/[pdpsoft]/trunk/grid-mw-security/ees/src/eics/http.c
ViewVC logotype

Diff of /trunk/grid-mw-security/ees/src/eics/http.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1582 by aramv, Wed Mar 17 17:31:48 2010 UTC revision 1583 by aramv, Fri Mar 19 17:29:41 2010 UTC
# Line 11  int extractFooToAOS(const xacml_request_ Line 11  int extractFooToAOS(const xacml_request_
11    
12    aos_context_t*   aos_context = NULL;    aos_context_t*   aos_context = NULL;
13    aos_attribute_t* aos_attribute = NULL;    aos_attribute_t* aos_attribute = NULL;
14          void (*count_callback)(const xacml_request_t, size_t*);          void (*count_callback) (const xacml_request_t, size_t*);
15          void (*get_callback)(const xacml_request_t, size_t, const char**, const char**, const char**, const char**, const char**);          void (*get_callback  ) (const xacml_request_t, size_t, const char**, const char**, const char**, const char**, const char**);
16    
17          if(context_type == SUBJECT){          if(context_type == SUBJECT){
18        printf("Parsing subject class\n");
19                  count_callback = xacml_request_get_subject_attribute_count;                  count_callback = xacml_request_get_subject_attribute_count;
20                  get_callback = xacml_request_get_subject_attribute;                  get_callback = xacml_request_get_subject_attribute;
21          } else if(context_type == ACTION){          } else if(context_type == ACTION){
22        printf("Parsing action class\n");
23                  count_callback = xacml_request_get_action_attribute_count;                  count_callback = xacml_request_get_action_attribute_count;
24                  get_callback = xacml_request_get_action_attribute;                  get_callback = xacml_request_get_action_attribute;
25          } else if(context_type == RESOURCE){          } else if(context_type == RESOURCE){
26        printf("Parsing resource class\n");
27                  count_callback = xacml_request_get_resource_attribute_count;                  count_callback = xacml_request_get_resource_attribute_count;
28                  get_callback = xacml_request_get_resource_attribute;                  get_callback = xacml_request_get_resource_attribute;
29          } else if(context_type == ENVIRONMENT){          } else if(context_type == ENVIRONMENT){
30        printf("Parsing environment\n");
31                  count_callback = xacml_request_get_environment_attribute_count;                  count_callback = xacml_request_get_environment_attribute_count;
32                  get_callback = xacml_request_get_environment_attribute;                  get_callback = xacml_request_get_environment_attribute;
33          }          } else {
34        return -1;
35      }
36    
37    count_callback(request, &count);    count_callback(request, &count);
38    
# Line 34  int extractFooToAOS(const xacml_request_ Line 41  int extractFooToAOS(const xacml_request_
41    }    }
42    
43    for (i = 0; i < count; i++) {    for (i = 0; i < count; i++) {
44      const char *category;      const char *category = NULL;
45      const char *attribute_id;      const char *attribute_id = NULL;
46      const char *data_type;      const char *data_type = NULL;
47      const char *issuer;      const char *issuer = NULL;
48      const char *value;      const char *value = NULL;
49    
50      get_callback(request, i, &category, &attribute_id, &data_type, &issuer, &value);      get_callback(request, i, &category, &attribute_id, &data_type, &issuer, &value);
51    
52        /*printf("id: %s\n", attribute_id);*/
53        /*printf("issuer: %s\n", issuer);*/
54        /*printf("value: %s\n", value);*/
55        /*printf("data type: %s\n", data_type);*/
56    
57      /* EEF AOS magic */      /* EEF AOS magic */
58      eef_log(LOG_DEBUG, "Inserting into AOS: (attribute \"%s\" with value \"%s\")\n", attribute_id, (char *) value);      /*eef_log(LOG_DEBUG, "Inserting into AOS: (attribute \"%s\" with value \"%s\")\n", attribute_id, (char *) value);*/
59      aos_attribute = createAttribute();      if(attribute_id && value && data_type){
60      setAttributeId    (aos_attribute, (char *)attribute_id);        aos_attribute = createAttribute();
61      setAttributeIssuer(aos_attribute, (char *)issuer);  
62      setAttributeType  (aos_attribute, (char *)data_type);        setAttributeId    (aos_attribute, (char *)attribute_id);
63      setAttributeValue (aos_attribute, (char *)value, strlen(value));        setAttributeIssuer(aos_attribute, (char *)issuer);
64      addAttribute(aos_context, aos_attribute);        setAttributeType  (aos_attribute, (char *)data_type);
65          setAttributeValue (aos_attribute, (char *)value, strlen(value)+1);
