSSAPI functionalities --- org.glite.security.gss/interface/glite_gss.h | 57 ++++++++++----- org.glite.security.gss/src/glite_gss.c | 103 +++++++++++++++++++++++++-- org.glite.security.gss/test/test_gss.cpp | 4 +- 3 files changed, 143 insertions(+), 21 deletions(-) diff --git a/org.glite.security.gss/interface/glite_gss.h b/org.glite.security.gss/interface/glite_gss.h index ed5de59..e0d83a9 100644 --- a/org.glite.security.gss/interface/glite_gss.h +++ b/org.glite.security.gss/interface/glite_gss.h @@ -3,12 +3,12 @@ #ident "$Header$" -#include - #ifdef __cplusplus extern "C" { #endif +#include + enum { EDG_WLL_GSS_OK = 0, /* no GSS errors */ EDG_WLL_GSS_ERROR_GSS = -1, /* GSS specific error, call edg_wll_get_gss_error() for details */ @@ -18,30 +18,56 @@ enum { EDG_WLL_GSS_ERROR_HERRNO = -5 /* Resolver error. See h_errno */ }; +enum { + EDG_WLL_GSS_FLAG_DELEG = 1, + EDG_WLL_GSS_FLAG_CONF = 16, + EDG_WLL_GSS_FLAG_INTEG = 32, + EDG_WLL_GSS_FLAG_ANON = 64, +}; + +typedef void * edg_wll_GssName; +typedef void * edg_wll_GssCtx; +typedef void * edg_wll_GssCred; + typedef struct _edg_wll_GssConnection { - gss_ctx_id_t context; + edg_wll_GssCtx context; int sock; char *buffer; size_t bufsize; } edg_wll_GssConnection; typedef struct _edg_wll_GssStatus { - OM_uint32 major_status; - OM_uint32 minor_status; + unsigned int major_status; + unsigned int minor_status; } edg_wll_GssStatus; -/* XXX Support anonymous connections. Are we able/required to support - * anonymous servers as well. */ +typedef struct _edg_wll_GssPrincipal_data { + char *name; + unsigned int flags; +#if 0 + char **fqans; + char **voms_groups; /* needed for legacy LB server authZ mechanism */ + edg_wll_GssOid authn_mech; +#endif +} edg_wll_GssPrincipal_data; +typedef struct _edg_wll_GssPrincipal_data *edg_wll_GssPrincipal; + +int +edg_wll_gss_initialize(void); int edg_wll_gss_acquire_cred_gsi(const char *cert_file, const char *key_file, - gss_cred_id_t *cred, + edg_wll_GssCred *cred, char **name, edg_wll_GssStatus* gss_code); +int +edg_wll_gss_release_cred(edg_wll_GssCred cred, + edg_wll_GssStatus* gss_code); + int -edg_wll_gss_connect(gss_cred_id_t cred, +edg_wll_gss_connect(edg_wll_GssCred cred, char const *hostname, int port, struct timeval *timeout, @@ -49,7 +75,7 @@ edg_wll_gss_connect(gss_cred_id_t cred, edg_wll_GssStatus* gss_code); int -edg_wll_gss_accept(gss_cred_id_t cred, +edg_wll_gss_accept(edg_wll_GssCred cred, int sock, struct timeval *timeout, edg_wll_GssConnection *connection, @@ -102,13 +128,12 @@ int edg_wll_gss_reject(int sock); int -edg_wll_gss_oid_equal(const gss_OID a, - const gss_OID b); +edg_wll_gss_get_client_conn(edg_wll_GssConnection *connection, + edg_wll_GssPrincipal *principal, + edg_wll_GssStatus* gss_code); -/* -int -edg_wll_gss_get_name(gss_cred_id_t cred, char **name); -*/ +void +edg_wll_gss_free_princ(edg_wll_GssPrincipal principal); int edg_wll_gss_gethostname(char *name, int len); diff --git a/org.glite.security.gss/src/glite_gss.c b/org.glite.security.gss/src/glite_gss.c index 893a771..722eca2 100644 --- a/org.glite.security.gss/src/glite_gss.c +++ b/org.glite.security.gss/src/glite_gss.c @@ -16,6 +16,7 @@ #include #include +#include #include "glite_gss.h" @@ -490,7 +491,7 @@ destroy_proxy(char *proxy_file) } int -edg_wll_gss_acquire_cred_gsi(const char *cert_file, const char *key_file, gss_cred_id_t *cred, +edg_wll_gss_acquire_cred_gsi(const char *cert_file, const char *key_file, edg_wll_GssCred *cred, char **name, edg_wll_GssStatus* gss_code) { OM_uint32 major_status = 