From ef046354af2e097441734e2476a62ee924d9ab4d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Daniel=20Kou=C5=99il?= <kouril@ics.muni.cz>
Date: Tue, 14 Oct 2008 09:49:40 +0000
Subject: [PATCH] Put voms-related funcionality to a single place to avoid
 duplicating code

---
 org.glite.security.proxyrenewal/src/commands.c     |  75 +--------------
 org.glite.security.proxyrenewal/src/renewal_core.c |   2 +-
 org.glite.security.proxyrenewal/src/renewd_locl.h  |   8 +-
 org.glite.security.proxyrenewal/src/voms.c         | 107 ++++++++++++---------
 4 files changed, 69 insertions(+), 123 deletions(-)

diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c
index a859fc5..0cfd01b 100644
--- a/org.glite.security.proxyrenewal/src/commands.c
+++ b/org.glite.security.proxyrenewal/src/commands.c
@@ -11,8 +11,6 @@
 
 extern char *repository;
 extern time_t condor_limit;
-extern char *cadir;
-extern char *vomsdir;
 extern int voms_enabled;
 
 static char *
@@ -64,10 +62,6 @@ record_to_response(glite_renewal_core_context ctx, int status_code, proxy_record
 static int
 filename_to_response(glite_renewal_core_context ctx, char *filename, edg_wlpr_Response *response);
 
-static int
-get_voms_cert(glite_renewal_core_context ctx, X509 *cert, STACK_OF(X509) *chain, struct vomsdata **vd);
-
-
 static char *
 strmd5(glite_renewal_core_context ctx, const char *s, unsigned char *digest)
 {
@@ -883,73 +877,6 @@ find_proxyname(glite_renewal_core_context ctx, char *jobid, char **filename)
    return EDG_WLPR_PROXY_NOT_REGISTERED;
 }
 
-static int
-get_voms_cert(glite_renewal_core_context ctx, X509 *cert,
-              STACK_OF(X509) *chain, struct vomsdata **vd)
-{
-   struct vomsdata *voms_info = NULL;
-   int voms_err, ret, voms_ret;
-
-   voms_info = VOMS_Init(vomsdir, cadir);
-   if (voms_info == NULL) {
-      edg_wlpr_Log(ctx, LOG_ERR, "check_voms_cert(): Cannot initialize VOMS context (VOMS_Init() failed, probably voms dir was not specified)");
-      return EDG_WLPR_ERROR_VOMS;
-   }
-
-   VOMS_SetVerificationType(VERIFY_NONE, voms_info, NULL);
-
-   ret = 0;
-   voms_ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, voms_info, &voms_err);
-   if (voms_ret == 0) {
-      if (voms_err == VERR_NOEXT) {
-         voms_info = NULL;
-         ret = 0;
-      } else {
-         char *err_msg = VOMS_ErrorMessage(voms_info, voms_err, NULL, 0);
-         edg_wlpr_Log(ctx, LOG_ERR, "Failed to retrieve VOMS attributes: %s\n",
-                      err_msg);
-         free(err_msg);
-         ret = -1; /* XXX */
-      }
-   }
-
-   if (ret == 0 && vd != NULL)
-      *vd = voms_info;
-   else
-      VOMS_Destroy(voms_info);
-
-   return ret;
-}
-
-int
-find_voms_cert(glite_renewal_core_context ctx, char *file, int *present)
-{
-   struct vomsdata *voms_info = NULL;
-   STACK_OF(X509) *chain = NULL;
-   X509 *cert = NULL;
-   int ret;
-   
-   *present = 0;
-
-   ret = load_proxy(ctx, file, &cert, NULL, &chain, NULL);
-   if (ret)
-      return ret;
-
-   ret = get_voms_cert(ctx, cert, chain, &voms_info);
-   if (ret) 
-      goto end;
-
-   *present = (voms_info != NULL);
-
-end:
-   if (voms_info)
-      VOMS_Destroy(voms_info);
-   sk_X509_pop_free(chain, X509_free);
-   X509_free(cert);
-
-   return ret;
-}
-
 void
 register_proxy(glite_renewal_core_context ctx, edg_wlpr_Request *request, edg_wlpr_Response *response)
 {
@@ -982,7 +909,7 @@ register_proxy(glite_renewal_core_context ctx, edg_wlpr_Request *request, edg_wl
       goto end;
 
