/[pdpsoft]/trunk/grid-mw-security/ees/src/eics/http.c
ViewVC logotype

Contents of /trunk/grid-mw-security/ees/src/eics/http.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1754 - (show annotations) (download) (as text)
Thu Jun 10 16:35:55 2010 UTC (11 years, 7 months ago) by aramv
File MIME type: text/x-chdr
File size: 14613 byte(s)
Fixed most memleaks in localaccount/localgroup plugin
1 #include "ees_eics.h"
2 #include "eef_return_codes.h"
3 #include "eef_log.h"
4 #include "eef_polytypes.h"
5 #include "eef_private_types.h"
6 #include "eef_library.h"
7 #include "eef_aos.h"
8
9 /************************************************
10 Function: extractRequestSubjectToAOS
11 Parameters: const xacml_request_t request
12 Description:
13 This function extracts the Subject information details
14 from the request and puts that into the EEF AOS.
15 Return:
16 0 : good
17 !0 : bad
18 ************************************************/
19 int extractRequestSubjectToAOS (const xacml_request_t request)
20 {
21 char * logstr = "extractRequestSubjectToAOS()";
22 size_t count = 0;
23 size_t i = 0;
24
25 aos_context_t* aos_context = NULL;
26 aos_attribute_t* aos_attribute = NULL;
27
28 xacml_request_get_subject_attribute_count(request, &count);
29
30 if (count > 0)
31 {
32 rewindContexts(NULL);
33 if((aos_context = getNextContext(SUBJECT, NULL)) == NULL){
34 if((aos_context = createContext (SUBJECT)) == NULL){
35 return 1;
36 }
37 }
38 /* aos_context should be set now */
39 }
40
41 for (i = 0; i < count; i++)
42 {
43 const char *category;
44 const char *attribute_id;
45 const char *data_type;
46 const char *issuer;
47 const char *value;
48
49
50 xacml_request_get_subject_attribute(
51 request, i, &category, &attribute_id, &data_type, &issuer, &value);
52
53 /* EEF AOS magic */
54 /*fprintf (stderr, "aos_set_string (\"%s\", \"%s\")\n", attribute_id, (const char *) value);*/
55 /* if (strcmp ("http://authz-interop.org/xacml/subject/voms-fqan", attribute_id) == 0) */
56 /* { */
57 /* fprintf (stderr, "Skipping voms-fqan\n"); */
58 /* continue; */
59 /* } */
60
61 /* aos_set_string (attribute_id, (char *) value); */
62
63 if (aos_context){
64 if(aos_attribute = createAttribute()){
65 setAttributeId (aos_attribute, (char *)attribute_id);
66 setAttributeIssuer(aos_attribute, (char *)issuer);
67 setAttributeType (aos_attribute, (char *)data_type);
68 setAttributeValue (aos_attribute, (char *)value, strlen(value) + 1);
69 addAttribute(aos_context, aos_attribute);
70 }
71 }
72 }
73
74 if(aos_context){
75 addContext (aos_context);
76 }
77
78 return 0;
79 }
80
81 /************************************************
82 Function: extractRequestActionToAOS
83 Parameters: const xacml_request_t request
84 Description:
85 This function extracts the Action information details
86 from the request and puts that into the EEF AOS.
87 Return:
88 0 : good
89 !0 : bad
90 ************************************************/
91 int extractRequestActionToAOS (const xacml_request_t request)
92 {
93 int rc;
94 size_t i;
95 size_t count;
96 const char * attribute_id;
97 const char * data_type;
98 const char * issuer;
99 const char * value;
100 const char * logstr = "extractRequestActionToAOS";
101
102 aos_context_t* aos_context = NULL;
103 aos_attribute_t* aos_attribute = NULL;
104
105 rc = xacml_request_get_action_attribute_count(request, &count);
106
107
108 if (count > 0)
109 {
110 rewindContexts(NULL);
111 if((aos_context = getNextContext(ACTION, NULL)) == NULL){
112 if((aos_context = createContext (ACTION)) == NULL){
113 return 1;
114 }
115 }
116 /* aos_context should be set now */
117 }
118
119 for (i = 0 ; i < count; i++)
120 {
121 rc = xacml_request_get_action_attribute(
122 request,
123 i,
124 &attribute_id,
125 &data_type,
126 &issuer,
127 &value);
128 /* EEF AOS magic */
129 /*fprintf (stderr, "aos_set_string (\"%s\", \"%s\")\n", attribute_id, (char *) value);*/
130
131 /* aos_set_string (attribute_id, (char *) value); */
132
133 if (aos_context){
134 if(aos_attribute = createAttribute()){
135 setAttributeId (aos_attribute, (char *)attribute_id);
136 setAttributeIssuer(aos_attribute, (char *)issuer);
137 setAttributeType (aos_attribute, (char *)data_type);
138 setAttributeValue (aos_attribute, (char *)value, strlen(value) + 1);
139 addAttribute(aos_context, aos_attribute);
140 }
141 }
142 }
143
144 if(aos_context){
145 addContext (aos_context);
146 }
147
148 return 0;
149 }
150
151 /************************************************
152 Function: extractRequestResourceToAOS
153 Parameters: const xacml_request_t request
154 Description:
155 This function extracts the Action information details
156 from the request and puts that into the EEF AOS
157 Return:
158 0 : good
159 !0 : bad
160 ************************************************/
