/[pdpsoft]/trunk/grid-mw-security/ees/plugin_examples/localaccount/src/localaccount.c
ViewVC logotype

Contents of /trunk/grid-mw-security/ees/plugin_examples/localaccount/src/localaccount.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1712 - (show annotations) (download) (as text)
Tue May 25 14:35:26 2010 UTC (11 years, 7 months ago) by aramv
File MIME type: text/x-chdr
File size: 15450 byte(s)
Storing initialisation values in the AOS now
1 #include "eef_plugin.h"
2 #include "log_to_file.h"
3 #include "gridmapfile.h"
4 #include <getopt.h>
5 #include <pwd.h>
6 #include <pwd.h>
7
8 gid_t gid_from_user_name(char* _user_name);
9 gid_t gid_from_uid(uid_t _uid);
10 /*gid_t gid_from_group_name(char* _group_name);*/
11 uid_t uid_from_user_name(char* _user_name);
12 char* username_from_passwd_struct(struct passwd _pw_entry);
13 struct passwd passwd_struct_for_gid(gid_t _gid);
14 struct passwd passwd_struct_for_uid(uid_t _uid);
15 /*struct passwd passwd_struct_for_group_name(char* _group_name);*/
16 struct passwd passwd_struct_for_user_name(char* _user_name);
17 void print_passwd_entry(struct passwd _pw_entry);
18
19 EES_PL_RC plugin_initialize(int argc, char* argv[]){
20 int option_index, c;
21
22 char* _obligation_name;
23 char* _obligation_name_attr_name;
24 char* _attribute_user;
25 char* _attribute_user_attr_name;
26 char* _attribute_group;
27 char* _attribute_group_attr_name;
28
29 char* _gridmapfile;
30 char* _gridmapfile_attr_name;
31 char* _gridmapdir;
32 char* _gridmapdir_attr_name;
33
34 char* _mapping_attribute;
35 int _use_names;
36 int _use_pool;
37
38
39 aos_context_t* _none_context;
40 aos_attribute_t* _obligation_name_attr;
41 aos_attribute_t* _attribute_user_attr;
42 aos_attribute_t* _attribute_group_attr;
43 aos_attribute_t* _attribute_gridmapfile_attr;
44
45 static struct option long_options[] =
46 {
47 /*{"gridmap", required_argument, 0, 'g'},*/
48 {"gridmapfile", required_argument, 0, 'f'},
49 {"gridmapdir" , required_argument, 0, 'd'},
50 {"mapattrib", required_argument, 0, 'm'},
51 {"obligation", required_argument, 0, 'o'},
52 {"attribute_u", required_argument, 0, 'u'},
53 {"attribute_g", required_argument, 0, 'g'},
54 {"strings", no_argument, 0, 'n'},
55 {"pool", no_argument, 0, 'p'}
56 };
57
58 EEF_log(LOG_DEBUG, "%s: Initializing localaccount plugin!\n", EEF_getRunningPluginName());
59 printf("%s: Initializing localaccount plugin!\n", EEF_getRunningPluginName());
60
61 /* defaults */
62 _use_names = 0;
63 _mapping_attribute = "http://authz-interop.org/xacml/subject/subject-x509-id";
64
65 _obligation_name = "uidgid";
66 _attribute_user = "posix-uid";
67 _attribute_group = "posix-gid";
68
69 opterr = 0;
70 optind = 0;
71
72 /* parse options */
73 while(1){
74 c = getopt_long_only(argc, argv, "f:d:a:o:u:g:n", long_options, &option_index);
75 if(c == -1){
76 break;
77 }
78 switch(c){
79 case 'f':
80 if((_gridmapfile = strdup(optarg)) == NULL){
81 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
82 }
83 break;
84 case 'd':
85 if((_gridmapdir = strdup(optarg)) == NULL){
86 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
87 }
88 break;
89 case 'm':
90 if((_mapping_attribute = strdup(optarg)) == NULL){
