/[pdpsoft]/trunk/grid-mw-security/ees/src/eics/http.c
ViewVC logotype

Contents of /trunk/grid-mw-security/ees/src/eics/http.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1583 - (show annotations) (download) (as text)
Fri Mar 19 17:29:41 2010 UTC (12 years, 6 months ago) by aramv
File MIME type: text/x-chdr
File size: 12033 byte(s)
Fixed a read error. Added signature for fork function
1 #include "ees_eics.h"
2 #include "eef_return_codes.h"
3 #include "eef_log.h"
4 #include "eef_polytypes.h"
5 #include "eef_aos.h"
6
7 int extractFooToAOS(const xacml_request_t request, aos_context_class_t context_type){
8 char * logstr = "extractFooToAOS()";
9 size_t count = 0;
10 size_t i = 0;
11
12 aos_context_t* aos_context = NULL;
13 aos_attribute_t* aos_attribute = NULL;
14 void (*count_callback) (const xacml_request_t, size_t*);
15 void (*get_callback ) (const xacml_request_t, size_t, const char**, const char**, const char**, const char**, const char**);
16
17 if(context_type == SUBJECT){
18 printf("Parsing subject class\n");
19 count_callback = xacml_request_get_subject_attribute_count;
20 get_callback = xacml_request_get_subject_attribute;
21 } else if(context_type == ACTION){
22 printf("Parsing action class\n");
23 count_callback = xacml_request_get_action_attribute_count;
24 get_callback = xacml_request_get_action_attribute;
25 } else if(context_type == RESOURCE){
26 printf("Parsing resource class\n");
27 count_callback = xacml_request_get_resource_attribute_count;
28 get_callback = xacml_request_get_resource_attribute;
29 } else if(context_type == ENVIRONMENT){
30 printf("Parsing environment\n");
31 count_callback = xacml_request_get_environment_attribute_count;
32 get_callback = xacml_request_get_environment_attribute;
33 } else {
34 return -1;
35 }
36
37 count_callback(request, &count);
38
39 if (count > 0) {
40 aos_context = createContext(context_type);
41 }
42
43 for (i = 0; i < count; i++) {
44 const char *category = NULL;
45 const char *attribute_id = NULL;
46 const char *data_type = NULL;
47 const char *issuer = NULL;
48 const char *value = NULL;
49
50 get_callback(request, i, &category, &attribute_id, &data_type, &issuer, &value);
51
52 /*printf("id: %s\n", attribute_id);*/
53 /*printf("issuer: %s\n", issuer);*/
54 /*printf("value: %s\n", value);*/
55 /*printf("data type: %s\n", data_type);*/
56
57 /* EEF AOS magic */
58 /*eef_log(LOG_DEBUG, "Inserting into AOS: (attribute \"%s\" with value \"%s\")\n", attribute_id, (char *) value);*/
59 if(attribute_id && value && data_type){
60 aos_attribute = createAttribute();
61
62 setAttributeId (aos_attribute, (char *)attribute_id);
63 setAttributeIssuer(aos_attribute, (char *)issuer);
64 setAttributeType (aos_attribute, (char *)data_type);
65 setAttributeValue (aos_attribute, (char *)value, strlen(value)+1);
66
67 addAttribute(aos_context, aos_attribute);
68 }
69 }
70
71 if(aos_context) {
72 addContext(aos_context);
73 }
74
75 return 0;
76 }
77
78 /************************************************
79 Function: destroyRequestResource
80 Parameters: xacml_profile_request_t * xacml_profile_request
81 Description:
82 This function will destroy and free the Resource information details
83 from the request, which was set by the extractRequestResource() function
84 to a xacml_profile_request_t
85 Return:
86 0 : good
87 !0 : bad
88 ************************************************/
89 int destroyRequestResource (xacml_profile_request_t * xacml_profile_request) {
90 xacml_profile_resource_t profile_resource = xacml_profile_request->xacml_profile_resource;
91
92 if (profile_resource.xacml_resource_x509_id.resource_x509_id){
93 free(profile_resource.xacml_resource_x509_id.resource_x509_id);
94 }
95 if (profile_resource.xacml_resource_x509_issuer.resource_x509_issuer){
96 free(profile_resource.xacml_resource_x509_issuer.resource_x509_issuer);
97 }
98 if (profile_resource.xacml_resource_dns_name.resource_dns_name){
99 free(profile_resource.xacml_resource_dns_name.resource_dns_name);
100 }
101 return 0;
102 }
103
104
105 /************************************************
106 Function: constructFailureResponse
107 Parameters: xacml_response_t * response
108 Description:
109 The XACML response message to indicate a failure is constructed here.
110 ************************************************/
111 int constructFailureResponse (xacml_response_t * response) {
112 xacml_response_set_saml_status_code (*response, SAML_STATUS_AuthnFailed);
113 xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
114 xacml_response_set_xacml_decision (*response, XACML_DECISION_Deny);
115
116 return 0;
117 }
118
119
120
121 /************************************************
122 Function: constructResponse
123 Parameters: xacml_response_t * response
124 uid_t uid
125 gid_t pgid
126 gid_t sgids[]
127 int sgid_cnt
128 Description:
129 The XACML response message is constructed here.
130 This implementation will use the Unix UID, Primary GID and
131 multiple Secondary GIDs as input to contruct the obligations and
132 its attributes.