161 int extractRequestResourceToAOS (const xacml_request_t request)
162 {
163 int rc;
164 size_t i;
165 size_t j;
166 size_t count;
167 const char * attribute_id;
168 const char * data_type;
169 const char * issuer;
170 const char * value;
171 xacml_resource_attribute_t resource_attribute = NULL;
172 size_t resource_attr_count = 0;
173 const char * logstr = "extractRequestResourceToAOS";
174
175 aos_context_t* aos_context = NULL;
176 aos_attribute_t* aos_attribute = NULL;
177
178
179 rc = xacml_request_get_resource_attribute_count(request, &resource_attr_count);
180
181 for (i = 0 ; i < resource_attr_count; i++)
182 {
183 rc = xacml_request_get_resource_attribute(
184 request,
185 i,
186 &resource_attribute);
187
188 if (resource_attribute)
189 {
190 rc = xacml_resource_attribute_get_count(
191 resource_attribute,
192 &count);
193
194 if((aos_context = createContext (RESOURCE)) == NULL){
195 return 1;
196 }
197 /* aos_context should be set now */
198
199 for (j = 0; j < count; j++)
200 {
201 rc = xacml_resource_attribute_get_attribute(
202 resource_attribute,
203 j,
204 &attribute_id,
205 &data_type,
206 &issuer,
207 &value);
208 /* EEF AOS magic */
209 /*fprintf (stderr, "aos_set_string (\"%s\", \"%s\")\n", attribute_id, (char *) value);*/
210
211 /* aos_set_string (attribute_id, (char *) value); */
212
213 if (aos_context){
214 if(aos_attribute = createAttribute()){
215 setAttributeId (aos_attribute, (char *)attribute_id);
216 setAttributeIssuer(aos_attribute, (char *)issuer);
217 setAttributeType (aos_attribute, (char *)data_type);
218 setAttributeValue (aos_attribute, (char *)value, strlen(value) + 1);
219 addAttribute(aos_context, aos_attribute);
220 aos_attribute = NULL;
221 }
222 }
223 }
224 if(aos_context){
225 addContext (aos_context);
226 aos_context = NULL;
227 }
228 }
229 }
230
231 return 0;
232 }
233
234 /************************************************
235 Function: extractRequestEnvironmentToAOS
236 Parameters: const xacml_request_t request
237 Description:
238 This function extracts the Action information details
239 from the request and puts that into the EEF AOS.
240 Return:
241 0 : good
242 !0 : bad
243 ************************************************/
244 int extractRequestEnvironmentToAOS (const xacml_request_t request)
245 {
246 int rc;
247 size_t i;
248 size_t count;
249 const char * attribute_id;
250 const char * data_type;
251 const char * issuer;
252 const char * value;
253 const char * logstr = "extractRequestEnvironmentToAOS";
254
255 aos_context_t* aos_context = NULL;
256 aos_attribute_t* aos_attribute = NULL;
257
258 rc = xacml_request_get_environment_attribute_count(request, &count);
259
260
261 if (count > 0)
262 {
263 rewindContexts(NULL);
264 if((aos_context = getNextContext(ENVIRONMENT, NULL)) == NULL){
265 if((aos_context = createContext (ENVIRONMENT)) == NULL){
266 return 1;
267 }
268 }
269 /* aos_context should be set now */
270 }
271
272 for (i = 0 ; i < count; i++)
273 {
274 rc = xacml_request_get_environment_attribute(
275 request,
276 i,
277 &attribute_id,
278 &data_type,
279 &issuer,
280 &value);
281 /* EEF AOS magic */
282 /*fprintf (stderr, "aos_set_string (\"%s\", \"%s\")\n", attribute_id, (char *) value);*/
283
284 /* aos_set_string (attribute_id, (char *) value); */
285
286 if (aos_context){
287 if(aos_attribute = createAttribute()){
288 setAttributeId (aos_attribute, (char *)attribute_id);
289 setAttributeIssuer(aos_attribute, (char *)issuer);
290 setAttributeType (aos_attribute, (char *)data_type);
291 setAttributeValue (aos_attribute, (char *)value, strlen(value) + 1);
292 addAttribute(aos_context, aos_attribute);
293 }
294 }
295 }
296
297 if(aos_context){
298 addContext (aos_context);
299 }
300
301 return 0;
302 }
303
304
305 /************************************************
306 Function: destroyRequestResource
307 Parameters: xacml_profile_request_t * xacml_profile_request
308 Description:
309 This function will destroy and free the Resource information details
310 from the request, which was set by the extractRequestResource() function
311 to a xacml_profile_request_t
312 Return:
313 0 : good
314 !0 : bad
315 ************************************************/
316 int destroyRequestResource (xacml_profile_request_t * xacml_profile_request) {
317 xacml_profile_resource_t profile_resource = xacml_profile_request->xacml_profile_resource;
318
319 if (profile_resource.xacml_resource_x509_id.resource_x509_id){
320 free(profile_resource.xacml_resource_x509_id.resource_x509_id);
321 }
322 if (profile_resource.xacml_resource_x509_issuer.resource_x509_issuer){
323 free(profile_resource.xacml_resource_x509_issuer.resource_x509_issuer);
324 }
325 if (profile_resource.xacml_resource_dns_name.resource_dns_name){
326 free(profile_resource.xacml_resource_dns_name.resource_dns_name);
327 }
328 return 0;