    if (voms_enabled)
-     ret = find_voms_cert(ctx, request->proxy_filename, &record.voms_exts);
+     ret = is_voms_cert(ctx, request->proxy_filename, &record.voms_exts);
      /* ignore VOMS related error */
 
    /* Find first free record */
diff --git a/org.glite.security.proxyrenewal/src/renewal_core.c b/org.glite.security.proxyrenewal/src/renewal_core.c
index 93e011d..c75b9cf 100644
--- a/org.glite.security.proxyrenewal/src/renewal_core.c
+++ b/org.glite.security.proxyrenewal/src/renewal_core.c
@@ -152,7 +152,7 @@ glite_renewal_core_renew(glite_renewal_core_context ctx,
    if (ret)
       goto end;
 
-   voms_exts = check_voms_attrs(ctx, current_proxy);
+   is_voms_cert(ctx, current_proxy, &voms_exts);
 
    client_request->proxy_lifetime = 60 * 60 * DGPR_RETRIEVE_DEFAULT_HOURS;
 
diff --git a/org.glite.security.proxyrenewal/src/renewd_locl.h b/org.glite.security.proxyrenewal/src/renewd_locl.h
index 9304535..3b67a82 100644
--- a/org.glite.security.proxyrenewal/src/renewd_locl.h
+++ b/org.glite.security.proxyrenewal/src/renewd_locl.h
@@ -7,6 +7,8 @@
 #include <globus_gsi_proxy.h>
 #include <globus_gsi_cert_utils_constants.h>
 
+#include <glite/security/voms/voms_apic.h>
+
 #include "renewal.h"
 #include "renewal_core.h"
 
@@ -77,6 +79,10 @@ int
 renew_voms_creds(glite_renewal_core_context ctx, const char *cur_file, const char *renewed_file, const char *new_file);
 
 int
-check_voms_attrs(glite_renewal_core_context ctx, const char *proxy);
+is_voms_attrs(glite_renewal_core_context ctx, const char *proxy, int *present);
+
+int
+get_voms_cert(glite_renewal_core_context ctx,
+              X509 *cert, STACK_OF(X509) *chain, struct vomsdata **vd);
 
 #endif /* RENEWALD_LOCL_H */
diff --git a/org.glite.security.proxyrenewal/src/voms.c b/org.glite.security.proxyrenewal/src/voms.c
index be5c007..1b66a23 100644
--- a/org.glite.security.proxyrenewal/src/voms.c
+++ b/org.glite.security.proxyrenewal/src/voms.c
@@ -202,7 +202,7 @@ renew_voms_certs(glite_renewal_core_context ctx, const char *cur_file, const cha
    globus_gsi_cred_handle_t new_proxy = NULL;
    struct vomsdata *vd = NULL;
    struct voms **voms_cert = NULL;
-   int voms_err, ret;
+   int ret;
    X509 *cert = NULL;
    STACK_OF(X509) *chain = NULL;
    char *buf = NULL;
@@ -220,30 +220,10 @@ renew_voms_certs(glite_renewal_core_context ctx, const char *cur_file, const cha
    if (ret)
       goto end;
 
-   vd = VOMS_Init(NULL, NULL);
-   if (vd == NULL) {
-      edg_wlpr_Log(ctx, LOG_ERR, "VOMS_Init() failed\n");
-      return 1;
-   }
-
-   ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, vd, &voms_err);
-   if (ret == 0) {
-      if (voms_err == VERR_NOEXT) {
-	 /* no VOMS cred, no problem; continue */
-	 /* XXX this part shouldn't be reachable, this call is only called
-	  * if the proxy does contain VOMS attributes */
-	 edg_wlpr_Log(ctx, LOG_ERR, "No VOMS attributes found in proxy %s\n", cur_file);
-	 ret = 0;
-	 goto end;
-      } else {
-	 edg_wlpr_Log(ctx, LOG_ERR, "Cannot get VOMS certificate(s) from proxy");
-	 ret = 1;
-	 goto end;
-      }
-   }
+   ret = get_voms_cert(ctx, cert, chain, &vd);
+   if (ret)
+      goto end;
 