133 ************************************************/
134 int constructResponse (xacml_response_t * response,
135 uid_t uid,
136 gid_t pgid,
137 gid_t sgids[],
138 int sgid_cnt) {
139
140 /* Mapping Information Translated */
141 char * str_uid = NULL;
142 char * str_pgid = NULL;
143 char ** str_sgids = NULL;
144 int str_sgids_cnt = 0;
145 int i = 0;
146 /* Mapping Information Translated */
147
148 xacml_obligation_t obligation_uidgid = NULL;
149 xacml_obligation_t obligation_secgids = NULL;
150 #ifdef USE_AFSTOKEN
151 xacml_obligation_t obligation_afstoken = NULL;
152 #endif /* USE_AFSTOKEN */
153
154 #ifdef STAKEHOLDER_OSG
155 xacml_obligation_t obligation_username = NULL;
156 xacml_obligation_t obligation_RootAndHomePaths = NULL;
157 xacml_obligation_t obligation_StorageAccessPriority = NULL;
158 xacml_obligation_t obligation_AccessPermissions = NULL;
159 #endif /* STAKEHOLDER_OSG */
160
161
162 /* transform! - 2^32 uses 10 bytes */
163 str_uid = calloc (11, sizeof (char));
164 snprintf (str_uid, 11, "%d", uid);
165
166 str_pgid = calloc (11, sizeof (char));
167 snprintf (str_pgid, 11, "%d", pgid);
168
169 str_sgids_cnt = sgid_cnt;
170 /* str_sgids = malloc (sizeof (int) * str_sgids_cnt); */
171 str_sgids = calloc (str_sgids_cnt, sizeof (char **));
172 for (i = 0; i < str_sgids_cnt; i++) {
173 /* str_sgids[i] = malloc (sizeof (char) * 11); */
174 str_sgids[i] = calloc (11, sizeof (char));
175 snprintf (str_sgids[i], 11, "%d", sgids[i]);
176 }
177 /* transform! - 2^32 uses 10 bytes */
178
179
180
181
182 /*********** B: Obligation UIDGID ***********/
183 xacml_obligation_init(&obligation_uidgid,
184 XACML_ATTR_PROFILE_NS_URL_OBLIGATION_UIDGID,
185 XACML_EFFECT_Permit);
186 /* uid */
187 xacml_obligation_add_attribute(obligation_uidgid,
188 XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_UID,
189 XACML_DATATYPE_INTEGER,
190 str_uid);
191
192 /* gid */
193 xacml_obligation_add_attribute(obligation_uidgid,
194 XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,
195 XACML_DATATYPE_INTEGER,
196 str_pgid);
197
198 xacml_response_add_obligation(*response, obligation_uidgid);
199 xacml_obligation_destroy(obligation_uidgid);
200 /*********** E: Obligation UIDGID ***********/
201
202
203 /*********** B: Obligation SecondaryGIDs ***********/
204 xacml_obligation_init(&obligation_secgids,
205 XACML_ATTR_PROFILE_NS_URL_OBLIGATION_SecondaryGIDs,
206 XACML_EFFECT_Permit);
207
208 for (i = 0; i < str_sgids_cnt; i++) {
209 xacml_obligation_add_attribute(obligation_secgids,
210 XACML_ATTR_PROFILE_NS_URL_OBLIGATION_ATTRIBUTES_GID,
211 XACML_DATATYPE_INTEGER,
212 str_sgids[i]);
213 }
214
215 xacml_response_add_obligation(*response, obligation_secgids);
216 xacml_obligation_destroy(obligation_secgids);
217 /*********** E: Obligation SecondaryGIDs ***********/
218
219
220
221 xacml_response_set_saml_status_code (*response, SAML_STATUS_Success);
222 xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
223 xacml_response_set_xacml_decision (*response, XACML_DECISION_Permit);
224
225
226
227 /* Free stage */
228 free(str_uid);
229 free(str_pgid);
230
231 for (i = 0; i < str_sgids_cnt; i++) {
232 free(str_sgids[i]);
233 }
234 /* Free if at least one sgid was malloc'ed */
235 if (str_sgids_cnt){
236 free(str_sgids);
237 }
238 /* Free stage */
239
240 return 0;
241 }
242
243 int ees_xacml_authorize(void *handler_arg, const xacml_request_t request, xacml_response_t response) {
244 char * logstr = "xacml_authorize()";
245 int rc = 0;
246 int i = 0;
247 xacml_status_code_t my_decision = XACML_STATUS_ok;
248 /* time_t time_stamp = time(NULL); */
249
250 fprintf (stderr, "Got a connection\n");
251
252 xacml_response_set_issuer(response, "EES");