66    
67          addAttribute(aos_context, aos_attribute);
68        }
69    }    }
70    
71    if(aos_context) {    if(aos_context) {
72          addContext (aos_context);          addContext(aos_context);
73          }          }
74    
75    return 0;    return 0;
# Line 70  Return: Line 86  Return:
86            0 : good            0 : good
87           !0 : bad           !0 : bad
88  ************************************************/  ************************************************/
89  int destroyRequestResource (xacml_profile_request_t * xacml_profile_request)  int destroyRequestResource (xacml_profile_request_t * xacml_profile_request) {
90  {    xacml_profile_resource_t profile_resource = xacml_profile_request->xacml_profile_resource;
     if (xacml_profile_request -> xacml_profile_resource.xacml_resource_x509_id.resource_x509_id)  
     {  
         free (xacml_profile_request -> xacml_profile_resource.xacml_resource_x509_id.resource_x509_id);  
     }  
     if (xacml_profile_request -> xacml_profile_resource.xacml_resource_x509_issuer.resource_x509_issuer)  
     {  
         free (xacml_profile_request -> xacml_profile_resource.xacml_resource_x509_issuer.resource_x509_issuer);  
     }  
     if (xacml_profile_request -> xacml_profile_resource.xacml_resource_dns_name.resource_dns_name)  
     {  
         free (xacml_profile_request -> xacml_profile_resource.xacml_resource_dns_name.resource_dns_name);  
     }  
91    
92      return 0;    if (profile_resource.xacml_resource_x509_id.resource_x509_id){
93        free(profile_resource.xacml_resource_x509_id.resource_x509_id);
94      }
95      if (profile_resource.xacml_resource_x509_issuer.resource_x509_issuer){
96        free(profile_resource.xacml_resource_x509_issuer.resource_x509_issuer);
97      }
98      if (profile_resource.xacml_resource_dns_name.resource_dns_name){
99        free(profile_resource.xacml_resource_dns_name.resource_dns_name);
100      }
101      return 0;
102  }  }
103    
104    
# Line 95  Parameters:  xacml_response_t * response Line 108  Parameters:  xacml_response_t * response
108  Description:  Description:
109               The XACML response message to indicate a failure is constructed here.               The XACML response message to indicate a failure is constructed here.
110  ************************************************/  ************************************************/
111  int constructFailureResponse (xacml_response_t * response)  int constructFailureResponse (xacml_response_t * response) {
112  {    xacml_response_set_saml_status_code  (*response, SAML_STATUS_AuthnFailed);
113      xacml_response_set_saml_status_code  (*response, SAML_STATUS_AuthnFailed);    xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
114      xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);    xacml_response_set_xacml_decision    (*response, XACML_DECISION_Deny);
     xacml_response_set_xacml_decision    (*response, XACML_DECISION_Deny);  
115    
116      return 0;    return 0;
117  }  }
118    
119    
# Line 123  int constructResponse (xacml_response_t Line 135  int constructResponse (xacml_response_t
135                         uid_t uid,                         uid_t uid,
136                         gid_t pgid,                         gid_t pgid,
137                         gid_t sgids[],                         gid_t sgids[],
138                         int   sgid_cnt)                         int   sgid_cnt) {
 {  
     /* Mapping Information Translated */  
     char *  str_uid       = NULL;  
     char *  str_pgid      = NULL;  
     char ** str_sgids     = NULL;  
     int     str_sgids_cnt = 0;  
     int     i             = 0;  
     /* Mapping Information Translated */  
139    
140      xacml_obligation_t  obligation_uidgid                = NULL;    /* Mapping Information Translated */
141      xacml_obligation_t  obligation_secgids               = NULL;    char *  str_uid       = NULL;
142      char *  str_pgid      = NULL;
143      char ** str_sgids     = NULL;
144      int     str_sgids_cnt = 0;
145      int     i             = 0;
146      /* Mapping Information Translated */
147    
148      xacml_obligation_t  obligation_uidgid                = NULL;
149      xacml_obligation_t  obligation_secgids               = NULL;
150  #ifdef USE_AFSTOKEN  #ifdef USE_AFSTOKEN
151      xacml_obligation_t  obligation_afstoken              = NULL;    xacml_obligation_t  obligation_afstoken              = NULL;
152  #endif /* USE_AFSTOKEN */  #endif /* USE_AFSTOKEN */
153    
154  #ifdef STAKEHOLDER_OSG  #ifdef STAKEHOLDER_OSG
155      xacml_obligation_t  obligation_username              = NULL;    xacml_obligation_t  obligation_username              = NULL;