91 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
92 }
93 break;
94 case 'o':
95 if((_obligation_name = strdup(optarg)) == NULL){
96 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
97 }
98 break;
99 case 'u':
100 if((_attribute_user = strdup(optarg)) == NULL){
101 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
102 }
103 break;
104 case 'g':
105 if((_attribute_group = strdup(optarg)) == NULL){
106 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
107 }
108 break;
109 case 'n':
110 _use_names = 1;
111 break;
112 case 'p':
113 _use_pool = 0;
114 break;
115 case '?':
116 EEF_log(LOG_ERR, "%s: unkown option %s", EEF_getRunningPluginName(), optarg);
117 break;
118 case ':':
119 EEF_log(LOG_ERR, "%s: missing argument for %s", EEF_getRunningPluginName(), optarg);
120 break;
121 }
122 }
123
124
125 asprintf(&_attribute_user_attr_name, "user_attribute_%s", EEF_getRunningPluginName());
126 asprintf(&_attribute_group_attr_name, "group_attribute_%s", EEF_getRunningPluginName());
127 asprintf(&_obligation_name_attr_name, "obligation_name_%s", EEF_getRunningPluginName());
128 asprintf(&_gridmapfile_attr_name, "gridmap_%s", EEF_getRunningPluginName());
129
130 /* store attribute names in AOS for lookup during run */
131
132 if((_attribute_user_attr = createAttribute())){
133 setAttributeId( _attribute_user_attr, _attribute_user_attr_name);
134 setAttributeValue(_attribute_user_attr, _attribute_user, strlen(_attribute_user)+1);
135 }
136
137 if((_attribute_group_attr = createAttribute())){
138 setAttributeId( _attribute_group_attr, _attribute_group_attr_name);
139 setAttributeValue(_attribute_group_attr, _attribute_group, strlen(_attribute_group)+1);
140 }
141
142 if((_obligation_name_attr = createAttribute())){
143 setAttributeId( _obligation_name_attr, _obligation_name_attr_name);
144 setAttributeValue(_obligation_name_attr, _obligation_name, strlen(_obligation_name)+1);
145 }
146
147 if((_attribute_gridmapfile_attr = createAttribute())){
148 setAttributeId( _attribute_gridmapfile_attr, _gridmapfile_attr_name);
149 setAttributeValue(_attribute_gridmapfile_attr, _gridmapfile, strlen(_gridmapfile)+1);
150 }
151
152 if((_none_context = createContext(NONE)) != NULL){
153 addAttribute(_none_context, _attribute_user_attr);
154 addAttribute(_none_context, _attribute_group_attr);
155 addAttribute(_none_context, _obligation_name_attr);
156 addAttribute(_none_context, _attribute_gridmapfile_attr);
157 addContext(_none_context);
158 }
159
160 return EES_PL_SUCCESS;
161 }
162
163 EES_PL_RC plugin_run(){
164 gridmap_list_t *_mappings = NULL;
165 gridmap_line_t *_mapping_line = NULL;
166
167 aos_context_t *_context = NULL;
168 aos_attribute_t *_tmp_attr = NULL;
169
170 aos_attribute_t *_uid_attr = NULL;
171 aos_attribute_t *_gid_attr = NULL;
172
173 char *_dn = NULL;
174
175 char *_uid_str = NULL;
176 char *_gid_str = NULL;
177
178 char *_user_name = NULL;
179 char *_attribute_user;
180 char *_attribute_user_attr_name;
181 char *_attribute_group;
182 char *_attribute_group_attr_name;
183 char *_obligation;
184 char *_obligation_name;
185
186 char *_gridmapfile;
187 char *_gridmapfile_attr_name;