0, minor_status, minor_status2; @@ -605,7 +606,7 @@ end: #define _EXPIRED_ALERT_RETRY_DELAY 10 /* ms */ int -edg_wll_gss_connect(gss_cred_id_t cred, char const *hostname, int port, +edg_wll_gss_connect(edg_wll_GssCred cred, char const *hostname, int port, struct timeval *timeout, edg_wll_GssConnection *connection, edg_wll_GssStatus* gss_code) { @@ -736,7 +737,7 @@ end: } int -edg_wll_gss_accept(gss_cred_id_t cred, int sock, struct timeval *timeout, +edg_wll_gss_accept(edg_wll_GssCred cred, int sock, struct timeval *timeout, edg_wll_GssConnection *connection, edg_wll_GssStatus* gss_code) { OM_uint32 maj_stat, min_stat, min_stat2; @@ -973,7 +974,7 @@ edg_wll_gss_close(edg_wll_GssConnection *con, struct timeval *timeout) /* XXX if timeout is NULL use value of 120 secs */ if (con->context != GSS_C_NO_CONTEXT) { - gss_delete_sec_context(&min_stat, &con->context, GSS_C_NO_BUFFER); + gss_delete_sec_context(&min_stat, con->context, GSS_C_NO_BUFFER); /* XXX send the buffer (if any) to the peer. GSSAPI specs doesn't * recommend sending it, though */ @@ -1058,6 +1059,100 @@ edg_wll_gss_reject(int sock) return 0; } + +int +edg_wll_gss_initialize(void) +{ + int ret; + + ret = globus_module_activate(GLOBUS_GSI_GSSAPI_MODULE); + if (ret != GLOBUS_SUCCESS) { + errno = EINVAL; + ret = EDG_WLL_GSS_ERROR_ERRNO; + } + return ret; +} + +int +edg_wll_gss_release_cred(edg_wll_GssCred cred, edg_wll_GssStatus* gss_code) +{ + OM_uint32 maj_stat, min_stat; + int ret = 0; + + maj_stat = gss_release_cred(&min_stat, cred); + if (GSS_ERROR(maj_stat)) { + ret = EDG_WLL_GSS_ERROR_GSS; + if (gss_code) { + gss_code->major_status = maj_stat; + gss_code->minor_status = min_stat; + } + } + + return ret; +} + +int +edg_wll_gss_get_client_conn(edg_wll_GssConnection *connection, + edg_wll_GssPrincipal *principal, + edg_wll_GssStatus* gss_code) +{ + gss_buffer_desc token = GSS_C_EMPTY_BUFFER; + OM_uint32 maj_stat, min_stat, ctx_flags; + gss_name_t client_name = GSS_C_NO_NAME; + edg_wll_GssPrincipal p; + int ret; + + maj_stat = gss_inquire_context(&min_stat, connection->context, &client_name, + NULL, NULL, NULL, &ctx_flags, NULL, NULL); + if (GSS_ERROR(maj_stat)) + goto end; + + maj_stat = gss_display_name(&min_stat, client_name, &token, NULL); + if (GSS_ERROR(maj_stat)) + goto end; + + p = calloc(1, sizeof(*principal)); + if (p == NULL) { + errno = ENOMEM; + ret = EDG_WLL_GSS_ERROR_ERRNO; + goto end; + } + + p->name = strdup(token.value); + p->flags = ctx_flags; + + *principal = p; + ret = 0; + +end: + if (GSS_ERROR(maj_stat)) { + ret = EDG_WLL_GSS_ERROR_GSS; + if (gss_code) { + gss_code->major_status = maj_stat; + gss_code->minor_status = min_stat; + } + } + + if (token.length) + gss_release_buffer(&min_stat, &token); + if (client_name != GSS_C_NO_NAME) + gss_release_name(&min_stat, &client_name); + + return ret; +} + +void +edg_wll_gss_free_princ(edg_wll_GssPrincipal principal) +{ + if (principal == NULL) + return; + + if (principal->name) + free(principal->name); + + free(principal); +} + int edg_wll_gss_gethostname(char *name, int len) { diff --git a/org.glite.security.gss/test/test_gss.cpp b/org.glite.security.gss/test/test_gss.cpp index 630de3f..288d405 100644 --- a/org.glite.security.gss/test/test_gss.cpp +++ b/org.glite.security.gss/test/test_gss.cpp @@ -3,6 +3,8 @@ #include #include #include +#include +#include #include #include @@ -31,7 +33,7 @@ public: void setUp(); private: - gss_cred_id_t my_cred; + edg_wll_GssCred my_cred; char * my_subject; int sock, port; struct timeval timeout; -- 1.8.2.3