-   /* XXX make sure this loop can really work for multiple voms certificates
-    * embedded in the proxy */
    for (voms_cert = vd->data; voms_cert && *voms_cert; voms_cert++) {
       char *tmp, *ptr;
       size_t tmp_len;
@@ -308,40 +288,73 @@ renew_voms_creds(glite_renewal_core_context ctx, const char *cur_file, const cha
 }
 
 int
-check_voms_attrs(glite_renewal_core_context ctx, const char *proxy)
+is_voms_cert(glite_renewal_core_context ctx,
+	      const char *file,
+              int *present)
 {
-   int ret, voms_err, present;
-   X509 *cert = NULL;
+   struct vomsdata *voms_info = NULL;
    STACK_OF(X509) *chain = NULL;
-   struct vomsdata *vd = NULL;
+   X509 *cert = NULL;
+   int ret;
+   
+   *present = 0;
 
-   ret = load_proxy(ctx, proxy, &cert, NULL, &chain, NULL);
+   ret = load_proxy(ctx, file, &cert, NULL, &chain, NULL);
    if (ret)
-      return 0;
+      return ret;
 
-   vd = VOMS_Init(NULL, NULL);
-   if (vd == NULL) {
-      present = 0;
+   ret = get_voms_cert(ctx, cert, chain, &voms_info);
+   if (ret) 
       goto end;
-   }
 
-   ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, vd, &voms_err);
-   if (ret == 0) {
-      present = 0;
-      goto end;
+   *present = (voms_info != NULL);
+
+end:
+   if (voms_info)
+      VOMS_Destroy(voms_info);
+   sk_X509_pop_free(chain, X509_free);
+   X509_free(cert);
+
+   return ret;
+}
+
+int
+get_voms_cert(glite_renewal_core_context ctx,
+              X509 *cert, STACK_OF(X509) *chain, struct vomsdata **vd)
+{
+   struct vomsdata *voms_info = NULL;
+   int voms_err, ret, voms_ret;
+
+   /* XXX pass the vomsdir and cadir parameters */
+   voms_info = VOMS_Init(NULL, NULL);
+   if (voms_info == NULL) {
+      edg_wlpr_Log(ctx, LOG_ERR, "check_voms_cert(): Cannot initialize VOMS context (VOMS_Init() failed, probably voms dir was not specified)");
+      return EDG_WLPR_ERROR_VOMS;
    }
 
-   present = 1;
+   VOMS_SetVerificationType(VERIFY_NONE, voms_info, NULL);
 
-end:
-   if (cert)
-      X509_free(cert);
-   if (chain)
-      sk_X509_pop_free(chain, X509_free);
-   if (vd)
-      VOMS_Destroy(vd);
+   ret = 0;
+   voms_ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, voms_info, &voms_err);
+   if (voms_ret == 0) {
+      if (voms_err == VERR_NOEXT) {
+         voms_info = NULL;
+         ret = 0;
+      } else {
+         char *err_msg = VOMS_ErrorMessage(voms_info, voms_err, NULL, 0);
+         edg_wlpr_Log(ctx, LOG_ERR, "Failed to retrieve VOMS attributes: %s\n",
+                      err_msg);
+         free(err_msg);
+         ret = -1; /* XXX */
+      }
+   }
 
-   return present;
+   if (ret == 0 && vd != NULL)
+      *vd = voms_info;
+   else
+      VOMS_Destroy(voms_info);
+
+   return ret;
 }
 
 #if 0
-- 
1.8.2.3