188
189 char *_mapping_attribute = "http://authz-interop.org/xacml/subject/subject-x509-id";
190 struct passwd _tmp_pwd_s;
191
192 /* construct field names for this instance */
193 asprintf(&_attribute_user_attr_name, "user_attribute_%s", EEF_getRunningPluginName());
194 asprintf(&_attribute_group_attr_name, "group_attribute_%s", EEF_getRunningPluginName());
195 asprintf(&_obligation_name, "obligation_name_%s", EEF_getRunningPluginName());
196 asprintf(&_gridmapfile_attr_name, "gridmap_%s", EEF_getRunningPluginName());
197
198 printf("Running %s\n", EEF_getRunningPluginName());
199
200 /* fetch _dn (subject-x509-id) */
201 rewindContexts(NULL);
202 while((_context = getNextContext(SUBJECT, NULL))){
203 rewindAttributes(_context);
204 while((_tmp_attr = getNextAttribute(_context))){
205 if(strcmp(getAttributeId(_tmp_attr), _mapping_attribute) == 0){
206 _dn = getAttributeValueAsString(_tmp_attr);
207 }
208 }
209 }
210
211 /* populate fields:
212 * _attribute_user;
213 * _attribute_group;
214 * _obligation;
215 * _gridmapfile;
216 */
217 rewindContexts(NULL);
218 while((_context = getNextContext(NONE, NULL))){
219 rewindAttributes(_context);
220 while((_tmp_attr = getNextAttribute(_context))){
221 /*printf("Attribute %s at %s in %p\n", getAttributeValueAsString(_tmp_attr), getAttributeId(_tmp_attr), _tmp_attr);*/
222 if(strcmp(getAttributeId(_tmp_attr), _attribute_user_attr_name) == 0){
223 _attribute_user = getAttributeValueAsString(_tmp_attr);
224 }
225 if(strcmp(getAttributeId(_tmp_attr), _attribute_group_attr_name) == 0){
226 _attribute_group = getAttributeValueAsString(_tmp_attr);
227 }
228 if(strcmp(getAttributeId(_tmp_attr), _obligation_name) == 0){
229 _obligation = getAttributeValueAsString(_tmp_attr);
230 }
231 if(strcmp(getAttributeId(_tmp_attr), _gridmapfile_attr_name) == 0){
232 _gridmapfile = getAttributeValueAsString(_tmp_attr);
233 }
234 }
235 }
236
237 _dn = "/O=dutchgrid/O=users/O=nikhef/CN=Aram Cornelis Zeno Verstegen";
238 /* check if a DN was found */
239 if(_dn == NULL){
240 EEF_log(LOG_ERR, "%s: No CN found!\n", EEF_getRunningPluginName());
241 return EES_PL_FAILURE;
242 }
243
244 /* TODO check if path to gridmapfile exists */
245 printf("Gridmapfile: %s\n", _gridmapfile);
246 /* look up DN in gridmapfile */
247 parse_gridmapfile(_gridmapfile, &_mappings);
248 _mapping_line = find_mapping(_mappings, _dn, MATCH_WILD_CHARS);
249
250 if (_mapping_line != NULL && _mapping_line->mappings != NULL && _mapping_line->mappings->value != NULL){
251 /* found local account */
252 _user_name = strdup(_mapping_line->mappings->value);
253 gridmap_list_free(_mappings);
254 } else {
255 gridmap_list_free(_mappings);
256 printf("Set sail for fail\n");
257 goto end_failure;
258 }
259
260 printf("Hoi!\n");
261
262 /* TODO check if path to gridmapdir exists */
263
264 /* TODO add secondary GIDs */
265
266 /* TODO fetch something from passwd */
267
268 _tmp_pwd_s = passwd_struct_for_user_name(_user_name);
269
270 _uid_str = username_from_passwd_struct(_tmp_pwd_s);
271 /*_gid_str = username_from_passwd_struct(_tmp_pwd_s);*/
272
273 /*printf("Adding obligations for uid %s and gid %s\n", _uid_str, _gid_str);*/
274