156      xacml_obligation_t  obligation_RootAndHomePaths      = NULL;    xacml_obligation_t  obligation_RootAndHomePaths      = NULL;
157      xacml_obligation_t  obligation_StorageAccessPriority = NULL;    xacml_obligation_t  obligation_StorageAccessPriority = NULL;
158      xacml_obligation_t  obligation_AccessPermissions     = NULL;    xacml_obligation_t  obligation_AccessPermissions     = NULL;
159  #endif /* STAKEHOLDER_OSG */  #endif /* STAKEHOLDER_OSG */
160    
161    
162      /* transform! - 2^32 uses 10 bytes */    /* transform! - 2^32 uses 10 bytes */
163      /* str_uid = malloc (sizeof (char) * 11); */    str_uid = calloc (11, sizeof (char));
164      str_uid = calloc (11, sizeof (char));    snprintf (str_uid, 11, "%d", uid);
165      snprintf (str_uid, 11, "%d", uid);  
166      str_pgid = calloc (11, sizeof (char));
167      /* str_pgid = malloc (sizeof (char) * 11); */    snprintf (str_pgid, 11, "%d", pgid);
168      str_pgid = calloc (11, sizeof (char));  
169      snprintf (str_pgid, 11, "%d", pgid);    str_sgids_cnt = sgid_cnt;
170      /* str_sgids = malloc (sizeof (int) * str_sgids_cnt); */
171      str_sgids_cnt = sgid_cnt;    str_sgids = calloc (str_sgids_cnt, sizeof (char **));
172      /* str_sgids = malloc (sizeof (int) * str_sgids_cnt); */    for (i = 0; i < str_sgids_cnt; i++) {
173      str_sgids = calloc (str_sgids_cnt, sizeof (char **));      /* str_sgids[i] = malloc (sizeof (char) * 11); */
174      for (i = 0; i < str_sgids_cnt; i++)      str_sgids[i] = calloc (11, sizeof (char));
175      {      snprintf (str_sgids[i], 11, "%d", sgids[i]);
176          /* str_sgids[i] = malloc (sizeof (char) * 11); */    }
177          str_sgids[i] = calloc (11, sizeof (char));    /* transform! - 2^32 uses 10 bytes */
         snprintf (str_sgids[i], 11, "%d", sgids[i]);  
     }  
     /* transform! - 2^32 uses 10 bytes */  
178    
179    
180    
181    
182      /*********** B: Obligation UIDGID ***********/    /*********** B: Obligation UIDGID ***********/
183      xacml_obligation_init(&obligation_uidgid,    xacml_obligation_init(&obligation_uidgid,
184                            XACML_ATTR_PROFILE_NS_URL_OBLIGATION_UIDGID,                          XACML_ATTR_PROFILE_NS_URL_OBLIGATION_UIDGID,
185                            XACML_EFFECT_Permit);                          XACML_EFFECT_Permit);
186      /* uid */    /* uid */
187      xacml_obligation_add_attribute(obligation_uidgid,    xacml_obligation_add_attribute(obligation_uidgid,
188                                     XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_UID,                                   XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_UID,
189                                     XACML_DATATYPE_INTEGER,                                   XACML_DATATYPE_INTEGER,
190                                     str_uid);                                   str_uid);
191    
192      /* gid */
193      xacml_obligation_add_attribute(obligation_uidgid,
194                                     XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,
195                                     XACML_DATATYPE_INTEGER,
196                                     str_pgid);
197    
198      xacml_response_add_obligation(*response, obligation_uidgid);
199      xacml_obligation_destroy(obligation_uidgid);
200      /*********** E: Obligation UIDGID ***********/
201    
202      /* gid */  
203      xacml_obligation_add_attribute(obligation_uidgid,    /*********** B: Obligation SecondaryGIDs ***********/
204      xacml_obligation_init(&obligation_secgids,
205                            XACML_ATTR_PROFILE_NS_URL_OBLIGATION_SecondaryGIDs,
206                            XACML_EFFECT_Permit);
207    
208      for (i = 0; i < str_sgids_cnt; i++) {
209        xacml_obligation_add_attribute(obligation_secgids,
210                                     XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,                                     XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,
211                                     XACML_DATATYPE_INTEGER,                                     XACML_DATATYPE_INTEGER,
212                                     str_pgid);                                     str_sgids[i]);
213      }
     xacml_response_add_obligation(*response, obligation_uidgid);  
     xacml_obligation_destroy(obligation_uidgid);  
     /*********** E: Obligation UIDGID ***********/  
   
   
     /*********** B: Obligation SecondaryGIDs ***********/  
     xacml_obligation_init(&obligation_secgids,  
                           XACML_ATTR_PROFILE_NS_URL_OBLIGATION_SecondaryGIDs,  
                           XACML_EFFECT_Permit);  
   
     for (i = 0; i < str_sgids_cnt; i++)  