253
254 /**//* XACML Interoperability Profile Request */
255 /*xacml_profile_request_t * xacml_profile_request;*/
256 /**//* xacml_profile_request = malloc (sizeof (xacml_profile_request_t)); */
257 /*xacml_profile_request = calloc (1, sizeof (xacml_profile_request_t));*/
258 /*if (!xacml_profile_request)*/
259 /*{*/
260 /*fprintf (stderr, "%s: Out of memory. Couldn't allocate %x bytes of memory\n", logstr, (unsigned int) sizeof (xacml_profile_request_t));*/
261 /*return -1;*/
262 /*}*/
263 /* bzero (xacml_profile_request, sizeof (xacml_profile_request_t)); */
264 /* XACML Interoperability Profile Request */
265
266
267
268 /**//* Extract information and push it to the internal structs for direct access to the message elements */
269 /*if (extractRequestSubject (request, xacml_profile_request) < 0)*/
270 /*{*/
271 /*fprintf (stderr,"%s: Failure in extractRequestSubject()\n", logstr);*/
272 /*my_decision = XACML_STATUS_processing_error;*/
273 /*goto post_everything_cleanup;*/
274 /*}*/
275
276 /*if (extractRequestAction (request, xacml_profile_request) < 0)*/
277 /*{*/
278 /*fprintf (stderr,"%s: Failure in extractRequestAction()\n", logstr);*/
279 /*my_decision = XACML_STATUS_processing_error;*/
280 /*goto post_everything_cleanup;*/
281 /*}*/
282
283 /*if (extractRequestResource (request, xacml_profile_request) < 0)*/
284 /*{*/
285 /*fprintf (stderr,"%s: Failure in extractRequestResource()\n", logstr);*/
286 /*my_decision = XACML_STATUS_processing_error;*/
287 /*goto post_everything_cleanup;*/
288 /*}*/
289 /**//* Extract information and push it to the internal structs for direct access to the message elements */
290
291 /*printRecvRequest (xacml_profile_request); */
292
293
294 #if 0
295 /* Disabled LCAS ban0ing on the pilot job subject for the moment */
296 rc = execLCAS (xacml_profile_request)))
297 rc = execLCMAPS (xacml_profile_request, &paccount_info);
298 #endif
299
300 /* Temporary Failure - EES here */
301 #define SAMLXACMLSUCCESS
302 #ifndef SAMLXACMLSUCCESS
303 constructFailureResponse (&response);
304 /*goto post_everything_cleanup;*/
305 #else
306
307
308 #if 0
309 user_dn = xacml_profile_request -> xacml_profile_subject.xacml_subject_x509_id.subject_x509_id;
310 nfqan = xacml_profile_request -> xacml_profile_subject.xacml_subject_voms_fqan_cnt;
311 /* fqan_list = malloc (sizeof (char *) * nfqan); */
312 fqan_list = calloc (nfqan, sizeof (char *));
313 for (i = 0; i < nfqan; i++)
314 fqan_list[i] = strdup(xacml_profile_request -> xacml_profile_subject.xacml_subject_voms_fqan[i].subject_voms_fqan);
315 #endif
316
317 extractFooToAOS(request, SUBJECT);
318 extractFooToAOS(request, ACTION);
319 extractFooToAOS(request, RESOURCE);
320 extractFooToAOS(request, ENVIRONMENT);
321
322 if(EEF_Run() == EES_FAILURE)
323 {
324 eef_log(LOG_ERR, "Failed to Run the EEF succesfully\n");
325 }
326
327
328 /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("urn:oasis:names:tc:xacml:1.0:resource:resource-id")); */
329 /* fprintf (stderr, "Testing return --> %s\n", getAssertion ("http://authz-interop.org/xacml/subject/subject-x509-id")); */
330 aos_dump_argslist();
331
332 /* Construct full response, build success statement in response */
333 constructResponse (&response,
334 500,
335 500,
336 NULL, 0);
337 #endif
338
339 /*post_everything_cleanup:*/
340 /* Destroy and free Profile Request */
341 /*destroyRequestSubject (xacml_profile_request);*/
342 /*destroyRequestAction (xacml_profile_request);*/
343 /*destroyRequestResource (xacml_profile_request);*/
344 /*free(xacml_profile_request);*/
345
346 /* Always '0' */
347 return 0;
348
349 }

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28