275 printf("Mapping to user attribute %s\n", _attribute_user);
276 printf("Mapping to group attribute %s\n", _attribute_group);
277
278 /* add obligation for new uid-gid */
279 if((_uid_attr = createAttribute())){
280 setAttributeId( _uid_attr, _attribute_user);
281 setAttributeValue(_uid_attr, _uid_str, strlen(_uid_str)+1);
282 }
283 /*free(_uid_str);*/
284
285 printf("Set uid str\n");
286
287 if(_gid_str){
288 if((_gid_attr = createAttribute())){
289 setAttributeId( _gid_attr, _attribute_group);
290 setAttributeValue(_gid_attr, _gid_str, strlen(_gid_str)+1);
291 }
292 free(_gid_str);
293 }
294 printf("Bijna klaar!\n");
295
296 if((_context = createContext(OBLIGATION)) != NULL){
297 setContextObligationId(_context, _obligation_name);
298 addAttribute(_context, _uid_attr);
299 addAttribute(_context, _gid_attr);
300 addContext(_context);
301 return EES_PL_SUCCESS;
302
303 }
304 printf("klaar!\n");
305
306 end_failure:
307 return EES_PL_FAILURE;
308 }
309
310 EES_PL_RC get_field(char* field){
311 aos_context_t* _context;
312 aos_attribute_t* _tmp_attr;
313 while((_context = getNextContext(SUBJECT, NULL))){
314 rewindAttributes(_context);
315 while((_tmp_attr = getNextAttribute(_context))){
316 /*if(strcmp(getAttributeId(_tmp_attr), _mapping_attribute) == 0){*/
317 /*_dn = getAttributeValueAsString(_tmp_attr);*/
318 /*}*/
319 }
320 }
321
322 }
323
324 EES_PL_RC plugin_terminate(){
325 aos_context_t* _context;
326 aos_attribute_t* _tmp_attr;
327 rewindContexts(NULL);
328 while((_context = getNextContext(SUBJECT, NULL))){
329 rewindAttributes(_context);
330 while((_tmp_attr = getNextAttribute(_context))){
331 destroyAttribute(_context, _tmp_attr);
332 }
333 }
334 return EES_PL_SUCCESS;
335 }
336
337 /* helper functions */
338
339 struct passwd passwd_struct_for_user_name(char* _user_name){
340 struct passwd _pw_entry;
341 struct passwd *_pw_entry_p = &_pw_entry;
342 struct passwd *_tmp_pw_entry_p = NULL;
343 char _pw_buffer[200];
344 size_t _pw_size = sizeof(_pw_buffer);
345
346 /* lookup uid for local account */
347 errno = getpwnam_r(_user_name, _pw_entry_p, _pw_buffer, _pw_size, &_tmp_pw_entry_p);
348 if(_tmp_pw_entry_p == NULL){
349 if(errno == 0){
350 EEF_log(LOG_ERR, "%s: No user '%s' found", EEF_getRunningPluginName(), _user_name);
351 } else {
352 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
353 }
354 }
355 endpwent();
356 free(_user_name);
357
358 print_passwd_entry(_pw_entry);
359
360 return _pw_entry;
361 }
362
363 /*struct group group_struct_for_group_name(char* _group_name){*/
364 /*struct group _gr_entry;*/
365 /*struct group *_gr_entry_p = &_gr_entry;*/
366 /*struct group *_tmp_gr_entry_p = NULL;*/
367 /*char _gr_buffer[200];*/
368 /*size_t _gr_size = sizeof(_gr_buffer);*/
369
370 /**//* lookup uid for local account */
371 /*errno = getgrent_r(_group_name, _pw_entry_p, _pw_buffer, _pw_size, &_tmp_pw_entry_p);*/
372 /*if(_tmp_pw_entry_p == NULL){*/
373 /*if(errno == 0){*/
374 /*EEF_log(LOG_ERR, "%s: No user '%s' found", EEF_getRunningPluginName(), _group_name); */
375 /*} else {*/
376 /*EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno)); */
377 /*} */
378 /*}*/
379 /*endpwent();*/