     {  
         xacml_obligation_add_attribute(obligation_secgids,  
                                        XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,  
                                        XACML_DATATYPE_INTEGER,  
                                        str_sgids[i]);  
     }  
214    
215      xacml_response_add_obligation(*response, obligation_secgids);    xacml_response_add_obligation(*response, obligation_secgids);
216      xacml_obligation_destroy(obligation_secgids);    xacml_obligation_destroy(obligation_secgids);
217      /*********** E: Obligation SecondaryGIDs ***********/    /*********** E: Obligation SecondaryGIDs ***********/
218    
219    
220    
221      xacml_response_set_saml_status_code  (*response, SAML_STATUS_Success);    xacml_response_set_saml_status_code  (*response, SAML_STATUS_Success);
222      xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);    xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
223      xacml_response_set_xacml_decision    (*response, XACML_DECISION_Permit);    xacml_response_set_xacml_decision    (*response, XACML_DECISION_Permit);
224    
225    
226    
227      /* Free stage */    /* Free stage */
228      free(str_uid);    free(str_uid);
229      free(str_pgid);    free(str_pgid);
230    
231      for (i = 0; i < str_sgids_cnt; i++)    for (i = 0; i < str_sgids_cnt; i++) {
232      {      free(str_sgids[i]);
233          free(str_sgids[i]);    }
234      }    /* Free if at least one sgid was malloc'ed */
235      /* Free if at least one sgid was malloc'ed */    if (str_sgids_cnt){
236      if (str_sgids_cnt)      free(str_sgids);
237          free(str_sgids);    }
238      /* Free stage */    /* Free stage */
239    
240      return 0;    return 0;
241  }  }
242    
243  int ees_xacml_authorize(void *handler_arg, const xacml_request_t request, xacml_response_t response) {  int ees_xacml_authorize(void *handler_arg, const xacml_request_t request, xacml_response_t response) {
# Line 306  int ees_xacml_authorize(void *handler_ar Line 314  int ees_xacml_authorize(void *handler_ar
314                          fqan_list[i] = strdup(xacml_profile_request -> xacml_profile_subject.xacml_subject_voms_fqan[i].subject_voms_fqan);                          fqan_list[i] = strdup(xacml_profile_request -> xacml_profile_subject.xacml_subject_voms_fqan[i].subject_voms_fqan);
315  #endif  #endif
316    
317          extractFooToAOS(request, SUBJECT);    extractFooToAOS(request, SUBJECT);
318          extractFooToAOS(request, ACTION);    extractFooToAOS(request, ACTION);
319          extractFooToAOS(request, RESOURCE);    extractFooToAOS(request, RESOURCE);
320          extractFooToAOS(request, ENVIRONMENT);    extractFooToAOS(request, ENVIRONMENT);
321    
322          if(EEF_Run() == EES_FAILURE)          if(EEF_Run() == EES_FAILURE)
323          {          {
324                          eef_log(LOG_ERR, "Failed to Run the EEF succesfully\n");                          eef_log(LOG_ERR, "Failed to Run the EEF succesfully\n");
325          }    }
326    
327    
328          /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("urn:oasis:names:tc:xacml:1.0:resource:resource-id")); */          /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("urn:oasis:names:tc:xacml:1.0:resource:resource-id")); */
329          /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("http://authz-interop.org/xacml/subject/subject-x509-id")); */          /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("http://authz-interop.org/xacml/subject/subject-x509-id")); */
330          /* aos_dump_argslists(); */    aos_dump_argslist();
331    
332          /* Construct full response, build success statement in response */          /* Construct full response, build success statement in response */
333          constructResponse (&response,          constructResponse (&response,
# Line 332  int ees_xacml_authorize(void *handler_ar Line 340  int ees_xacml_authorize(void *handler_ar
340          /* Destroy and free Profile Request */          /* Destroy and free Profile Request */
341          /*destroyRequestSubject (xacml_profile_request);*/          /*destroyRequestSubject (xacml_profile_request);*/
342          /*destroyRequestAction (xacml_profile_request);*/          /*destroyRequestAction (xacml_profile_request);*/
343          /*destroyRequestResource (xacml_profile_request);*/    /*destroyRequestResource (xacml_profile_request);*/
344          /*free(xacml_profile_request);*/          /*free(xacml_profile_request);*/
345    
346          /* Always '0' */          /* Always '0' */

Legend:
Removed from v.1582  
changed lines
  Added in v.1583

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28