From e26e0af74010009adb5c4acf97894e89ad089654 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Fri, 9 Nov 2007 16:16:09 +0000 Subject: [PATCH] changed to use the modified glite_gss API --- org.glite.jp.primary/src/bones_server.c | 6 ++++-- org.glite.jp.primary/src/is_client.c | 2 +- org.glite.lb.client/examples/log_usertag_proxy.c | 2 +- org.glite.lb.client/src/connection.c | 8 ++++---- org.glite.lb.client/src/logevent.c.T | 4 +++- org.glite.lb.client/src/prod_proto.c | 13 ++++++++----- org.glite.lb.client/src/producer.c | 12 ++++-------- org.glite.lb.logger/src/interlogd.c | 2 +- org.glite.lb.logger/src/logd.c | 18 ++++-------------- org.glite.lb.logger/src/recover.c | 2 +- org.glite.lb.server/src/bkserverd.c | 11 +++++------ .../examples/wscalc_srv_ex.c | 2 +- .../examples/wscalc_srv_ex2.c | 8 +++----- org.glite.security.gsoap-plugin/src/glite_gsplugin.c | 11 +++++------ 14 files changed, 45 insertions(+), 56 deletions(-) diff --git a/org.glite.jp.primary/src/bones_server.c b/org.glite.jp.primary/src/bones_server.c index a15ba94..891d751 100644 --- a/org.glite.jp.primary/src/bones_server.c +++ b/org.glite.jp.primary/src/bones_server.c @@ -172,8 +172,10 @@ int main(int argc, char *argv[]) if ( cadir ) setenv("X509_CERT_DIR", cadir, 1); edg_wll_gss_watch_creds(server_cert, &cert_mtime); - if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &mysubj, &gss_code)) + if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &gss_code)) { + mysubj = strdup(mycred->name); fprintf(stderr,"Server idenity: %s\n",mysubj); + } else fputs("WARNING: Running unauthenticated\n",stderr); /* XXX: daemonise */ @@ -256,7 +258,7 @@ static int newconn(int conn,struct timeval *to,void *data) switch (edg_wll_gss_watch_creds(server_cert,&cert_mtime)) { case 0: break; case 1: if (!edg_wll_gss_acquire_cred_gsi(server_cert,server_key, - &newcred,NULL,&gss_code)) + &newcred,&gss_code)) { printf("[%d] reloading credentials\n",getpid()); /* XXX: log */ diff --git a/org.glite.jp.primary/src/is_client.c b/org.glite.jp.primary/src/is_client.c index f35a1bb..b26a18e 100644 --- a/org.glite.jp.primary/src/is_client.c +++ b/org.glite.jp.primary/src/is_client.c @@ -46,7 +46,7 @@ static int check_other_soap(glite_jp_context_t ctx) if (server_key || server_cert) { edg_wll_GssCred cred; - ret = edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &cred, NULL, NULL); + ret = edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &cred, NULL); glite_gsplugin_set_credential(plugin_ctx, cred); } diff --git a/org.glite.lb.client/examples/log_usertag_proxy.c b/org.glite.lb.client/examples/log_usertag_proxy.c index 337ad56..1719ea8 100644 --- a/org.glite.lb.client/examples/log_usertag_proxy.c +++ b/org.glite.lb.client/examples/log_usertag_proxy.c @@ -72,7 +72,7 @@ int main(int argc, char *argv[]) if ( edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? : ctx->p_cert_filename, ctx->p_proxy_filename ? : ctx->p_key_filename, - NULL, &user_dn, &gss_stat) ) { + NULL, &gss_stat) ) { fprintf(stderr, "failed to load GSI credentials\n"); retrun 1; } diff --git a/org.glite.lb.client/src/connection.c b/org.glite.lb.client/src/connection.c index 0e321fc..5492a34 100644 --- a/org.glite.lb.client/src/connection.c +++ b/org.glite.lb.client/src/connection.c @@ -118,7 +118,7 @@ int AddConnection(edg_wll_Context ctx, char *name, int port) free(ctx->connections->connPool[index].peerName); // should be empty; just to be sure ctx->connections->connPool[index].peerName = strdup(name); ctx->connections->connPool[index].peerPort = port; - ctx->connections->connPool[index].gsiCred = GSS_C_NO_CREDENTIAL; // initial value + ctx->connections->connPool[index].gsiCred = NULL; // initial value ctx->connections->connPool[index].certfile = NULL; ctx->connections->connOpened++; @@ -195,7 +195,7 @@ int edg_wll_open(edg_wll_Context ctx, int* connToUse) { int index; edg_wll_GssStatus gss_stat; - OM_uint32 lifetime = 0; + time_t lifetime = 0; struct stat statinfo; int acquire_cred = 0; @@ -247,7 +247,7 @@ int edg_wll_open(edg_wll_Context ctx, int* connToUse) // Check if credentials exist. If so, check validity if (ctx->connections->connPool[index].gsiCred) { - gss_inquire_cred(ctx->connections->connPool[index].gsiCred, NULL, &lifetime, NULL, NULL, NULL); + lifetime = ctx->connections->connPool[index].gsiCred->lifetime; #ifdef EDG_WLL_CONNPOOL_DEBUG printf ("Credential exists, lifetime: %d\n", lifetime); #endif @@ -262,7 +262,7 @@ int edg_wll_open(edg_wll_Context ctx, int* connToUse) if (edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &ctx->connections->connPool[index].gsiCred, NULL, &gss_stat)) { + &ctx->connections->connPool[index].gsiCred, &gss_stat)) { edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat); goto err; } diff --git a/org.glite.lb.client/src/logevent.c.T b/org.glite.lb.client/src/logevent.c.T index 1985b8b..bbb5e23 100644 --- a/org.glite.lb.client/src/logevent.c.T +++ b/org.glite.lb.client/src/logevent.c.T @@ -165,8 +165,10 @@ int main(int argc, char *argv[]) if ( !lbproxy_user ) { edg_wll_GssCred gss_cred = NULL; edg_wll_GssStatus gss_stat; - if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &gss_cred, &lbproxy_user, &gss_stat) ) + if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &gss_cred, &gss_stat) ) lbproxy_user = "anonymous"; + else + lbproxy_user = strdup(gss_cred->name); if ( gss_cred != NULL ) edg_wll_gss_release_cred(&gss_cred, NULL); } if ( lbproxy_store_sock ) diff --git a/org.glite.lb.client/src/prod_proto.c b/org.glite.lb.client/src/prod_proto.c index 33745f8..a51a9f2 100644 --- a/org.glite.lb.client/src/prod_proto.c +++ b/org.glite.lb.client/src/prod_proto.c @@ -248,12 +248,14 @@ int edg_wll_log_connect(edg_wll_Context ctx, int *conn) ret = edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &ctx->connections->connPool[index].gsiCred, &my_subject_name, &gss_stat); + &ctx->connections->connPool[index].gsiCred, &gss_stat); /* give up if unable to acquire prescribed credentials, otherwise go on anonymously */ if (ret && ctx->p_proxy_filename) { edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat); goto edg_wll_log_connect_err; } + my_subject_name = ctx->connections->connPool[index].gsiCred->name; + #ifdef EDG_WLL_LOG_STUB if (my_subject_name != NULL) { fprintf(stderr,"edg_wll_log_connect: using certificate: %s\n",my_subject_name); @@ -274,12 +276,14 @@ int edg_wll_log_connect(edg_wll_Context ctx, int *conn) ret = edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &ctx->connections->connPool[index].gsiCred, &my_subject_name, &gss_stat); + &ctx->connections->connPool[index].gsiCred, &gss_stat); /* give up if unable to acquire prescribed credentials, otherwise go on anonymously */ if (ret && ctx->p_proxy_filename) { edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat); goto edg_wll_log_connect_err; } + my_subject_name = ctx->connections->connPool[index].gsiCred->name; + #ifdef EDG_WLL_LOG_STUB if (my_subject_name != NULL) { fprintf(stderr,"edg_wll_log_connect: using certificate: %s\n",my_subject_name); @@ -306,7 +310,6 @@ edg_wll_log_connect_err: edg_wll_log_connect_end: if (index >= 0) edg_wll_connectionTryLock(ctx, index); - if (my_subject_name) free(my_subject_name); edg_wll_poolUnlock(); @@ -664,12 +667,13 @@ int edg_wll_log_direct_connect(edg_wll_Context ctx, edg_wll_GssConnection *conn) ret = edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &cred, &my_subject_name, &gss_stat); + &cred, &gss_stat); /* give up if unable to acquire prescribed credentials, otherwise go on anonymously */ if (ret && ctx->p_proxy_filename) { edg_wll_SetErrorGss(ctx, "edg_wll_gss_acquire_cred_gsi(): failed to load GSI credentials", &gss_stat); goto edg_wll_log_direct_connect_end; } + my_subject_name = cred->name; #ifdef EDG_WLL_LOG_STUB if (my_subject_name) { /* TODO: merge - shouldn't be probably ctx->p_user_lbproxy but some new parameter, eg. ctx->p_user @@ -695,7 +699,6 @@ edg_wll_log_direct_connect_end: #endif if (cred != NULL) edg_wll_gss_release_cred(&cred, NULL); - if (my_subject_name) free(my_subject_name); if (host) free(host); return answer; diff --git a/org.glite.lb.client/src/producer.c b/org.glite.lb.client/src/producer.c index cd3b6ed..20705ca 100644 --- a/org.glite.lb.client/src/producer.c +++ b/org.glite.lb.client/src/producer.c @@ -632,7 +632,6 @@ int edg_wll_SetLoggingJob( /* add user credentials to context */ { - char *my_subject_name = NULL; edg_wll_GssStatus gss_stat; edg_wll_GssCred cred = NULL; @@ -640,17 +639,16 @@ int edg_wll_SetLoggingJob( err = edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &cred, &my_subject_name, &gss_stat); + &cred, &gss_stat); /* give up if unable to acquire prescribed credentials */ if (err && ctx->p_proxy_filename) { edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat); edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, EDG_WLL_LOG_USER_DEFAULT); } else { - edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, my_subject_name); + edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, cred->name); } if (cred != NULL) edg_wll_gss_release_cred(&cred, NULL); - if (my_subject_name) free(my_subject_name); } return edg_wll_Error(ctx,NULL,NULL); @@ -686,7 +684,6 @@ int edg_wll_SetLoggingJobProxy( if (user) { edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, user); } else { - char *my_subject_name = NULL; edg_wll_GssStatus gss_stat; edg_wll_GssCred cred = NULL; @@ -694,18 +691,17 @@ int edg_wll_SetLoggingJobProxy( err = edg_wll_gss_acquire_cred_gsi( ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_cert_filename, ctx->p_proxy_filename ? ctx->p_proxy_filename : ctx->p_key_filename, - &cred, &my_subject_name, &gss_stat); + &cred, &gss_stat); /* give up if unable to acquire prescribed credentials */ if (err && ctx->p_proxy_filename) { edg_wll_SetErrorGss(ctx, "failed to load GSI credentials", &gss_stat); edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, EDG_WLL_LOG_USER_DEFAULT); } else { - edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, my_subject_name); + edg_wll_SetParamString(ctx, EDG_WLL_PARAM_LBPROXY_USER, cred->name); } if (cred != NULL) edg_wll_gss_release_cred(&cred, NULL); - if (my_subject_name) free(my_subject_name); } /* query LBProxyServer for sequence code if not user-suplied */ diff --git a/org.glite.lb.logger/src/interlogd.c b/org.glite.lb.logger/src/interlogd.c index 980dddf..274898e 100644 --- a/org.glite.lb.logger/src/interlogd.c +++ b/org.glite.lb.logger/src/interlogd.c @@ -318,7 +318,7 @@ main (int argc, char **argv) setenv("X509_CERT_DIR", CAcert_dir, 1); edg_wll_gss_watch_creds(cert_file,&cert_mtime); - ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred_handle, NULL, &gss_stat); + ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred_handle, &gss_stat); if (ret) { char *gss_err = NULL; char *str; diff --git a/org.glite.lb.logger/src/logd.c b/org.glite.lb.logger/src/logd.c index ddfb1a5..4ee9024 100644 --- a/org.glite.lb.logger/src/logd.c +++ b/org.glite.lb.logger/src/logd.c @@ -274,8 +274,6 @@ int main(int argc, char *argv[]) struct sockaddr_in client_addr; int client_addr_len; - char *my_subject_name = NULL; - time_t cert_mtime = 0, key_mtime = 0; edg_wll_GssStatus gss_stat; edg_wll_GssCred cred = NULL; @@ -371,25 +369,17 @@ This is LocalLogger, part of Workload Management System in EU DataGrid & EGEE.