380 /*free(_group_name);*/
381
382 /*print_passwd_entry(_pw_entry);*/
383
384 /*return _pw_entry;*/
385 /*}*/
386
387 struct passwd passwd_struct_for_uid(uid_t _uid){
388 struct passwd _pw_entry;
389 struct passwd *_pw_entry_p = &_pw_entry;
390 struct passwd *_tmp_pw_entry_p = NULL;
391 char _pw_buffer[200];
392 size_t _pw_size = sizeof(_pw_buffer);
393
394 /* lookup uid for local account */
395 errno = getpwuid_r(_uid, _pw_entry_p, _pw_buffer, _pw_size, &_tmp_pw_entry_p);
396 if(_tmp_pw_entry_p == NULL){
397 if(errno == 0){
398 EEF_log(LOG_ERR, "%s: No user '%s' found", EEF_getRunningPluginName(), _uid);
399 } else {
400 EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno));
401 }
402 }
403 endpwent();
404
405 print_passwd_entry(_pw_entry);
406
407 return _pw_entry;
408 }
409
410 /*struct passwd passwd_struct_for_gid(gid_t _gid){*/
411 /*struct passwd _pw_entry;*/
412 /*struct passwd *_pw_entry_p = &_pw_entry;*/
413 /*struct passwd *_tmp_pw_entry_p = NULL;*/
414 /*char _pw_buffer[200];*/
415 /*size_t _pw_size = sizeof(_pw_buffer);*/
416
417 /**//* lookup uid for local account */
418 /*errno = getpwgid_r(_gid, _pw_entry_p, _pw_buffer, _pw_size, &_tmp_pw_entry_p);*/
419 /*if(_tmp_pw_entry_p == NULL){*/
420 /*if(errno == 0){*/
421 /*EEF_log(LOG_ERR, "%s: No user '%s' found", EEF_getRunningPluginName(), _gid); */
422 /*} else {*/
423 /*EEF_log(LOG_ERR, "%s: %s", EEF_getRunningPluginName(), strerror(errno)); */
424 /*} */
425 /*}*/
426 /*endpwent();*/
427
428 /*print_passwd_entry(_pw_entry);*/
429
430 /*return _pw_entry;*/
431 /*}*/
432
433 char* username_from_passwd_struct(struct passwd _pw_entry){
434 char* _uid_str = "";
435
436 /*if(!_use_names){*/
437 _uid_str = strdup(_pw_entry.pw_name);
438 /*} else {*/
439 /*if(asprintf(&_uid_str, "%llu", (unsigned long long) _pw_entry.pw_uid) == -1){*/
440 /*return NULL; */
441 /*}*/
442 /*}*/
443 return _uid_str;
444 }
445
446 uid_t uid_from_user_name(char* _user_name){
447 struct passwd _pass;
448 uid_t _uid;
449 _pass = passwd_struct_for_user_name(_user_name);
450 _uid =_pass.pw_uid;
451 endpwent();
452 return _uid;
453 }
454
455 /*gid_t gid_from_group_name(char* _group_name){*/
456 /*struct passwd _pass;*/
457 /*gid_t _gid;*/
458 /*_pass = passwd_struct_for_group_name(_group_name);*/
459 /*_gid =_pass.pw_gid;*/
460 /*endpwent();*/
461 /*return _gid;*/
462 /*}*/
463
464 gid_t gid_from_uid(uid_t _uid){
465 struct passwd _pass;
466 gid_t _gid;
467 _pass = passwd_struct_for_uid(_uid);
468 _gid =_pass.pw_gid;
469 endpwent();
470 return _gid;
471 }
472
473 gid_t gid_from_user_name(char* _user_name){
474 struct passwd _pass;
475 gid_t _gid;
476 _pass = passwd_struct_for_user_name(_user_name);
477 _gid =_pass.pw_gid;
478 endpwent();
479 return _gid;
480 }
481
482 void print_passwd_entry(struct passwd _pw_entry){
483 EEF_log(LOG_DEBUG, "User name %s\n", _pw_entry.pw_name );
484 EEF_log(LOG_DEBUG, "Uid %i\n", _pw_entry.pw_uid );
485 EEF_log(LOG_DEBUG, "Gid %i\n", _pw_entry.pw_gid );
486 EEF_log(LOG_DEBUG, "Initial dir %s\n", _pw_entry.pw_dir );
487 EEF_log(LOG_DEBUG, "Shell %s\n", _pw_entry.pw_shell );
488
489 return;
490 }

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28