329 }
330
331
332 /************************************************
333 Function: constructFailureResponse
334 Parameters: xacml_response_t * response
335 Description:
336 The XACML response message to indicate a failure is constructed here.
337 ************************************************/
338 int constructFailureResponse (xacml_response_t * response) {
339 xacml_response_set_saml_status_code (*response, SAML_STATUS_AuthnFailed);
340 xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
341 xacml_response_set_xacml_decision (*response, XACML_DECISION_Deny);
342
343 return 0;
344 }
345
346
347
348 /************************************************
349 Function: constructResponse
350 Parameters: xacml_response_t * response
351 Description:
352 The XACML response message is constructed here.
353 This implementation will use the Unix UID, Primary GID and
354 multiple Secondary GIDs as input to contruct the obligations and
355 its attributes.
356 ************************************************/
357 int constructResponse (xacml_response_t * response){
358
359 /* Mapping Information Translated */
360 aos_context_t* context = NULL;
361 aos_attribute_t* attribute = NULL;
362 xacml_obligation_t tmp_obligation = NULL;
363 char* attribute_name = NULL;
364 char* attribute_value = NULL;
365 char* obligation_id = NULL;
366
367 rewindContexts(NULL);
368 while((context = getNextContext(OBLIGATION, NULL)) != NULL){
369 rewindAttributes(context);
370 obligation_id = getContextObligationId(context),
371 xacml_obligation_init(&tmp_obligation,
372 obligation_id,
373 XACML_EFFECT_Permit);
374 /*printf("Obligation: %s at %p", obligation_id, tmp_obligation);*/
375 /*EEF_log(LOG_DEBUG, "Obligation %s", obligation_id);*/
376 while((attribute = getNextAttribute(context)) != NULL){
377 attribute_name = getAttributeId(attribute);
378 attribute_value = getAttributeValueAsString(attribute);
379 if(attribute_name && attribute_value){
380 /*EEF_log(LOG_DEBUG, "\t%s=%s\n", attribute_name, attribute_value);*/
381
382 /* uid */
383 xacml_obligation_add_attribute(tmp_obligation,
384 attribute_name,
385 XACML_DATATYPE_STRING,
386 attribute_value);
387 /*printf("Added obligation at: %p type %s\n", tmp_obligation, XACML_DATATYPE_STRING);*/
388 }
389 }
390 xacml_response_add_obligation(*response, tmp_obligation);
391 xacml_obligation_destroy(tmp_obligation);
392 tmp_obligation = NULL;
393 }
394
395 /*********** E: Obligation UIDGID ***********/
396
397
398 xacml_response_set_saml_status_code (*response, SAML_STATUS_Success);
399 xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
400 xacml_response_set_xacml_decision (*response, XACML_DECISION_Permit);
401
402 return 0;
403 }
404
405 int ees_xacml_authorize(void *handler_arg, const xacml_request_t request, xacml_response_t response) {
406 pid_t tid;
407 char * logstr = "xacml_authorize()";
408 int rc = 0;
409 int i = 0;
410 xacml_status_code_t my_decision = XACML_STATUS_ok;
411
412 xacml_response_set_issuer(response, "EES");
413
414 extractRequestSubjectToAOS (request);
415 extractRequestActionToAOS (request);
416 extractRequestResourceToAOS (request);
417 extractRequestEnvironmentToAOS (request);
418 tid = syscall(SYS_gettid);
419 EEF_log(LOG_DEBUG, "In thread %i\n", tid);
420
421 if(EEF_run() == EES_FAILURE) {
422 constructFailureResponse(&response);
423 EEF_log(LOG_ERR, "Failed to run the EEF succesfully\n");
424 } else {
425 constructResponse (&response);
426 }
427
428 /*aos_dump_argslist();*/
429
430
431 return 0;
432 }

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28