\n edg_wll_gss_watch_creds(cert_file,&cert_mtime); /* XXX DK: support noAuth */ - ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred, &my_subject_name, - &gss_stat); + ret = edg_wll_gss_acquire_cred_gsi(cert_file, key_file, &cred, &gss_stat); if (ret) { /* XXX DK: call edg_wll_gss_get_error() */ edg_wll_ll_log(LOG_CRIT,"Failed to get GSI credentials. Exiting.\n"); exit(1); } - if (my_subject_name!=NULL) { - edg_wll_ll_log(LOG_INFO,"Server running with certificate: %s\n",my_subject_name); - free(my_subject_name); + if (cred->name!=NULL) { + edg_wll_ll_log(LOG_INFO,"Server running with certificate: %s\n",cred->name); } else if (noAuth) { edg_wll_ll_log(LOG_INFO,"Server running without certificate\n"); -#if 0 - /* XXX DK: */ - } else { - edg_wll_ll_log(LOG_CRIT,"No server credential found. Exiting.\n"); - exit(1); -#endif } /* do listen */ @@ -439,7 +429,7 @@ This is LocalLogger, part of Workload Management System in EU DataGrid & EGEE.\n edg_wll_GssCred newcred; case 0: break; case 1: - ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file,&newcred,NULL,&gss_stat); + ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file,&newcred,&gss_stat); if (ret) { edg_wll_ll_log(LOG_WARNING,"Reloading credentials failed, continue with older\n"); } else { diff --git a/org.glite.lb.logger/src/recover.c b/org.glite.lb.logger/src/recover.c index 7563278..b1b7154 100644 --- a/org.glite.lb.logger/src/recover.c +++ b/org.glite.lb.logger/src/recover.c @@ -40,7 +40,7 @@ recover_thread(void *q) int ret; ret = edg_wll_gss_acquire_cred_gsi(cert_file,key_file, - &new_cred_handle, NULL, NULL); + &new_cred_handle, NULL); if (new_cred_handle != NULL) { edg_wll_gss_release_cred(&cred_handle, NULL); cred_handle = new_cred_handle; diff --git a/org.glite.lb.server/src/bkserverd.c b/org.glite.lb.server/src/bkserverd.c index e5deca6..4e316cc 100644 --- a/org.glite.lb.server/src/bkserverd.c +++ b/org.glite.lb.server/src/bkserverd.c @@ -369,7 +369,6 @@ int main(int argc, char *argv[]) int fd, i; int dtablesize; struct sockaddr_in a; - char *mysubj = NULL; int opt; char pidfile[PATH_MAX] = EDG_BKSERVERD_PIDFILE, *name; @@ -610,15 +609,15 @@ int main(int argc, char *argv[]) if ( cadir ) setenv("X509_CERT_DIR", cadir, 1); edg_wll_gss_watch_creds(server_cert, &cert_mtime); - if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &mysubj, &gss_code) ) + if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &mycred, &gss_code) ) { int i; - dprintf(("Server identity: %s\n",mysubj)); - server_subject = strdup(mysubj); + dprintf(("Server identity: %s\n",mycred->name)); + server_subject = strdup(mycred->name); for ( i = 0; super_users && super_users[i]; i++ ) ; super_users = realloc(super_users, (i+2)*sizeof(*super_users)); - super_users[i] = mysubj; + super_users[i] = mycred->name; super_users[i+1] = NULL; } else { @@ -910,7 +909,7 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data) switch ( edg_wll_gss_watch_creds(server_cert, &cert_mtime) ) { case 0: break; case 1: - if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &newcred, NULL, &gss_code) ) { + if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &newcred, &gss_code) ) { dprintf(("[%d] reloading credentials successful\n", getpid())); edg_wll_gss_release_cred(&mycred, NULL); mycred = newcred; diff --git a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c index 5e24b71..e79555a 100644 --- a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c +++ b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex.c @@ -48,7 +48,7 @@ main(int argc, char **argv) if ( cert || key ) { if ( glite_gsplugin_init_context(&ctx) ) { perror("init context"); exit(1); } - if (edg_wll_gss_acquire_cred_gsi(cert, key, &cred, NULL, NULL) != 0) { + if (edg_wll_gss_acquire_cred_gsi(cert, key, &cred, NULL) != 0) { fprintf (stderr, "Failed to set credentials\n"); exit(1); } diff --git a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c index 96358fa..cdab78c 100644 --- a/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c +++ b/org.glite.security.gsoap-plugin/examples/wscalc_srv_ex2.c @@ -35,7 +35,6 @@ main(int argc, char **argv) struct sockaddr_in a; int alen; char *name, *msg; - char *subject = NULL; int opt, port = 19999; char *cert_filename = NULL, *key_filename = NULL; @@ -57,15 +56,14 @@ main(int argc, char **argv) } } - if ( edg_wll_gss_acquire_cred_gsi(cert_filename, key_filename, &ctx->cred, &subject, &gss_code) ) { + if ( edg_wll_gss_acquire_cred_gsi(cert_filename, key_filename, &ctx->cred, &gss_code) ) { edg_wll_gss_get_error(&gss_code, "Failed to read credential", &msg); fprintf(stderr, "%s\n", msg); free(msg); exit(1); } - if (subject) { - printf("server running with certificate: %s\n", subject); - free(subject); + if (ctx->cred->name) { + printf("server running with certificate: %s\n", ctx->cred->name); } soap_init(&soap); diff --git a/org.glite.security.gsoap-plugin/src/glite_gsplugin.c b/org.glite.security.gsoap-plugin/src/glite_gsplugin.c index 59acc09..e3cd8c4 100644 --- a/org.glite.security.gsoap-plugin/src/glite_gsplugin.c +++ b/org.glite.security.gsoap-plugin/src/glite_gsplugin.c @@ -114,7 +114,7 @@ glite_gsplugin_set_credential(glite_gsplugin_Context ctx, edg_wll_GssStatus gss_code; int ret; - ret = edg_wll_gss_acquire_cred_gsi(cert, key, &ctx->cred, NULL, &gss_code); + ret = edg_wll_gss_acquire_cred_gsi(cert, key, &ctx->cred, &gss_code); if (ret) { /* XXX propagate error description */ return EINVAL; @@ -170,22 +170,21 @@ glite_gsplugin(struct soap *soap, struct soap_plugin *p, void *arg) } else { edg_wll_GssStatus gss_code; - char *subject = NULL; pdprintf(("GSLITE_GSPLUGIN: Creating default context\n")); if ( glite_gsplugin_init_context((glite_gsplugin_Context*)&(pdata->ctx)) ) { free(pdata); return ENOMEM; } - if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &pdata->ctx->cred, &subject, &gss_code) ) { + if ( edg_wll_gss_acquire_cred_gsi(NULL, NULL, &pdata->ctx->cred, &gss_code) ) { /* XXX: Let user know, that cred. load failed. Somehow... */ glite_gsplugin_free_context(pdata->ctx); return EINVAL; } pdata->ctx->internal_credentials = 1; - pdprintf(("GSLITE_GSPLUGIN: server running with certificate: %s\n", subject)); - free(subject); + pdprintf(("GSLITE_GSPLUGIN: server running with certificate: %s\n", + pdata->ctx->cred->name)); pdata->def = 1; } @@ -271,7 +270,7 @@ glite_gsplugin_connect( if ( ctx->cred == NULL ) { pdprintf(("GSLITE_GSPLUGIN: loading default credentials\n")); ret = edg_wll_gss_acquire_cred_gsi(NULL, NULL, - &ctx->cred, NULL, &gss_stat); + &ctx->cred, &gss_stat); if ( ret ) { edg_wll_gss_get_error(&gss_stat, "failed to load GSI credentials", &ctx->error_msg); -- 1.8.2.3